2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.controller.networkconfig.neutron.northbound;
12 import org.codehaus.enunciate.jaxrs.ResponseCode;
13 import org.codehaus.enunciate.jaxrs.StatusCodes;
14 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyCRUD;
15 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallRuleAware;
16 import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallRuleCRUD;
17 import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
18 import org.opendaylight.controller.networkconfig.neutron.NeutronFirewallRule;
19 import org.opendaylight.controller.northbound.commons.RestMessages;
20 import org.opendaylight.controller.northbound.commons.exception.BadRequestException;
21 import org.opendaylight.controller.northbound.commons.exception.ResourceNotFoundException;
22 import org.opendaylight.controller.northbound.commons.exception.ServiceUnavailableException;
23 import org.opendaylight.controller.sal.utils.ServiceHelper;
25 import javax.ws.rs.Consumes;
26 import javax.ws.rs.DELETE;
27 import javax.ws.rs.GET;
28 import javax.ws.rs.POST;
29 import javax.ws.rs.PUT;
30 import javax.ws.rs.Path;
31 import javax.ws.rs.PathParam;
32 import javax.ws.rs.Produces;
33 import javax.ws.rs.QueryParam;
34 import javax.ws.rs.core.MediaType;
35 import javax.ws.rs.core.Response;
36 import java.util.ArrayList;
37 import java.util.HashMap;
38 import java.util.Iterator;
39 import java.util.List;
42 * Neutron Northbound REST APIs for Firewall Rule.<br>
43 * This class provides REST APIs for managing neutron Firewall Rule
47 * Authentication scheme : <b>HTTP Basic</b><br>
48 * Authentication realm : <b>opendaylight</b><br>
49 * Transport : <b>HTTP and HTTPS</b><br>
51 * HTTPS Authentication is disabled by default. Administrator can enable it in
52 * tomcat-server.xml after adding a proper keystore / SSL certificate from a
53 * trusted authority.<br>
55 * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
58 @Path("fw/firewalls_rules")
59 public class NeutronFirewallRulesNorthbound {
61 private NeutronFirewallRule extractFields(NeutronFirewallRule o, List<String> fields) {
62 return o.extractFields(fields);
66 * Returns a list of all Firewall Rules
69 @Produces({MediaType.APPLICATION_JSON})
71 @ResponseCode(code = 200, condition = "Operation successful"),
72 @ResponseCode(code = 401, condition = "Unauthorized"),
73 @ResponseCode(code = 501, condition = "Not Implemented")})
74 public Response listRules(
76 @QueryParam("fields") List<String> fields,
77 // OpenStack firewall rule attributes
78 @QueryParam("id") String queryFirewallRuleUUID,
79 @QueryParam("tenant_id") String queryFirewallRuleTenantID,
80 @QueryParam("name") String queryFirewallRuleName,
81 @QueryParam("description") String queryFirewallRuleDescription,
82 @QueryParam("admin_state_up") Boolean queryFirewallRuleAdminStateIsUp,
83 @QueryParam("status") String queryFirewallRuleStatus,
84 @QueryParam("shared") Boolean queryFirewallRuleIsShared,
85 @QueryParam("firewall_policy_id") String queryFirewallRulePolicyID,
86 @QueryParam("protocol") String queryFirewallRuleProtocol,
87 @QueryParam("ip_version") Integer queryFirewallRuleIpVer,
88 @QueryParam("source_ip_address") String queryFirewallRuleSrcIpAddr,
89 @QueryParam("destination_ip_address") String queryFirewallRuleDstIpAddr,
90 @QueryParam("source_port") Integer queryFirewallRuleSrcPort,
91 @QueryParam("destination_port") Integer queryFirewallRuleDstPort,
92 @QueryParam("position") Integer queryFirewallRulePosition,
93 @QueryParam("action") String queryFirewallRuleAction,
94 @QueryParam("enabled") Boolean queryFirewallRuleIsEnabled,
96 @QueryParam("limit") String limit,
97 @QueryParam("marker") String marker,
98 @QueryParam("page_reverse") String pageReverse
99 // sorting not supported
101 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
102 if (firewallRuleInterface == null) {
103 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
104 + RestMessages.SERVICEUNAVAILABLE.toString());
106 List<NeutronFirewallRule> allFirewallRules = firewallRuleInterface.getAllNeutronFirewallRules();
107 List<NeutronFirewallRule> ans = new ArrayList<NeutronFirewallRule>();
108 Iterator<NeutronFirewallRule> i = allFirewallRules.iterator();
109 while (i.hasNext()) {
110 NeutronFirewallRule nsr = i.next();
111 if ((queryFirewallRuleUUID == null ||
112 queryFirewallRuleUUID.equals(nsr.getFirewallRuleUUID())) &&
113 (queryFirewallRuleTenantID == null ||
114 queryFirewallRuleTenantID.equals(nsr.getFirewallRuleTenantID())) &&
115 (queryFirewallRuleName == null ||
116 queryFirewallRuleName.equals(nsr.getFirewallRuleName())) &&
117 (queryFirewallRuleDescription == null ||
118 queryFirewallRuleDescription.equals(nsr.getFirewallRuleDescription())) &&
119 (queryFirewallRuleAdminStateIsUp == null ||
120 queryFirewallRuleAdminStateIsUp.equals(nsr.getFirewallRuleAdminStateIsUp())) &&
121 (queryFirewallRuleStatus == null ||
122 queryFirewallRuleStatus.equals(nsr.getFirewallRuleStatus())) &&
123 (queryFirewallRuleIsShared == null ||
124 queryFirewallRuleIsShared.equals(nsr.getFirewallRuleIsShared())) &&
125 (queryFirewallRulePolicyID == null ||
126 queryFirewallRulePolicyID.equals(nsr.getFirewallRulePolicyID())) &&
127 (queryFirewallRuleProtocol == null ||
128 queryFirewallRuleProtocol.equals(nsr.getFirewallRuleProtocol())) &&
129 (queryFirewallRuleIpVer == null ||
130 queryFirewallRuleIpVer.equals(nsr.getFirewallRuleIpVer())) &&
131 (queryFirewallRuleSrcIpAddr == null ||
132 queryFirewallRuleSrcIpAddr.equals(nsr.getFirewallRuleSrcIpAddr())) &&
133 (queryFirewallRuleDstIpAddr == null ||
134 queryFirewallRuleDstIpAddr.equals(nsr.getFirewallRuleDstIpAddr())) &&
135 (queryFirewallRuleSrcPort == null ||
136 queryFirewallRuleSrcPort.equals(nsr.getFirewallRuleSrcPort())) &&
137 (queryFirewallRuleDstPort == null ||
138 queryFirewallRuleDstPort.equals(nsr.getFirewallRuleDstPort())) &&
139 (queryFirewallRulePosition == null ||
140 queryFirewallRulePosition.equals(nsr.getFirewallRulePosition())) &&
141 (queryFirewallRuleAction == null ||
142 queryFirewallRuleAction.equals(nsr.getFirewallRuleAction())) &&
143 (queryFirewallRuleIsEnabled == null ||
144 queryFirewallRuleIsEnabled.equals(nsr.getFirewallRuleIsEnabled()))) {
145 if (fields.size() > 0) {
146 ans.add(extractFields(nsr, fields));
152 //TODO: apply pagination to results
153 return Response.status(200).entity(
154 new NeutronFirewallRuleRequest(ans)).build();
158 * Returns a specific Firewall Rule
161 @Path("{firewallRuleUUID}")
163 @Produces({MediaType.APPLICATION_JSON})
165 @ResponseCode(code = 200, condition = "Operation successful"),
166 @ResponseCode(code = 401, condition = "Unauthorized"),
167 @ResponseCode(code = 404, condition = "Not Found"),
168 @ResponseCode(code = 501, condition = "Not Implemented")})
169 public Response showFirewallRule(@PathParam("firewallRuleUUID") String firewallRuleUUID,
171 @QueryParam("fields") List<String> fields) {
172 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
173 if (firewallRuleInterface == null) {
174 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
175 + RestMessages.SERVICEUNAVAILABLE.toString());
177 if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
178 throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
180 if (fields.size() > 0) {
181 NeutronFirewallRule ans = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
182 return Response.status(200).entity(
183 new NeutronFirewallRuleRequest(extractFields(ans, fields))).build();
185 return Response.status(200)
186 .entity(new NeutronFirewallRuleRequest(
187 firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID)))
193 * Creates new Firewall Rule
197 @Produces({MediaType.APPLICATION_JSON})
198 @Consumes({MediaType.APPLICATION_JSON})
200 @ResponseCode(code = 201, condition = "Created"),
201 @ResponseCode(code = 400, condition = "Bad Request"),
202 @ResponseCode(code = 401, condition = "Unauthorized"),
203 @ResponseCode(code = 403, condition = "Forbidden"),
204 @ResponseCode(code = 404, condition = "Not Found"),
205 @ResponseCode(code = 409, condition = "Conflict"),
206 @ResponseCode(code = 501, condition = "Not Implemented")})
207 public Response createFirewallRules(final NeutronFirewallRuleRequest input) {
208 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
209 if (firewallRuleInterface == null) {
210 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
211 + RestMessages.SERVICEUNAVAILABLE.toString());
213 INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
214 if (firewallPolicyInterface == null) {
215 throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
216 + RestMessages.SERVICEUNAVAILABLE.toString());
219 if (input.isSingleton()) {
220 NeutronFirewallRule singleton = input.getSingleton();
221 if (firewallRuleInterface.neutronFirewallRuleExists(singleton.getFirewallRuleUUID())) {
222 throw new BadRequestException("Firewall Rule UUID already exists");
224 firewallRuleInterface.addNeutronFirewallRule(singleton);
225 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
226 if (instances != null) {
227 for (Object instance : instances) {
228 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
229 int status = service.canCreateNeutronFirewallRule(singleton);
230 if (status < 200 || status > 299) {
231 return Response.status(status).build();
236 singleton.initDefaults();
237 firewallRuleInterface.addNeutronFirewallRule(singleton);
238 if (instances != null) {
239 for (Object instance : instances) {
240 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
241 service.neutronFirewallRuleCreated(singleton);
245 List<NeutronFirewallRule> bulk = input.getBulk();
246 Iterator<NeutronFirewallRule> i = bulk.iterator();
247 HashMap<String, NeutronFirewallRule> testMap = new HashMap<String, NeutronFirewallRule>();
248 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
249 while (i.hasNext()) {
250 NeutronFirewallRule test = i.next();
253 * Verify that the Firewall rule doesn't already exist
256 if (firewallRuleInterface.neutronFirewallRuleExists(test.getFirewallRuleUUID())) {
257 throw new BadRequestException("Firewall Rule UUID already exists");
259 if (testMap.containsKey(test.getFirewallRuleUUID())) {
260 throw new BadRequestException("Firewall Rule UUID already exists");
262 if (instances != null) {
263 for (Object instance : instances) {
264 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
265 int status = service.canCreateNeutronFirewallRule(test);
266 if (status < 200 || status > 299) {
267 return Response.status(status).build();
273 * now, each element of the bulk request can be added to the cache
276 while (i.hasNext()) {
277 NeutronFirewallRule test = i.next();
278 firewallRuleInterface.addNeutronFirewallRule(test);
279 if (instances != null) {
280 for (Object instance : instances) {
281 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
282 service.neutronFirewallRuleCreated(test);
287 return Response.status(201).entity(input).build();
291 * Updates a Firewall Rule
293 @Path("{firewallRuleUUID}")
295 @Produces({MediaType.APPLICATION_JSON})
296 @Consumes({MediaType.APPLICATION_JSON})
298 @ResponseCode(code = 200, condition = "Operation successful"),
299 @ResponseCode(code = 400, condition = "Bad Request"),
300 @ResponseCode(code = 401, condition = "Unauthorized"),
301 @ResponseCode(code = 403, condition = "Forbidden"),
302 @ResponseCode(code = 404, condition = "Not Found"),
303 @ResponseCode(code = 501, condition = "Not Implemented")})
304 public Response updateFirewallRule(
305 @PathParam("firewallRuleUUID") String firewallRuleUUID, final NeutronFirewallRuleRequest input) {
306 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
307 if (firewallRuleInterface == null) {
308 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
309 + RestMessages.SERVICEUNAVAILABLE.toString());
312 * verify the Firewall Rule exists
314 if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
315 throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
317 if (!input.isSingleton()) {
318 throw new BadRequestException("Only singleton edit supported");
320 NeutronFirewallRule delta = input.getSingleton();
321 NeutronFirewallRule original = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
324 * updates restricted by Neutron
327 if (delta.getFirewallRuleUUID() != null ||
328 delta.getFirewallRuleTenantID() != null ||
329 delta.getFirewallRuleName() != null ||
330 delta.getFirewallRuleDescription() != null ||
331 delta.getFirewallRuleAdminStateIsUp() != null ||
332 delta.getFirewallRuleStatus() != null ||
333 delta.getFirewallRuleIsShared() != null ||
334 delta.getFirewallRulePolicyID() != null ||
335 delta.getFirewallRuleProtocol() != null ||
336 delta.getFirewallRuleIpVer() != null ||
337 delta.getFirewallRuleSrcIpAddr() != null ||
338 delta.getFirewallRuleDstIpAddr() != null ||
339 delta.getFirewallRuleSrcPort() != null ||
340 delta.getFirewallRuleDstPort() != null ||
341 delta.getFirewallRulePosition() != null ||
342 delta.getFirewallRuleAction() != null ||
343 delta.getFirewallRuleIsEnabled() != null) {
344 throw new BadRequestException("Attribute edit blocked by Neutron");
347 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
348 if (instances != null) {
349 for (Object instance : instances) {
350 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
351 int status = service.canUpdateNeutronFirewallRule(delta, original);
352 if (status < 200 || status > 299) {
353 return Response.status(status).build();
359 * update the object and return it
361 firewallRuleInterface.updateNeutronFirewallRule(firewallRuleUUID, delta);
362 NeutronFirewallRule updatedFirewallRule = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
363 if (instances != null) {
364 for (Object instance : instances) {
365 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
366 service.neutronFirewallRuleUpdated(updatedFirewallRule);
369 return Response.status(200)
370 .entity(new NeutronFirewallRuleRequest(firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID)))
375 * Deletes a Firewall Rule
378 @Path("{firewallRuleUUID}")
381 @ResponseCode(code = 204, condition = "No Content"),
382 @ResponseCode(code = 401, condition = "Unauthorized"),
383 @ResponseCode(code = 404, condition = "Not Found"),
384 @ResponseCode(code = 409, condition = "Conflict"),
385 @ResponseCode(code = 501, condition = "Not Implemented")})
386 public Response deleteFirewallRule(
387 @PathParam("firewallRuleUUID") String firewallRuleUUID) {
388 INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
389 if (firewallRuleInterface == null) {
390 throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
391 + RestMessages.SERVICEUNAVAILABLE.toString());
395 * verify the Firewall Rule exists and it isn't currently in use
397 if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
398 throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
400 if (firewallRuleInterface.neutronFirewallRuleInUse(firewallRuleUUID)) {
401 return Response.status(409).build();
403 NeutronFirewallRule singleton = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
404 Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
405 if (instances != null) {
406 for (Object instance : instances) {
407 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
408 int status = service.canDeleteNeutronFirewallRule(singleton);
409 if (status < 200 || status > 299) {
410 return Response.status(status).build();
416 * remove it and return 204 status
418 firewallRuleInterface.removeNeutronFirewallRule(firewallRuleUUID);
419 if (instances != null) {
420 for (Object instance : instances) {
421 INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
422 service.neutronFirewallRuleDeleted(singleton);
425 return Response.status(204).build();