2 * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
9 package org.opendaylight.groupbasedpolicy.renderer.vpp.iface;
11 import java.util.stream.Collectors;
13 import javax.annotation.Nonnull;
15 import org.opendaylight.controller.md.sal.binding.api.DataBroker;
16 import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
17 import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.PolicyContext;
18 import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil;
19 import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
20 import org.opendaylight.groupbasedpolicy.renderer.vpp.util.MountedDataBrokerProvider;
21 import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
22 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
23 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
24 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
25 import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpointKey;
26 import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
30 import com.google.common.base.Optional;
31 import com.google.common.base.Preconditions;
32 import com.google.common.collect.ImmutableSet;
34 public class AclManager {
36 private static final Logger LOG = LoggerFactory.getLogger(AclManager.class);
37 private final MountedDataBrokerProvider mountDataProvider;
39 public AclManager(@Nonnull MountedDataBrokerProvider mountDataProvider) {
40 this.mountDataProvider = Preconditions.checkNotNull(mountDataProvider);
43 public void updateAclsForPeers(PolicyContext policyCtx, RendererEndpointKey rEpKey) {
44 ImmutableSet<PeerEndpointKey> peers = policyCtx.getPolicyTable().row(rEpKey).keySet();
45 for (RendererEndpointKey peerRendEp : peers.stream()
46 .map(AddressEndpointUtils::fromPeerEpKey)
47 .collect(Collectors.toList())
49 .map(AddressEndpointUtils::toRendererEpKey)
50 .collect(Collectors.toList())) {
51 updateAclsForRendEp(peerRendEp, policyCtx);
55 public void updateAclsForRendEp(RendererEndpointKey rEpKey, PolicyContext policyCtx) {
56 LOG.info("Updating policy for endpoint {}", rEpKey);
57 AddressEndpointWithLocation peerAddrEp = policyCtx.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
58 ExternalLocationCase epLoc;
60 epLoc = InterfaceManager.resolveAndValidateLocation(peerAddrEp);
61 } catch (NullPointerException | IllegalArgumentException e) {
62 //TODO investigate, don't just move on.
63 LOG.warn("Peer {} has no location. Moving on...", peerAddrEp, e.getMessage());
66 InstanceIdentifier<?> vppNodeIid = epLoc.getExternalNodeMountPoint();
67 Optional<InstanceIdentifier<Interface>> optInterfaceIid =
68 VppPathMapper.interfaceToInstanceIdentifier(epLoc.getExternalNodeConnector());
69 if (!optInterfaceIid.isPresent()) {
70 LOG.warn("Cannot find interface for endpoint {}. ACLs for endpoint not updated {}. ", rEpKey);
73 Optional<DataBroker> optMountPoint = mountDataProvider.getDataBrokerForMountPoint(vppNodeIid);
74 AccessListUtil.resolveAclsOnInterface(rEpKey, policyCtx).forEach(aclWrapper -> aclWrapper
75 .writeAcl(optMountPoint.get(), optInterfaceIid.get().firstKeyOf(Interface.class)));