2 * Copyright (c) 2013, 2015 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.netvirt.openstack.netvirt;
11 import java.net.HttpURLConnection;
12 import java.util.ArrayList;
13 import java.util.List;
15 import org.opendaylight.netvirt.openstack.netvirt.translator.iaware.INeutronSecurityRuleAware;
16 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronPort;
17 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityGroup;
18 import org.opendaylight.netvirt.openstack.netvirt.translator.NeutronSecurityRule;
19 import org.opendaylight.netvirt.openstack.netvirt.translator.Neutron_IPs;
20 import org.opendaylight.netvirt.openstack.netvirt.translator.crud.INeutronPortCRUD;
21 import org.opendaylight.netvirt.openstack.netvirt.translator.iaware.INeutronSecurityGroupAware;
22 import org.opendaylight.netvirt.openstack.netvirt.api.Action;
23 import org.opendaylight.netvirt.openstack.netvirt.api.EventDispatcher;
24 import org.opendaylight.netvirt.openstack.netvirt.api.SecurityServicesManager;
25 import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
26 import org.osgi.framework.ServiceReference;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
31 * Handle requests for OpenStack Neutron v2.0 Port Security API calls.
33 public class PortSecurityHandler extends AbstractHandler
34 implements INeutronSecurityGroupAware, INeutronSecurityRuleAware, ConfigInterface {
36 private static final Logger LOG = LoggerFactory.getLogger(PortSecurityHandler.class);
37 private volatile INeutronPortCRUD neutronPortCache;
38 private volatile SecurityServicesManager securityServicesManager;
41 public int canCreateNeutronSecurityGroup(NeutronSecurityGroup neutronSecurityGroup) {
42 return HttpURLConnection.HTTP_CREATED;
46 public void neutronSecurityGroupCreated(NeutronSecurityGroup neutronSecurityGroup) {
47 int result = canCreateNeutronSecurityGroup(neutronSecurityGroup);
48 if (result != HttpURLConnection.HTTP_CREATED) {
49 LOG.debug("Neutron Security Group creation failed {} ", result);
54 public int canUpdateNeutronSecurityGroup(NeutronSecurityGroup delta, NeutronSecurityGroup original) {
55 return HttpURLConnection.HTTP_OK;
59 public void neutronSecurityGroupUpdated(NeutronSecurityGroup neutronSecurityGroup) {
64 public int canDeleteNeutronSecurityGroup(NeutronSecurityGroup neutronSecurityGroup) {
65 return HttpURLConnection.HTTP_OK;
69 public void neutronSecurityGroupDeleted(NeutronSecurityGroup neutronSecurityGroup) {
70 //TODO: Trigger flowmod removals
71 int result = canDeleteNeutronSecurityGroup(neutronSecurityGroup);
72 if (result != HttpURLConnection.HTTP_OK) {
73 LOG.error(" delete Neutron Security Rule validation failed for result - {} ", result);
78 * Invoked when a Security Rules creation is requested
79 * to indicate if the specified Rule can be created.
81 * @param neutronSecurityRule An instance of proposed new Neutron Security Rule object.
82 * @return A HTTP status code to the creation request.
86 public int canCreateNeutronSecurityRule(NeutronSecurityRule neutronSecurityRule) {
87 return HttpURLConnection.HTTP_CREATED;
91 public void neutronSecurityRuleCreated(NeutronSecurityRule neutronSecurityRule) {
92 enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.ADD));
96 public int canUpdateNeutronSecurityRule(NeutronSecurityRule delta, NeutronSecurityRule original) {
97 return HttpURLConnection.HTTP_OK;
101 public void neutronSecurityRuleUpdated(NeutronSecurityRule neutronSecurityRule) {
106 public int canDeleteNeutronSecurityRule(NeutronSecurityRule neutronSecurityRule) {
107 return HttpURLConnection.HTTP_OK;
111 public void neutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
112 enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.DELETE));
118 * @param abstractEvent the {@link AbstractEvent} event to be handled.
119 * @see EventDispatcher
122 public void processEvent(AbstractEvent abstractEvent) {
123 if (!(abstractEvent instanceof NorthboundEvent)) {
124 LOG.error("Unable to process abstract event {}", abstractEvent);
127 NorthboundEvent ev = (NorthboundEvent) abstractEvent;
128 switch (ev.getAction()) {
130 processNeutronSecurityRuleAdded(ev.getNeutronSecurityRule());
133 processNeutronSecurityRuleDeleted(ev.getNeutronSecurityRule());
136 LOG.warn("Unable to process event action {}", ev.getAction());
141 private void processNeutronSecurityRuleAdded(NeutronSecurityRule neutronSecurityRule) {
142 List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
143 for (NeutronPort port:portList) {
144 syncSecurityGroup(neutronSecurityRule,port,true);
148 private void processNeutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
149 List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
150 for (NeutronPort port:portList) {
151 syncSecurityGroup(neutronSecurityRule,port,false);
155 private void syncSecurityGroup(NeutronSecurityRule securityRule,NeutronPort port,
157 if (!port.getPortSecurityEnabled()) {
158 LOG.info("Port security not enabled port", port);
161 if (null != securityRule.getSecurityRemoteGroupID()) {
162 List<Neutron_IPs> vmIpList = securityServicesManager
163 .getVmListForSecurityGroup(port.getID(), securityRule.getSecurityRemoteGroupID());
164 for (Neutron_IPs vmIp :vmIpList ) {
165 securityServicesManager.syncSecurityRule(port, securityRule, vmIp, write);
168 securityServicesManager.syncSecurityRule(port, securityRule, null, write);
172 private List<NeutronPort> getPortWithSecurityGroup(String securityGroupUuid) {
174 List<NeutronPort> neutronPortList = neutronPortCache.getAllPorts();
175 List<NeutronPort> neutronPortInSg = new ArrayList<NeutronPort>();
176 for (NeutronPort neutronPort:neutronPortList) {
177 List<NeutronSecurityGroup> securityGroupList = neutronPort.getSecurityGroups();
178 for (NeutronSecurityGroup neutronSecurityGroup:securityGroupList) {
179 if (neutronSecurityGroup.getID().equals(securityGroupUuid)) {
180 neutronPortInSg.add(neutronPort);
185 return neutronPortInSg;
189 public void setDependencies(ServiceReference serviceReference) {
191 (EventDispatcher) ServiceHelper.getGlobalInstance(EventDispatcher.class, this);
192 eventDispatcher.eventHandlerAdded(serviceReference, this);
194 (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
195 securityServicesManager =
196 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
200 public void setDependencies(Object impl) {}