2 * Copyright (c) 2014, 2015 HP, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.ovsdb.openstack.netvirt.impl;
11 import org.opendaylight.ovsdb.openstack.netvirt.ConfigInterface;
12 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityGroupCacheManger;
13 import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
14 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
15 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
16 import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
17 import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
18 import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
19 import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
20 import org.osgi.framework.ServiceReference;
21 import org.slf4j.Logger;
22 import org.slf4j.LoggerFactory;
24 import java.util.ArrayList;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.List;
30 import java.util.concurrent.ConcurrentHashMap;
34 * @author Aswin Suryanarayanan.
37 public class SecurityGroupCacheManagerImpl implements ConfigInterface, SecurityGroupCacheManger{
39 private final Map<String, Set<String>> securityGroupCache = new ConcurrentHashMap<>();
40 private static final Logger LOG = LoggerFactory.getLogger(SecurityGroupCacheManagerImpl.class);
41 private volatile SecurityServicesManager securityServicesManager;
42 private volatile INeutronPortCRUD neutronPortCache;
45 public void portAdded(String securityGroupUuid, String portUuid) {
46 LOG.debug("In portAdded securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
47 NeutronPort port = neutronPortCache.getPort(portUuid);
49 LOG.debug("In portAdded no neutron port found:" + " portUuid:" + portUuid);
52 processPortAdded(securityGroupUuid,port);
56 public void portRemoved(String securityGroupUuid, String portUuid) {
57 LOG.debug("In portRemoved securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
58 NeutronPort port = neutronPortCache.getPort(portUuid);
60 LOG.debug("In portRemoved no neutron port found:" + " portUuid:" + portUuid);
63 processPortRemoved(securityGroupUuid,port);
67 public void addToCache(String remoteSgUuid, String portUuid) {
68 LOG.debug("In addToCache remoteSgUuid:" + remoteSgUuid + "portUuid:" + portUuid);
69 Set<String> portList = securityGroupCache.get(remoteSgUuid);
70 if (null == portList) {
71 portList = new HashSet<>();
72 securityGroupCache.put(remoteSgUuid, portList);
74 portList.add(portUuid);
78 public void removeFromCache(String remoteSgUuid, String portUuid) {
79 LOG.debug("In removeFromCache remoteSgUuid:" + remoteSgUuid + " portUuid:" + portUuid);
80 Set<String> portList = securityGroupCache.get(remoteSgUuid);
81 if (null == portList) {
84 for (Iterator<String> iterator = portList.iterator(); iterator.hasNext();) {
85 String cachedPort = iterator.next();
86 if (cachedPort.equals(portUuid)) {
91 if (portList.isEmpty()) {
92 securityGroupCache.remove(remoteSgUuid);
96 private void processPortAdded(String securityGroupUuid, NeutronPort port) {
98 * Itreate through the cache maintained for the security group added. For each port in the cache
99 * add the rule to allow traffic to/from the new port added.
101 LOG.debug("In processPortAdded securityGroupUuid:" + securityGroupUuid + " NeutronPort:" + port);
102 Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
103 if (null == portList) {
106 for (String cachedportUuid : portList) {
107 if (cachedportUuid.equals(port.getID())) {
110 NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
111 if (null == cachedport) {
114 List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
115 for (NeutronSecurityRule securityRule : remoteSecurityRules) {
116 if (port.getFixedIPs() == null) {
119 for (Neutron_IPs vmIp : port.getFixedIPs()) {
120 securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, true);
126 private void processPortRemoved(String securityGroupUuid, NeutronPort port) {
128 * Itreate through the cache maintained for the security group added. For each port in the cache remove
129 * the rule to allow traffic to/from the port that got deleted.
131 LOG.debug("In processPortRemoved securityGroupUuid:" + securityGroupUuid + " port:" + port);
132 Set<String> portList = this.securityGroupCache.get(securityGroupUuid);
133 if (null == portList) {
136 for (String cachedportUuid : portList) {
137 if (cachedportUuid.equals(port.getID())) {
140 NeutronPort cachedport = neutronPortCache.getPort(cachedportUuid);
141 if (null == cachedport) {
144 List<NeutronSecurityRule> remoteSecurityRules = retrieveSecurityRules(securityGroupUuid, cachedportUuid);
145 for (NeutronSecurityRule securityRule : remoteSecurityRules) {
146 if (port.getFixedIPs() == null) {
149 for (Neutron_IPs vmIp : port.getFixedIPs()) {
150 securityServicesManager.syncSecurityRule(cachedport, securityRule, vmIp, false);
156 private List<NeutronSecurityRule> retrieveSecurityRules(String securityGroupUuid, String portUuid) {
158 * Get the list of security rules in the port with portUuid that has securityGroupUuid as a remote
161 LOG.debug("In retrieveSecurityRules securityGroupUuid:" + securityGroupUuid + " portUuid:" + portUuid);
162 NeutronPort port = neutronPortCache.getPort(portUuid);
166 List<NeutronSecurityRule> remoteSecurityRules = new ArrayList<>();
167 List<NeutronSecurityGroup> securityGroups = port.getSecurityGroups();
168 for (NeutronSecurityGroup securityGroup : securityGroups) {
169 List<NeutronSecurityRule> securityRules = securityGroup.getSecurityRules();
170 for (NeutronSecurityRule securityRule : securityRules) {
171 if (securityGroupUuid.equals(securityRule.getSecurityRemoteGroupID())) {
172 remoteSecurityRules.add(securityRule);
176 return remoteSecurityRules;
179 private void init() {
181 * Rebuild the cache in case of a restart.
183 List<NeutronPort> portList = neutronPortCache.getAllPorts();
184 for (NeutronPort port:portList) {
185 List<NeutronSecurityGroup> securityGroupList = port.getSecurityGroups();
186 if ( null != securityGroupList) {
187 for (NeutronSecurityGroup securityGroup : securityGroupList) {
188 List<NeutronSecurityRule> securityRuleList = securityGroup.getSecurityRules();
189 if ( null != securityRuleList) {
190 for (NeutronSecurityRule securityRule : securityRuleList) {
191 if (null != securityRule.getSecurityRemoteGroupID()) {
192 this.addToCache(securityRule.getSecurityRemoteGroupID(), port.getID());
202 public void setDependencies(ServiceReference serviceReference) {
203 securityServicesManager =
204 (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
205 neutronPortCache = (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
210 public void setDependencies(Object impl) {