2 * Copyright (c) 2014, 2015 HP, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.impl;
11 import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
12 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
13 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
14 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
15 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
16 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
17 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
18 import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
19 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
20 import org.osgi.framework.ServiceReference;
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
24 import java.util.ArrayList;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.List;
30 import java.util.concurrent.ConcurrentHashMap;
34 * @author Aswin Suryanarayanan.
37 public class SecurityGroupCacheManagerImpl implements ConfigInterface, SecurityGroupCacheManger{
39 private final Map<String, Set<String>> securityGroupCache = new ConcurrentHashMap<>();
40 private static final Logger LOG = LoggerFactory.getLogger(SecurityGroupCacheManagerImpl.class);
41 private volatile SecurityServicesManager securityServicesManager;
42 private volatile INeutronPortCRUD neutronPortCache;
45 public void portAdded(String securityGroupUuid, String portUuid) {
46 LOG.debug("In portAdded securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
47 NeutronPort port = neutronPortCache.getPort(portUuid);
48 processPortAdded(securityGroupUuid,port);
52 public void portRemoved(String securityGroupUuid, String portUuid) {
53 LOG.debug("In portRemoved securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
54 NeutronPort port = neutronPortCache.getPort(portUuid);
55 processPortRemoved(securityGroupUuid,port);
59 public void addToCache(String remoteSgUuid, String portUuid) {
60 LOG.debug("In addToCache remoteSgUuid:" + remoteSgUuid + "portUuid:" + portUuid);
61 Set<String> portList = securityGroupCache.get(remoteSgUuid);
62 if (null == portList) {
63 portList = new HashSet<>();
64 securityGroupCache.put(remoteSgUuid, portList);
66 portList.add(portUuid);
70 public void removeFromCache(String remoteSgUuid, String portUuid) {
71 LOG.debug("In removeFromCache remoteSgUuid:" + remoteSgUuid + " portUuid:" + portUuid);
72 Set<String> portList = securityGroupCache.get(remoteSgUuid);
73 if (null == portList) {
76 for (Iterator<String> iterator = portList.iterator(); iterator.hasNext();) {
77 String cachedPort = iterator.next();
78 if (cachedPort.equals(portUuid)) {
83 if (portList.isEmpty()) {
84 securityGroupCache.remove(remoteSgUuid);
88 private void processPortAdded(String securityGroupUuid, NeutronPort port) {
90 * Itreate through the cache maintained for the security group added. For each port in the cache
91 * add the rule to allow traffic to/from the new port added.
93 LOG.debug("In processPortAdded securityGroupUuid:" + securityGroupUuid + " NeutronPort:" + port);
94 Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
95 if (null == portList) {
98 for (String cachedportUuid : portList) {
99 if (cachedportUuid.equals(port.getID())) {
102 NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
103 if (null == cachedport) {
106 List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
107 for (NeutronSecurityRule securityRule : remoteSecurityRules) {
108 for (Neutron_IPs vmIp : port.getFixedIPs()) {
109 securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, true);
115 private void processPortRemoved(String securityGroupUuid, NeutronPort port) {
117 * Itreate through the cache maintained for the security group added. For each port in the cache remove
118 * the rule to allow traffic to/from the port that got deleted.
120 LOG.debug("In processPortRemoved securityGroupUuid:" + securityGroupUuid + " port:" + port);
121 Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
122 if (null == portList) {
125 for (String cachedportUuid : portList) {
126 if (cachedportUuid.equals(port.getID())) {
129 NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
130 if (null == cachedport) {
133 List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
134 for (NeutronSecurityRule securityRule : remoteSecurityRules) {
135 for (Neutron_IPs vmIp : port.getFixedIPs()) {
136 securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, false);
142 private List<NeutronSecurityRule> retrieveSecurityRules(String securityGroupUuid, String portUuid) {
144 * Get the list of security rules in the port with portUuid that has securityGroupUuid as a remote
147 LOG.debug("In retrieveSecurityRules securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
148 NeutronPort port = neutronPortCache.getPort(portUuid);
152 List<NeutronSecurityRule> remoteSecurityRules = new ArrayList<>();
153 List<NeutronSecurityGroup> securityGroups = port.getSecurityGroups();
154 for (NeutronSecurityGroup securityGroup : securityGroups) {
155 List<NeutronSecurityRule> securityRules = securityGroup.getSecurityRules();
156 for (NeutronSecurityRule securityRule : securityRules) {
157 if (securityGroupUuid.equals(securityRule.getSecurityRemoteGroupID())) {
158 remoteSecurityRules.add(securityRule);
162 return remoteSecurityRules;
165 private void init() {
167 * Rebuild the cache in case of a restart.
169 List<NeutronPort> portList = neutronPortCache.getAllPorts();
170 for (NeutronPort port:portList) {
171 List<NeutronSecurityGroup> securityGroupList = port.getSecurityGroups();
172 if ( null != securityGroupList) {
173 for (NeutronSecurityGroup securityGroup : securityGroupList) {
174 List<NeutronSecurityRule> securityRuleList = securityGroup.getSecurityRules();
175 if ( null != securityRuleList) {
176 for (NeutronSecurityRule securityRule : securityRuleList) {
177 if (null != securityRule.getSecurityRemoteGroupID()) {
178 this.addToCache(securityRule.getSecurityRemoteGroupID(), port.getID());
188 public void setDependencies(ServiceReference serviceReference) {
189 securityServicesManager =
190 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
191 neutronPortCache = (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
196 public void setDependencies(Object impl) {