2 * Copyright (c) 2013, 2015 Red Hat, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt;
11 import java.net.HttpURLConnection;
12 import java.util.ArrayList;
13 import java.util.List;
15 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
16 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
17 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
18 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
19 import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
20 import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.INeutronSecurityGroupAware;
21 import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.INeutronSecurityRuleAware;
22 import org.opendaylight.ovsdb.openstack.netvirt.api.Action;
23 import org.opendaylight.ovsdb.openstack.netvirt.api.EventDispatcher;
24 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
25 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
26 import org.osgi.framework.ServiceReference;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
31 * Handle requests for OpenStack Neutron v2.0 Port Security API calls.
33 public class PortSecurityHandler extends AbstractHandler
34 implements INeutronSecurityGroupAware, INeutronSecurityRuleAware, ConfigInterface {
36 private static final Logger LOG = LoggerFactory.getLogger(PortSecurityHandler.class);
37 private volatile INeutronPortCRUD neutronPortCache;
38 private volatile SecurityServicesManager securityServicesManager;
41 public int canCreateNeutronSecurityGroup(NeutronSecurityGroup neutronSecurityGroup) {
42 return HttpURLConnection.HTTP_CREATED;
46 public void neutronSecurityGroupCreated(NeutronSecurityGroup neutronSecurityGroup) {
47 int result = canCreateNeutronSecurityGroup(neutronSecurityGroup);
48 if (result != HttpURLConnection.HTTP_CREATED) {
49 LOG.debug("Neutron Security Group creation failed {} ", result);
54 public int canUpdateNeutronSecurityGroup(NeutronSecurityGroup delta, NeutronSecurityGroup original) {
55 return HttpURLConnection.HTTP_OK;
59 public void neutronSecurityGroupUpdated(NeutronSecurityGroup neutronSecurityGroup) {
64 public int canDeleteNeutronSecurityGroup(NeutronSecurityGroup neutronSecurityGroup) {
65 return HttpURLConnection.HTTP_OK;
69 public void neutronSecurityGroupDeleted(NeutronSecurityGroup neutronSecurityGroup) {
70 //TODO: Trigger flowmod removals
71 int result = canDeleteNeutronSecurityGroup(neutronSecurityGroup);
72 if (result != HttpURLConnection.HTTP_OK) {
73 LOG.error(" delete Neutron Security Rule validation failed for result - {} ", result);
78 * Invoked when a Security Rules creation is requested
79 * to indicate if the specified Rule can be created.
81 * @param neutronSecurityRule An instance of proposed new Neutron Security Rule object.
82 * @return A HTTP status code to the creation request.
86 public int canCreateNeutronSecurityRule(NeutronSecurityRule neutronSecurityRule) {
87 return HttpURLConnection.HTTP_CREATED;
91 public void neutronSecurityRuleCreated(NeutronSecurityRule neutronSecurityRule) {
92 enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.ADD));
96 public int canUpdateNeutronSecurityRule(NeutronSecurityRule delta, NeutronSecurityRule original) {
97 return HttpURLConnection.HTTP_OK;
101 public void neutronSecurityRuleUpdated(NeutronSecurityRule neutronSecurityRule) {
106 public int canDeleteNeutronSecurityRule(NeutronSecurityRule neutronSecurityRule) {
107 return HttpURLConnection.HTTP_OK;
111 public void neutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
112 enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.DELETE));
118 * @param abstractEvent the {@link org.opendaylight.ovsdb.openstack.netvirt.AbstractEvent} event to be handled.
119 * @see org.opendaylight.ovsdb.openstack.netvirt.api.EventDispatcher
122 public void processEvent(AbstractEvent abstractEvent) {
123 if (!(abstractEvent instanceof NorthboundEvent)) {
124 LOG.error("Unable to process abstract event {}", abstractEvent);
127 NorthboundEvent ev = (NorthboundEvent) abstractEvent;
128 switch (ev.getAction()) {
130 processNeutronSecurityRuleAdded(ev.getNeutronSecurityRule());
133 processNeutronSecurityRuleDeleted(ev.getNeutronSecurityRule());
136 LOG.warn("Unable to process event action {}", ev.getAction());
141 private void processNeutronSecurityRuleAdded(NeutronSecurityRule neutronSecurityRule) {
142 List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
143 for (NeutronPort port:portList) {
144 syncSecurityGroup(neutronSecurityRule,port,neutronSecurityRule.getSecurityRuleGroupID(),true);
148 private void processNeutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
149 List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
150 for (NeutronPort port:portList) {
151 syncSecurityGroup(neutronSecurityRule,port,neutronSecurityRule.getSecurityRuleGroupID(),false);
155 private void syncSecurityGroup(NeutronSecurityRule securityRule,NeutronPort port,
156 String neutronSecurityGroupId,boolean write) {
158 if (null != securityRule.getSecurityRemoteGroupID()) {
159 List<Neutron_IPs> vmIpList = securityServicesManager
160 .getVmListForSecurityGroup(port.getID(), neutronSecurityGroupId);
161 for (Neutron_IPs vmIp :vmIpList ) {
162 securityServicesManager.syncSecurityRule(port, securityRule, vmIp, write);
165 securityServicesManager.syncSecurityRule(port, securityRule, null, write);
169 private List<NeutronPort> getPortWithSecurityGroup(String securityGroupUuid) {
171 List<NeutronPort> neutronPortList = neutronPortCache.getAllPorts();
172 List<NeutronPort> neutronPortInSG = new ArrayList<NeutronPort>();
173 for (NeutronPort neutronPort:neutronPortList) {
174 List<NeutronSecurityGroup> securityGroupList = neutronPort.getSecurityGroups();
175 for (NeutronSecurityGroup neutronSecurityGroup:securityGroupList) {
176 if (neutronSecurityGroup.getID().equals(securityGroupUuid)) {
177 neutronPortInSG.add(neutronPort);
182 return neutronPortInSG;
186 public void setDependencies(ServiceReference serviceReference) {
188 (EventDispatcher) ServiceHelper.getGlobalInstance(EventDispatcher.class, this);
189 eventDispatcher.eventHandlerAdded(serviceReference, this);
191 (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
192 securityServicesManager =
193 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
197 public void setDependencies(Object impl) {}