2 * Copyright (c) 2014, 2015 HP, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.impl;
11 import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
12 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
13 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
14 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
15 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
16 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
17 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
18 import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
19 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
20 import org.osgi.framework.ServiceReference;
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
24 import java.util.ArrayList;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.List;
30 import java.util.concurrent.ConcurrentHashMap;
34 * @author Aswin Suryanarayanan.
37 public class SecurityGroupCacheManagerImpl implements ConfigInterface, SecurityGroupCacheManger{
39 private final Map<String, Set<String>> securityGroupCache = new ConcurrentHashMap<>();
40 private static final Logger LOG = LoggerFactory.getLogger(SecurityGroupCacheManagerImpl.class);
41 private volatile SecurityServicesManager securityServicesManager;
42 private volatile INeutronPortCRUD neutronPortCache;
45 public void portAdded(String securityGroupUuid, String portUuid) {
46 LOG.debug("In portAdded securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
47 NeutronPort port = neutronPortCache.getPort(portUuid);
48 processPortAdded(securityGroupUuid,port);
52 public void portRemoved(String securityGroupUuid, String portUuid) {
53 LOG.debug("In portRemoved securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
54 NeutronPort port = neutronPortCache.getPort(portUuid);
55 processPortRemoved(securityGroupUuid,port);
59 public void addToCache(String remoteSgUuid, String portUuid) {
60 LOG.debug("In addToCache remoteSgUuid:" + remoteSgUuid + "portUuid:" + portUuid);
61 Set<String> portList = securityGroupCache.get(remoteSgUuid);
62 if (null == portList) {
63 portList = new HashSet<>();
64 securityGroupCache.put(remoteSgUuid, portList);
66 portList.add(portUuid);
70 public void removeFromCache(String remoteSgUuid, String portUuid) {
71 LOG.debug("In removeFromCache remoteSgUuid:" + remoteSgUuid + " portUuid:" + portUuid);
72 Set<String> portList = securityGroupCache.get(remoteSgUuid);
73 if (null == portList) {
76 for (Iterator<String> iterator = portList.iterator(); iterator.hasNext();) {
77 String cachedPort = iterator.next();
78 if (cachedPort.equals(portUuid)) {
83 if (portList.isEmpty()) {
84 securityGroupCache.remove(remoteSgUuid);
88 private void processPortAdded(String securityGroupUuid, NeutronPort port) {
90 * Itreate through the cache maintained for the security group added. For each port in the cache
91 * add the rule to allow traffic to/from the new port added.
93 LOG.debug("In processPortAdded securityGroupUuid:" + securityGroupUuid + " NeutronPort:" + port);
94 Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
95 if (null == portList) {
98 for (String cachedportUuid : portList) {
99 if (cachedportUuid.equals(port.getID())) {
102 NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
103 if (null == cachedport) {
106 List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
107 for (NeutronSecurityRule securityRule : remoteSecurityRules) {
108 if (port.getFixedIPs() == null) {
111 for (Neutron_IPs vmIp : port.getFixedIPs()) {
112 securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, true);
118 private void processPortRemoved(String securityGroupUuid, NeutronPort port) {
120 * Itreate through the cache maintained for the security group added. For each port in the cache remove
121 * the rule to allow traffic to/from the port that got deleted.
123 LOG.debug("In processPortRemoved securityGroupUuid:" + securityGroupUuid + " port:" + port);
124 Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
125 if (null == portList) {
128 for (String cachedportUuid : portList) {
129 if (cachedportUuid.equals(port.getID())) {
132 NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
133 if (null == cachedport) {
136 List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
137 for (NeutronSecurityRule securityRule : remoteSecurityRules) {
138 if (port.getFixedIPs() == null) {
141 for (Neutron_IPs vmIp : port.getFixedIPs()) {
142 securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, false);
148 private List<NeutronSecurityRule> retrieveSecurityRules(String securityGroupUuid, String portUuid) {
150 * Get the list of security rules in the port with portUuid that has securityGroupUuid as a remote
153 LOG.debug("In retrieveSecurityRules securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
154 NeutronPort port = neutronPortCache.getPort(portUuid);
158 List<NeutronSecurityRule> remoteSecurityRules = new ArrayList<>();
159 List<NeutronSecurityGroup> securityGroups = port.getSecurityGroups();
160 for (NeutronSecurityGroup securityGroup : securityGroups) {
161 List<NeutronSecurityRule> securityRules = securityGroup.getSecurityRules();
162 for (NeutronSecurityRule securityRule : securityRules) {
163 if (securityGroupUuid.equals(securityRule.getSecurityRemoteGroupID())) {
164 remoteSecurityRules.add(securityRule);
168 return remoteSecurityRules;
171 private void init() {
173 * Rebuild the cache in case of a restart.
175 List<NeutronPort> portList = neutronPortCache.getAllPorts();
176 for (NeutronPort port:portList) {
177 List<NeutronSecurityGroup> securityGroupList = port.getSecurityGroups();
178 if ( null != securityGroupList) {
179 for (NeutronSecurityGroup securityGroup : securityGroupList) {
180 List<NeutronSecurityRule> securityRuleList = securityGroup.getSecurityRules();
181 if ( null != securityRuleList) {
182 for (NeutronSecurityRule securityRule : securityRuleList) {
183 if (null != securityRule.getSecurityRemoteGroupID()) {
184 this.addToCache(securityRule.getSecurityRemoteGroupID(), port.getID());
194 public void setDependencies(ServiceReference serviceReference) {
195 securityServicesManager =
196 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
197 neutronPortCache = (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
202 public void setDependencies(Object impl) {