openstack/net-virt/src/main/java/org/opendaylight/ovsdb/openstack/netvirt/impl/SecurityGroupCacheManagerImpl.java

   1 /*
   2  * Copyright (c) 2014, 2015 HP, Inc. and others. All rights reserved.
   3  *
   4  * This program and the accompanying materials are made available under the
   5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
   6  * and is available at http://www.eclipse.org/legal/epl-v10.html
   7  */
   8
   9 package org.opendaylight.ovsdb.openstack.netvirt.impl;
  10
  11 import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
  12 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
  13 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
  14 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
  15 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
  16 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
  17 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
  18 import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
  19 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
  20 import org.osgi.framework.ServiceReference;
  21 import org.slf4j.Logger;
  22 import org.slf4j.LoggerFactory;
  23
  24 import java.util.ArrayList;
  25 import java.util.HashSet;
  26 import java.util.Iterator;
  27 import java.util.List;
  28 import java.util.Map;
  29 import java.util.Set;
  30 import java.util.concurrent.ConcurrentHashMap;
  31
  32
  33 /**
  34  * @author Aswin Suryanarayanan.
  35  */
  36
  37 public class SecurityGroupCacheManagerImpl implements ConfigInterface, SecurityGroupCacheManger{
  38
  39     private final Map<String, Set<String>> securityGroupCache = new ConcurrentHashMap<>();
  40     private static final Logger LOG = LoggerFactory.getLogger(SecurityGroupCacheManagerImpl.class);
  41     private volatile SecurityServicesManager securityServicesManager;
  42     private volatile INeutronPortCRUD neutronPortCache;
  43
  44     @Override
  45     public void portAdded(String securityGroupUuid, String portUuid) {
  46         LOG.debug("In portAdded securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
  47         NeutronPort port = neutronPortCache.getPort(portUuid);
  48         processPortAdded(securityGroupUuid,port);
  49     }
  50
  51     @Override
  52     public void portRemoved(String securityGroupUuid, String portUuid) {
  53         LOG.debug("In portRemoved securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
  54         NeutronPort port = neutronPortCache.getPort(portUuid);
  55         processPortRemoved(securityGroupUuid,port);
  56     }
  57
  58     @Override
  59     public void addToCache(String remoteSgUuid, String portUuid) {
  60         LOG.debug("In addToCache remoteSgUuid:" + remoteSgUuid + "portUuid:" + portUuid);
  61         Set<String> portList = securityGroupCache.get(remoteSgUuid);
  62         if (null == portList) {
  63             portList = new HashSet<>();
  64             securityGroupCache.put(remoteSgUuid, portList);
  65         }
  66         portList.add(portUuid);
  67     }
  68
  69     @Override
  70     public void removeFromCache(String remoteSgUuid, String portUuid) {
  71         LOG.debug("In removeFromCache remoteSgUuid:" + remoteSgUuid + " portUuid:" + portUuid);
  72         Set<String> portList = securityGroupCache.get(remoteSgUuid);
  73         if (null == portList) {
  74             return;
  75         }
  76         for (Iterator<String> iterator = portList.iterator(); iterator.hasNext();) {
  77             String cachedPort = iterator.next();
  78             if (cachedPort.equals(portUuid)) {
  79                 iterator.remove();
  80                 break;
  81             }
  82         }
  83         if (portList.isEmpty()) {
  84             securityGroupCache.remove(remoteSgUuid);
  85         }
  86     }
  87
  88     private void processPortAdded(String securityGroupUuid, NeutronPort port) {
  89         /*
  90          * Itreate through the cache maintained for the security group added. For each port in the cache
  91          * add the rule to allow traffic to/from the new port added.
  92          */
  93         LOG.debug("In processPortAdded securityGroupUuid:" + securityGroupUuid + " NeutronPort:" + port);
  94         Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
  95         if (null == portList) {
  96             return;
  97         }
  98         for (String cachedportUuid : portList) {
  99             if (cachedportUuid.equals(port.getID())) {
 100                 continue;
 101             }
 102             NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
 103             if (null == cachedport) {
 104                 return;
 105             }
 106             List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
 107             for (NeutronSecurityRule securityRule : remoteSecurityRules) {
 108                 if (port.getFixedIPs() == null) {
 109                     continue;
 110                 }
 111                 for (Neutron_IPs vmIp : port.getFixedIPs()) {
 112                     securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, true);
 113                 }
 114             }
 115         }
 116     }
 117
 118     private void processPortRemoved(String securityGroupUuid, NeutronPort port) {
 119         /*
 120          * Itreate through the cache maintained for the security group added. For each port in the cache remove
 121          * the rule to allow traffic to/from the  port that got deleted.
 122          */
 123         LOG.debug("In processPortRemoved securityGroupUuid:" + securityGroupUuid + " port:" + port);
 124         Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
 125         if (null == portList) {
 126             return;
 127         }
 128         for (String cachedportUuid : portList) {
 129             if (cachedportUuid.equals(port.getID())) {
 130                 continue;
 131             }
 132             NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
 133             if (null == cachedport) {
 134                 return;
 135             }
 136             List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
 137             for (NeutronSecurityRule securityRule : remoteSecurityRules) {
 138                 if (port.getFixedIPs() == null) {
 139                     continue;
 140                 }
 141                 for (Neutron_IPs vmIp : port.getFixedIPs()) {
 142                     securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, false);
 143                 }
 144             }
 145         }
 146     }
 147
 148     private List<NeutronSecurityRule> retrieveSecurityRules(String securityGroupUuid, String portUuid) {
 149         /*
 150          * Get the list of security rules in the port with portUuid that has securityGroupUuid as a remote
 151          * security group.
 152          */
 153         LOG.debug("In retrieveSecurityRules securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
 154         NeutronPort port = neutronPortCache.getPort(portUuid);
 155         if (null == port) {
 156             return null;
 157         }
 158         List<NeutronSecurityRule> remoteSecurityRules = new ArrayList<>();
 159         List<NeutronSecurityGroup> securityGroups = port.getSecurityGroups();
 160         for (NeutronSecurityGroup securityGroup : securityGroups) {
 161             List<NeutronSecurityRule> securityRules = securityGroup.getSecurityRules();
 162             for (NeutronSecurityRule securityRule : securityRules) {
 163                 if (securityGroupUuid.equals(securityRule.getSecurityRemoteGroupID())) {
 164                     remoteSecurityRules.add(securityRule);
 165                 }
 166             }
 167         }
 168         return remoteSecurityRules;
 169     }
 170
 171     private void init() {
 172         /*
 173          * Rebuild the cache in case of a restart.
 174          */
 175         List<NeutronPort> portList = neutronPortCache.getAllPorts();
 176         for (NeutronPort port:portList) {
 177             List<NeutronSecurityGroup> securityGroupList = port.getSecurityGroups();
 178             if ( null != securityGroupList) {
 179                 for (NeutronSecurityGroup securityGroup : securityGroupList) {
 180                     List<NeutronSecurityRule> securityRuleList = securityGroup.getSecurityRules();
 181                     if ( null != securityRuleList) {
 182                         for (NeutronSecurityRule securityRule : securityRuleList) {
 183                             if (null != securityRule.getSecurityRemoteGroupID()) {
 184                                 this.addToCache(securityRule.getSecurityRemoteGroupID(), port.getID());
 185                             }
 186                         }
 187                     }
 188                 }
 189             }
 190         }
 191     }
 192
 193     @Override
 194     public void setDependencies(ServiceReference serviceReference) {
 195         securityServicesManager =
 196                 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
 197         neutronPortCache = (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
 198         init();
 199     }
 200
 201     @Override
 202     public void setDependencies(Object impl) {
 203     }
 204 }