<type>xml</type>
<scope>runtime</scope>
</dependency>
- <dependency>
- <groupId>org.opendaylight.sfc</groupId>
- <artifactId>features-sfcofl2</artifactId>
- <version>${sfc.version}</version>
- <classifier>features</classifier>
- <type>xml</type>
- <scope>runtime</scope>
- </dependency>
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>openstack.net-virt-sfc-impl</artifactId>
<repository>mvn:org.opendaylight.ovsdb/features-ovsdb/${project.version}/xml/features</repository>
<repository>mvn:org.opendaylight.ovsdb/southbound-features/${project.version}/xml/features</repository>
<repository>mvn:org.opendaylight.sfc/features-sfc/${sfc.version}/xml/features</repository>
- <!--<repository>mvn:org.opendaylight.sfc/features-sfc-ovs/${sfc.version}/xml/features</repository>-->
- <repository>mvn:org.opendaylight.sfc/features-sfcofl2/${sfc.version}/xml/features</repository>
<repository>mvn:org.opendaylight.yangtools/features-yangtools/${yangtools.version}/xml/features</repository>
<feature name='odl-ovsdb-sfc-api' version='${project.version}' description='OpenDaylight :: ovsdb-sfc :: api'>
<feature version='${mdsal.model.version}'>odl-mdsal-models</feature>
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronRouter;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronRouter_Interface;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSubnet;
import org.opendaylight.ovsdb.openstack.netvirt.api.Action;
private NeutronLoadBalancer loadBalancer;
private NeutronLoadBalancerPool loadBalancerPool;
private NeutronLoadBalancerPoolMember loadBalancerPoolMember;
+ private NeutronSecurityRule neutronSecurityRule;
NorthboundEvent(NeutronPort port, Action action) {
super(HandlerType.NEUTRON_PORT, action);
this.loadBalancerPoolMember = loadBalancerPoolMember;
}
+ NorthboundEvent(NeutronSecurityRule neutronSecurityRule, Action action) {
+ super(HandlerType.NEUTRON_PORT_SECURITY, action);
+ this.neutronSecurityRule = neutronSecurityRule;
+ }
+
public NeutronPort getPort() {
return port;
}
public NeutronLoadBalancerPoolMember getLoadBalancerPoolMember() {
return loadBalancerPoolMember;
}
+ public NeutronSecurityRule getNeutronSecurityRule() {
+ return neutronSecurityRule;
+ }
@Override
public String toString() {
+ ", loadBalancer=" + loadBalancer
+ ", loadBalancerPool=" + loadBalancerPool
+ ", loadBalancerPoolMember=" + loadBalancerPoolMember
+ + ", neutronsecurityRule=" + neutronSecurityRule
+ "]";
}
result = prime * result + ((routerInterface == null) ? 0 : routerInterface.hashCode());
result = prime * result + ((neutronFloatingIP == null) ? 0 : neutronFloatingIP.hashCode());
result = prime * result + ((neutronNetwork == null) ? 0 : neutronNetwork.hashCode());
+ result = prime * result + ((neutronSecurityRule == null) ? 0 : neutronSecurityRule.hashCode());
return result;
}
} else if (!loadBalancerPoolMember.equals(other.loadBalancerPoolMember)) {
return false;
}
+ if (neutronSecurityRule == null) {
+ if (other.neutronSecurityRule != null) {
+ return false;
+ }
+ } else if (!neutronSecurityRule.equals(other.neutronSecurityRule)) {
+ return false;
+ }
return true;
}
}
package org.opendaylight.ovsdb.openstack.netvirt;
import java.net.HttpURLConnection;
+import java.util.ArrayList;
+import java.util.List;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronPort;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.Neutron_IPs;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.crud.INeutronPortCRUD;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.INeutronSecurityGroupAware;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.INeutronSecurityRuleAware;
+import org.opendaylight.ovsdb.openstack.netvirt.api.Action;
import org.opendaylight.ovsdb.openstack.netvirt.api.EventDispatcher;
+import org.opendaylight.ovsdb.openstack.netvirt.api.SecurityServicesManager;
import org.opendaylight.ovsdb.utils.servicehelper.ServiceHelper;
import org.osgi.framework.ServiceReference;
import org.slf4j.Logger;
implements INeutronSecurityGroupAware, INeutronSecurityRuleAware, ConfigInterface {
private static final Logger LOG = LoggerFactory.getLogger(PortSecurityHandler.class);
+ private volatile INeutronPortCRUD neutronPortCache;
+ private volatile SecurityServicesManager securityServicesManager;
@Override
public int canCreateNeutronSecurityGroup(NeutronSecurityGroup neutronSecurityGroup) {
@Override
public void neutronSecurityRuleCreated(NeutronSecurityRule neutronSecurityRule) {
- int result = canCreateNeutronSecurityRule(neutronSecurityRule);
- if (result != HttpURLConnection.HTTP_CREATED) {
- LOG.debug("Neutron Security Group creation failed {} ", result);
- }
+ enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.ADD));
}
@Override
@Override
public void neutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
- int result = canDeleteNeutronSecurityRule(neutronSecurityRule);
- if (result != HttpURLConnection.HTTP_OK) {
- LOG.error(" delete Neutron Security Rule validation failed for result - {} ", result);
- }
+ enqueueEvent(new NorthboundEvent(neutronSecurityRule, Action.DELETE));
}
/**
}
NorthboundEvent ev = (NorthboundEvent) abstractEvent;
switch (ev.getAction()) {
- // TODO: add handling of events here, once callbacks do something
- // other than logging.
+ case ADD:
+ processNeutronSecurityRuleAdded(ev.getNeutronSecurityRule());
+ break;
+ case DELETE:
+ processNeutronSecurityRuleDeleted(ev.getNeutronSecurityRule());
+ break;
default:
LOG.warn("Unable to process event action {}", ev.getAction());
break;
}
}
+ private void processNeutronSecurityRuleAdded(NeutronSecurityRule neutronSecurityRule) {
+ List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
+ for (NeutronPort port:portList) {
+ syncSecurityGroup(neutronSecurityRule,port,neutronSecurityRule.getSecurityRuleGroupID(),true);
+ }
+ }
+
+ private void processNeutronSecurityRuleDeleted(NeutronSecurityRule neutronSecurityRule) {
+ List<NeutronPort> portList = getPortWithSecurityGroup(neutronSecurityRule.getSecurityRuleGroupID());
+ for (NeutronPort port:portList) {
+ syncSecurityGroup(neutronSecurityRule,port,neutronSecurityRule.getSecurityRuleGroupID(),false);
+ }
+ }
+
+ private void syncSecurityGroup(NeutronSecurityRule securityRule,NeutronPort port,
+ String neutronSecurityGroupId,boolean write) {
+
+ if (null != securityRule.getSecurityRemoteGroupID()) {
+ List<Neutron_IPs> vmIpList = securityServicesManager
+ .getVmListForSecurityGroup(port.getID(), neutronSecurityGroupId);
+ for (Neutron_IPs vmIp :vmIpList ) {
+ securityServicesManager.syncSecurityRule(port, securityRule, vmIp, write);
+ }
+ } else {
+ securityServicesManager.syncSecurityRule(port, securityRule, null, write);
+ }
+ }
+
+ private List<NeutronPort> getPortWithSecurityGroup(String securityGroupUuid) {
+
+ List<NeutronPort> neutronPortList = neutronPortCache.getAllPorts();
+ List<NeutronPort> neutronPortInSG = new ArrayList<NeutronPort>();
+ for (NeutronPort neutronPort:neutronPortList) {
+ List<NeutronSecurityGroup> securityGroupList = neutronPort.getSecurityGroups();
+ for (NeutronSecurityGroup neutronSecurityGroup:securityGroupList) {
+ if (neutronSecurityGroup.getID().equals(securityGroupUuid)) {
+ neutronPortInSG.add(neutronPort);
+ break;
+ }
+ }
+ }
+ return neutronPortInSG;
+ }
+
@Override
public void setDependencies(ServiceReference serviceReference) {
eventDispatcher =
(EventDispatcher) ServiceHelper.getGlobalInstance(EventDispatcher.class, this);
eventDispatcher.eventHandlerAdded(serviceReference, this);
+ neutronPortCache =
+ (INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
+ securityServicesManager =
+ (SecurityServicesManager) ServiceHelper.getGlobalInstance(SecurityServicesManager.class, this);
}
@Override
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronNetworkChangeListener;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronPortChangeListener;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronRouterChangeListener;
+import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronSecurityRuleDataChangeListener;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronSubnetChangeListener;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronLoadBalancerPoolChangeListener;
import org.opendaylight.ovsdb.openstack.netvirt.translator.iaware.impl.NeutronLoadBalancerPoolMemberChangeListener;
new NeutronFloatingIPChangeListener(db);
new NeutronLoadBalancerPoolChangeListener(db);
new NeutronLoadBalancerPoolMemberChangeListener(db);
+ new NeutronSecurityRuleDataChangeListener(db);
}
}
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV6;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolBase;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolHttp;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolHttps;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolIcmp;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolIcmpV6;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolTcp;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.ProtocolUdp;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.rev150712.Neutron;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.SecurityRules;
import org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.rules.attributes.security.rules.SecurityRule;
private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityRuleDataChangeListener.class);
private static final ImmutableBiMap<Class<? extends DirectionBase>, String> DIRECTION_MAP
- = new ImmutableBiMap.Builder<Class<? extends DirectionBase>, String>()
- .put(DirectionEgress.class, "egress")
- .put(DirectionIngress.class, "ingress").build();
- private static final ImmutableBiMap<Class<? extends ProtocolBase>, String> PROTOCOL_MAP
- = new ImmutableBiMap.Builder<Class<? extends ProtocolBase>, String>()
- .put(ProtocolHttp.class, "HTTP")
- .put(ProtocolHttps.class, "HTTPS")
- .put(ProtocolIcmp.class, "ICMP")
- .put(ProtocolTcp.class, "TCP")
+ = new ImmutableBiMap.Builder<Class<? extends DirectionBase>, String>()
+ .put(DirectionEgress.class, "egress")
+ .put(DirectionIngress.class, "ingress").build();
+ private static final ImmutableBiMap<Class<? extends ProtocolBase>,String> PROTOCOL_MAP
+ = new ImmutableBiMap.Builder<Class<? extends ProtocolBase>,String>()
+ .put(ProtocolIcmp.class,"icmp")
+ .put(ProtocolTcp.class,"tcp")
+ .put(ProtocolUdp.class,"udp")
+ .put(ProtocolIcmpV6.class,"icmpv6")
.build();
- private static final ImmutableBiMap<Class<? extends EthertypeBase>, String> ETHERTYPE_MAP
- = new ImmutableBiMap.Builder<Class<? extends EthertypeBase>, String>()
- .put(EthertypeV4.class, "v4")
- .put(EthertypeV6.class, "v6")
+ private static final ImmutableBiMap<Class<? extends EthertypeBase>,String> ETHERTYPE_MAP
+ = new ImmutableBiMap.Builder<Class<? extends EthertypeBase>,String>()
+ .put(EthertypeV4.class,"IPv4")
+ .put(EthertypeV6.class,"IPv6")
.build();
private ListenerRegistration<DataChangeListener> registration;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
+import org.mockito.Mock;
import org.mockito.Mockito;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityGroup;
import org.opendaylight.ovsdb.openstack.netvirt.translator.NeutronSecurityRule;
@InjectMocks private PortSecurityHandler portSecurityHandler;
private PortSecurityHandler posrtSecurityHandlerSpy;
+ @Mock EventDispatcher eventDispatcher;
@Before
public void setUp() {
assertEquals("Error, did not return the correct HTTP flag", HttpURLConnection.HTTP_CREATED, portSecurityHandler.canCreateNeutronSecurityRule(mock(NeutronSecurityRule.class)));
posrtSecurityHandlerSpy.neutronSecurityRuleCreated(any(NeutronSecurityRule.class));
- verify(posrtSecurityHandlerSpy, times(1)).canCreateNeutronSecurityRule(any(NeutronSecurityRule.class));
+ verify(posrtSecurityHandlerSpy, times(1)).enqueueEvent(any(AbstractEvent.class));
}
@Test
assertEquals("Error, did not return the correct HTTP flag", HttpURLConnection.HTTP_OK, portSecurityHandler.canDeleteNeutronSecurityRule(mock(NeutronSecurityRule.class)));
posrtSecurityHandlerSpy.neutronSecurityRuleDeleted(any(NeutronSecurityRule.class));
- verify(posrtSecurityHandlerSpy, times(1)).canDeleteNeutronSecurityRule(any(NeutronSecurityRule.class));
+ verify(posrtSecurityHandlerSpy, times(1)).enqueueEvent(any(AbstractEvent.class));
}
@Test