package org.opendaylight.ovsdb.openstack.netvirt;
import java.net.HttpURLConnection;
-
-import org.opendaylight.neutron.spi.INeutronSecurityGroupAware;
-import org.opendaylight.neutron.spi.INeutronSecurityRuleAware;
-import org.opendaylight.neutron.spi.NeutronSecurityGroup;
-import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.INeutronSecurityGroupAware;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.INeutronSecurityRuleAware;
+import org.opendaylight.ovsdb.openstack.netvirt.api.Action;
import org.opendaylight.ovsdb.openstack.netvirt.api.EventDispatcher;
+import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
implements INeutronSecurityGroupAware, INeutronSecurityRuleAware, ConfigInterface {
private static final Logger LOG = LoggerFactory.getLogger(PortSecurityHandler.class);
+ private volatile INeutronPortCRUD neutronPortCache;
+ private volatile SecurityServicesManager securityServicesManager;
@Override
public int canCreateNeutronSecurityGroup(NeutronSecurityGroup neutronSecurityGroup) {
@Override
public void neutronSecurityRuleCreated(NeutronSecurityRule neutronSecurityRule) {
- int result = canCreateNeutronSecurityRule(neutronSecurityRule);
- if (result != HttpURLConnection.HTTP_CREATED) {
- LOG.debug("Neutron Security Group creation failed {} ", result);
- }
+ enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.ADD));
}
@Override
@Override
public void neutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
- int result = canDeleteNeutronSecurityRule(neutronSecurityRule);
- if (result != HttpURLConnection.HTTP_OK) {
- LOG.error(" delete Neutron Security Rule validation failed for result - {} ", result);
- }
+ enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.DELETE));
}
/**
}
NorthboundEvent ev = (NorthboundEvent) abstractEvent;
switch (ev.getAction()) {
- // TODO: add handling of events here, once callbacks do something
- // other than logging.
+ case ADD:
+ processNeutronSecurityRuleAdded(ev.getNeutronSecurityRule());
+ break;
+ case DELETE:
+ processNeutronSecurityRuleDeleted(ev.getNeutronSecurityRule());
+ break;
default:
LOG.warn("Unable to process event action {}", ev.getAction());
break;
}
}
+ private void processNeutronSecurityRuleAdded(NeutronSecurityRule neutronSecurityRule) {
+ List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
+ for (NeutronPort port:portList) {
+ syncSecurityGroup(neutronSecurityRule,port,neutronSecurityRule.getSecurityRuleGroupID(),true);
+ }
+ }
+
+ private void processNeutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
+ List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
+ for (NeutronPort port:portList) {
+ syncSecurityGroup(neutronSecurityRule,port,neutronSecurityRule.getSecurityRuleGroupID(),false);
+ }
+ }
+
+ private void syncSecurityGroup(NeutronSecurityRule securityRule,NeutronPort port,
+ String neutronSecurityGroupId,boolean write) {
+
+ if (null != securityRule.getSecurityRemoteGroupID()) {
+ List<Neutron_IPs> vmIpList = securityServicesManager
+ .getVmListForSecurityGroup(port.getID(), neutronSecurityGroupId);
+ for (Neutron_IPs vmIp :vmIpList ) {
+ securityServicesManager.syncSecurityRule(port, securityRule, vmIp, write);
+ }
+ } else {
+ securityServicesManager.syncSecurityRule(port, securityRule, null, write);
+ }
+ }
+
+ private List<NeutronPort> getPortWithSecurityGroup(String securityGroupUuid) {
+
+ List<NeutronPort> neutronPortList = neutronPortCache.getAllPorts();
+ List<NeutronPort> neutronPortInSG = new ArrayList<NeutronPort>();
+ for (NeutronPort neutronPort:neutronPortList) {
+ List<NeutronSecurityGroup> securityGroupList = neutronPort.getSecurityGroups();
+ for (NeutronSecurityGroup neutronSecurityGroup:securityGroupList) {
+ if (neutronSecurityGroup.getID().equals(securityGroupUuid)) {
+ neutronPortInSG.add(neutronPort);
+ break;
+ }
+ }
+ }
+ return neutronPortInSG;
+ }
+
@Override
public void setDependencies(ServiceReference serviceReference) {
eventDispatcher =
(EventDispatcher) ServiceHelper.getGlobalInstance(EventDispatcher.class, this);
eventDispatcher.eventHandlerAdded(serviceReference, this);
+ neutronPortCache =
+ (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
+ securityServicesManager =
+ (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
}
@Override
Code Review / netvirt.git / blobdiff