2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.networkconfig.neutron.northbound;
12 import org.codehaus.enunciate.jaxrs.ResponseCode;
13 import org.codehaus.enunciate.jaxrs.StatusCodes;
14 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyAware;
15 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyCRUD;
16 import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
17 import org.opendaylight.controller.networkconfig.neutron.NeutronFirewallPolicy;
18 import org.opendaylight.controller.northbound.commons.RestMessages;
19 import org.opendaylight.controller.northbound.commons.exception.BadRequestException;
20 import org.opendaylight.controller.northbound.commons.exception.ResourceNotFoundException;
21 import org.opendaylight.controller.northbound.commons.exception.ServiceUnavailableException;
22 import org.opendaylight.controller.sal.utils.ServiceHelper;
24 import javax.ws.rs.Consumes;
25 import javax.ws.rs.DELETE;
26 import javax.ws.rs.GET;
27 import javax.ws.rs.POST;
28 import javax.ws.rs.PUT;
29 import javax.ws.rs.Path;
30 import javax.ws.rs.PathParam;
31 import javax.ws.rs.Produces;
32 import javax.ws.rs.QueryParam;
33 import javax.ws.rs.core.MediaType;
34 import javax.ws.rs.core.Response;
35 import java.util.ArrayList;
36 import java.util.HashMap;
37 import java.util.Iterator;
38 import java.util.List;
41 * Neutron Northbound REST APIs for Firewall Policies.<br>
42 * This class provides REST APIs for managing neutron Firewall Policies
46 * Authentication scheme : <b>HTTP Basic</b><br>
47 * Authentication realm : <b>opendaylight</b><br>
48 * Transport : <b>HTTP and HTTPS</b><br>
50 * HTTPS Authentication is disabled by default. Administrator can enable it in
51 * tomcat-server.xml after adding a proper keystore / SSL certificate from a
52 * trusted authority.<br>
54 * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
57 @Path("/fw/firewalls_policies")
58 public class NeutronFirewallPolicyNorthbound {
60 private NeutronFirewallPolicy extractFields(NeutronFirewallPolicy o, List<String> fields) {
61 return o.extractFields(fields);
65 * Returns a list of all Firewall Policies */
67 @Produces({ MediaType.APPLICATION_JSON })
69 @ResponseCode(code = 200, condition = "Operation successful"),
70 @ResponseCode(code = 401, condition = "Unauthorized"),
71 @ResponseCode(code = 501, condition = "Not Implemented") })
73 public Response listGroups(
75 @QueryParam("fields") List<String> fields,
76 // OpenStack Firewall Policy attributes
77 @QueryParam("id") String queryFirewallPolicyUUID,
78 @QueryParam("tenant_id") String queryFirewallPolicyTenantID,
79 @QueryParam("name") String queryFirewallPolicyName,
80 @QueryParam("description") String querySecurityPolicyDescription,
81 @QueryParam("shared") String querySecurityPolicyIsShared,
82 @QueryParam("firewall_rules") List querySecurityPolicyFirewallRules,
83 @QueryParam("audited") Boolean querySecurityPolicyIsAudited,
85 @QueryParam("limit") String limit,
86 @QueryParam("marker") String marker,
87 @QueryParam("page_reverse") String pageReverse
88 // sorting not supported
90 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
92 if (firewallPolicyInterface == null) {
93 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
94 + RestMessages.SERVICEUNAVAILABLE.toString());
96 List<NeutronFirewallPolicy> allFirewallPolicies = firewallPolicyInterface.getAllNeutronFirewallPolicies();
97 List<NeutronFirewallPolicy> ans = new ArrayList<NeutronFirewallPolicy>();
98 Iterator<NeutronFirewallPolicy> i = allFirewallPolicies.iterator();
100 NeutronFirewallPolicy nsg = i.next();
101 if ((queryFirewallPolicyUUID == null ||
102 queryFirewallPolicyUUID.equals(nsg.getFirewallPolicyUUID())) &&
103 (queryFirewallPolicyTenantID == null ||
104 queryFirewallPolicyTenantID.equals(nsg.getFirewallPolicyTenantID())) &&
105 (queryFirewallPolicyName == null ||
106 queryFirewallPolicyName.equals(nsg.getFirewallPolicyName())) &&
107 (querySecurityPolicyDescription == null ||
108 querySecurityPolicyDescription.equals(nsg.getFirewallPolicyDescription())) &&
109 (querySecurityPolicyIsShared == null ||
110 querySecurityPolicyIsShared.equals(nsg.getFirewallPolicyIsShared())) &&
111 (querySecurityPolicyFirewallRules.size() == 0 ||
112 querySecurityPolicyFirewallRules.equals(nsg.getFirewallPolicyRules())) &&
113 (querySecurityPolicyIsAudited == null ||
114 querySecurityPolicyIsAudited.equals(nsg.getFirewallPolicyIsAudited()))) {
115 if (fields.size() > 0) {
116 ans.add(extractFields(nsg,fields));
121 } // ans.add((NeutronFirewallPolicy) rules);
122 //TODO: apply pagination to results
123 return Response.status(200).entity(
124 new NeutronFirewallPolicyRequest(ans)).build();
128 * Returns a specific Firewall Policy */
130 @Path("{firewallPolicyUUID}")
132 @Produces({ MediaType.APPLICATION_JSON })
134 @ResponseCode(code = 200, condition = "Operation successful"),
135 @ResponseCode(code = 401, condition = "Unauthorized"),
136 @ResponseCode(code = 404, condition = "Not Found"),
137 @ResponseCode(code = 501, condition = "Not Implemented") })
138 public Response showFirewallPolicy(@PathParam("firewallPolicyUUID") String firewallPolicyUUID,
140 @QueryParam("fields") List<String> fields) {
141 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
142 if (firewallPolicyInterface == null) {
143 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
144 + RestMessages.SERVICEUNAVAILABLE.toString());
146 if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
147 throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
149 if (fields.size() > 0) {
150 NeutronFirewallPolicy ans = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
151 return Response.status(200).entity(
152 new NeutronFirewallPolicyRequest(extractFields(ans, fields))).build();
154 return Response.status(200).entity(new NeutronFirewallPolicyRequest(firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID))).build();
159 * Creates new Firewall Policy
162 @Produces({ MediaType.APPLICATION_JSON })
163 @Consumes({ MediaType.APPLICATION_JSON })
165 @ResponseCode(code = 201, condition = "Created"),
166 @ResponseCode(code = 400, condition = "Bad Request"),
167 @ResponseCode(code = 401, condition = "Unauthorized"),
168 @ResponseCode(code = 403, condition = "Forbidden"),
169 @ResponseCode(code = 404, condition = "Not Found"),
170 @ResponseCode(code = 409, condition = "Conflict"),
171 @ResponseCode(code = 501, condition = "Not Implemented") })
172 public Response createFirewallPolicies(final NeutronFirewallPolicyRequest input) {
173 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
174 if (firewallPolicyInterface == null) {
175 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
176 + RestMessages.SERVICEUNAVAILABLE.toString());
178 if (input.isSingleton()) {
179 NeutronFirewallPolicy singleton = input.getSingleton();
182 * Verify that the Firewall Policy doesn't already exist.
184 if (firewallPolicyInterface.neutronFirewallPolicyExists(singleton.getFirewallPolicyUUID())) {
185 throw new BadRequestException("Firewall Policy UUID already exists");
187 firewallPolicyInterface.addNeutronFirewallPolicy(singleton);
189 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
190 if (instances != null) {
191 for (Object instance : instances) {
192 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
193 int status = service.canCreateNeutronFirewallPolicy(singleton);
194 if (status < 200 || status > 299) {
195 return Response.status(status).build();
199 firewallPolicyInterface.addNeutronFirewallPolicy(singleton);
200 if (instances != null) {
201 for (Object instance : instances) {
202 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
203 service.neutronFirewallPolicyCreated(singleton);
207 List<NeutronFirewallPolicy> bulk = input.getBulk();
208 Iterator<NeutronFirewallPolicy> i = bulk.iterator();
209 HashMap<String, NeutronFirewallPolicy> testMap = new HashMap<String, NeutronFirewallPolicy>();
210 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
211 while (i.hasNext()) {
212 NeutronFirewallPolicy test = i.next();
215 * Verify that the firewall policy doesn't already exist
218 if (firewallPolicyInterface.neutronFirewallPolicyExists(test.getFirewallPolicyUUID())) {
219 throw new BadRequestException("Firewall Policy UUID already is already created");
221 if (testMap.containsKey(test.getFirewallPolicyUUID())) {
222 throw new BadRequestException("Firewall Policy UUID already exists");
224 if (instances != null) {
225 for (Object instance : instances) {
226 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
227 int status = service.canCreateNeutronFirewallPolicy(test);
228 if (status < 200 || status > 299) {
229 return Response.status(status).build();
235 * now, each element of the bulk request can be added to the cache
238 while (i.hasNext()) {
239 NeutronFirewallPolicy test = i.next();
240 firewallPolicyInterface.addNeutronFirewallPolicy(test);
241 if (instances != null) {
242 for (Object instance : instances) {
243 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
244 service.neutronFirewallPolicyCreated(test);
249 return Response.status(201).entity(input).build();
253 * Updates a Firewall Policy
255 @Path("{firewallPolicyUUID}")
257 @Produces({ MediaType.APPLICATION_JSON })
258 @Consumes({ MediaType.APPLICATION_JSON })
259 //@TypeHint(OpenStackSubnets.class)
261 @ResponseCode(code = 200, condition = "Operation successful"),
262 @ResponseCode(code = 400, condition = "Bad Request"),
263 @ResponseCode(code = 401, condition = "Unauthorized"),
264 @ResponseCode(code = 403, condition = "Forbidden"),
265 @ResponseCode(code = 404, condition = "Not Found"),
266 @ResponseCode(code = 501, condition = "Not Implemented") })
267 public Response updateFirewallPolicy(
268 @PathParam("firewallPolicyUUID") String firewallPolicyUUID, final NeutronFirewallPolicyRequest input) {
269 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
270 if (firewallPolicyInterface == null) {
271 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
272 + RestMessages.SERVICEUNAVAILABLE.toString());
276 * verify the Firewall Policy exists and there is only one delta provided
278 if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
279 throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
281 if (!input.isSingleton()) {
282 throw new BadRequestException("Only singleton edit supported");
284 NeutronFirewallPolicy delta = input.getSingleton();
285 NeutronFirewallPolicy original = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
288 * updates restricted by Neutron
290 if (delta.getFirewallPolicyUUID() != null ||
291 delta.getFirewallPolicyTenantID() != null ||
292 delta.getFirewallPolicyName() != null ||
293 delta.getFirewallPolicyDescription() != null ||
294 delta.getFirewallPolicyIsShared() != null ||
295 delta.getFirewallPolicyRules().size() > 0 ||
296 delta.getFirewallPolicyIsAudited() != null) {
297 throw new BadRequestException("Attribute edit blocked by Neutron");
300 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
301 if (instances != null) {
302 for (Object instance : instances) {
303 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
304 int status = service.canUpdateNeutronFirewallPolicy(delta, original);
305 if (status < 200 || status > 299) {
306 return Response.status(status).build();
312 * update the object and return it
314 firewallPolicyInterface.updateNeutronFirewallPolicy(firewallPolicyUUID, delta);
315 NeutronFirewallPolicy updatedFirewallPolicy = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
316 if (instances != null) {
317 for (Object instance : instances) {
318 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
319 service.neutronFirewallPolicyUpdated(updatedFirewallPolicy);
322 return Response.status(200).entity(new NeutronFirewallPolicyRequest(firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID))).build();
326 * Deletes a Firewall Policy */
328 @Path("{firewallPolicyUUID}")
331 @ResponseCode(code = 204, condition = "No Content"),
332 @ResponseCode(code = 401, condition = "Unauthorized"),
333 @ResponseCode(code = 404, condition = "Not Found"),
334 @ResponseCode(code = 409, condition = "Conflict"),
335 @ResponseCode(code = 501, condition = "Not Implemented") })
336 public Response deleteFirewallPolicy(
337 @PathParam("firewallPolicyUUID") String firewallPolicyUUID) {
338 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
339 if (firewallPolicyInterface == null) {
340 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
341 + RestMessages.SERVICEUNAVAILABLE.toString());
345 * verify the Firewall Policy exists and it isn't currently in use
347 if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
348 throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
350 if (firewallPolicyInterface.neutronFirewallPolicyInUse(firewallPolicyUUID)) {
351 return Response.status(409).build();
353 NeutronFirewallPolicy singleton = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
354 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
355 if (instances != null) {
356 for (Object instance : instances) {
357 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
358 int status = service.canDeleteNeutronFirewallPolicy(singleton);
359 if (status < 200 || status > 299) {
360 return Response.status(status).build();
365 firewallPolicyInterface.removeNeutronFirewallPolicy(firewallPolicyUUID);
366 if (instances != null) {
367 for (Object instance : instances) {
368 INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
369 service.neutronFirewallPolicyDeleted(singleton);
372 return Response.status(204).build();