2 * Copyright (C) 2014 Red Hat, Inc.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
10 package org.opendaylight.controller.networkconfig.neutron.northbound;
13 import java.util.ArrayList;
14 import java.util.HashMap;
15 import java.util.Iterator;
16 import java.util.List;
17 import javax.ws.rs.Consumes;
18 import javax.ws.rs.DELETE;
19 import javax.ws.rs.GET;
20 import javax.ws.rs.POST;
21 import javax.ws.rs.PUT;
22 import javax.ws.rs.Path;
23 import javax.ws.rs.PathParam;
24 import javax.ws.rs.Produces;
25 import javax.ws.rs.QueryParam;
26 import javax.ws.rs.core.MediaType;
27 import javax.ws.rs.core.Response;
29 import org.codehaus.enunciate.jaxrs.ResponseCode;
30 import org.codehaus.enunciate.jaxrs.StatusCodes;
31 import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityGroupCRUD;
32 import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityRuleAware;
33 import org.opendaylight.controller.networkconfig.neutron.INeutronSecurityRuleCRUD;
34 import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
35 import org.opendaylight.controller.networkconfig.neutron.NeutronSecurityRule;
36 import org.opendaylight.controller.northbound.commons.RestMessages;
37 import org.opendaylight.controller.northbound.commons.exception.BadRequestException;
38 import org.opendaylight.controller.northbound.commons.exception.ResourceNotFoundException;
39 import org.opendaylight.controller.northbound.commons.exception.ServiceUnavailableException;
40 import org.opendaylight.controller.sal.utils.ServiceHelper;
41 import org.slf4j.Logger;
42 import org.slf4j.LoggerFactory;
45 * Neutron Northbound REST APIs for Security Rule.<br>
46 * This class provides REST APIs for managing neutron Security Rule
50 * Authentication scheme : <b>HTTP Basic</b><br>
51 * Authentication realm : <b>opendaylight</b><br>
52 * Transport : <b>HTTP and HTTPS</b><br>
54 * HTTPS Authentication is disabled by default. Administrator can enable it in
55 * tomcat-server.xml after adding a proper keystore / SSL certificate from a
56 * trusted authority.<br>
58 * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
61 @Path ("/security-group-rules")
62 public class NeutronSecurityRulesNorthbound {
63 static final Logger logger = LoggerFactory.getLogger(NeutronSecurityRulesNorthbound.class);
65 private NeutronSecurityRule extractFields(NeutronSecurityRule o, List<String> fields) {
66 return o.extractFields(fields);
70 * Returns a list of all Security Rules
73 @Produces ({MediaType.APPLICATION_JSON})
75 @ResponseCode (code = 200, condition = "Operation successful"),
76 @ResponseCode (code = 401, condition = "Unauthorized"),
77 @ResponseCode (code = 501, condition = "Not Implemented")})
78 public Response listRules(
80 @QueryParam ("fields") List<String> fields,
81 // OpenStack security rule attributes
82 @QueryParam ("id") String querySecurityRuleUUID,
83 @QueryParam ("direction") String querySecurityRuleDirection,
84 @QueryParam ("protocol") String querySecurityRuleProtocol,
85 @QueryParam ("port_range_min") Integer querySecurityRulePortMin,
86 @QueryParam ("port_range_max") Integer querySecurityRulePortMax,
87 @QueryParam ("ethertype") String querySecurityRuleEthertype,
88 @QueryParam ("remote_ip_prefix") String querySecurityRuleIpPrefix,
89 @QueryParam ("remote_group_id") String querySecurityRemoteGroupID,
90 @QueryParam ("security_group_id") String querySecurityRuleGroupID,
91 @QueryParam ("tenant_id") String querySecurityRuleTenantID,
92 @QueryParam ("limit") String limit,
93 @QueryParam ("marker") String marker,
94 @QueryParam ("page_reverse") String pageReverse
96 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
97 if (securityRuleInterface == null) {
98 throw new ServiceUnavailableException("Security Rule CRUD Interface "
99 + RestMessages.SERVICEUNAVAILABLE.toString());
101 List<NeutronSecurityRule> allSecurityRules = securityRuleInterface.getAllNeutronSecurityRules();
102 List<NeutronSecurityRule> ans = new ArrayList<NeutronSecurityRule>();
103 Iterator<NeutronSecurityRule> i = allSecurityRules.iterator();
104 while (i.hasNext()) {
105 NeutronSecurityRule nsr = i.next();
106 if ((querySecurityRuleUUID == null ||
107 querySecurityRuleUUID.equals(nsr.getSecurityRuleUUID())) &&
108 (querySecurityRuleDirection == null ||
109 querySecurityRuleDirection.equals(nsr.getSecurityRuleDirection())) &&
110 (querySecurityRuleProtocol == null ||
111 querySecurityRuleProtocol.equals(nsr.getSecurityRuleProtocol())) &&
112 (querySecurityRulePortMin == null ||
113 querySecurityRulePortMin.equals(nsr.getSecurityRulePortMin())) &&
114 (querySecurityRulePortMax == null ||
115 querySecurityRulePortMax.equals(nsr.getSecurityRulePortMax())) &&
116 (querySecurityRuleEthertype == null ||
117 querySecurityRuleEthertype.equals(nsr.getSecurityRuleEthertype())) &&
118 (querySecurityRuleIpPrefix == null ||
119 querySecurityRuleIpPrefix.equals(nsr.getSecurityRuleRemoteIpPrefix())) &&
120 (querySecurityRuleGroupID == null ||
121 querySecurityRuleGroupID.equals(nsr.getSecurityRuleGroupID())) &&
122 (querySecurityRemoteGroupID == null ||
123 querySecurityRemoteGroupID.equals(nsr.getSecurityRemoteGroupID())) &&
124 (querySecurityRuleTenantID == null ||
125 querySecurityRuleTenantID.equals(nsr.getSecurityRuleTenantID()))) {
126 if (fields.size() > 0) {
127 ans.add(extractFields(nsr, fields));
133 return Response.status(200).entity(
134 new NeutronSecurityRuleRequest(ans)).build();
138 * Returns a specific Security Rule
141 @Path ("{securityRuleUUID}")
143 @Produces ({MediaType.APPLICATION_JSON})
145 @ResponseCode (code = 200, condition = "Operation successful"),
146 @ResponseCode (code = 401, condition = "Unauthorized"),
147 @ResponseCode (code = 404, condition = "Not Found"),
148 @ResponseCode (code = 501, condition = "Not Implemented")})
149 public Response showSecurityRule(@PathParam ("securityRuleUUID") String securityRuleUUID,
151 @QueryParam ("fields") List<String> fields) {
152 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
153 if (securityRuleInterface == null) {
154 throw new ServiceUnavailableException("Security Rule CRUD Interface "
155 + RestMessages.SERVICEUNAVAILABLE.toString());
157 if (!securityRuleInterface.neutronSecurityRuleExists(securityRuleUUID)) {
158 throw new ResourceNotFoundException("Security Rule UUID does not exist.");
160 if (!fields.isEmpty()) {
161 NeutronSecurityRule ans = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
162 return Response.status(200).entity(
163 new NeutronSecurityRuleRequest(extractFields(ans, fields))).build();
165 return Response.status(200).entity(new NeutronSecurityRuleRequest(securityRuleInterface.getNeutronSecurityRule(securityRuleUUID))).build();
170 * Creates new Security Rule
174 @Produces ({MediaType.APPLICATION_JSON})
175 @Consumes ({MediaType.APPLICATION_JSON})
177 @ResponseCode (code = 201, condition = "Created"),
178 @ResponseCode (code = 400, condition = "Bad Request"),
179 @ResponseCode (code = 401, condition = "Unauthorized"),
180 @ResponseCode (code = 403, condition = "Forbidden"),
181 @ResponseCode (code = 404, condition = "Not Found"),
182 @ResponseCode (code = 409, condition = "Conflict"),
183 @ResponseCode (code = 501, condition = "Not Implemented")})
184 public Response createSecurityRules(final NeutronSecurityRuleRequest input) {
185 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
186 if (securityRuleInterface == null) {
187 throw new ServiceUnavailableException("Security Rule CRUD Interface "
188 + RestMessages.SERVICEUNAVAILABLE.toString());
190 INeutronSecurityGroupCRUD securityGroupInterface = NeutronCRUDInterfaces.getINeutronSecurityGroupCRUD(this);
191 if (securityGroupInterface == null) {
192 throw new ServiceUnavailableException("Security Group CRUD Interface "
193 + RestMessages.SERVICEUNAVAILABLE.toString());
197 * Existing entry checks
200 if (input.isSingleton()) {
201 NeutronSecurityRule singleton = input.getSingleton();
203 if (securityRuleInterface.neutronSecurityRuleExists(singleton.getSecurityRuleUUID())) {
204 throw new BadRequestException("Security Rule UUID already exists");
206 Object[] instances = ServiceHelper.getGlobalInstances(INeutronSecurityRuleAware.class, this, null);
207 if (instances != null) {
208 for (Object instance : instances) {
209 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
210 int status = service.canCreateNeutronSecurityRule(singleton);
211 if ((status < 200) || (status > 299)) {
212 return Response.status(status).build();
218 singleton.initDefaults();
219 securityRuleInterface.addNeutronSecurityRule(singleton);
220 if (instances != null) {
221 for (Object instance : instances) {
222 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
223 service.neutronSecurityRuleCreated(singleton);
227 securityRuleInterface.addNeutronSecurityRule(singleton);
228 if (instances != null) {
229 for (Object instance : instances) {
230 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
231 service.neutronSecurityRuleCreated(singleton);
235 List<NeutronSecurityRule> bulk = input.getBulk();
236 Iterator<NeutronSecurityRule> i = bulk.iterator();
237 HashMap<String, NeutronSecurityRule> testMap = new HashMap<String, NeutronSecurityRule>();
238 Object[] instances = ServiceHelper.getGlobalInstances(INeutronSecurityRuleAware.class, this, null);
239 while (i.hasNext()) {
240 NeutronSecurityRule test = i.next();
243 * Verify that the security rule doesn't already exist
246 if (securityRuleInterface.neutronSecurityRuleExists(test.getSecurityRuleUUID())) {
247 throw new BadRequestException("Security Rule UUID already exists");
249 if (testMap.containsKey(test.getSecurityRuleUUID())) {
250 throw new BadRequestException("Security Rule UUID already exists");
252 if (instances != null) {
253 for (Object instance : instances) {
254 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
255 int status = service.canCreateNeutronSecurityRule(test);
256 if ((status < 200) || (status > 299)) {
257 return Response.status(status).build();
264 * now, each element of the bulk request can be added to the cache
267 while (i.hasNext()) {
268 NeutronSecurityRule test = i.next();
269 securityRuleInterface.addNeutronSecurityRule(test);
270 if (instances != null) {
271 for (Object instance : instances) {
272 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
273 service.neutronSecurityRuleCreated(test);
278 return Response.status(201).entity(input).build();
282 * Updates a Security Rule
285 @Path ("{securityRuleUUID}")
287 @Produces ({MediaType.APPLICATION_JSON})
288 @Consumes ({MediaType.APPLICATION_JSON})
290 @ResponseCode (code = 200, condition = "Operation successful"),
291 @ResponseCode (code = 400, condition = "Bad Request"),
292 @ResponseCode (code = 401, condition = "Unauthorized"),
293 @ResponseCode (code = 403, condition = "Forbidden"),
294 @ResponseCode (code = 404, condition = "Not Found"),
295 @ResponseCode (code = 501, condition = "Not Implemented")})
296 public Response updateSecurityRule(
297 @PathParam ("securityRuleUUID") String securityRuleUUID, final NeutronSecurityRuleRequest input) {
298 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
299 if (securityRuleInterface == null) {
300 throw new ServiceUnavailableException("Security Rule CRUD Interface "
301 + RestMessages.SERVICEUNAVAILABLE.toString());
305 * verify the Security Rule exists and there is only one delta provided
307 if (!securityRuleInterface.neutronSecurityRuleExists(securityRuleUUID)) {
308 throw new ResourceNotFoundException("Security Rule UUID does not exist.");
310 if (!input.isSingleton()) {
311 throw new BadRequestException("Only singleton edit supported");
313 NeutronSecurityRule delta = input.getSingleton();
314 NeutronSecurityRule original = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
317 * updates restricted by Neutron
320 if (delta.getSecurityRuleUUID() != null ||
321 delta.getSecurityRuleDirection() != null ||
322 delta.getSecurityRuleProtocol() != null ||
323 delta.getSecurityRulePortMin() != null ||
324 delta.getSecurityRulePortMax() != null ||
325 delta.getSecurityRuleEthertype() != null ||
326 delta.getSecurityRuleRemoteIpPrefix() != null ||
327 delta.getSecurityRuleGroupID() != null ||
328 delta.getSecurityRemoteGroupID() != null ||
329 delta.getSecurityRuleTenantID() != null) {
330 throw new BadRequestException("Attribute edit blocked by Neutron");
333 Object[] instances = ServiceHelper.getGlobalInstances(INeutronSecurityRuleAware.class, this, null);
334 if (instances != null) {
335 for (Object instance : instances) {
336 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
337 int status = service.canUpdateNeutronSecurityRule(delta, original);
338 if (status < 200 || status > 299) {
339 return Response.status(status).build();
345 * update the object and return it
347 securityRuleInterface.updateNeutronSecurityRule(securityRuleUUID, delta);
348 NeutronSecurityRule updatedSecurityRule = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
349 if (instances != null) {
350 for (Object instance : instances) {
351 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
352 service.neutronSecurityRuleUpdated(updatedSecurityRule);
355 return Response.status(200).entity(new NeutronSecurityRuleRequest(securityRuleInterface.getNeutronSecurityRule(securityRuleUUID))).build();
359 * Deletes a Security Rule
362 @Path ("{securityRuleUUID}")
365 @ResponseCode (code = 204, condition = "No Content"),
366 @ResponseCode (code = 401, condition = "Unauthorized"),
367 @ResponseCode (code = 404, condition = "Not Found"),
368 @ResponseCode (code = 409, condition = "Conflict"),
369 @ResponseCode (code = 501, condition = "Not Implemented")})
370 public Response deleteSecurityRule(
371 @PathParam ("securityRuleUUID") String securityRuleUUID) {
372 INeutronSecurityRuleCRUD securityRuleInterface = NeutronCRUDInterfaces.getINeutronSecurityRuleCRUD(this);
373 if (securityRuleInterface == null) {
374 throw new ServiceUnavailableException("Security Rule CRUD Interface "
375 + RestMessages.SERVICEUNAVAILABLE.toString());
379 * verify the Security Rule exists and it isn't currently in use
381 if (!securityRuleInterface.neutronSecurityRuleExists(securityRuleUUID)) {
382 throw new ResourceNotFoundException("Security Rule UUID does not exist.");
384 if (securityRuleInterface.neutronSecurityRuleInUse(securityRuleUUID)) {
385 return Response.status(409).build();
387 NeutronSecurityRule singleton = securityRuleInterface.getNeutronSecurityRule(securityRuleUUID);
388 Object[] instances = ServiceHelper.getGlobalInstances(INeutronSecurityRuleAware.class, this, null);
389 if (instances != null) {
390 for (Object instance : instances) {
391 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
392 int status = service.canDeleteNeutronSecurityRule(singleton);
393 if (status < 200 || status > 299) {
394 return Response.status(status).build();
400 * remove it and return 204 status
402 securityRuleInterface.removeNeutronSecurityRule(securityRuleUUID);
403 if (instances != null) {
404 for (Object instance : instances) {
405 INeutronSecurityRuleAware service = (INeutronSecurityRuleAware) instance;
406 service.neutronSecurityRuleDeleted(singleton);
409 return Response.status(204).build();