Code Review / netvirt.git / blob
? search:


e77eca2844a5e0b8c5ca945c9195d435754d4cb5
[netvirt.git] / openstack / net-virt / src / main / java / org / opendaylight / ovsdb / openstack / netvirt / impl / SecurityGroupCacheManagerImpl.java
1 /*
2  * Copyright (c) 2014, 2015 HP, Inc. and others. All rights reserved.
3  *
4  * This program and the accompanying materials are made available under the
5  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6  * and is available at http://www.eclipse.org/legal/epl-v10.html
7  */
8
9 package org.opendaylight.ovsdb.openstack.netvirt.impl;
10
11 import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
12 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
13 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
14 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
15 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
16 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
17 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
18 import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
19 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
20 import org.osgi.framework.ServiceReference;
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
23
24 import java.util.ArrayList;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.List;
28 import java.util.Map;
29 import java.util.Set;
30 import java.util.concurrent.ConcurrentHashMap;
31
32
33 /**
34  * @author Aswin Suryanarayanan.
35  */
36
37 public class SecurityGroupCacheManagerImpl implements ConfigInterface, SecurityGroupCacheManger{
38
39     private final Map<String, Set<String>> securityGroupCache = new ConcurrentHashMap<>();
40     private static final Logger LOG = LoggerFactory.getLogger(SecurityGroupCacheManagerImpl.class);
41     private volatile SecurityServicesManager securityServicesManager;
42     private volatile INeutronPortCRUD neutronPortCache;
43
44     @Override
45     public void portAdded(String securityGroupUuid, String portUuid) {
46         LOG.debug("In portAdded securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
47         NeutronPort port = neutronPortCache.getPort(portUuid);
48         if (port == null) {
49             LOG.debug("In portAdded no neutron port found:" + " portUuid:" + portUuid);
50             return;
51         }
52         processPortAdded(securityGroupUuid,port);
53     }
54
55     @Override
56     public void portRemoved(String securityGroupUuid, String portUuid) {
57         LOG.debug("In portRemoved securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
58         NeutronPort port = neutronPortCache.getPort(portUuid);
59         if (port == null) {
60             LOG.debug("In portRemoved no neutron port found:" + " portUuid:" + portUuid);
61             return;
62         }
63         processPortRemoved(securityGroupUuid,port);
64     }
65
66     @Override
67     public void addToCache(String remoteSgUuid, String portUuid) {
68         LOG.debug("In addToCache remoteSgUuid:" + remoteSgUuid + "portUuid:" + portUuid);
69         Set<String> portList = securityGroupCache.get(remoteSgUuid);
70         if (null == portList) {
71             portList = new HashSet<>();
72             securityGroupCache.put(remoteSgUuid, portList);
73         }
74         portList.add(portUuid);
75     }
76
77     @Override
78     public void removeFromCache(String remoteSgUuid, String portUuid) {
79         LOG.debug("In removeFromCache remoteSgUuid:" + remoteSgUuid + " portUuid:" + portUuid);
80         Set<String> portList = securityGroupCache.get(remoteSgUuid);
81         if (null == portList) {
82             return;
83         }
84         for (Iterator<String> iterator = portList.iterator(); iterator.hasNext();) {
85             String cachedPort = iterator.next();
86             if (cachedPort.equals(portUuid)) {
87                 iterator.remove();
88                 break;
89             }
90         }
91         if (portList.isEmpty()) {
92             securityGroupCache.remove(remoteSgUuid);
93         }
94     }
95
96     private void processPortAdded(String securityGroupUuid, NeutronPort port) {
97         /*
98          * Itreate through the cache maintained for the security group added. For each port in the cache
99          * add the rule to allow traffic to/from the new port added.
100          */
101         LOG.debug("In processPortAdded securityGroupUuid:" + securityGroupUuid + " NeutronPort:" + port);
102         Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
103         if (null == portList) {
104             return;
105         }
106         for (String cachedportUuid : portList) {
107             if (cachedportUuid.equals(port.getID())) {
108                 continue;
109             }
110             NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
111             if (null == cachedport) {
112                 return;
113             }
114             List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
115             for (NeutronSecurityRule securityRule : remoteSecurityRules) {
116                 if (port.getFixedIPs() == null) {
117                     continue;
118                 }
119                 for (Neutron_IPs vmIp : port.getFixedIPs()) {
120                     securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, true);
121                 }
122             }
123         }
124     }
125
126     private void processPortRemoved(String securityGroupUuid, NeutronPort port) {
127         /*
128          * Itreate through the cache maintained for the security group added. For each port in the cache remove
129          * the rule to allow traffic to/from the  port that got deleted.
130          */
131         LOG.debug("In processPortRemoved securityGroupUuid:" + securityGroupUuid + " port:" + port);
132         Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
133         if (null == portList) {
134             return;
135         }
136         for (String cachedportUuid : portList) {
137             if (cachedportUuid.equals(port.getID())) {
138                 continue;
139             }
140             NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
141             if (null == cachedport) {
142                 return;
143             }
144             List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
145             for (NeutronSecurityRule securityRule : remoteSecurityRules) {
146                 if (port.getFixedIPs() == null) {
147                     continue;
148                 }
149                 for (Neutron_IPs vmIp : port.getFixedIPs()) {
150                     securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, false);
151                 }
152             }
153         }
154     }
155
156     private List<NeutronSecurityRule> retrieveSecurityRules(String securityGroupUuid, String portUuid) {
157         /*
158          * Get the list of security rules in the port with portUuid that has securityGroupUuid as a remote
159          * security group.
160          */
161         LOG.debug("In retrieveSecurityRules securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
162         NeutronPort port = neutronPortCache.getPort(portUuid);
163         if (null == port) {
164             return null;
165         }
166         List<NeutronSecurityRule> remoteSecurityRules = new ArrayList<>();
167         List<NeutronSecurityGroup> securityGroups = port.getSecurityGroups();
168         for (NeutronSecurityGroup securityGroup : securityGroups) {
169             List<NeutronSecurityRule> securityRules = securityGroup.getSecurityRules();
170             for (NeutronSecurityRule securityRule : securityRules) {
171                 if (securityGroupUuid.equals(securityRule.getSecurityRemoteGroupID())) {
172                     remoteSecurityRules.add(securityRule);
173                 }
174             }
175         }
176         return remoteSecurityRules;
177     }
178
179     private void init() {
180         /*
181          * Rebuild the cache in case of a restart.
182          */
183         List<NeutronPort> portList = neutronPortCache.getAllPorts();
184         for (NeutronPort port:portList) {
185             List<NeutronSecurityGroup> securityGroupList = port.getSecurityGroups();
186             if ( null != securityGroupList) {
187                 for (NeutronSecurityGroup securityGroup : securityGroupList) {
188                     List<NeutronSecurityRule> securityRuleList = securityGroup.getSecurityRules();
189                     if ( null != securityRuleList) {
190                         for (NeutronSecurityRule securityRule : securityRuleList) {
191                             if (null != securityRule.getSecurityRemoteGroupID()) {
192                                 this.addToCache(securityRule.getSecurityRemoteGroupID(), port.getID());
193                             }
194                         }
195                     }
196                 }
197             }
198         }
199     }
200
201     @Override
202     public void setDependencies(ServiceReference serviceReference) {
203         securityServicesManager =
204                 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
205         neutronPortCache = (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
206         init();
207     }
208
209     @Override
210     public void setDependencies(Object impl) {
211     }
212 }
NetVirt - Archived