<groupId>org.osgi</groupId>
<artifactId>org.osgi.core</artifactId>
</dependency>
+ <!-- testing dependencies -->
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.controller</groupId>
+ <artifactId>sal-binding-broker-impl</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
<!-- Sonar -->
<dependency>
<groupId>org.codehaus.sonar-plugins.java</groupId>
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronNetworkAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronPortAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronRouterAware;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronSecurityGroupAware;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronSecurityRuleAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.NeutronSubnetAware;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.NeutronSecurityGroupAware;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleDao;
import org.opendaylight.neutron.spi.INeutronFloatingIPAware;
import org.opendaylight.neutron.spi.INeutronNetworkAware;
import org.opendaylight.neutron.spi.INeutronPortAware;
checkNotNull(rpcProvider);
checkNotNull(context);
EndpointService epService = rpcProvider.getRpcService(EndpointService.class);
-
registerAwareProviders(dataProvider, epService, context);
}
private void registerAwareProviders(DataBroker dataProvider, EndpointService epService, BundleContext context) {
- ServiceRegistration<INeutronNetworkAware> neutronNetworkAwareRegistration = context.registerService(
- INeutronNetworkAware.class, new NeutronNetworkAware(dataProvider), null);
+ ServiceRegistration<INeutronNetworkAware> neutronNetworkAwareRegistration =
+ context.registerService(INeutronNetworkAware.class, new NeutronNetworkAware(dataProvider), null);
registrations.add(neutronNetworkAwareRegistration);
- ServiceRegistration<INeutronSubnetAware> neutronSubnetAwareRegistration = context.registerService(
- INeutronSubnetAware.class, new NeutronSubnetAware(dataProvider), null);
+ ServiceRegistration<INeutronSubnetAware> neutronSubnetAwareRegistration =
+ context.registerService(INeutronSubnetAware.class, new NeutronSubnetAware(dataProvider), null);
registrations.add(neutronSubnetAwareRegistration);
- ServiceRegistration<INeutronPortAware> neutronPortAwareRegistration = context.registerService(
- INeutronPortAware.class, new NeutronPortAware(dataProvider, epService), null);
- registrations.add(neutronPortAwareRegistration);
+ SecGroupDao secGroupDao = new SecGroupDao();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ NeutronSecurityRuleAware securityRuleAware = new NeutronSecurityRuleAware(dataProvider, secRuleDao, secGroupDao);
+ ServiceRegistration<INeutronSecurityRuleAware> neutronSecurityRuleAwareRegistration =
+ context.registerService(INeutronSecurityRuleAware.class, securityRuleAware, null);
+ registrations.add(neutronSecurityRuleAwareRegistration);
- ServiceRegistration<INeutronSecurityGroupAware> neutronSecurityGroupAwareRegistration = context.registerService(
- INeutronSecurityGroupAware.class, new NeutronSecurityGroupAware(dataProvider), null);
+ NeutronSecurityGroupAware securityGroupAware = new NeutronSecurityGroupAware(dataProvider, securityRuleAware, secGroupDao);
+ ServiceRegistration<INeutronSecurityGroupAware> neutronSecurityGroupAwareRegistration =
+ context.registerService(INeutronSecurityGroupAware.class, securityGroupAware, null);
registrations.add(neutronSecurityGroupAwareRegistration);
- ServiceRegistration<INeutronSecurityRuleAware> neutronSecurityRuleAwareRegistration = context.registerService(
- INeutronSecurityRuleAware.class, new NeutronSecurityRuleAware(dataProvider), null);
- registrations.add(neutronSecurityRuleAwareRegistration);
+ NeutronPortAware portAware =
+ new NeutronPortAware(dataProvider, epService, securityRuleAware, securityGroupAware);
+ ServiceRegistration<INeutronPortAware> neutronPortAwareRegistration =
+ context.registerService(INeutronPortAware.class, portAware, null);
+ registrations.add(neutronPortAwareRegistration);
- NeutronRouterAware.init(dataProvider, epService);
- ServiceRegistration<INeutronRouterAware> neutronRouterAwareRegistration = context.registerService(
- INeutronRouterAware.class, NeutronRouterAware.getInstance(), null);
+ NeutronRouterAware routerAware = new NeutronRouterAware(dataProvider, epService, securityRuleAware);
+ ServiceRegistration<INeutronRouterAware> neutronRouterAwareRegistration =
+ context.registerService(INeutronRouterAware.class, routerAware, null);
registrations.add(neutronRouterAwareRegistration);
- ServiceRegistration<INeutronFloatingIPAware> neutronFloatingIpAwareRegistration = context.registerService(
- INeutronFloatingIPAware.class, new NeutronFloatingIpAware(dataProvider, epService), null);
+ ServiceRegistration<INeutronFloatingIPAware> neutronFloatingIpAwareRegistration = context
+ .registerService(INeutronFloatingIPAware.class, new NeutronFloatingIpAware(dataProvider, epService), null);
registrations.add(neutronFloatingIpAwareRegistration);
}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
+
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
+
+import com.google.common.base.Preconditions;
+
+public class NetworkClient {
+
+ private static final Name NETWORK_CLIENT_EPG_NAME = new Name("NETWORK_CLIENT");
+ private static final Description NETWORK_CLIENT_EPG_DESC = new Description("Represents DHCP and DNS clients.");
+ /**
+ * ID of {@link #EPG}
+ */
+ public static final EndpointGroupId EPG_ID = new EndpointGroupId("ccc5e444-573c-11e5-885d-feff819cdc9f");
+ /**
+ * Network-client endpoint-group consuming no contract
+ */
+ public static final EndpointGroup EPG;
+
+ static {
+ EPG = createNetworkClientEpg();
+ }
+
+ private static EndpointGroup createNetworkClientEpg() {
+ return new EndpointGroupBuilder().setId(EPG_ID)
+ .setName(NETWORK_CLIENT_EPG_NAME)
+ .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
+ .setDescription(NETWORK_CLIENT_EPG_DESC)
+ .build();
+ }
+
+ /**
+ * Puts {@link #EPG} to {@link LogicalDatastoreType#CONFIGURATION}
+ *
+ * @param tenantId location of {@link #EPG}
+ * @param wTx transaction where {@link #EPG} is written
+ */
+ public static void writeNetworkClientEntitiesToTenant(TenantId tenantId, WriteTransaction wTx) {
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
+ }
+
+ /**
+ * Puts consumer-named-selector to {@link #EPG} in {@link LogicalDatastoreType#CONFIGURATION}
+ *
+ * @param tenantId tenantId location of {@link #EPG}
+ * @param consumerNamedSelector is added to {@link #EPG}
+ * @param wTx transaction where the given consumer-named-selector is written
+ */
+ public static void writeConsumerNamedSelector(TenantId tenantId, ConsumerNamedSelector consumerNamedSelector,
+ WriteTransaction wTx) {
+ Preconditions.checkNotNull(consumerNamedSelector);
+ wTx.put(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.consumerNamedSelectorIid(tenantId, EPG_ID, consumerNamedSelector.getName()),
+ consumerNamedSelector, true);
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.annotation.Nullable;
+
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;
+import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.SubjectBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchers;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchersBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstanceBuilder;
+
+import com.google.common.collect.ImmutableList;
+
+public class NetworkService {
+
+ // ########### DHCP
+ private static final long DHCP_IPV4_SERVER_PORT = 67;
+ private static final long DHCP_IPV4_CLIENT_PORT = 68;
+ private static final long DHCP_IPV6_SERVER_PORT = 547;
+ private static final long DHCP_IPV6_CLIENT_PORT = 546;
+ private static final ClassifierName DHCP_IPV4_CLIENT_SERVER_NAME =
+ new ClassifierName("DHCP_IPv4_FROM_CLIENT_TO_SERVER");
+ private static final ClassifierName DHCP_IPV4_SERVER_CLIENT_NAME =
+ new ClassifierName("DHCP_IPv4_FROM_SERVER_TO_CLIENT");
+ private static final ClassifierName DHCP_IPV6_CLIENT_SERVER_NAME =
+ new ClassifierName("DHCP_IPv6_FROM_CLIENT_TO_SERVER");
+ private static final ClassifierName DHCP_IPV6_SERVER_CLIENT_NAME =
+ new ClassifierName("DHCP_IPv6_FROM_SERVER_TO_CLIENT");
+ private static final SubjectName DHCP_SUBJECT_NAME = new SubjectName("ALLOW_DHCP");
+ private static final Description DHCP_CONTRACT_DESC =
+ new Description("Allow DHCP communication between client and server.");
+ /**
+ * Id of {@link #DHCP_CONTRACT}
+ */
+ public static final ContractId DHCP_CONTRACT_ID = new ContractId("11118d2e-dddd-11e5-885d-feff819cdc9f");
+ /**
+ * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DHCP communication
+ * between Client and Server.
+ */
+ public static final Contract DHCP_CONTRACT;
+ /**
+ * {@link ConsumerNamedSelector} pointing to {@link #DHCP_CONTRACT}
+ */
+ public static final ConsumerNamedSelector DHCP_CONTRACT_CONSUMER_SELECTOR;
+
+ // ########### DNS
+ private static final long DNS_SERVER_PORT = 53;
+ private static final ClassifierName DNS_UDP_IPV4_CLIENT_SERVER_NAME =
+ new ClassifierName("DNS_UDP_IPv4_FROM_CLIENT_TO_SERVER");
+ private static final ClassifierName DNS_UDP_IPV4_SERVER_CLIENT_NAME =
+ new ClassifierName("DNS_UDP_IPv4_FROM_SERVER_TO_CLIENT");
+ private static final ClassifierName DNS_UDP_IPV6_CLIENT_SERVER_NAME =
+ new ClassifierName("DNS_UDP_IPv6_FROM_CLIENT_TO_SERVER");
+ private static final ClassifierName DNS_UDP_IPV6_SERVER_CLIENT_NAME =
+ new ClassifierName("DNS_UDP_IPv6_FROM_SERVER_TO_CLIENT");
+ private static final ClassifierName DNS_TCP_IPV4_CLIENT_SERVER_NAME =
+ new ClassifierName("DNS_TCP_IPv4_FROM_CLIENT_TO_SERVER");
+ private static final ClassifierName DNS_TCP_IPV4_SERVER_CLIENT_NAME =
+ new ClassifierName("DNS_TCP_IPv4_FROM_SERVER_TO_CLIENT");
+ private static final ClassifierName DNS_TCP_IPV6_CLIENT_SERVER_NAME =
+ new ClassifierName("DNS_TCP_IPv6_FROM_CLIENT_TO_SERVER");
+ private static final ClassifierName DNS_TCP_IPV6_SERVER_CLIENT_NAME =
+ new ClassifierName("DNS_TCP_IPv6_FROM_SERVER_TO_CLIENT");
+ private static final SubjectName DNS_SUBJECT_NAME = new SubjectName("ALLOW_DNS");
+ private static final Description DNS_CONTRACT_DESC =
+ new Description("Allow DNS communication between client and server.");
+ /**
+ * ID of {@link #DNS_CONTRACT}
+ */
+ public static final ContractId DNS_CONTRACT_ID = new ContractId("22218d2e-dddd-11e5-885d-feff819cdc9f");
+ /**
+ * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching DNS communication
+ * between Client and Server.
+ */
+ public static final Contract DNS_CONTRACT;
+ /**
+ * {@link ConsumerNamedSelector} pointing to {@link #DNS_CONTRACT}
+ */
+ public static final ConsumerNamedSelector DNS_CONTRACT_CONSUMER_SELECTOR;
+
+ // ########### NETWORK-SERVICE ENDPOINT-GROUP
+ private static final Name NETWORK_SERVICE_EPG_NAME = new Name("NETWORK_SERVICE");
+ private static final Description NETWORK_SERVICE_EPG_DESC = new Description("Represents DHCP and DNS servers.");
+ /**
+ * ID of {@link #EPG}
+ */
+ public static final EndpointGroupId EPG_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
+ /**
+ * Network-service endpoint-group providing {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}
+ */
+ public static final EndpointGroup EPG;
+
+ static {
+ DHCP_CONTRACT = createContractDhcp();
+ DHCP_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DHCP_CONTRACT);
+ DNS_CONTRACT = createContractDns();
+ DNS_CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(DNS_CONTRACT);
+ EPG = createNetworkServiceEpg();
+ }
+
+ private static EndpointGroup createNetworkServiceEpg() {
+ ProviderNamedSelector dhcpProviderSelector = createProviderSelector(DHCP_CONTRACT);
+ ProviderNamedSelector dnsProviderSelector = createProviderSelector(DNS_CONTRACT);
+ return new EndpointGroupBuilder().setId(EPG_ID)
+ .setName(NETWORK_SERVICE_EPG_NAME)
+ .setProviderNamedSelector(ImmutableList.of(dhcpProviderSelector, dnsProviderSelector))
+ .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
+ .setDescription(NETWORK_SERVICE_EPG_DESC)
+ .build();
+ }
+
+ private static ProviderNamedSelector createProviderSelector(Contract contract) {
+ SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
+ return new ProviderNamedSelectorBuilder().setName(selectorName)
+ .setContract(ImmutableList.of(contract.getId()))
+ .build();
+ }
+
+ private static ConsumerNamedSelector createConsumerSelector(Contract contract) {
+ SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
+ return new ConsumerNamedSelectorBuilder().setName(selectorName)
+ .setContract(ImmutableList.of(contract.getId()))
+ .build();
+ }
+
+ private static Contract createContractDhcp() {
+ Rule clientServerIpv4Rule = createRuleAllow(DHCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
+ Rule serverClientIpv4Rule = createRuleAllow(DHCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
+ Rule clientServerIpv6Rule = createRuleAllow(DHCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
+ Rule serverClientIpv6Rule = createRuleAllow(DHCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
+ Subject subject = new SubjectBuilder().setName(DHCP_SUBJECT_NAME)
+ .setOrder(0)
+ .setRule(ImmutableList.of(clientServerIpv4Rule, serverClientIpv4Rule, clientServerIpv6Rule,
+ serverClientIpv6Rule))
+ .build();
+ return new ContractBuilder().setId(DHCP_CONTRACT_ID)
+ .setSubject(ImmutableList.of(subject))
+ .setDescription(DHCP_CONTRACT_DESC)
+ .build();
+ }
+
+ private static Contract createContractDns() {
+ Rule clientServerUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_CLIENT_SERVER_NAME, Direction.In);
+ Rule serverClientUdpIpv4Rule = createRuleAllow(DNS_UDP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
+ Rule clientServerUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_CLIENT_SERVER_NAME, Direction.In);
+ Rule serverClientUdpIpv6Rule = createRuleAllow(DNS_UDP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
+ Rule clientServerTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_CLIENT_SERVER_NAME, Direction.In);
+ Rule serverClientTcpIpv4Rule = createRuleAllow(DNS_TCP_IPV4_SERVER_CLIENT_NAME, Direction.Out);
+ Rule clientServerTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_CLIENT_SERVER_NAME, Direction.In);
+ Rule serverClientTcpIpv6Rule = createRuleAllow(DNS_TCP_IPV6_SERVER_CLIENT_NAME, Direction.Out);
+ Subject subject = new SubjectBuilder().setName(DNS_SUBJECT_NAME)
+ .setOrder(0)
+ .setRule(ImmutableList.of(clientServerUdpIpv4Rule, serverClientUdpIpv4Rule, clientServerUdpIpv6Rule,
+ serverClientUdpIpv6Rule, clientServerTcpIpv4Rule, serverClientTcpIpv4Rule, clientServerTcpIpv6Rule,
+ serverClientTcpIpv6Rule))
+ .build();
+ return new ContractBuilder().setId(DNS_CONTRACT_ID)
+ .setSubject(ImmutableList.of(subject))
+ .setDescription(DNS_CONTRACT_DESC)
+ .build();
+ }
+
+ private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) {
+ ClassifierName name =
+ new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue());
+ ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name)
+ .setInstanceName(classifierName)
+ .setDirection(direction)
+ .build();
+ return new RuleBuilder().setName(new RuleName(name))
+ .setActionRef(MappingUtils.ACTION_REF_ALLOW)
+ .setClassifierRef(ImmutableList.of(classifierRef))
+ .build();
+ }
+
+ /**
+ * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
+ * and {@link ProviderMatchers}. This clause points to subject in {@link #DHCP_CONTRACT}.
+ *
+ * @param tenantId location of {@link #DHCP_CONTRACT}
+ * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
+ * @param wTx transaction where entities are written
+ */
+ public static void writeDhcpClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
+ WriteTransaction wTx) {
+ Clause clause = createClauseWithConsProvEic(ipPrefix, DHCP_SUBJECT_NAME);
+ wTx.put(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.clauseIid(tenantId, DHCP_CONTRACT_ID, clause.getName()), clause, true);
+ }
+
+ /**
+ * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
+ * and {@link ProviderMatchers}. This clause points to subject in {@link #DNS_CONTRACT}.
+ *
+ * @param tenantId location of {@link #DNS_CONTRACT}
+ * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
+ * @param wTx transaction where entities are written
+ */
+ public static void writeDnsClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
+ WriteTransaction wTx) {
+ Clause clause = createClauseWithConsProvEic(ipPrefix, DNS_SUBJECT_NAME);
+ wTx.put(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.clauseIid(tenantId, DNS_CONTRACT_ID, clause.getName()), clause, true);
+ }
+
+ private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) {
+ ConsumerMatchers consumerMatchers = null;
+ ProviderMatchers providerMatchers = null;
+ StringBuilder clauseName = new StringBuilder();
+ clauseName.append(subjectName.getValue());
+ if (ipPrefix != null) {
+ clauseName.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(Utils.getStringIpPrefix(ipPrefix));
+ consumerMatchers =
+ new ConsumerMatchersBuilder()
+ .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
+ .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
+ .setPrefixConstraint(
+ ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
+ .build())
+ .build())
+ .build();
+ providerMatchers =
+ new ProviderMatchersBuilder()
+ .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
+ .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
+ .setPrefixConstraint(
+ ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
+ .build())
+ .build())
+ .build();
+ }
+ return new ClauseBuilder().setName(new ClauseName(clauseName.toString()))
+ .setSubjectRefs(ImmutableList.of(subjectName))
+ .setConsumerMatchers(consumerMatchers)
+ .setProviderMatchers(providerMatchers)
+ .build();
+ }
+
+ /**
+ * Puts network service entities (classifier-instances, {@link #DHCP_CONTRACT},
+ * {@link #DNS_CONTRACT}, and {@link #EPG}) to
+ * {@link LogicalDatastoreType#CONFIGURATION}
+ *
+ * @param tenantId location of network-service entities
+ * @param wTx transaction where network-service entities are written
+ */
+ public static void writeNetworkServiceEntitiesToTenant(TenantId tenantId, WriteTransaction wTx) {
+ Set<ClassifierInstance> classifierInstances = getAllClassifierInstances();
+ for (ClassifierInstance ci : classifierInstances) {
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
+ true);
+ }
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID), DHCP_CONTRACT,
+ true);
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
+ true);
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
+ }
+
+ /**
+ * @return All classifier-instances used in {@link #DHCP_CONTRACT} and {@link #DNS_CONTRACT}
+ */
+ public static Set<ClassifierInstance> getAllClassifierInstances() {
+ HashSet<ClassifierInstance> cis = new HashSet<>();
+ cis.add(createDhcpIpv4ClientServer());
+ cis.add(createDhcpIpv4ServerClient());
+ cis.add(createDhcpIpv6ClientServer());
+ cis.add(createDhcpIpv6ServerClient());
+ cis.add(createDnsUdpIpv4ClientServer());
+ cis.add(createDnsUdpIpv4ServerClient());
+ cis.add(createDnsUdpIpv6ClientServer());
+ cis.add(createDnsUdpIpv6ServerClient());
+ cis.add(createDnsTcpIpv4ClientServer());
+ cis.add(createDnsTcpIpv4ServerClient());
+ cis.add(createDnsTcpIpv6ClientServer());
+ cis.add(createDnsTcpIpv6ServerClient());
+ return cis;
+ }
+
+ // ###################### DHCP
+ private static ClassifierInstance createDhcpIpv4ClientServer() {
+ return new ClassifierInstanceBuilder().setName(DHCP_IPV4_CLIENT_SERVER_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.UDP_VALUE,
+ DHCP_IPV4_CLIENT_PORT, DHCP_IPV4_SERVER_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDhcpIpv4ServerClient() {
+ return new ClassifierInstanceBuilder().setName(DHCP_IPV4_SERVER_CLIENT_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.UDP_VALUE,
+ DHCP_IPV4_SERVER_PORT, DHCP_IPV4_CLIENT_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDhcpIpv6ClientServer() {
+ return new ClassifierInstanceBuilder().setName(DHCP_IPV6_CLIENT_SERVER_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.UDP_VALUE,
+ DHCP_IPV6_CLIENT_PORT, DHCP_IPV6_SERVER_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDhcpIpv6ServerClient() {
+ return new ClassifierInstanceBuilder().setName(DHCP_IPV6_SERVER_CLIENT_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.UDP_VALUE,
+ DHCP_IPV6_SERVER_PORT, DHCP_IPV6_CLIENT_PORT))
+ .build();
+ }
+
+ // ###################### DNS UDP
+ private static ClassifierInstance createDnsUdpIpv4ClientServer() {
+ return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_CLIENT_SERVER_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.UDP_VALUE, null, DNS_SERVER_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDnsUdpIpv4ServerClient() {
+ return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV4_SERVER_CLIENT_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.UDP_VALUE, DNS_SERVER_PORT, null))
+ .build();
+ }
+
+ private static ClassifierInstance createDnsUdpIpv6ClientServer() {
+ return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_CLIENT_SERVER_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.UDP_VALUE, null, DNS_SERVER_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDnsUdpIpv6ServerClient() {
+ return new ClassifierInstanceBuilder().setName(DNS_UDP_IPV6_SERVER_CLIENT_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.UDP_VALUE, DNS_SERVER_PORT, null))
+ .build();
+ }
+
+ // ###################### DNS TCP
+ private static ClassifierInstance createDnsTcpIpv4ClientServer() {
+ return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_CLIENT_SERVER_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.TCP_VALUE, null, DNS_SERVER_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDnsTcpIpv4ServerClient() {
+ return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV4_SERVER_CLIENT_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv4_VALUE, IpProtoClassifier.TCP_VALUE, DNS_SERVER_PORT, null))
+ .build();
+ }
+
+ private static ClassifierInstance createDnsTcpIpv6ClientServer() {
+ return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_CLIENT_SERVER_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.TCP_VALUE, null, DNS_SERVER_PORT))
+ .build();
+ }
+
+ private static ClassifierInstance createDnsTcpIpv6ServerClient() {
+ return new ClassifierInstanceBuilder().setName(DNS_TCP_IPV6_SERVER_CLIENT_NAME)
+ .setClassifierDefinitionId(L4Classifier.DEFINITION.getId())
+ .setParameterValue(
+ createParams(EtherTypeClassifier.IPv6_VALUE, IpProtoClassifier.TCP_VALUE, DNS_SERVER_PORT, null))
+ .build();
+ }
+
+ private static List<ParameterValue> createParams(long etherType, long proto, @Nullable Long srcPort,
+ @Nullable Long dstPort) {
+ List<ParameterValue> params = new ArrayList<>();
+ if (srcPort != null) {
+ params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.SRC_PORT_PARAM))
+ .setIntValue(srcPort)
+ .build());
+ }
+ if (dstPort != null) {
+ params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_PARAM))
+ .setIntValue(dstPort)
+ .build());
+ }
+ params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifier.PROTO_PARAM))
+ .setIntValue(proto)
+ .build());
+ params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifier.ETHERTYPE_PARAM))
+ .setIntValue(etherType)
+ .build());
+ return params;
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import javax.annotation.Nullable;
+
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
+import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.SubjectBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchers;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchersBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstanceBuilder;
+
+import com.google.common.collect.ImmutableList;
+
+public class Router {
+
+ private static final ClassifierName IPV4_NAME = new ClassifierName("IPv4");
+ private static final ClassifierName IPV6_NAME = new ClassifierName("IPv6");
+ private static final SubjectName ROUTER_SUBJECT_NAME = new SubjectName("ALLOW_IPv4_IPv6");
+ private static final Description ROUTER_CONTRACT_DESC =
+ new Description("Allow IPv4 and IPv6 communication between router interfaces and endpoints.");
+ /**
+ * ID of {@link Contract}
+ */
+ public static final ContractId CONTRACT_ID = new ContractId("111bc60e-1110-11e5-885d-feff819cdc9f");
+ /**
+ * Contains rules with action {@link MappingUtils#ACTION_REF_ALLOW} matching IPv4 and IPv6
+ * communication in both directions
+ */
+ public static final Contract CONTRACT;
+
+ private static final Name ROUTER_EPG_NAME = new Name("ROUTER_PORTS");
+ private static final Description ROUTER_EPG_DESC = new Description("Represents router's interfaces.");
+ /**
+ * ID of {@link #EPG}
+ */
+ public static final EndpointGroupId EPG_ID = new EndpointGroupId("1118172e-cd84-4933-a35f-749f9a651de9");
+ /**
+ * Router endpoint-group providing {@link #CONTRACT}
+ */
+ public static final EndpointGroup EPG;
+ /**
+ * {@link ConsumerNamedSelector} pointing to {@link #CONTRACT}
+ */
+ public static final ConsumerNamedSelector CONTRACT_CONSUMER_SELECTOR;
+
+ static {
+ CONTRACT = createContractRouter();
+ CONTRACT_CONSUMER_SELECTOR = createConsumerSelector(CONTRACT);
+ EPG = createRouterEpg();
+ }
+
+ private static EndpointGroup createRouterEpg() {
+ ProviderNamedSelector routerProviderSelector = createProviderSelector(CONTRACT);
+ return new EndpointGroupBuilder().setId(EPG_ID)
+ .setName(ROUTER_EPG_NAME)
+ .setProviderNamedSelector(ImmutableList.of(routerProviderSelector))
+ .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
+ .setDescription(ROUTER_EPG_DESC)
+ .build();
+ }
+
+ private static ProviderNamedSelector createProviderSelector(Contract contract) {
+ SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
+ return new ProviderNamedSelectorBuilder().setName(selectorName)
+ .setContract(ImmutableList.of(contract.getId()))
+ .build();
+ }
+
+ private static ConsumerNamedSelector createConsumerSelector(Contract contract) {
+ SelectorName selectorName = new SelectorName(contract.getSubject().get(0).getName().getValue());
+ return new ConsumerNamedSelectorBuilder().setName(selectorName)
+ .setContract(ImmutableList.of(contract.getId()))
+ .build();
+ }
+
+ private static Contract createContractRouter() {
+ Rule endpointRouterIpv4Rule = createRuleAllow(IPV4_NAME, Direction.In);
+ Rule routerEndpointIpv4Rule = createRuleAllow(IPV4_NAME, Direction.Out);
+ Rule endpointRouterIpv6Rule = createRuleAllow(IPV6_NAME, Direction.In);
+ Rule routerEndpointIpv6Rule = createRuleAllow(IPV6_NAME, Direction.Out);
+ Subject subject = new SubjectBuilder().setName(ROUTER_SUBJECT_NAME)
+ .setOrder(0)
+ .setRule(ImmutableList.of(endpointRouterIpv4Rule, routerEndpointIpv4Rule, endpointRouterIpv6Rule,
+ routerEndpointIpv6Rule))
+ .build();
+ return new ContractBuilder().setId(CONTRACT_ID)
+ .setSubject(ImmutableList.of(subject))
+ .setDescription(ROUTER_CONTRACT_DESC)
+ .build();
+ }
+
+ private static Rule createRuleAllow(ClassifierName classifierName, Direction direction) {
+ ClassifierName name =
+ new ClassifierName(direction.name() + MappingUtils.NAME_DOUBLE_DELIMETER + classifierName.getValue());
+ ClassifierRef classifierRef = new ClassifierRefBuilder().setName(name)
+ .setInstanceName(classifierName)
+ .setDirection(direction)
+ .build();
+ return new RuleBuilder().setName(new RuleName(name))
+ .setActionRef(MappingUtils.ACTION_REF_ALLOW)
+ .setClassifierRef(ImmutableList.of(classifierRef))
+ .build();
+ }
+
+ /**
+ * puts clause with {@link L3EndpointIdentificationConstraints} in {@link ConsumerMatchers}
+ * and {@link ProviderMatchers}. This clause points to subject in {@link #CONTRACT}.
+ *
+ * @param tenantId location of {@link #CONTRACT}
+ * @param ipPrefix used in {@link L3EndpointIdentificationConstraints}
+ * @param wTx transaction where entities are written
+ */
+ public static void writeRouterClauseWithConsProvEic(TenantId tenantId, @Nullable IpPrefix ipPrefix,
+ WriteTransaction wTx) {
+ Clause clause = createClauseWithConsProvEic(ipPrefix, ROUTER_SUBJECT_NAME);
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.clauseIid(tenantId, CONTRACT_ID, clause.getName()),
+ clause, true);
+ }
+
+ private static Clause createClauseWithConsProvEic(@Nullable IpPrefix ipPrefix, SubjectName subjectName) {
+ ConsumerMatchers consumerMatchers = null;
+ ProviderMatchers providerMatchers = null;
+ StringBuilder clauseName = new StringBuilder();
+ clauseName.append(subjectName.getValue());
+ if (ipPrefix != null) {
+ clauseName.append(MappingUtils.NAME_DOUBLE_DELIMETER).append(Utils.getStringIpPrefix(ipPrefix));
+ consumerMatchers =
+ new ConsumerMatchersBuilder()
+ .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
+ .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
+ .setPrefixConstraint(
+ ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
+ .build())
+ .build())
+ .build();
+ providerMatchers =
+ new ProviderMatchersBuilder()
+ .setEndpointIdentificationConstraints(new EndpointIdentificationConstraintsBuilder()
+ .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()
+ .setPrefixConstraint(
+ ImmutableList.of(new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build()))
+ .build())
+ .build())
+ .build();
+ }
+ return new ClauseBuilder().setName(new ClauseName(clauseName.toString()))
+ .setSubjectRefs(ImmutableList.of(subjectName))
+ .setConsumerMatchers(consumerMatchers)
+ .setProviderMatchers(providerMatchers)
+ .build();
+ }
+
+ /**
+ * Puts router entities (classifier-instances, {@link #CONTRACT} and {@link #EPG}) to
+ * {@link LogicalDatastoreType#CONFIGURATION}
+ *
+ * @param tenantId location of router entities
+ * @param wTx transaction where router entities are written
+ */
+ public static void writeRouterEntitiesToTenant(TenantId tenantId, WriteTransaction wTx) {
+ Set<ClassifierInstance> classifierInstances = getAllClassifierInstances();
+ for (ClassifierInstance ci : classifierInstances) {
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
+ true);
+ }
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, CONTRACT_ID), CONTRACT, true);
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, EPG_ID), EPG, true);
+ }
+
+ /**
+ * @return All classifier-instances used in {@link CONTRACT}
+ */
+ public static Set<ClassifierInstance> getAllClassifierInstances() {
+ HashSet<ClassifierInstance> cis = new HashSet<>();
+ cis.add(createIpv4());
+ cis.add(createIpv6());
+ return cis;
+ }
+
+ private static ClassifierInstance createIpv4() {
+ return new ClassifierInstanceBuilder().setName(IPV4_NAME)
+ .setClassifierDefinitionId(EtherTypeClassifier.DEFINITION.getId())
+ .setParameterValue(createParams(EtherTypeClassifier.IPv4_VALUE))
+ .build();
+ }
+
+ private static ClassifierInstance createIpv6() {
+ return new ClassifierInstanceBuilder().setName(IPV6_NAME)
+ .setClassifierDefinitionId(EtherTypeClassifier.DEFINITION.getId())
+ .setParameterValue(createParams(EtherTypeClassifier.IPv6_VALUE))
+ .build();
+ }
+
+ private static List<ParameterValue> createParams(long etherType) {
+ List<ParameterValue> params = new ArrayList<>();
+ params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifier.ETHERTYPE_PARAM))
+ .setIntValue(etherType)
+ .build());
+ return params;
+ }
+
+}
import static com.google.common.base.Preconditions.checkNotNull;
+import java.util.HashSet;
+import java.util.Set;
import java.util.UUID;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.neutron.gbp.util.NeutronGbpIidFactory;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure.NetworkClient;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure.Router;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronMapperIidFactory;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.network.mappings.NetworkMapping;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.network.mappings.NetworkMappingBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.L2BridgeDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.L2BridgeDomainBuilder;
private static final Logger LOG = LoggerFactory.getLogger(NeutronNetworkAware.class);
private final DataBroker dataProvider;
+ private Set<TenantId> tenantsWithRouterEntities = new HashSet<>();
public NeutronNetworkAware(DataBroker dataProvider) {
this.dataProvider = checkNotNull(dataProvider);
ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
L2FloodDomainId l2FdId = new L2FloodDomainId(network.getID());
TenantId tenantId = new TenantId(Utils.normalizeUuid(network.getTenantID()));
- addEpgDhcpIfMissing(tenantId, rwTx);
- addEpgRouterIfMissing(tenantId, rwTx);
- // Note that Router External doesn't mean the router exists yet, it simply means it will connect to one.
- if(network.getRouterExternal()) {
- addEpgExternalIfMissing(tenantId, rwTx);
- }
- Description domainDescription = new Description(MappingUtils.NEUTRON_NETWORK__ + network.getID());
Name name = null;
if (network.getNetworkName() != null) {
- name = new Name(network.getNetworkName());
+ try {
+ name = new Name(network.getNetworkName());
+ } catch (Exception e) {
+ name = null;
+ LOG.info("Name of Neutron Network '{}' is ignored.",
+ network.getNetworkName());
+ LOG.debug("Name exception", e);
+ }
}
+
L3ContextId l3ContextId = new L3ContextId(UUID.randomUUID().toString());
L3Context l3Context = new L3ContextBuilder().setId(l3ContextId)
- .setDescription(domainDescription)
.setName(name)
.build();
rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.l3ContextIid(tenantId, l3ContextId), l3Context, true);
L2BridgeDomainId l2BdId = new L2BridgeDomainId(UUID.randomUUID().toString());
L2BridgeDomain l2Bd = new L2BridgeDomainBuilder().setId(l2BdId)
.setParent(l3ContextId)
- .setDescription(domainDescription)
.setName(name)
.build();
rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.l2BridgeDomainIid(tenantId, l2BdId), l2Bd, true);
L2FloodDomain l2Fd = new L2FloodDomainBuilder().setId(l2FdId)
.setParent(l2BdId)
- .setDescription(domainDescription)
.setName(name)
.build();
rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.l2FloodDomainIid(tenantId, l2FdId), l2Fd, true);
.build();
rwTx.put(LogicalDatastoreType.OPERATIONAL, NeutronMapperIidFactory.networkMappingIid(l2FdId), networkMapping, true);
- if (network.getRouterExternal() != null
- && network.getRouterExternal() == true) {
+ if (!tenantsWithRouterEntities.contains(tenantId)) {
+ tenantsWithRouterEntities.add(tenantId);
+ Router.writeRouterEntitiesToTenant(tenantId, rwTx);
+ Router.writeRouterClauseWithConsProvEic(tenantId, null, rwTx);
+ NetworkClient.writeConsumerNamedSelector(tenantId, Router.CONTRACT_CONSUMER_SELECTOR, rwTx);
+ }
+ if (network.getRouterExternal() != null && network.getRouterExternal() == true) {
+ addEpgExternalIfMissing(tenantId, rwTx);
addExternalNetworkIfMissing(l2Fd.getId(), rwTx);
}
DataStoreHelper.submitToDs(rwTx);
EndpointGroup epgExternal = new EndpointGroupBuilder()
.setId(MappingUtils.EPG_EXTERNAL_ID)
.setName(new Name("EXTERNAL_group"))
- .setDescription(new Description(MappingUtils.NEUTRON_EXTERNAL__ + "epg_external_networks"))
- .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
+ .setDescription(new Description(MappingUtils.NEUTRON_EXTERNAL + "epg_external_networks"))
.build();
rwTx.put(LogicalDatastoreType.CONFIGURATION,
IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_EXTERNAL_ID), epgExternal, true);
}
}
- private void addEpgDhcpIfMissing(TenantId tenantId, ReadWriteTransaction rwTx) {
- InstanceIdentifier<EndpointGroup> epgDhcpIid = IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_DHCP_ID);
- Optional<EndpointGroup> potentialDhcpEpg = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- epgDhcpIid, rwTx);
- if (!potentialDhcpEpg.isPresent()) {
- EndpointGroup epgDhcp = new EndpointGroupBuilder()
- .setId(MappingUtils.EPG_DHCP_ID)
- .setName(new Name("DHCP_group"))
- .setDescription(new Description("Group where are all DHCP endpoints."))
- .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
- .build();
- rwTx.put(LogicalDatastoreType.CONFIGURATION, epgDhcpIid, epgDhcp);
- }
- }
-
- private void addEpgRouterIfMissing(TenantId tenantId, ReadWriteTransaction rwTx) {
- Optional<EndpointGroup> potentialEpgRouter = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_ROUTER_ID), rwTx);
- if (!potentialEpgRouter.isPresent()) {
- EndpointGroup epgRouter = new EndpointGroupBuilder()
- .setId(MappingUtils.EPG_ROUTER_ID)
- .setName(new Name("ROUTER_group"))
- .setDescription(new Description(MappingUtils.NEUTRON_ROUTER__ + "epg_routers"))
- .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
- .build();
- rwTx.put(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_ROUTER_ID), epgRouter);
- }
- }
-
/**
* @see org.opendaylight.neutron.spi.INeutronNetworkAware#canUpdateNetwork(org.opendaylight.neutron.spi.NeutronNetwork,
* org.opendaylight.neutron.spi.NeutronNetwork)
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
-import org.opendaylight.controller.md.sal.binding.api.ReadTransaction;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.neutron.gbp.util.NeutronGbpIidFactory;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure.NetworkClient;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure.NetworkService;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure.Router;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.NeutronSecurityGroupAware;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils.ForwardingCtx;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
private static final String DEVICE_OWNER_ROUTER_IFACE = "network:router_interface";
private static final String DEVICE_OWNER_ROUTER_GATEWAY = "network:router_gateway";
private static final String DEVICE_OWNER_FLOATING_IP = "network:floatingip";
- private static final int DHCP_SERVER_PORT = 67;
- private static final int DNS_SERVER_PORT = 53;
private final DataBroker dataProvider;
private final EndpointService epService;
+ private final NeutronSecurityRuleAware secRuleAware;
+ private final NeutronSecurityGroupAware secGrpAware;
private final static Map<String, UniqueId> floatingIpPortByDeviceId = new HashMap<>();
+ private final Set<TenantId> tenantsWithNetworkSeviceEntities = new HashSet<>();
- public NeutronPortAware(DataBroker dataProvider, EndpointService epService) {
+ public NeutronPortAware(DataBroker dataProvider, EndpointService epService, NeutronSecurityRuleAware secRuleAware, NeutronSecurityGroupAware secGrpAware) {
this.dataProvider = checkNotNull(dataProvider);
this.epService = checkNotNull(epService);
+ this.secRuleAware = checkNotNull(secRuleAware);
+ this.secGrpAware = secGrpAware;
}
/**
TenantId tenantId = new TenantId(Utils.normalizeUuid(port.getTenantID()));
if (isDhcpPort(port)) {
LOG.trace("Port is DHCP port. - {}", port.getID());
- List<NeutronSecurityRule> dhcpSecRules = createDhcpSecRules(port, null, rwTx);
- if (dhcpSecRules == null) {
+ Neutron_IPs firstIp = MappingUtils.getFirstIp(port.getFixedIPs());
+ if (firstIp == null) {
+ LOG.warn("Illegal state - DHCP port does not have an IP address.");
rwTx.cancel();
return;
}
-
- for (NeutronSecurityRule dhcpSecRule : dhcpSecRules) {
- boolean isDhcpSecRuleAdded = NeutronSecurityRuleAware.addNeutronSecurityRule(dhcpSecRule, rwTx);
- if (!isDhcpSecRuleAdded) {
- rwTx.cancel();
- return;
- }
+ if (!tenantsWithNetworkSeviceEntities.contains(tenantId)) {
+ tenantsWithNetworkSeviceEntities.add(tenantId);
+ NetworkService.writeNetworkServiceEntitiesToTenant(tenantId, rwTx);
+ NetworkService.writeDhcpClauseWithConsProvEic(tenantId, null, rwTx);
+ NetworkService.writeDnsClauseWithConsProvEic(tenantId, null, rwTx);
+ NetworkClient.writeNetworkClientEntitiesToTenant(tenantId, rwTx);
+ NetworkClient.writeConsumerNamedSelector(tenantId, NetworkService.DHCP_CONTRACT_CONSUMER_SELECTOR, rwTx);
+ NetworkClient.writeConsumerNamedSelector(tenantId, NetworkService.DNS_CONTRACT_CONSUMER_SELECTOR, rwTx);
}
} else {
+ // this is here b/c stable/kilo sends sec-groups only with port
List<NeutronSecurityGroup> secGroups = port.getSecurityGroups();
if (secGroups != null) {
for (NeutronSecurityGroup secGroup : secGroups) {
Optional<EndpointGroup> potentialEpg = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
IidFactory.endpointGroupIid(tenantId, epgId), rwTx);
if (!potentialEpg.isPresent()) {
- boolean isSecGroupCreated = NeutronSecurityGroupAware.addNeutronSecurityGroup(secGroup, rwTx);
+ boolean isSecGroupCreated = secGrpAware.addNeutronSecurityGroup(secGroup, rwTx);
if (!isSecGroupCreated) {
rwTx.cancel();
return;
}
- if (containsSecRuleWithRemoteSecGroup(secGroup)) {
- List<NeutronSecurityRule> dhcpSecRules = createDhcpSecRules(port, epgId, rwTx);
- if (dhcpSecRules == null) {
- rwTx.cancel();
- return;
- }
- List<NeutronSecurityRule> routerSecRules = NeutronRouterAware.createRouterSecRules(port, epgId, rwTx);
- if (routerSecRules == null) {
- rwTx.cancel();
- return;
- }
- }
} else {
List<NeutronSecurityRule> secRules = secGroup.getSecurityRules();
if (secRules != null) {
for (NeutronSecurityRule secRule : secRules) {
- NeutronSecurityRuleAware.addNeutronSecurityRule(secRule, rwTx);
+ secRuleAware.addNeutronSecurityRule(secRule, rwTx);
}
}
}
List<EndpointGroupId> epgIds = new ArrayList<>();
// each EP has to be in EPG ANY, except dhcp and router
epgIds.add(MappingUtils.EPG_EXTERNAL_ID);
- epgIds.add(MappingUtils.EPG_ROUTER_ID);
+ epgIds.add(Router.EPG_ID);
EndpointL3 epL3 = createL3Endpoint(tenantId, epL3Key, epgIds, networkContainment);
InstanceIdentifier<EndpointL3> iid_l3 = IidFactory.l3EndpointIid(l3ContextId, ipAddress);
rwTx.put(LogicalDatastoreType.OPERATIONAL, iid_l3, epL3, true);
}
public static boolean addL3PrefixEndpoint(L3ContextId l3ContextId, IpPrefix ipPrefix, IpAddress ipAddress, TenantId tenantId,
- ReadWriteTransaction rwTx, EndpointService epService) {
-
+ EndpointService epService) {
EndpointL3PrefixKey epL3PrefixKey = new EndpointL3PrefixKey( ipPrefix, l3ContextId);
-
EndpointL3Key epL3Key = null;
List<EndpointL3Key> l3Gateways = new ArrayList<>();
if (ipAddress != null) {
epL3Key = new EndpointL3Key(ipAddress, l3ContextId);
l3Gateways.add(epL3Key);
}
-
-
try {
RegisterL3PrefixEndpointInput registerL3PrefixEpRpcInput = createRegisterL3PrefixEndpointInput(epL3PrefixKey, l3Gateways,tenantId);
return true;
}
- private List<NeutronSecurityRule> createDhcpSecRules(NeutronPort port, EndpointGroupId consumerEpgId, ReadTransaction rTx) {
- TenantId tenantId = new TenantId(Utils.normalizeUuid(port.getTenantID()));
- Neutron_IPs firstIp = MappingUtils.getFirstIp(port.getFixedIPs());
- if (firstIp == null) {
- LOG.warn("Illegal state - DHCP port does not have an IP address.");
- return null;
- }
- IpAddress ipAddress = Utils.createIpAddress(firstIp.getIpAddress());
- boolean isIPv4Ethertype = ipAddress.getIpv4Address() == null ? false : true;
- List<NeutronSecurityRule> rules = new ArrayList<>();
- rules.add(createDhcpIngressSecRule(port.getID(), tenantId, isIPv4Ethertype, consumerEpgId));
- rules.add(createDnsSecRule(port.getID(), tenantId, isIPv4Ethertype, consumerEpgId));
- rules.add(createUdpEgressSecRule(port.getID(), tenantId, isIPv4Ethertype, consumerEpgId));
- rules.add(createIcmpSecRule(port.getID(), tenantId, isIPv4Ethertype, consumerEpgId, true));
- rules.add(createIcmpSecRule(port.getID(), tenantId, isIPv4Ethertype, consumerEpgId, false));
- return rules;
- }
-
- private NeutronSecurityRule createDhcpIngressSecRule(String ruleUuid, TenantId tenantId, boolean isIPv4Ethertype, EndpointGroupId consumerEpgId) {
- NeutronSecurityRule dhcpSecRule = new NeutronSecurityRule();
- dhcpSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
- dhcpSecRule.setSecurityRuleTenantID(tenantId.getValue());
- if (consumerEpgId != null) {
- dhcpSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
- }
- dhcpSecRule.setSecurityRuleUUID(NeutronUtils.INGRESS + "_dhcp__" + ruleUuid);
- dhcpSecRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
- dhcpSecRule.setSecurityRulePortMin(DHCP_SERVER_PORT);
- dhcpSecRule.setSecurityRulePortMax(DHCP_SERVER_PORT);
- dhcpSecRule.setSecurityRuleProtocol(NeutronUtils.UDP);
- if (isIPv4Ethertype) {
- dhcpSecRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
- } else {
- dhcpSecRule.setSecurityRuleEthertype(NeutronUtils.IPv6);
- }
- return dhcpSecRule;
- }
-
- private NeutronSecurityRule createUdpEgressSecRule(String ruleUuid, TenantId tenantId, boolean isIPv4Ethertype, EndpointGroupId consumerEpgId) {
- NeutronSecurityRule dhcpSecRule = new NeutronSecurityRule();
- dhcpSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
- dhcpSecRule.setSecurityRuleTenantID(tenantId.getValue());
- if (consumerEpgId != null) {
- dhcpSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
- }
- dhcpSecRule.setSecurityRuleUUID(NeutronUtils.EGRESS + "_udp__" + ruleUuid);
- dhcpSecRule.setSecurityRuleDirection(NeutronUtils.EGRESS);
- dhcpSecRule.setSecurityRuleProtocol(NeutronUtils.UDP);
- if (isIPv4Ethertype) {
- dhcpSecRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
- } else {
- dhcpSecRule.setSecurityRuleEthertype(NeutronUtils.IPv6);
- }
- return dhcpSecRule;
- }
-
- private NeutronSecurityRule createDnsSecRule(String ruleUuid, TenantId tenantId, boolean isIPv4Ethertype, EndpointGroupId consumerEpgId) {
- NeutronSecurityRule dnsSecRule = new NeutronSecurityRule();
- dnsSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
- dnsSecRule.setSecurityRuleTenantID(tenantId.getValue());
- if (consumerEpgId != null) {
- dnsSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
- }
- dnsSecRule.setSecurityRuleUUID(NeutronUtils.INGRESS + "_dns__" + ruleUuid);
- dnsSecRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
- dnsSecRule.setSecurityRulePortMin(DNS_SERVER_PORT);
- dnsSecRule.setSecurityRulePortMax(DNS_SERVER_PORT);
- dnsSecRule.setSecurityRuleProtocol(NeutronUtils.UDP);
- if (isIPv4Ethertype) {
- dnsSecRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
- } else {
- dnsSecRule.setSecurityRuleEthertype(NeutronUtils.IPv6);
- }
- return dnsSecRule;
- }
-
- private NeutronSecurityRule createIcmpSecRule(String ruleUuid, TenantId tenantId, boolean isIPv4Ethertype, EndpointGroupId consumerEpgId,
- boolean isEgress) {
- NeutronSecurityRule icmpSecRule = new NeutronSecurityRule();
- icmpSecRule.setSecurityRuleGroupID(MappingUtils.EPG_DHCP_ID.getValue());
- icmpSecRule.setSecurityRuleTenantID(tenantId.getValue());
- if (consumerEpgId != null) {
- icmpSecRule.setSecurityRemoteGroupID(consumerEpgId.getValue());
- }
- if (isEgress) {
- icmpSecRule.setSecurityRuleUUID(NeutronUtils.EGRESS + "_icmp__" + ruleUuid);
- icmpSecRule.setSecurityRuleDirection(NeutronUtils.EGRESS);
- } else {
- icmpSecRule.setSecurityRuleUUID(NeutronUtils.INGRESS + "_icmp__" + ruleUuid);
- icmpSecRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
- }
- icmpSecRule.setSecurityRuleProtocol(NeutronUtils.ICMP);
- if (isIPv4Ethertype) {
- icmpSecRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
- } else {
- icmpSecRule.setSecurityRuleEthertype(NeutronUtils.IPv6);
- }
- return icmpSecRule;
- }
-
/**
* @see org.opendaylight.neutron.spi.INeutronPortAware#canUpdatePort(org.opendaylight.neutron.spi.NeutronPort,
* org.opendaylight.neutron.spi.NeutronPort)
private static RegisterL3PrefixEndpointInput createRegisterL3PrefixEndpointInput(EndpointL3PrefixKey key, List<EndpointL3Key> endpointL3Keys, TenantId tenantId) {
List<EndpointGroupId> epgIds = new ArrayList<>();
- // each EP has to be in EPG ANY, except dhcp and router
- epgIds.add(MappingUtils.EPG_ANY_ID);
-
List<EndpointL3Gateways> l3Gateways = new ArrayList<EndpointL3Gateways>();
for (EndpointL3Key epL3Key : endpointL3Keys) {
EndpointL3Gateways l3Gateway = new EndpointL3GatewaysBuilder().setIpAddress(epL3Key.getIpAddress())
private static RegisterEndpointInput createRegisterEndpointInput(NeutronPort port, ForwardingCtx fwCtx) {
List<EndpointGroupId> epgIds = new ArrayList<>();
- // each EP has to be in EPG ANY, except dhcp and router
if (isDhcpPort(port)) {
- epgIds.add(MappingUtils.EPG_DHCP_ID);
- } else if (!containsSecRuleWithRemoteSecGroup(port.getSecurityGroups())) {
- epgIds.add(MappingUtils.EPG_ANY_ID);
+ epgIds.add(NetworkService.EPG_ID);
}
List<NeutronSecurityGroup> securityGroups = port.getSecurityGroups();
for (NeutronSecurityGroup secGrp : securityGroups) {
epgIds.add(new EndpointGroupId(secGrp.getSecurityGroupUUID()));
}
+ epgIds.add(NetworkClient.EPG_ID);
}
LocationType locationType = LocationType.Internal;
if(isRouterGatewayPort(port)) {
return inputBuilder.build();
}
- private static boolean containsSecRuleWithRemoteSecGroup(List<NeutronSecurityGroup> secGroups) {
- if (secGroups == null) {
- return false;
- }
- for (NeutronSecurityGroup secGroup : secGroups) {
- boolean containsSecRuleWithRemoteSecGroup = containsSecRuleWithRemoteSecGroup(secGroup);
- if (containsSecRuleWithRemoteSecGroup) {
- return true;
- }
- }
- return false;
- }
-
- private static boolean containsSecRuleWithRemoteSecGroup(NeutronSecurityGroup secGroup) {
- List<NeutronSecurityRule> secRules = secGroup.getSecurityRules();
- if (secRules == null) {
- return false;
- }
- for (NeutronSecurityRule secRule : secRules) {
- if (!Strings.isNullOrEmpty(secRule.getSecurityRemoteGroupID())) {
- return true;
- }
- }
- return false;
- }
-
private static Name createTapPortName(NeutronPort port) {
return new Name("tap" + port.getID().substring(0, 11));
}
import org.opendaylight.controller.md.sal.binding.api.ReadTransaction;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure.Router;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils.ForwardingCtx;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronMapperIidFactory;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
import org.opendaylight.neutron.spi.NeutronPort;
import org.opendaylight.neutron.spi.NeutronRouter;
import org.opendaylight.neutron.spi.NeutronRouter_Interface;
-import org.opendaylight.neutron.spi.NeutronSecurityRule;
import org.opendaylight.neutron.spi.NeutronSubnet;
import org.opendaylight.neutron.spi.Neutron_IPs;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L2FloodDomainId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L3ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
public class NeutronRouterAware implements INeutronRouterAware {
private static final Logger LOG = LoggerFactory.getLogger(NeutronRouterAware.class);
- private static final NeutronRouterAware INSTANCE = new NeutronRouterAware();
- private static DataBroker dataProvider;
- private static EndpointService epService;
-
- private NeutronRouterAware() {
- if (NeutronRouterAware.INSTANCE != null) {
- throw new IllegalStateException("Already instantiated");
- }
- }
-
- public static NeutronRouterAware getInstance() {
- return NeutronRouterAware.INSTANCE;
- }
-
- public static void init(DataBroker dataProvider, EndpointService epService) {
- NeutronRouterAware.dataProvider = checkNotNull(dataProvider);
- NeutronRouterAware.epService = checkNotNull(epService);
+ private final DataBroker dataProvider;
+ private final EndpointService epService;
+ private final NeutronSecurityRuleAware secRuleAware;
+
+ public NeutronRouterAware(DataBroker dataProvider, EndpointService epService, NeutronSecurityRuleAware secRuleAware) {
+ this.dataProvider = checkNotNull(dataProvider);
+ this.epService = checkNotNull(epService);
+ this.secRuleAware = checkNotNull(secRuleAware);
}
@Override
for (String route : router.getRoutes()) {
IpPrefix ipPrefix = Utils.createIpPrefix(route);
boolean addedL3Prefix = NeutronPortAware.addL3PrefixEndpoint(l3ContextIdFromRouterId, ipPrefix,
- defaultGateway, tenantId, rwTx, epService);
+ defaultGateway, tenantId, epService);
if (!addedL3Prefix) {
LOG.warn("Could not add EndpointL3Prefix for Neutron route {} for router {}", route, router.getID());
rwTx.cancel();
if (Strings.isNullOrEmpty(routerPort.getTenantID())) {
routerPort.setTenantID(router.getTenantID());
}
- // create security rules for router
- List<NeutronSecurityRule> routerSecRules = createRouterSecRules(routerPort, null, rwTx);
- if (routerSecRules == null) {
- rwTx.cancel();
- return;
- }
- for (NeutronSecurityRule routerSecRule : routerSecRules) {
- boolean isRouterSecRuleAdded = NeutronSecurityRuleAware.addNeutronSecurityRule(routerSecRule, rwTx);
- if (!isRouterSecRuleAdded) {
- rwTx.cancel();
- return;
- }
- }
boolean isSuccessful = setNewL3ContextToEpsFromSubnet(tenantId, l3Context, subnet, rwTx);
if (!isSuccessful) {
ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
TenantId tenantId = new TenantId(Utils.normalizeUuid(router.getTenantID()));
Optional<EndpointGroup> potentialEpg = DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION,
- IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_ROUTER_ID), rwTx);
+ IidFactory.endpointGroupIid(tenantId, Router.EPG_ID), rwTx);
if (!potentialEpg.isPresent()) {
- LOG.warn("Illegal state - Endpoint group {} does not exist.", MappingUtils.EPG_ROUTER_ID.getValue());
+ LOG.warn("Illegal state - Endpoint group {} does not exist.", Router.EPG_ID.getValue());
rwTx.cancel();
return;
}
}
rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.subnetIid(tenantId, subnet.getId()), subnet);
- // create security rules for router
- List<NeutronSecurityRule> routerSecRules = createRouterSecRules(routerPort, null, rwTx);
- if (routerSecRules == null) {
- rwTx.cancel();
- return;
- }
- for (NeutronSecurityRule routerSecRule : routerSecRules) {
- boolean isRouterSecRuleAdded = NeutronSecurityRuleAware.addNeutronSecurityRule(routerSecRule, rwTx);
- if (!isRouterSecRuleAdded) {
- rwTx.cancel();
- return;
- }
- }
-
boolean isSuccessful = setNewL3ContextToEpsFromSubnet(tenantId, l3Context, subnet, rwTx);
if (!isSuccessful) {
rwTx.cancel();
}
return new L3ContextBuilder().setId(new L3ContextId(router.getID()))
.setName(l3ContextName)
- .setDescription(new Description(MappingUtils.NEUTRON_ROUTER__ + router.getID()))
+ .setDescription(new Description(MappingUtils.NEUTRON_ROUTER + router.getID()))
.build();
}
return true;
}
- public static List<NeutronSecurityRule> createRouterSecRules(NeutronPort port, EndpointGroupId consumerEpgId,
- ReadTransaction rTx) {
- TenantId tenantId = new TenantId(Utils.normalizeUuid(port.getTenantID()));
- Neutron_IPs firstIp = MappingUtils.getFirstIp(port.getFixedIPs());
- if (firstIp == null) {
- LOG.warn("Illegal state - Router port does not have an IP address.");
- return null;
- }
- SubnetId routerSubnetId = new SubnetId(firstIp.getSubnetUUID());
- Optional<Subnet> potentialSubnet = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- IidFactory.subnetIid(tenantId, routerSubnetId), rTx);
- if (!potentialSubnet.isPresent()) {
- LOG.warn("Illegal state - Subnet {} where is router port does not exist.", routerSubnetId.getValue());
- return null;
- }
- IpPrefix ipSubnet = potentialSubnet.get().getIpPrefix();
- NeutronSecurityRule routerRuleEgress = createRouterSecRule(port.getID(), tenantId, ipSubnet, consumerEpgId,
- true);
- NeutronSecurityRule routerRuleIngress = createRouterSecRule(port.getID(), tenantId, ipSubnet, consumerEpgId,
- false);
- return ImmutableList.of(routerRuleEgress, routerRuleIngress);
- }
-
- private static NeutronSecurityRule createRouterSecRule(String ruleUuid, TenantId tenantId, IpPrefix ipSubnet,
- EndpointGroupId consumerEpgId, boolean isEgress) {
- NeutronSecurityRule routerSecRule = new NeutronSecurityRule();
- routerSecRule.setSecurityRuleGroupID(MappingUtils.EPG_ROUTER_ID.getValue());
- routerSecRule.setSecurityRuleTenantID(tenantId.getValue());
- routerSecRule.setSecurityRuleRemoteIpPrefix(Utils.getStringIpPrefix(ipSubnet));
- if (isEgress) {
- routerSecRule.setSecurityRuleUUID(NeutronUtils.EGRESS + "__" + ruleUuid);
- routerSecRule.setSecurityRuleDirection(NeutronUtils.EGRESS);
- } else {
- routerSecRule.setSecurityRuleUUID(NeutronUtils.INGRESS + "__" + ruleUuid);
- routerSecRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
- }
- if (ipSubnet.getIpv4Prefix() != null) {
- routerSecRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
- } else {
- routerSecRule.setSecurityRuleEthertype(NeutronUtils.IPv6);
- }
- return routerSecRule;
- }
-
@Override
public int canDetachInterface(NeutronRouter router, NeutronRouter_Interface routerInterface) {
LOG.trace("canDetachInterface - router: {} interface: {}", router, routerInterface);
+++ /dev/null
-package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import java.util.UUID;
-
-import org.opendaylight.controller.md.sal.binding.api.DataBroker;
-import org.opendaylight.controller.md.sal.binding.api.ReadTransaction;
-import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
-import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
-import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronMapperIidFactory;
-import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
-import org.opendaylight.groupbasedpolicy.util.IidFactory;
-import org.opendaylight.neutron.spi.INeutronSecurityRuleAware;
-import org.opendaylight.neutron.spi.NeutronSecurityRule;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.endpoint.group.pair.to.contract.mappings.EndpointGroupPairToContractMapping;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.endpoint.group.pair.to.contract.mappings.EndpointGroupPairToContractMappingBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelectorBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelector;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelectorBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ActionInstance;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
-import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Optional;
-import com.google.common.collect.ImmutableList;
-
-public class NeutronSecurityRuleAware implements INeutronSecurityRuleAware {
-
- private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityRuleAware.class);
- private final DataBroker dataProvider;
-
- public NeutronSecurityRuleAware(DataBroker dataProvider) {
- this.dataProvider = checkNotNull(dataProvider);
- }
-
- @Override
- public int canCreateNeutronSecurityRule(NeutronSecurityRule securityRule) {
- LOG.trace("canCreateNeutronSecurityRule - {}", securityRule);
- // nothing to consider
- return StatusCode.OK;
- }
-
- @Override
- public void neutronSecurityRuleCreated(NeutronSecurityRule securityRule) {
- LOG.trace("neutronSecurityRuleCreated - {}", securityRule);
- ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
- boolean isNeutronSecurityRuleAdded = addNeutronSecurityRule(securityRule, rwTx);
- if (isNeutronSecurityRuleAdded) {
- DataStoreHelper.submitToDs(rwTx);
- } else {
- rwTx.cancel();
- }
- }
-
- /**
- * <b>ASSUMPTION</b>: Endpoint group with id
- * {@link NeutronSecurityRule#getSecurityRuleGroupID()} and
- * endpoint group with id {@link NeutronSecurityRule#getSecurityRemoteGroupID()} already exist
- * in transaction.
- *
- * @param secRule neutron security rule from which GBP entities are created
- * @param rwTx GBP entities are stored to this transaction. This method NEVER submits or cancel
- * the transaction.
- * @return {@code true} if operation was successful; {@code false} if an illegal state occurs -
- * the transaction may contain just partial result
- */
- public static boolean addNeutronSecurityRule(NeutronSecurityRule secRule, ReadWriteTransaction rwTx) {
- TransformSecRule transform = new TransformSecRule(secRule);
- TenantId tenantId = transform.getTenantId();
- EndpointGroupId providerEpgId = transform.getProviderEpgId();
- EndpointGroupId consumerEpgId = transform.getConsumerEpgId();
- SubjectName subjectName = transform.getSubjectName();
-
- Optional<ContractId> potentialContractId = readContractIdFromEpgPairToContractMapping(tenantId, providerEpgId,
- tenantId, consumerEpgId, rwTx);
- ContractId contractId = null;
- if (potentialContractId.isPresent()) {
- contractId = potentialContractId.get();
- Optional<Subject> potentialSubject = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- IidFactory.subjectIid(tenantId, contractId, subjectName), rwTx);
- if (!potentialSubject.isPresent()) {
- // it also means that clause for this subject does not exist
- rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.subjectIid(tenantId, contractId, subjectName),
- transform.createSubject());
- rwTx.put(LogicalDatastoreType.CONFIGURATION,
- IidFactory.clauseIid(tenantId, contractId, transform.getClauseName()), transform.createClause());
- }
- } else {
- // check assumption that provider EPG exists
- Optional<EndpointGroup> potentialProviderEpg = DataStoreHelper.readFromDs(
- LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, providerEpgId), rwTx);
- if (!potentialProviderEpg.isPresent()) {
- LOG.warn("Illegal state - Endpoint group {} does not exist.", providerEpgId.getValue());
- return false;
- }
-
- if (providerEpgId.equals(consumerEpgId)) {
- EndpointGroup providerConsumerEpg = potentialProviderEpg.get();
- if (providerConsumerEpg.getIntraGroupPolicy() == null
- || !providerConsumerEpg.getIntraGroupPolicy().equals(IntraGroupPolicy.RequireContract)) {
- EndpointGroup newProviderConsumerEpg = new EndpointGroupBuilder(providerConsumerEpg).setIntraGroupPolicy(
- IntraGroupPolicy.RequireContract)
- .build();
- rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, providerEpgId),
- newProviderConsumerEpg);
- }
- } else {
- Optional<EndpointGroup> potentialConsumerEpg = DataStoreHelper.readFromDs(
- LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, consumerEpgId), rwTx);
- if (!potentialConsumerEpg.isPresent()) {
- if (MappingUtils.EPG_ANY_ID.equals(consumerEpgId)) {
- EndpointGroup epgAny = createEpgAny();
- rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, MappingUtils.EPG_ANY_ID),
- epgAny);
- } else {
- LOG.warn("Illegal state - Endpoint group {} does not exist.", consumerEpgId.getValue());
- return false;
- }
- }
- }
- // creates and stores contract with clause and subject
- Subject subject = transform.createSubject();
- Clause clause = transform.createClause();
- Contract contract = createContract(clause, subject);
- contractId = contract.getId();
- rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contractId), contract);
- putEpgPairToContractMapping(tenantId, providerEpgId, tenantId, consumerEpgId, tenantId, contractId, rwTx);
-
- // adds provider and consumer named selectors
- ProviderNamedSelector providerSelector = createProviderNamedSelector(contractId);
- rwTx.put(LogicalDatastoreType.CONFIGURATION,
- IidFactory.providerNamedSelectorIid(tenantId, providerEpgId, providerSelector.getName()),
- providerSelector);
- ConsumerNamedSelector consumerSelector = createConsumerNamedSelector(contractId);
- rwTx.put(LogicalDatastoreType.CONFIGURATION,
- IidFactory.consumerNamedSelectorIid(tenantId, consumerEpgId, consumerSelector.getName()),
- consumerSelector);
- }
-
- // create classifier-instance
- ClassifierName classifierName = transform.getClassifierName();
- ClassifierInstance classifier = transform.createClassifier();
- rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, classifierName),
- classifier, true);
- // create action-instance if it does not exist yet
- Optional<ActionInstance> potentialAction = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName()), rwTx);
- if (!potentialAction.isPresent()) {
- rwTx.put(LogicalDatastoreType.CONFIGURATION,
- IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName()),
- MappingUtils.ACTION_ALLOW, true);
- }
-
- // create rule
- Rule rule = transform.createRule(0);
- rwTx.put(LogicalDatastoreType.CONFIGURATION,
- IidFactory.ruleIid(tenantId, contractId, subjectName, rule.getName()), rule);
- return true;
- }
-
- private static EndpointGroup createEpgAny() {
- return new EndpointGroupBuilder()
- .setId(MappingUtils.EPG_ANY_ID)
- .setName(new Name("ANY_group"))
- .setDescription(new Description(MappingUtils.NEUTRON_RULE__ + "epg_any"))
- .setIntraGroupPolicy(IntraGroupPolicy.RequireContract)
- .build();
- }
-
- @Override
- public int canUpdateNeutronSecurityRule(NeutronSecurityRule delta, NeutronSecurityRule original) {
- LOG.warn("canUpdateNeutronSecurityRule - Never should be called "
- + "- neutron API does not allow UPDATE on neutron security group rule. \nDelta: {} \nOriginal: {}",
- delta, original);
- return StatusCode.BAD_REQUEST;
- }
-
- @Override
- public void neutronSecurityRuleUpdated(NeutronSecurityRule securityRule) {
- LOG.warn("neutronSecurityRuleUpdated - Never should be called "
- + "- neutron API does not allow UPDATE on neutron security group rule. \nSecurity group rule: {}",
- securityRule);
- }
-
- @Override
- public int canDeleteNeutronSecurityRule(NeutronSecurityRule securityRule) {
- LOG.trace("canDeleteNeutronSecurityRule - {}", securityRule);
- // nothing to consider
- return StatusCode.OK;
- }
-
- @Override
- public void neutronSecurityRuleDeleted(NeutronSecurityRule secRule) {
- LOG.trace("neutronSecurityRuleCreated - {}", secRule);
- ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
- boolean isNeutronSecurityRuleDelete = deleteNeutronSecurityRule(secRule, rwTx);
- if (isNeutronSecurityRuleDelete) {
- DataStoreHelper.submitToDs(rwTx);
- } else {
- DataStoreHelper.submitToDs(rwTx);
- }
- }
-
- /**
- * @param secRule neutron security rule from which GBP entities are deleted
- * @param rwTx GBP entities are stored to this transaction. This method NEVER submits or cancel
- * the transaction.
- * @return {@code true} if operation was successful; {@code false} if an illegal state occurs -
- * the transaction may contain just partial result
- */
- public static boolean deleteNeutronSecurityRule(NeutronSecurityRule secRule, ReadWriteTransaction rwTx) {
- TransformSecRule transform = new TransformSecRule(secRule);
- TenantId tenantId = transform.getTenantId();
- EndpointGroupId providerEpgId = transform.getProviderEpgId();
- EndpointGroupId consumerEpgId = transform.getConsumerEpgId();
-
- Optional<ContractId> potentialContractId = readContractIdFromEpgPairToContractMapping(tenantId, providerEpgId,
- tenantId, consumerEpgId, rwTx);
- if (!potentialContractId.isPresent()) {
- LOG.warn("Illegal state - mapping EPG pair (provider EPG {} consumer EPG {}) does not exist.",
- providerEpgId.getValue(), consumerEpgId.getValue());
- return false;
- }
-
- ContractId contractId = potentialContractId.get();
- ClassifierName classifierName = transform.getClassifierName();
- InstanceIdentifier<ClassifierInstance> classifierIid = IidFactory.classifierInstanceIid(tenantId,
- classifierName);
- Optional<ClassifierInstance> potentialClassifier = DataStoreHelper.removeIfExists(
- LogicalDatastoreType.CONFIGURATION, classifierIid, rwTx);
- if (!potentialClassifier.isPresent()) {
- LOG.warn("Illegal state - classifier-instance {} does not exist. {}", classifierName.getValue(),
- classifierIid);
- return false;
- }
-
- RuleName ruleName = transform.getRuleName();
- SubjectName subjectName = transform.getSubjectName();
- InstanceIdentifier<Rule> ruleIid = IidFactory.ruleIid(tenantId, contractId, subjectName, ruleName);
- Optional<Rule> potentionalRule = DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, ruleIid,
- rwTx);
- if (!potentionalRule.isPresent()) {
- LOG.warn("Illegal state - rule {} does not exist. {}", ruleName.getValue(), ruleIid);
- return false;
- }
-
- InstanceIdentifier<Subject> subjectIid = IidFactory.subjectIid(tenantId, contractId, subjectName);
- Optional<Subject> potentionalSubject = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- subjectIid, rwTx);
- if (!potentionalSubject.isPresent()) {
- LOG.warn("Illegal state - subject {} does not exist. {}", subjectName.getValue(), subjectName);
- return false;
- }
-
- ClauseName clauseName = transform.getClauseName();
- InstanceIdentifier<Clause> clauseIid = IidFactory.clauseIid(tenantId, contractId, clauseName);
- Optional<Clause> potentialClause = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, clauseIid,
- rwTx);
- if (!potentialClause.isPresent()) {
- LOG.warn("Illegal state - clause {} does not exist. {}", clauseName.getValue(), clauseIid);
- return false;
- }
-
- Subject subject = potentionalSubject.get();
- if (subject.getRule() == null || subject.getRule().isEmpty()) {
- rwTx.delete(LogicalDatastoreType.CONFIGURATION, clauseIid);
- rwTx.delete(LogicalDatastoreType.CONFIGURATION, subjectIid);
- }
-
- InstanceIdentifier<Contract> contractIid = IidFactory.contractIid(tenantId, contractId);
- Optional<Contract> potentialContract = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- contractIid, rwTx);
- if (!potentialContract.isPresent()) {
- LOG.warn("Illegal state - contract {} does not exist. {}", contractId.getValue(), contractIid);
- return false;
- }
-
- Contract contract = potentialContract.get();
- if (contract.getSubject() == null || contract.getSubject().isEmpty()) {
- // remove contract and named selectors from EPGs
- rwTx.delete(LogicalDatastoreType.CONFIGURATION, contractIid);
- SelectorName providerSelectorName = createNameOfNamedSelector(contractId);
- InstanceIdentifier<ProviderNamedSelector> providerSelectorIid = IidFactory.providerNamedSelectorIid(
- tenantId, providerEpgId, providerSelectorName);
- Optional<ProviderNamedSelector> potentialProviderSelector = DataStoreHelper.removeIfExists(
- LogicalDatastoreType.CONFIGURATION, providerSelectorIid, rwTx);
- if (!potentialProviderSelector.isPresent()) {
- LOG.warn("Illegal state - provider-name-selector {} does not exist. {}",
- providerSelectorName.getValue(), providerSelectorIid);
- return false;
- }
- SelectorName consumerSelectorName = createNameOfNamedSelector(contractId);
- InstanceIdentifier<ConsumerNamedSelector> consumerSelectorIid = IidFactory.consumerNamedSelectorIid(
- tenantId, consumerEpgId, consumerSelectorName);
- Optional<ConsumerNamedSelector> potentialConsuemrSelector = DataStoreHelper.removeIfExists(
- LogicalDatastoreType.CONFIGURATION, consumerSelectorIid, rwTx);
- if (!potentialConsuemrSelector.isPresent()) {
- LOG.warn("Illegal state - consumer-name-selector {} does not exist. {}",
- consumerSelectorName.getValue(), consumerSelectorIid);
- return false;
- }
- }
- return true;
- }
-
- public static Optional<ContractId> readContractIdFromEpgPairToContractMapping(TenantId providerTenantId, EndpointGroupId providerEpgId,
- TenantId consumerTenantId, EndpointGroupId consumerEpgId, ReadTransaction rTx) {
- Optional<EndpointGroupPairToContractMapping> potentialMapping = DataStoreHelper.readFromDs(
- LogicalDatastoreType.OPERATIONAL,
- NeutronMapperIidFactory.endpointGroupPairToContractMappingIid(providerEpgId, providerTenantId, consumerEpgId, consumerTenantId), rTx);
- if (potentialMapping.isPresent()) {
- return Optional.of(potentialMapping.get().getContractId());
- }
- return Optional.absent();
- }
-
- private static void putEpgPairToContractMapping(TenantId providerTenantId, EndpointGroupId providerEpgId, TenantId consumerTenantId,
- EndpointGroupId consumerEpgId, TenantId contractTenantId, ContractId contractId, WriteTransaction wTx) {
- EndpointGroupPairToContractMapping epgPairToContractMapping = new EndpointGroupPairToContractMappingBuilder()
- .setProviderEpgId(providerEpgId)
- .setProviderTenantId(providerTenantId)
- .setConsumerEpgId(consumerEpgId)
- .setConsumerTenantId(consumerTenantId)
- .setContractId(contractId)
- .setContractTenantId(contractTenantId)
- .build();
- wTx.put(LogicalDatastoreType.OPERATIONAL, NeutronMapperIidFactory.endpointGroupPairToContractMappingIid(
- epgPairToContractMapping.getProviderEpgId(), epgPairToContractMapping.getProviderTenantId(), epgPairToContractMapping.getConsumerEpgId(),epgPairToContractMapping.getConsumerTenantId()),
- epgPairToContractMapping, true);
- }
-
- private static Contract createContract(Clause clause, Subject subject) {
- ContractId contractId = new ContractId(UUID.randomUUID().toString());
- return new ContractBuilder().setId(contractId)
- .setClause(ImmutableList.of(clause))
- .setSubject(ImmutableList.of(subject))
- .build();
- }
-
- private static ProviderNamedSelector createProviderNamedSelector(ContractId contractId) {
- return new ProviderNamedSelectorBuilder().setName(createNameOfNamedSelector(contractId))
- .setContract(ImmutableList.of(contractId))
- .build();
- }
-
- private static ConsumerNamedSelector createConsumerNamedSelector(ContractId contractId) {
- return new ConsumerNamedSelectorBuilder().setName(createNameOfNamedSelector(contractId))
- .setContract(ImmutableList.of(contractId))
- .build();
- }
-
- private static SelectorName createNameOfNamedSelector(ContractId contractId) {
- return new SelectorName(MappingUtils.NEUTRON_RULE__ + contractId.getValue());
- }
-
-}
import static com.google.common.base.Preconditions.checkNotNull;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.opendaylight.groupbasedpolicy.neutron.gbp.util.NeutronGbpIidFactory;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
-import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
+import org.opendaylight.groupbasedpolicy.neutron.gbp.util.NeutronGbpIidFactory;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils.ForwardingCtx;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
+import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
import org.opendaylight.neutron.spi.INeutronSubnetAware;
import org.opendaylight.neutron.spi.NeutronSubnet;
+++ /dev/null
-package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping;
-
-import static com.google.common.base.Preconditions.checkNotNull;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
-import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
-import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
-import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;
-import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;
-import org.opendaylight.neutron.spi.NeutronSecurityRule;
-import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef.ConnectionTracking;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraint;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.parameter.value.RangeValueBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.SubjectBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ProviderMatchersBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstanceBuilder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Strings;
-import com.google.common.collect.ImmutableList;
-
-public class TransformSecRule {
-
- private static final Logger LOG = LoggerFactory.getLogger(TransformSecRule.class);
- private static final List<ActionRef> ACTION_REF_ALLOW = ImmutableList.of(new ActionRefBuilder().setName(
- MappingUtils.ACTION_ALLOW.getName())
- .setOrder(0)
- .build());
- private final NeutronSecurityRule secRule;
- private final TenantId tenantId;
- private final EndpointGroupId providerEpgId;
- private final EndpointGroupId consumerEpgId;
- private final SubjectName subjectName;
- private final ClauseName clauseName;
- private final IpPrefix ipPrefix;
- private final int subjectOrder;
- private final ClassifierName classifierName;
- private final RuleName ruleName;
-
- /**
- * If a {@link NeutronSecurityRule#getSecurityRuleGroupID()} is {@link MappingUtils#EPG_DHCP_ID}
- * or {@link MappingUtils#EPG_ROUTER_ID} then the neutron security rule can contain remote ip
- * prefix besides remote ip security group. I this case {@link #getConsumerEpgId()} returns remote security group id.
- *
- * @param secRule
- */
- public TransformSecRule(NeutronSecurityRule secRule) {
- this.secRule = checkNotNull(secRule);
- tenantId = new TenantId(Utils.normalizeUuid(secRule.getSecurityRuleTenantID()));
- providerEpgId = new EndpointGroupId(secRule.getSecurityRuleGroupID());
- if (!Strings.isNullOrEmpty(secRule.getSecurityRemoteGroupID())) {
- consumerEpgId = new EndpointGroupId(secRule.getSecurityRemoteGroupID());
- if (isEpgIdRouterOrDhcp(providerEpgId) && !Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix())) {
- ipPrefix = Utils.createIpPrefix(secRule.getSecurityRuleRemoteIpPrefix());
- } else {
- ipPrefix = null;
- }
- subjectOrder = 0;
- } else if (!Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix())) {
- consumerEpgId = MappingUtils.EPG_ANY_ID;
- ipPrefix = Utils.createIpPrefix(secRule.getSecurityRuleRemoteIpPrefix());
- subjectOrder = 0;
- } else {
- consumerEpgId = MappingUtils.EPG_ANY_ID;
- ipPrefix = null;
- subjectOrder = 1;
- }
- subjectName = createSubjectName();
- clauseName = new ClauseName(subjectName.getValue());
- classifierName = new ClassifierName(MappingUtils.NEUTRON_RULE__ + secRule.getSecurityRuleUUID());
- ruleName = new RuleName(MappingUtils.NEUTRON_RULE__ + "Allow--" + classifierName.getValue());
- }
-
- private SubjectName createSubjectName() {
- if (ipPrefix == null) {
- return new SubjectName(MappingUtils.NEUTRON_RULE__ + providerEpgId.getValue() + "__"
- + consumerEpgId.getValue());
- }
- String prefix = Utils.getStringIpPrefix(ipPrefix).replace('/', '_');
- return new SubjectName(MappingUtils.NEUTRON_RULE__ + providerEpgId.getValue() + "__" + prefix + "__"
- + consumerEpgId.getValue());
- }
-
- public Clause createClause() {
- ClauseBuilder clauseBuilder = new ClauseBuilder().setName(clauseName).setSubjectRefs(
- ImmutableList.of(subjectName));
- if (ipPrefix != null) {
- clauseBuilder.setConsumerMatchers(new ConsumerMatchersBuilder().setEndpointIdentificationConstraints(
- new EndpointIdentificationConstraintsBuilder().setL3EndpointIdentificationConstraints(
- new L3EndpointIdentificationConstraintsBuilder().setPrefixConstraint(
- ImmutableList.<PrefixConstraint>of(new PrefixConstraintBuilder().setIpPrefix(
- ipPrefix).build())).build()).build()).build());
- if (isEpgIdRouterOrDhcp(providerEpgId)) {
- clauseBuilder.setProviderMatchers(new ProviderMatchersBuilder().setEndpointIdentificationConstraints(
- new EndpointIdentificationConstraintsBuilder().setL3EndpointIdentificationConstraints(
- new L3EndpointIdentificationConstraintsBuilder().setPrefixConstraint(
- ImmutableList.<PrefixConstraint>of(new PrefixConstraintBuilder().setIpPrefix(
- ipPrefix)
- .build()))
- .build())
- .build())
- .build());
- }
- }
- return clauseBuilder.build();
- }
-
- private static boolean isEpgIdRouterOrDhcp(EndpointGroupId epgId) {
- return (MappingUtils.EPG_ROUTER_ID.equals(epgId) || MappingUtils.EPG_DHCP_ID.equals(epgId));
- }
-
- public ClassifierInstance createClassifier() {
- ClassifierInstanceBuilder classifierBuilder = new ClassifierInstanceBuilder().setName(classifierName);
- List<ParameterValue> params = new ArrayList<>();
- Integer portMin = secRule.getSecurityRulePortMin();
- Integer portMax = secRule.getSecurityRulePortMax();
- if (portMin != null && portMax != null) {
- classifierBuilder.setClassifierDefinitionId(L4Classifier.DEFINITION.getId());
- if (portMin.equals(portMax)) {
- params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_PARAM))
- .setIntValue(portMin.longValue())
- .build());
- } else {
- params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_RANGE_PARAM))
- .setRangeValue(
- new RangeValueBuilder().setMin(portMin.longValue()).setMax(portMax.longValue()).build())
- .build());
- }
- }
- String protocol = secRule.getSecurityRuleProtocol();
- if (!Strings.isNullOrEmpty(protocol)) {
- if (classifierBuilder.getClassifierDefinitionId() == null) {
- classifierBuilder.setClassifierDefinitionId(IpProtoClassifier.DEFINITION.getId());
- }
- if (NeutronUtils.TCP.equals(protocol)) {
- params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifier.PROTO_PARAM))
- .setIntValue(IpProtoClassifier.TCP_VALUE)
- .build());
- } else if (NeutronUtils.UDP.equals(protocol)) {
- params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifier.PROTO_PARAM))
- .setIntValue(IpProtoClassifier.UDP_VALUE)
- .build());
- } else if (NeutronUtils.ICMP.equals(protocol)) {
- params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifier.PROTO_PARAM))
- .setIntValue(1L)
- .build());
- } else if (NeutronUtils.NULL.equals(protocol)) {
- LOG.debug("Protocol is not specified in security group rule {}", secRule.getSecurityRuleUUID());
- } else {
- throw new IllegalArgumentException("Protocol " + protocol + " is not supported.");
- }
- }
- String ethertype = secRule.getSecurityRuleEthertype();
- if (!Strings.isNullOrEmpty(ethertype)) {
- if (classifierBuilder.getClassifierDefinitionId() == null) {
- classifierBuilder.setClassifierDefinitionId(EtherTypeClassifier.DEFINITION.getId());
- }
- if (NeutronUtils.IPv4.equals(ethertype)) {
- params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifier.ETHERTYPE_PARAM))
- .setIntValue(EtherTypeClassifier.IPv4_VALUE)
- .build());
- } else if (NeutronUtils.IPv6.equals(ethertype)) {
- params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifier.ETHERTYPE_PARAM))
- .setIntValue(EtherTypeClassifier.IPv6_VALUE)
- .build());
- } else {
- throw new IllegalArgumentException("Ethertype " + ethertype + " is not supported.");
- }
- }
- return classifierBuilder.setParameterValue(params).build();
- }
-
- public Rule createRule(int order) {
- return new RuleBuilder().setName(ruleName)
- .setOrder(order)
- .setActionRef(ACTION_REF_ALLOW)
- .setClassifierRef(ImmutableList.of(createClassifierRef()))
- .build();
- }
-
- public Subject createSubject() {
- return new SubjectBuilder().setName(subjectName).setOrder(subjectOrder).build();
- }
-
- private ClassifierRef createClassifierRef() {
- ClassifierRefBuilder classifierRefBuilder = new ClassifierRefBuilder().setName(classifierName)
- .setConnectionTracking(ConnectionTracking.Reflexive)
- .setInstanceName(classifierName);
- String direction = secRule.getSecurityRuleDirection();
- if (NeutronUtils.INGRESS.equals(direction)) {
- classifierRefBuilder.setDirection(Direction.In);
- } else if (NeutronUtils.EGRESS.equals(direction)) {
- classifierRefBuilder.setDirection(Direction.Out);
- } else {
- throw new IllegalArgumentException("Direction " + direction + " from security group rule "
- + secRule.getSecurityRuleUUID() + " is not supported. Direction can be only 'ingress' or 'egress'.");
- }
- return classifierRefBuilder.build();
- }
-
- public TenantId getTenantId() {
- return tenantId;
- }
-
- public EndpointGroupId getProviderEpgId() {
- return providerEpgId;
- }
-
- public EndpointGroupId getConsumerEpgId() {
- return consumerEpgId;
- }
-
- public SubjectName getSubjectName() {
- return subjectName;
- }
-
- public ClauseName getClauseName() {
- return clauseName;
- }
-
- public IpPrefix getIpPrefix() {
- return ipPrefix;
- }
-
- public ClassifierName getClassifierName() {
- return classifierName;
- }
-
- public RuleName getRuleName() {
- return ruleName;
- }
-
-}
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
-package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping;
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group;
import static com.google.common.base.Preconditions.checkNotNull;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.StatusCode;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.NeutronSecurityRuleAware;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroupBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup.IntraGroupPolicy;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityGroupAware.class);
private final DataBroker dataProvider;
+ private final NeutronSecurityRuleAware secRuleAware;
+ private final SecGroupDao secGroupDao;
- public NeutronSecurityGroupAware(DataBroker dataProvider) {
+ public NeutronSecurityGroupAware(DataBroker dataProvider, NeutronSecurityRuleAware secRuleAware, SecGroupDao secGroupDao) {
this.dataProvider = checkNotNull(dataProvider);
+ this.secRuleAware = checkNotNull(secRuleAware);
+ this.secGroupDao = checkNotNull(secGroupDao);
}
/**
}
}
- public static boolean addNeutronSecurityGroup(NeutronSecurityGroup secGroup, ReadWriteTransaction rwTx) {
+ public boolean addNeutronSecurityGroup(NeutronSecurityGroup secGroup, ReadWriteTransaction rwTx) {
+ secGroupDao.addSecGroup(secGroup);
TenantId tenantId = new TenantId(Utils.normalizeUuid(secGroup.getSecurityGroupTenantID()));
EndpointGroupId providerEpgId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
EndpointGroupBuilder providerEpgBuilder = new EndpointGroupBuilder().setId(providerEpgId);
- providerEpgBuilder.setName(new Name(MappingUtils.NEUTRON_GROUP__ + Strings.nullToEmpty(secGroup.getSecurityGroupName())));
- providerEpgBuilder.setDescription(new Description(MappingUtils.NEUTRON_GROUP__
- + Strings.nullToEmpty(secGroup.getSecurityGroupDescription())));
+ if (!Strings.isNullOrEmpty(secGroup.getSecurityGroupName())) {
+ try {
+ providerEpgBuilder.setName(new Name(secGroup.getSecurityGroupName()));
+ } catch (Exception e) {
+ LOG.info("Name '{}' of Neutron Security-group '{}' is ignored.",
+ secGroup.getSecurityGroupName(), secGroup.getSecurityGroupUUID());
+ LOG.debug("Name exception", e);
+ }
+ }
+ if (!Strings.isNullOrEmpty(secGroup.getSecurityGroupDescription())) {
+ try {
+ providerEpgBuilder.setDescription(new Description(secGroup.getSecurityGroupDescription()));
+ } catch (Exception e) {
+ LOG.info("Description '{}' of Neutron Security-group '{}' is ignored.",
+ secGroup.getSecurityGroupDescription(), secGroup.getSecurityGroupUUID());
+ LOG.debug("Description exception", e);
+ }
+ }
+ providerEpgBuilder.setIntraGroupPolicy(IntraGroupPolicy.RequireContract);
rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.endpointGroupIid(tenantId, providerEpgId),
providerEpgBuilder.build(), true);
List<NeutronSecurityRule> secRules = secGroup.getSecurityRules();
public static void addEpgIfMissing(TenantId tenantId, EndpointGroupId epgId, ReadWriteTransaction rwTx) {
InstanceIdentifier<EndpointGroup> epgIid = IidFactory.endpointGroupIid(tenantId, epgId);
- Optional<EndpointGroup> potentialConsumerEpg = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION,
- epgIid, rwTx);
+ Optional<EndpointGroup> potentialConsumerEpg =
+ DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, epgIid, rwTx);
if (!potentialConsumerEpg.isPresent()) {
EndpointGroup epg = new EndpointGroupBuilder().setId(epgId)
- .setName(new Name(MappingUtils.NEUTRON_GROUP__))
- .setDescription(new Description(MappingUtils.NEUTRON_GROUP__ + "EPG was created just based on remote group ID from a security rule."))
+ .setDescription(new Description(MappingUtils.NEUTRON_GROUP
+ + "EPG was created just based on remote group ID from a security rule."))
.build();
rwTx.put(LogicalDatastoreType.CONFIGURATION, epgIid, epg);
}
}
- private static boolean addNeutronSecurityRule(List<NeutronSecurityRule> secRules, ReadWriteTransaction rwTx) {
+ private boolean addNeutronSecurityRule(List<NeutronSecurityRule> secRules, ReadWriteTransaction rwTx) {
for (NeutronSecurityRule secRule : secRules) {
- boolean isSecRuleAdded = NeutronSecurityRuleAware.addNeutronSecurityRule(secRule, rwTx);
+ boolean isSecRuleAdded = secRuleAware.addNeutronSecurityRule(secRule, rwTx);
if (!isSecRuleAdded) {
return false;
}
}
TenantId tenantId = new TenantId(Utils.normalizeUuid(secGroup.getSecurityGroupTenantID()));
EndpointGroupId epgId = new EndpointGroupId(secGroup.getSecurityGroupUUID());
+ secGroupDao.removeSecGroup(epgId);
Optional<EndpointGroup> potentialEpg = DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION,
IidFactory.endpointGroupIid(tenantId, epgId), rwTx);
if (!potentialEpg.isPresent()) {
private boolean deleteNeutronSecurityRules(List<NeutronSecurityRule> secRules, ReadWriteTransaction rwTx) {
for (NeutronSecurityRule secRule : secRules) {
- boolean isSecRuleDeleted = NeutronSecurityRuleAware.deleteNeutronSecurityRule(secRule, rwTx);
+ boolean isSecRuleDeleted = secRuleAware.deleteNeutronSecurityRule(secRule, rwTx);
if (!isSecRuleDeleted) {
return false;
}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
+import org.opendaylight.neutron.spi.NeutronSecurityGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+
+import com.google.common.base.Strings;
+
+public class SecGroupDao {
+
+ private final Map<EndpointGroupId, NeutronSecurityGroup> secGroupById = new HashMap<>();
+
+ public void addSecGroup(NeutronSecurityGroup secGrp) {
+ checkNotNull(secGrp);
+ secGroupById.put(new EndpointGroupId(Utils.normalizeUuid(secGrp.getSecurityGroupUUID())), secGrp);
+ }
+
+ public NeutronSecurityGroup getSecGroupById(EndpointGroupId id) {
+ return secGroupById.get(id);
+ }
+
+ /**
+ * @param id
+ * @return {@code empty string} if security group with given ID does not exist; returns
+ * {@code name of security group} if has some; otherwise security group id
+ */
+ public String getNameOrIdOfSecGroup(EndpointGroupId id) {
+ NeutronSecurityGroup secGrp = secGroupById.get(checkNotNull(id));
+ if (secGrp == null) {
+ return "";
+ }
+ if (!Strings.isNullOrEmpty(secGrp.getSecurityGroupName())) {
+ return secGrp.getSecurityGroupName();
+ }
+ return id.getValue();
+ }
+
+ public void removeSecGroup(EndpointGroupId id) {
+ secGroupById.remove(checkNotNull(id));
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import java.util.Set;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.StatusCode;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.resolver.EgKey;
+import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
+import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.neutron.spi.INeutronSecurityRuleAware;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SelectorName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelector;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ProviderNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ActionInstance;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
+import com.google.common.collect.HashMultiset;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Multiset;
+import com.google.common.collect.Sets;
+
+public class NeutronSecurityRuleAware implements INeutronSecurityRuleAware {
+
+ private static final Logger LOG = LoggerFactory.getLogger(NeutronSecurityRuleAware.class);
+ private static final String CONTRACT_PROVIDER = "Contract provider: ";
+ private final DataBroker dataProvider;
+ private final SecRuleDao secRuleDao;
+ private final SecGroupDao secGroupDao;
+ private final Multiset<InstanceIdentifier<ClassifierInstance>> createdClassifierInstances;
+ private final Multiset<InstanceIdentifier<ActionInstance>> createdActionInstances;
+ final static String PROVIDED_BY = "provided_by-";
+ final static String POSSIBLE_CONSUMER = "possible_consumer-";
+
+ public NeutronSecurityRuleAware(DataBroker dataProvider, SecRuleDao secRuleDao, SecGroupDao secGroupDao) {
+ this(dataProvider, secRuleDao, secGroupDao, HashMultiset.<InstanceIdentifier<ClassifierInstance>>create(),
+ HashMultiset.<InstanceIdentifier<ActionInstance>>create());
+ }
+
+ @VisibleForTesting
+ NeutronSecurityRuleAware(DataBroker dataProvider, SecRuleDao secRuleDao, SecGroupDao secGroupDao,
+ Multiset<InstanceIdentifier<ClassifierInstance>> classifierInstanceNames,
+ Multiset<InstanceIdentifier<ActionInstance>> createdActionInstances) {
+ this.dataProvider = checkNotNull(dataProvider);
+ this.secRuleDao = checkNotNull(secRuleDao);
+ this.secGroupDao = checkNotNull(secGroupDao);
+ this.createdClassifierInstances = checkNotNull(classifierInstanceNames);
+ this.createdActionInstances = checkNotNull(createdActionInstances);
+ }
+
+ @Override
+ public int canCreateNeutronSecurityRule(NeutronSecurityRule securityRule) {
+ LOG.trace("canCreateNeutronSecurityRule - {}", securityRule);
+ // nothing to consider
+ return StatusCode.OK;
+ }
+
+ @Override
+ public void neutronSecurityRuleCreated(NeutronSecurityRule securityRule) {
+ LOG.trace("neutronSecurityRuleCreated - {}", securityRule);
+ ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
+ boolean isNeutronSecurityRuleAdded = addNeutronSecurityRule(securityRule, rwTx);
+ if (isNeutronSecurityRuleAdded) {
+ DataStoreHelper.submitToDs(rwTx);
+ } else {
+ rwTx.cancel();
+ }
+ }
+
+ /**
+ * @param secRule this security group rule will be translate to single rule inside single
+ * subject inside a contract
+ * @param rwTx GBP entities are stored to this transaction. This method NEVER submits or cancel
+ * the transaction.
+ * @return {@code true} if operation was successful; {@code false} if an illegal state occurs -
+ * the transaction may contain just partial result
+ */
+ public boolean addNeutronSecurityRule(NeutronSecurityRule secRule, ReadWriteTransaction rwTx) {
+ TenantId tenantId = SecRuleEntityDecoder.getTenantId(secRule);
+ EndpointGroupId providerEpgId = SecRuleEntityDecoder.getProviderEpgId(secRule);
+ secRuleDao.addSecRule(secRule);
+
+ Description contractDescription =
+ new Description(CONTRACT_PROVIDER + secGroupDao.getNameOrIdOfSecGroup(providerEpgId));
+ SingleRuleContract singleRuleContract = createSingleRuleContract(secRule, contractDescription);
+ Contract contract = singleRuleContract.getContract();
+ rwTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contract.getId()), contract,
+ true);
+ SelectorName providerSelector = getSelectorNameWithConsumer(secRule);
+ writeProviderNamedSelectorToEpg(providerSelector, contract.getId(), new EgKey(tenantId, providerEpgId), rwTx);
+
+ if (SecRuleEntityDecoder.getConsumerEpgId(secRule) != null) {
+ EndpointGroupId consumerEpgId = SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ designContractsBetweenProviderAndConsumer(tenantId, providerEpgId, consumerEpgId, rwTx);
+ designContractsBetweenProviderAndConsumer(tenantId, consumerEpgId, providerEpgId, rwTx);
+ } else {
+ for (EndpointGroupId consumerEpgId : secRuleDao.getAllOwnerSecGrps()) {
+ designContractsBetweenProviderAndConsumer(tenantId, providerEpgId, consumerEpgId, rwTx);
+ designContractsBetweenProviderAndConsumer(tenantId, consumerEpgId, providerEpgId, rwTx);
+ }
+ }
+
+ ClassifierInstance classifierInstance = singleRuleContract.getSingleClassifierRule().getClassifierInstance();
+ createClassifierInstanceIfNotExists(tenantId, classifierInstance, rwTx);
+ createAllowActionInstanceIfNotExists(tenantId, rwTx);
+ return true;
+ }
+
+ @VisibleForTesting
+ static SingleRuleContract createSingleRuleContract(NeutronSecurityRule secRule, Description contractDescription) {
+ if (Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix())) {
+ return new SingleRuleContract(secRule, 0, contractDescription);
+ }
+ return new SingleRuleContract(secRule, 1, contractDescription);
+ }
+
+ @VisibleForTesting
+ void designContractsBetweenProviderAndConsumer(TenantId tenantId, EndpointGroupId provEpgId,
+ EndpointGroupId consEpgId, ReadWriteTransaction rwTx) {
+ Set<NeutronSecurityRule> provSecRules = getProvidedSecRulesBetween(provEpgId, consEpgId);
+ Set<NeutronSecurityRule> consSecRules = getProvidedSecRulesBetween(consEpgId, provEpgId);
+ for (NeutronSecurityRule provSecRule : provSecRules) {
+ if (isProviderSecRuleSuitableForConsumerSecRules(provSecRule, consSecRules)) {
+ SelectorName consumerSelector = getSelectorNameWithProvider(provSecRule);
+ ContractId contractId = SecRuleEntityDecoder.getContractId(provSecRule);
+ writeConsumerNamedSelectorToEpg(consumerSelector, contractId, new EgKey(tenantId, consEpgId), rwTx);
+ }
+ // TODO add case when port ranges overlap
+ }
+ }
+
+ @VisibleForTesting
+ Set<NeutronSecurityRule> getProvidedSecRulesBetween(EndpointGroupId provEpgId, EndpointGroupId consEpgId) {
+ return Sets.union(secRuleDao.getSecRulesBySecGrpIdAndRemoteSecGrpId(provEpgId, consEpgId),
+ secRuleDao.getSecRulesWithoutRemoteSecGrpBySecGrpId(provEpgId));
+ }
+
+ @VisibleForTesting
+ static boolean isProviderSecRuleSuitableForConsumerSecRules(NeutronSecurityRule provSecRule,
+ Set<NeutronSecurityRule> consSecRules) {
+ Direction directionProvSecRule = SecRuleEntityDecoder.getDirection(provSecRule);
+ for (NeutronSecurityRule consSecRule : consSecRules) {
+ Direction directionConsSecRule = SecRuleEntityDecoder.getDirection(consSecRule);
+ if (isDirectionOpposite(directionProvSecRule, directionConsSecRule)
+ && isOneWithinTwo(provSecRule, consSecRule)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ private void writeProviderNamedSelectorToEpg(SelectorName providerSelector, ContractId contractId, EgKey epgKey,
+ WriteTransaction wTx) {
+ ProviderNamedSelector providerNamedSelector = new ProviderNamedSelectorBuilder().setName(providerSelector)
+ .setContract(ImmutableList.of(contractId))
+ .build();
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.providerNamedSelectorIid(epgKey.getTenantId(),
+ epgKey.getEgId(), providerNamedSelector.getName()), providerNamedSelector, true);
+ }
+
+ private void writeConsumerNamedSelectorToEpg(SelectorName consumerSelector, ContractId contractId, EgKey epgKey,
+ WriteTransaction wTx) {
+ ConsumerNamedSelector consumerNamedSelector = new ConsumerNamedSelectorBuilder().setName(consumerSelector)
+ .setContract(ImmutableList.of(contractId))
+ .build();
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.consumerNamedSelectorIid(epgKey.getTenantId(),
+ epgKey.getEgId(), consumerNamedSelector.getName()), consumerNamedSelector, true);
+ }
+
+ @VisibleForTesting
+ void createClassifierInstanceIfNotExists(TenantId tenantId, ClassifierInstance classifierInstance,
+ WriteTransaction wTx) {
+ InstanceIdentifier<ClassifierInstance> classifierInstanceIid =
+ IidFactory.classifierInstanceIid(tenantId, classifierInstance.getName());
+ if (!createdClassifierInstances.contains(classifierInstanceIid)) {
+ wTx.put(LogicalDatastoreType.CONFIGURATION, classifierInstanceIid, classifierInstance, true);
+ }
+ createdClassifierInstances.add(classifierInstanceIid);
+ }
+
+ @VisibleForTesting
+ void createAllowActionInstanceIfNotExists(TenantId tenantId, ReadWriteTransaction rwTx) {
+ InstanceIdentifier<ActionInstance> actionInstanceIid =
+ IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName());
+ if (!createdActionInstances.contains(actionInstanceIid)) {
+ rwTx.put(LogicalDatastoreType.CONFIGURATION, actionInstanceIid, MappingUtils.ACTION_ALLOW, true);
+ }
+ createdActionInstances.add(actionInstanceIid);
+ }
+
+ @Override
+ public int canUpdateNeutronSecurityRule(NeutronSecurityRule delta, NeutronSecurityRule original) {
+ LOG.warn(
+ "canUpdateNeutronSecurityRule - Never should be called "
+ + "- neutron API does not allow UPDATE on neutron security group rule. \nDelta: {} \nOriginal: {}",
+ delta, original);
+ return StatusCode.BAD_REQUEST;
+ }
+
+ @Override
+ public void neutronSecurityRuleUpdated(NeutronSecurityRule securityRule) {
+ LOG.warn(
+ "neutronSecurityRuleUpdated - Never should be called "
+ + "- neutron API does not allow UPDATE on neutron security group rule. \nSecurity group rule: {}",
+ securityRule);
+ }
+
+ @Override
+ public int canDeleteNeutronSecurityRule(NeutronSecurityRule securityRule) {
+ LOG.trace("canDeleteNeutronSecurityRule - {}", securityRule);
+ // nothing to consider
+ return StatusCode.OK;
+ }
+
+ @Override
+ public void neutronSecurityRuleDeleted(NeutronSecurityRule secRule) {
+ LOG.trace("neutronSecurityRuleCreated - {}", secRule);
+ ReadWriteTransaction rwTx = dataProvider.newReadWriteTransaction();
+ boolean isNeutronSecurityRuleDeleted = deleteNeutronSecurityRule(secRule, rwTx);
+ if (isNeutronSecurityRuleDeleted) {
+ DataStoreHelper.submitToDs(rwTx);
+ } else {
+ rwTx.cancel();
+ }
+ }
+
+ public boolean deleteNeutronSecurityRule(NeutronSecurityRule secRule, ReadWriteTransaction rwTx) {
+ TenantId tenantId = SecRuleEntityDecoder.getTenantId(secRule);
+ EndpointGroupId providerEpgId = SecRuleEntityDecoder.getProviderEpgId(secRule);
+
+ SelectorName providerSelector = getSelectorNameWithConsumer(secRule);
+ deleteProviderNamedSelectorFromEpg(providerSelector, new EgKey(tenantId, providerEpgId), rwTx);
+
+ if (SecRuleEntityDecoder.getConsumerEpgId(secRule) != null) {
+ EndpointGroupId consumerEpgId = SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ undesignContractsBetweenProviderAndConsumer(tenantId, providerEpgId, consumerEpgId, secRule, rwTx);
+ undesignContractsBetweenProviderAndConsumer(tenantId, consumerEpgId, providerEpgId, secRule, rwTx);
+ } else {
+ for (EndpointGroupId consumerEpgId : secRuleDao.getAllOwnerSecGrps()) {
+ undesignContractsBetweenProviderAndConsumer(tenantId, providerEpgId, consumerEpgId, secRule, rwTx);
+ undesignContractsBetweenProviderAndConsumer(tenantId, consumerEpgId, providerEpgId, secRule, rwTx);
+ }
+ }
+
+ secRuleDao.removeSecRule(secRule);
+ ContractId contractId = SecRuleEntityDecoder.getContractId(secRule);
+ rwTx.delete(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, contractId));
+
+ ClassifierInstance classifierInstance = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ deleteClassifierInstanceIfNotUsed(tenantId, classifierInstance, rwTx);
+ return true;
+ }
+
+ @VisibleForTesting
+ void undesignContractsBetweenProviderAndConsumer(TenantId tenantId, EndpointGroupId provEpgId,
+ EndpointGroupId consEpgId, NeutronSecurityRule removedSecRule, ReadWriteTransaction rwTx) {
+ Set<NeutronSecurityRule> provSecRules = getProvidedSecRulesBetween(provEpgId, consEpgId);
+ Set<NeutronSecurityRule> consSecRules = getProvidedSecRulesBetween(consEpgId, provEpgId);
+ for (NeutronSecurityRule provSecRule : provSecRules) {
+ if (isProvidersSecRuleSuitableForConsumersSecRulesAndGoodToRemove(provSecRule, consSecRules,
+ removedSecRule)) {
+ SelectorName consumerSelector = getSelectorNameWithProvider(provSecRule);
+ deleteConsumerNamedSelector(consumerSelector, new EgKey(tenantId, consEpgId), rwTx);
+ }
+ // TODO add case when port ranges overlap
+ }
+ }
+
+ @VisibleForTesting
+ static boolean isProvidersSecRuleSuitableForConsumersSecRulesAndGoodToRemove(NeutronSecurityRule provSecRule,
+ Set<NeutronSecurityRule> consSecRules, NeutronSecurityRule removedSecRule) {
+ Direction directionProvSecRule = SecRuleEntityDecoder.getDirection(provSecRule);
+ for (NeutronSecurityRule consSecRule : consSecRules) {
+ if (isRuleIdEqual(removedSecRule, consSecRule) || isRuleIdEqual(removedSecRule, provSecRule)) {
+ Direction directionConsSecRule = SecRuleEntityDecoder.getDirection(consSecRule);
+ if (isDirectionOpposite(directionProvSecRule, directionConsSecRule)
+ && isOneWithinTwo(provSecRule, consSecRule)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ @VisibleForTesting
+ static boolean isRuleIdEqual(NeutronSecurityRule one, NeutronSecurityRule two) {
+ checkNotNull(one);
+ checkNotNull(two);
+ return one.getSecurityRuleUUID().equals(two.getSecurityRuleUUID());
+ }
+
+ private void deleteProviderNamedSelectorFromEpg(SelectorName providerSelector, EgKey epgKey, WriteTransaction wTx) {
+ InstanceIdentifier<ProviderNamedSelector> providerSelectorIid =
+ IidFactory.providerNamedSelectorIid(epgKey.getTenantId(), epgKey.getEgId(), providerSelector);
+ wTx.delete(LogicalDatastoreType.CONFIGURATION, providerSelectorIid);
+ }
+
+ private void deleteConsumerNamedSelector(SelectorName consumerSelector, EgKey consumerEpgKey,
+ WriteTransaction wTx) {
+ InstanceIdentifier<ConsumerNamedSelector> consumerSelectorIid = IidFactory
+ .consumerNamedSelectorIid(consumerEpgKey.getTenantId(), consumerEpgKey.getEgId(), consumerSelector);
+ wTx.delete(LogicalDatastoreType.CONFIGURATION, consumerSelectorIid);
+ }
+
+ private void deleteClassifierInstanceIfNotUsed(TenantId tenantId, ClassifierInstance classifierInstance,
+ ReadWriteTransaction rwTx) {
+ InstanceIdentifier<ClassifierInstance> classifierInstanceIid =
+ IidFactory.classifierInstanceIid(tenantId, classifierInstance.getName());
+ createdClassifierInstances.remove(classifierInstanceIid);
+ if (!createdClassifierInstances.contains(classifierInstanceIid)) {
+ DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, classifierInstanceIid, rwTx);
+ }
+ }
+
+ @VisibleForTesting
+ void deleteAllowActionInstanceIfNotUsed(TenantId tenantId, ReadWriteTransaction rwTx) {
+ InstanceIdentifier<ActionInstance> actionInstanceIid =
+ IidFactory.actionInstanceIid(tenantId, MappingUtils.ACTION_ALLOW.getName());
+ createdActionInstances.remove(actionInstanceIid);
+ if (!createdActionInstances.contains(actionInstanceIid)) {
+ DataStoreHelper.removeIfExists(LogicalDatastoreType.CONFIGURATION, actionInstanceIid, rwTx);
+ }
+ }
+
+ private SelectorName getSelectorNameWithConsumer(NeutronSecurityRule secRule) {
+ ClauseName clauseName = SecRuleNameDecoder.getClauseName(secRule);
+ StringBuilder selectorNameBuilder = new StringBuilder().append(clauseName.getValue());
+ EndpointGroupId consumerEpgId = SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ if (consumerEpgId != null) {
+ selectorNameBuilder.append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(POSSIBLE_CONSUMER)
+ .append(secGroupDao.getNameOrIdOfSecGroup(consumerEpgId));
+ }
+ return new SelectorName(selectorNameBuilder.toString());
+ }
+
+ private SelectorName getSelectorNameWithProvider(NeutronSecurityRule secRule) {
+ ClauseName clauseName = SecRuleNameDecoder.getClauseName(secRule);
+ EndpointGroupId providerEpgId = SecRuleEntityDecoder.getProviderEpgId(secRule);
+ String selectorName = new StringBuilder().append(clauseName.getValue())
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(PROVIDED_BY)
+ .append(secGroupDao.getNameOrIdOfSecGroup(providerEpgId))
+ .toString();
+ return new SelectorName(selectorName);
+ }
+
+ @VisibleForTesting
+ static boolean isDirectionOpposite(Direction one, Direction two) {
+ return (one == Direction.In && two == Direction.Out) || (one == Direction.Out && two == Direction.In);
+ }
+
+ @VisibleForTesting
+ static boolean isOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {
+ if (!isOneGroupIdWithinTwoRemoteGroupId(one, two) || !isOneGroupIdWithinTwoRemoteGroupId(two, one))
+ return false;
+ if (!SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(one, two))
+ return false;
+ if (!SecRuleEntityDecoder.isProtocolOfOneWithinTwo(one, two))
+ return false;
+ if (!SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two))
+ return false;
+ if (!Strings.isNullOrEmpty(two.getSecurityRuleRemoteIpPrefix())
+ && Strings.isNullOrEmpty(one.getSecurityRuleRemoteIpPrefix()))
+ return false;
+ return true;
+ }
+
+ @VisibleForTesting
+ static boolean isOneGroupIdWithinTwoRemoteGroupId(NeutronSecurityRule one, NeutronSecurityRule two) {
+ return (Strings.isNullOrEmpty(two.getSecurityRemoteGroupID())
+ || two.getSecurityRemoteGroupID().equals(one.getSecurityRuleGroupID()));
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import java.util.Set;
+
+import javax.annotation.Nullable;
+
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+
+import com.google.common.base.Preconditions;
+import com.google.common.collect.HashMultimap;
+import com.google.common.collect.SetMultimap;
+
+public class SecRuleDao {
+
+ private final SetMultimap<EndpointGroupId, NeutronSecurityRule> secRulesByOwnerSecGrpId = HashMultimap.create();
+ private final SetMultimap<OwnerAndRemoteOfSecRule, NeutronSecurityRule> secRulesByRemoteSecGrpId =
+ HashMultimap.create();
+
+ public void addSecRule(NeutronSecurityRule secRule) {
+ Preconditions.checkNotNull(secRule);
+ EndpointGroupId ownerSecGrp = SecRuleEntityDecoder.getProviderEpgId(secRule);
+ EndpointGroupId remoteSecGrp = SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ secRulesByOwnerSecGrpId.put(ownerSecGrp, secRule);
+ secRulesByRemoteSecGrpId.put(new OwnerAndRemoteOfSecRule(ownerSecGrp, remoteSecGrp), secRule);
+ }
+
+ public Set<NeutronSecurityRule> getSecRulesByOwnerSecGrpId(EndpointGroupId secGrpId) {
+ return secRulesByOwnerSecGrpId.get(secGrpId);
+ }
+
+ public Set<NeutronSecurityRule> getSecRulesBySecGrpIdAndRemoteSecGrpId(EndpointGroupId ownerSecGrpId,
+ @Nullable EndpointGroupId remoteSecGrpId) {
+ return secRulesByRemoteSecGrpId.get(new OwnerAndRemoteOfSecRule(ownerSecGrpId, remoteSecGrpId));
+ }
+
+ public Set<NeutronSecurityRule> getSecRulesWithoutRemoteSecGrpBySecGrpId(EndpointGroupId ownerSecGrpId) {
+ return secRulesByRemoteSecGrpId.get(new OwnerAndRemoteOfSecRule(ownerSecGrpId, null));
+ }
+
+ public Set<EndpointGroupId> getAllOwnerSecGrps() {
+ return secRulesByOwnerSecGrpId.keySet();
+ }
+
+ public void removeSecRule(NeutronSecurityRule secRule) {
+ Preconditions.checkNotNull(secRule);
+ EndpointGroupId ownerSecGrp = SecRuleEntityDecoder.getProviderEpgId(secRule);
+ EndpointGroupId remoteSecGrp = SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ secRulesByOwnerSecGrpId.remove(ownerSecGrp, secRule);
+ secRulesByRemoteSecGrpId.remove(new OwnerAndRemoteOfSecRule(ownerSecGrp, remoteSecGrp), secRule);
+ }
+
+ static class OwnerAndRemoteOfSecRule {
+
+ private final EndpointGroupId owner;
+ private final EndpointGroupId remote;
+
+ private OwnerAndRemoteOfSecRule(EndpointGroupId owner, EndpointGroupId remote) {
+ this.owner = Preconditions.checkNotNull(owner);
+ this.remote = remote;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((owner == null) ? 0 : owner.hashCode());
+ result = prime * result + ((remote == null) ? 0 : remote.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ OwnerAndRemoteOfSecRule other = (OwnerAndRemoteOfSecRule) obj;
+ if (owner == null) {
+ if (other.owner != null)
+ return false;
+ } else if (!owner.equals(other.owner))
+ return false;
+ if (remote == null) {
+ if (other.remote != null)
+ return false;
+ } else if (!remote.equals(other.remote))
+ return false;
+ return true;
+ }
+
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;\r
+\r
+import static com.google.common.base.Preconditions.checkNotNull;\r
+\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+\r
+import javax.annotation.Nullable;\r
+\r
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;\r
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;\r
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;\r
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;\r
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;\r
+import org.opendaylight.neutron.spi.NeutronSecurityRule;\r
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef.ConnectionTracking;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRefBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraints;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraintsBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraintsBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraint;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraintBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.parameter.value.RangeValueBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.ClauseBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchersBuilder;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstanceBuilder;\r
+\r
+import com.google.common.base.Strings;\r
+import com.google.common.collect.ImmutableList;\r
+\r
+public class SecRuleEntityDecoder {\r
+\r
+ private SecRuleEntityDecoder() {\r
+ throw new UnsupportedOperationException("Cannot create an instace.");\r
+ }\r
+\r
+ public static TenantId getTenantId(NeutronSecurityRule secRule) {\r
+ return new TenantId(Utils.normalizeUuid(secRule.getSecurityRuleTenantID()));\r
+ }\r
+\r
+ public static EndpointGroupId getProviderEpgId(NeutronSecurityRule secRule) {\r
+ return new EndpointGroupId(Utils.normalizeUuid(secRule.getSecurityRuleGroupID()));\r
+ }\r
+\r
+ /**\r
+ * @return {@code null} if {@link NeutronSecurityRule#getSecurityRemoteGroupID()} is null\r
+ */\r
+ public static @Nullable EndpointGroupId getConsumerEpgId(NeutronSecurityRule secRule) {\r
+ if (Strings.isNullOrEmpty(secRule.getSecurityRemoteGroupID())) {\r
+ return null;\r
+ }\r
+ return new EndpointGroupId(Utils.normalizeUuid(secRule.getSecurityRemoteGroupID()));\r
+ }\r
+\r
+ public static ContractId getContractId(NeutronSecurityRule secRule) {\r
+ return new ContractId(Utils.normalizeUuid(secRule.getSecurityRuleUUID()));\r
+ }\r
+\r
+ public static ClassifierInstance getClassifierInstance(NeutronSecurityRule secRule) {\r
+ ClassifierInstanceBuilder classifierBuilder = new ClassifierInstanceBuilder();\r
+ List<ParameterValue> params = new ArrayList<>();\r
+ Integer portMin = secRule.getSecurityRulePortMin();\r
+ Integer portMax = secRule.getSecurityRulePortMax();\r
+ if (portMin != null && portMax != null) {\r
+ classifierBuilder.setClassifierDefinitionId(L4Classifier.DEFINITION.getId());\r
+ if (portMin.equals(portMax)) {\r
+ params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_PARAM))\r
+ .setIntValue(portMin.longValue())\r
+ .build());\r
+ } else {\r
+ params.add(new ParameterValueBuilder().setName(new ParameterName(L4Classifier.DST_PORT_RANGE_PARAM))\r
+ .setRangeValue(\r
+ new RangeValueBuilder().setMin(portMin.longValue()).setMax(portMax.longValue()).build())\r
+ .build());\r
+ }\r
+ }\r
+ Long protocol = getProtocol(secRule);\r
+ if (protocol != null) {\r
+ if (classifierBuilder.getClassifierDefinitionId() == null) {\r
+ classifierBuilder.setClassifierDefinitionId(IpProtoClassifier.DEFINITION.getId());\r
+ }\r
+ params.add(new ParameterValueBuilder().setName(new ParameterName(IpProtoClassifier.PROTO_PARAM))\r
+ .setIntValue(protocol)\r
+ .build());\r
+ }\r
+ Long ethertype = getEtherType(secRule);\r
+ if (ethertype != null) {\r
+ if (classifierBuilder.getClassifierDefinitionId() == null) {\r
+ classifierBuilder.setClassifierDefinitionId(EtherTypeClassifier.DEFINITION.getId());\r
+ }\r
+ params.add(new ParameterValueBuilder().setName(new ParameterName(EtherTypeClassifier.ETHERTYPE_PARAM))\r
+ .setIntValue(ethertype)\r
+ .build());\r
+ }\r
+ ClassifierName classifierName = SecRuleNameDecoder.getClassifierInstanceName(secRule);\r
+ return classifierBuilder.setParameterValue(params).setName(new ClassifierName(classifierName)).build();\r
+ }\r
+\r
+ public static ClassifierRef getClassifierRef(NeutronSecurityRule secRule) {\r
+ checkNotNull(secRule);\r
+ ClassifierName classifierInstanceName = SecRuleNameDecoder.getClassifierInstanceName(secRule);\r
+ ClassifierRefBuilder classifierRefBuilder = new ClassifierRefBuilder()\r
+ .setConnectionTracking(ConnectionTracking.Reflexive).setInstanceName(classifierInstanceName);\r
+ Direction direction = getDirection(secRule);\r
+ classifierRefBuilder.setDirection(direction);\r
+ ClassifierName classifierRefName = SecRuleNameDecoder.getClassifierRefName(secRule);\r
+ return classifierRefBuilder.setName(classifierRefName).build();\r
+ }\r
+\r
+ /**\r
+ * @param secRule\r
+ * @return direction resolved from {@link NeutronSecurityRule#getSecurityRuleDirection()}\r
+ * @throws IllegalArgumentException if return value of\r
+ * {@link NeutronSecurityRule#getSecurityRuleDirection()} is other than "ingress" or\r
+ * "egress"\r
+ */\r
+ public static Direction getDirection(NeutronSecurityRule secRule) {\r
+ String direction = secRule.getSecurityRuleDirection();\r
+ if (NeutronUtils.INGRESS.equals(direction)) {\r
+ return Direction.In;\r
+ }\r
+ if (NeutronUtils.EGRESS.equals(direction)) {\r
+ return Direction.Out;\r
+ }\r
+ throw new IllegalArgumentException("Direction " + direction + " from security group rule "\r
+ + secRule.getSecurityRuleUUID() + " is not supported. Direction can be only 'ingress' or 'egress'.");\r
+ }\r
+\r
+ /**\r
+ * @param secRule {@link NeutronSecurityRule#getSecurityRuleRemoteIpPrefix()} is used for EIC\r
+ * and subject selection\r
+ * @return clause with the subject and with a consumer matcher containing EIC\r
+ */\r
+ public static Clause getClause(NeutronSecurityRule secRule) {\r
+ checkNotNull(secRule);\r
+ SubjectName subjectName = SecRuleNameDecoder.getSubjectName(secRule);\r
+ ClauseBuilder clauseBuilder =\r
+ new ClauseBuilder().setSubjectRefs(ImmutableList.of(subjectName)).setName(SecRuleNameDecoder.getClauseName(secRule));\r
+ String remoteIpPrefix = secRule.getSecurityRuleRemoteIpPrefix();\r
+ if (!Strings.isNullOrEmpty(remoteIpPrefix)) {\r
+ clauseBuilder.setConsumerMatchers(createConsumerMatchersWithEic(remoteIpPrefix));\r
+ }\r
+ return clauseBuilder.build();\r
+ }\r
+\r
+ private static ConsumerMatchers createConsumerMatchersWithEic(String remoteIpPrefix) {\r
+ IpPrefix ipPrefix = Utils.createIpPrefix(remoteIpPrefix);\r
+ PrefixConstraint consumerPrefixConstraint = new PrefixConstraintBuilder().setIpPrefix(ipPrefix).build();\r
+ EndpointIdentificationConstraints eic =\r
+ new EndpointIdentificationConstraintsBuilder()\r
+ .setL3EndpointIdentificationConstraints(new L3EndpointIdentificationConstraintsBuilder()\r
+ .setPrefixConstraint(ImmutableList.<PrefixConstraint>of(consumerPrefixConstraint)).build())\r
+ .build();\r
+ return new ConsumerMatchersBuilder().setEndpointIdentificationConstraints(eic).build();\r
+ }\r
+\r
+ public static boolean isEtherTypeOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
+ Long oneEtherType = getEtherType(one);\r
+ Long twoEtherType = getEtherType(two);\r
+ return twoIsNullOrEqualsOne(oneEtherType, twoEtherType);\r
+ }\r
+\r
+ public static boolean isProtocolOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
+ Long oneProtocol = getProtocol(one);\r
+ Long twoProtocol = getProtocol(two);\r
+ return twoIsNullOrEqualsOne(oneProtocol, twoProtocol);\r
+ }\r
+\r
+ private static <T> boolean twoIsNullOrEqualsOne(T one, T two) {\r
+ if (two == null)\r
+ return true;\r
+ if (two.equals(one))\r
+ return true;\r
+ return false;\r
+ }\r
+\r
+ public static boolean isPortsOfOneWithinTwo(NeutronSecurityRule one, NeutronSecurityRule two) {\r
+ Integer onePortMin = one.getSecurityRulePortMin();\r
+ Integer onePortMax = one.getSecurityRulePortMax();\r
+ Integer twoPortMin = two.getSecurityRulePortMin();\r
+ Integer twoPortMax = two.getSecurityRulePortMax();\r
+ if (twoPortMin == null && twoPortMax == null) {\r
+ return true;\r
+ }\r
+ if ((onePortMin != null && twoPortMin != null && onePortMin >= twoPortMin)\r
+ && (onePortMax != null && twoPortMax != null && onePortMax <= twoPortMax)) {\r
+ return true;\r
+ }\r
+ return false;\r
+ }\r
+\r
+ /**\r
+ * @param secRule\r
+ * @return {@code null} if {@link NeutronSecurityRule#getSecurityRuleEthertype()} is null or\r
+ * empty; value of {@link EtherTypeClassifier#IPv4_VALUE} or\r
+ * {@link EtherTypeClassifier#IPv6_VALUE}\r
+ * @throws IllegalArgumentException if return value of\r
+ * {@link NeutronSecurityRule#getSecurityRuleEthertype()} is not empty/null and is other\r
+ * than "IPv4" or "IPv6"\r
+ */\r
+ public static Long getEtherType(NeutronSecurityRule secRule) {\r
+ String ethertype = secRule.getSecurityRuleEthertype();\r
+ if (Strings.isNullOrEmpty(ethertype)) {\r
+ return null;\r
+ }\r
+ if (NeutronUtils.IPv4.equals(ethertype)) {\r
+ return EtherTypeClassifier.IPv4_VALUE;\r
+ }\r
+ if (NeutronUtils.IPv6.equals(ethertype)) {\r
+ return EtherTypeClassifier.IPv6_VALUE;\r
+ }\r
+ throw new IllegalArgumentException("Ethertype " + ethertype + " is not supported.");\r
+ }\r
+\r
+ /**\r
+ * @param secRule\r
+ * @return {@code null} if {@link NeutronSecurityRule#getSecurityRuleProtocol()} is null or\r
+ * empty; Otherwise protocol number\r
+ * @throws IllegalArgumentException if return value of\r
+ * {@link NeutronSecurityRule#getSecurityRuleProtocol()} is not empty/null and is other\r
+ * than "tcp", "udp", "icmp"\r
+ */\r
+ public static Long getProtocol(NeutronSecurityRule secRule) {\r
+ String protocol = secRule.getSecurityRuleProtocol();\r
+ if (Strings.isNullOrEmpty(protocol)) {\r
+ return null;\r
+ }\r
+ if (NeutronUtils.TCP.equals(protocol)) {\r
+ return IpProtoClassifier.TCP_VALUE;\r
+ }\r
+ if (NeutronUtils.UDP.equals(protocol)) {\r
+ return IpProtoClassifier.UDP_VALUE;\r
+ }\r
+ if (NeutronUtils.ICMP.equals(protocol)) {\r
+ return IpProtoClassifier.ICMP_VALUE;\r
+ }\r
+ throw new IllegalArgumentException("Protocol " + protocol + " is not supported.");\r
+ }\r
+\r
+}\r
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+
+import com.google.common.base.Strings;
+
+public class SecRuleNameDecoder {
+
+ final static String MIN_PORT = "_min";
+ final static String MAX_PORT = "_max";
+
+ private SecRuleNameDecoder() {
+ throw new UnsupportedOperationException("Cannot create an instance.");
+ }
+
+ public static SubjectName getSubjectName(NeutronSecurityRule secRule) {
+ RuleName ruleName = SecRuleNameDecoder.getRuleName(secRule);
+ return new SubjectName(ruleName);
+ }
+
+ public static RuleName getRuleName(NeutronSecurityRule secRule) {
+ ClassifierName classifierRefName = SecRuleNameDecoder.getClassifierRefName(secRule);
+ String ruleName = new StringBuilder(MappingUtils.ACTION_ALLOW.getName().getValue())
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER).append(classifierRefName.getValue()).toString();
+ return new RuleName(ruleName);
+ }
+
+ public static ClassifierName getClassifierRefName(NeutronSecurityRule secRule) {
+ Direction direction = SecRuleEntityDecoder.getDirection(secRule);
+ ClassifierName classifierInstanceName = getClassifierInstanceName(secRule);
+ String crName = new StringBuilder().append(direction.name())
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(classifierInstanceName.getValue())
+ .toString();
+ return new ClassifierName(crName);
+ }
+
+ public static ClassifierName getClassifierInstanceName(NeutronSecurityRule secRule) {
+ StringBuilder keyBuilder = new StringBuilder();
+ Integer portMin = secRule.getSecurityRulePortMin();
+ Integer portMax = secRule.getSecurityRulePortMax();
+ if (portMin != null && portMax != null) {
+ keyBuilder.append(L4Classifier.DEFINITION.getName().getValue());
+ if (portMin.equals(portMax)) {
+ keyBuilder.append(MappingUtils.NAME_DELIMETER)
+ .append(L4Classifier.DST_PORT_PARAM)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(portMin.longValue());
+ } else {
+ keyBuilder.append(MappingUtils.NAME_DELIMETER)
+ .append(L4Classifier.DST_PORT_RANGE_PARAM)
+ .append(MIN_PORT)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(portMin.longValue())
+ .append(MAX_PORT)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(portMax.longValue());
+ }
+ }
+ String protocol = secRule.getSecurityRuleProtocol();
+ if (!Strings.isNullOrEmpty(protocol)) {
+ if (keyBuilder.length() > 0) {
+ keyBuilder.append(MappingUtils.NAME_DOUBLE_DELIMETER);
+ }
+ keyBuilder.append(IpProtoClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(protocol);
+ }
+ String ethertype = secRule.getSecurityRuleEthertype();
+ if (!Strings.isNullOrEmpty(ethertype)) {
+ if (keyBuilder.length() > 0) {
+ keyBuilder.append(MappingUtils.NAME_DOUBLE_DELIMETER);
+ }
+ keyBuilder.append(EtherTypeClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(ethertype);
+ }
+ return new ClassifierName(keyBuilder.toString());
+ }
+
+ public static ClauseName getClauseName(NeutronSecurityRule secRule) {
+ String remoteIpPrefix = secRule.getSecurityRuleRemoteIpPrefix();
+ SubjectName subjectName = getSubjectName(secRule);
+ if (Strings.isNullOrEmpty(remoteIpPrefix)) {
+ return new ClauseName(subjectName);
+ }
+ return new ClauseName(
+ subjectName.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + remoteIpPrefix.replace('/', '_'));
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import javax.annotation.concurrent.Immutable;
+
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.RuleBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+
+import com.google.common.collect.ImmutableList;
+
+@Immutable
+public class SingleClassifierRule {
+
+ private final ClassifierInstance classifierInstance;
+ private final ClassifierRef classifierRef;
+ private final Rule rule;
+
+ public SingleClassifierRule(NeutronSecurityRule secRule, int ruleOrder) {
+ classifierInstance = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ classifierRef = SecRuleEntityDecoder.getClassifierRef(secRule);
+ rule = createRule(ruleOrder, secRule);
+ }
+
+ private Rule createRule(int order, NeutronSecurityRule secRule) {
+ return new RuleBuilder().setName(SecRuleNameDecoder.getRuleName(secRule))
+ .setOrder(order)
+ .setActionRef(MappingUtils.ACTION_REF_ALLOW)
+ .setClassifierRef(ImmutableList.of(classifierRef))
+ .build();
+ }
+
+ public ClassifierInstance getClassifierInstance() {
+ return classifierInstance;
+ }
+
+ public ClassifierRef getClassifierRef() {
+ return classifierRef;
+ }
+
+ public Rule getRule() {
+ return rule;
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import javax.annotation.Nullable;
+import javax.annotation.concurrent.Immutable;
+
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Description;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.ContractBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.SubjectBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+
+import com.google.common.collect.ImmutableList;
+
+@Immutable
+public class SingleRuleContract {
+
+ private final SingleClassifierRule singleClassifierRule;
+ private final Rule rule;
+ private final Subject subject;
+ private final Clause clause;
+ private final Contract contract;
+
+ public SingleRuleContract(NeutronSecurityRule secRule, int subjectAndRuleOrder, @Nullable Description contractDescription) {
+ this(secRule, new SingleClassifierRule(secRule, subjectAndRuleOrder), subjectAndRuleOrder, contractDescription);
+ }
+
+ public SingleRuleContract(NeutronSecurityRule secRule, SingleClassifierRule singleClassifierRule,
+ int subjectOrder, @Nullable Description contractDescription) {
+ checkNotNull(secRule);
+ this.singleClassifierRule = checkNotNull(singleClassifierRule);
+ this.rule = singleClassifierRule.getRule();
+ this.subject = new SubjectBuilder().setName(SecRuleNameDecoder.getSubjectName(secRule))
+ .setOrder(subjectOrder)
+ .setRule(ImmutableList.of(rule))
+ .build();
+ this.clause = SecRuleEntityDecoder.getClause(secRule);
+ this.contract = new ContractBuilder().setId(SecRuleEntityDecoder.getContractId(secRule))
+ .setSubject(ImmutableList.of(subject))
+ .setClause(ImmutableList.of(clause))
+ .setDescription(contractDescription)
+ .build();
+ }
+
+ public SingleClassifierRule getSingleClassifierRule() {
+ return singleClassifierRule;
+ }
+
+ public Rule getRule() {
+ return rule;
+ }
+
+ public Subject getSubject() {
+ return subject;
+ }
+
+ public Clause getClause() {
+ return clause;
+ }
+
+ public Contract getContract() {
+ return contract;
+ }
+
+}
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L2FloodDomainId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.L3ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRefBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.L2BridgeDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.L2FloodDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.L3Context;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ActionInstanceBuilder;
import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableList;
public final class MappingUtils {
- public static final String NEUTRON_RULE__ = "neutron_rule__";
- public static final String NEUTRON_NETWORK__ = "neutron_network__";
- public static final String NEUTRON_ROUTER__ = "neutron_router__";
- public static final String NEUTRON_EXTERNAL__ = "neutron_external_network__";
- public static final String NEUTRON_GROUP__ = "neutron_group__";
+ public static final String NEUTRON_ROUTER = "neutron_router-";
+ public static final String NEUTRON_EXTERNAL = "neutron_external_network-";
+ public static final String NEUTRON_GROUP = "neutron_group-";
public static final ActionInstance ACTION_ALLOW = new ActionInstanceBuilder().setName(
- new ActionName(NEUTRON_RULE__ + "allow"))
+ new ActionName("Allow"))
.setActionDefinitionId(AllowAction.DEFINITION.getId())
.build();
- public static final EndpointGroupId EPG_ANY_ID = new EndpointGroupId("aaaec0ce-dd5a-11e4-b9d6-1681e6b88ec1");
- public static final EndpointGroupId EPG_DHCP_ID = new EndpointGroupId("ddd6cfe6-dfe5-11e4-8a00-1681e6b88ec1");
- public static final EndpointGroupId EPG_ROUTER_ID = new EndpointGroupId("1118172e-cd84-4933-a35f-749f9a651de9");
+ public static final List<ActionRef> ACTION_REF_ALLOW =
+ ImmutableList.of(new ActionRefBuilder().setName(ACTION_ALLOW.getName()).setOrder(0).build());
public static final EndpointGroupId EPG_EXTERNAL_ID = new EndpointGroupId("eeeaa3a2-e9ba-44e0-a462-bea923d30e38");
+ public static final String NAME_VALUE_DELIMETER = "-";
+ public static final String NAME_DELIMETER = "_";
+ public static final String NAME_DOUBLE_DELIMETER = "__";
+
private MappingUtils() {
throw new UnsupportedOperationException("Cannot create an instance.");
}
package org.opendaylight.groupbasedpolicy.neutron.mapper.util;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.UniqueId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.Mappings;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.EndpointGroupPairToContractMappings;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.NetworkMappings;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.endpoint.group.pair.to.contract.mappings.EndpointGroupPairToContractMapping;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.endpoint.group.pair.to.contract.mappings.EndpointGroupPairToContractMappingKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.network.mappings.NetworkMapping;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.mapper.rev150223.mappings.network.mappings.NetworkMappingKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
-
public class NeutronMapperIidFactory {
public static InstanceIdentifier<NetworkMapping> networkMappingIid(UniqueId networkId) {
.build();
}
- public static InstanceIdentifier<EndpointGroupPairToContractMapping> endpointGroupPairToContractMappingIid(
- EndpointGroupId providerEpg, TenantId providerTenantId, EndpointGroupId consumerEpg, TenantId consumerTenantId) {
- return InstanceIdentifier.builder(Mappings.class)
- .child(EndpointGroupPairToContractMappings.class)
- .child(EndpointGroupPairToContractMapping.class,
- new EndpointGroupPairToContractMappingKey(consumerEpg, consumerTenantId, providerEpg, providerTenantId))
- .build();
- }
-
}
import static com.google.common.base.Preconditions.checkArgument;
import java.net.Inet4Address;
-import java.net.Inet6Address;
import java.net.InetAddress;
-import java.net.UnknownHostException;
-import org.apache.commons.net.util.SubnetUtils;
-import org.apache.commons.net.util.SubnetUtils.SubnetInfo;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Address;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Prefix;
+import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.net.InetAddresses;
-/**
- * @author Martin Sunal
- */
public class Utils {
- private Utils() {}
+ private Utils() {
+ throw new UnsupportedOperationException("Cannot create an instance.");
+ }
/**
* This implementation does not use nameservice lookups (e.g. no DNS).
}
public static String getStringIpPrefix(IpPrefix ipPrefix) {
+ Preconditions.checkNotNull(ipPrefix);
if (ipPrefix.getIpv4Prefix() != null) {
return ipPrefix.getIpv4Prefix().getValue();
}
return ipAddress.getIpv6Address().getValue();
}
- public static boolean isHostInIpPrefix(IpAddress host, IpPrefix ipPrefix) {
- String ipAddress = "";
- int ipVersion = 0;
- if (host.getIpv4Address() != null) {
- ipAddress = host.getIpv4Address().getValue();
- ipVersion = 4;
- } else {
- ipAddress = host.getIpv6Address().getValue();
- ipVersion = 6;
- }
- String cidr = getStringIpPrefix(ipPrefix);
-
- if (ipVersion == 4) {
- try {
- SubnetUtils util = new SubnetUtils(cidr);
- SubnetInfo info = util.getInfo();
- return info.isInRange(ipAddress);
- } catch (IllegalArgumentException e) {
- return false;
- }
- }
-
- if (ipVersion == 6) {
- String[] parts = cidr.split("/");
- try {
- int length = Integer.parseInt(parts[1]);
- byte[] cidrBytes = ((Inet6Address) InetAddress.getByName(parts[0])).getAddress();
- byte[] ipBytes = ((Inet6Address) InetAddress.getByName(ipAddress)).getAddress();
- int i;
- for (i = 0; i < length; i++) { // offset is to ensure proper comparison
- if ((((cidrBytes[i / 8]) & 0x000000FF) & (1 << (7 - (i % 8)))) != (((ipBytes[i / 8]) & 0x000000FF) & (1 << (7 - (i % 8))))) {
- return false;
- }
- }
- return true;
- } catch (UnknownHostException e) {
- return false;
- }
- }
- return false;
- }
-
public static String normalizeUuid(String string) {
return string.replaceFirst("([0-9a-fA-F]{8})([0-9a-fA-F]{4})([0-9a-fA-F]{4})([0-9a-fA-F]{4})([0-9a-fA-F]+)",
"$1-$2-$3-$4-$5");
}
}
- grouping endpoint-group-pair-fields {
- leaf provider-tenant-id {
- type gbp-common:tenant-id;
- }
- leaf consumer-tenant-id {
- type gbp-common:tenant-id;
- }
- leaf contract-tenant-id {
- type gbp-common:tenant-id;
- }
- leaf provider-epg-id {
- type gbp-common:endpoint-group-id;
- }
- leaf consumer-epg-id {
- type gbp-common:endpoint-group-id;
- }
- leaf contract-id {
- type gbp-common:contract-id;
- }
- }
-
container mappings {
config false;
container network-mappings {
}
}
}
- container endpoint-group-pair-to-contract-mappings {
- list endpoint-group-pair-to-contract-mapping {
- key "provider-tenant-id provider-epg-id consumer-tenant-id consumer-epg-id";
- uses endpoint-group-pair-fields;
- }
- }
}
}
\ No newline at end of file
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import java.util.Collection;
+import java.util.Set;
+
+import org.junit.Test;
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
+import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.group.SecGroupDao;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.test.GbpDataBrokerTest;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.Utils;
+import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.neutron.spi.NeutronSecurityGroup;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.action.refs.ActionRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.Contract;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.EndpointGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Subject;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.subject.Rule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.endpoint.group.ConsumerNamedSelector;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableSet;
+
+/**
+ * END 2 END TESTING - inputs are Neutron entities and expected outputs are GBP entities in
+ * datastore
+ */
+public class NeutronSecurityRuleAwareDataStoreTest extends GbpDataBrokerTest {
+
+ @Test
+ public final void testAddNeutronSecurityRule_rulesWithRemoteIpPrefix() throws Exception {
+ String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
+ String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
+ NeutronSecurityRule goldInIpv4 = createSecRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
+ NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp, null);
+ NeutronSecurityRule goldOutIpv4 = createSecRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp, null);
+ String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
+ NeutronSecurityRule serverIn80Tcp10_1_1_0 = createSecRuleWithEtherType("9dbb533d-d9b2-4dc9-bae7-ee60c8df184d",
+ tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ serverIn80Tcp10_1_1_0.setSecurityRuleProtocol(NeutronUtils.TCP);
+ serverIn80Tcp10_1_1_0.setSecurityRulePortMin(80);
+ serverIn80Tcp10_1_1_0.setSecurityRulePortMax(80);
+ serverIn80Tcp10_1_1_0.setSecurityRuleRemoteIpPrefix("10.1.1.0/24");
+ NeutronSecurityRule serverInIp20_1_1_0 = createSecRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac",
+ tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ serverInIp20_1_1_0.setSecurityRuleRemoteIpPrefix("20.1.1.0/24");
+ NeutronSecurityRule serverOutIpv4 = createSecRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp, null);
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ secGroupDao.addSecGroup(createSecGroup(goldSecGrp, tenant));
+ secGroupDao.addSecGroup(createSecGroup(serverSecGrp, tenant));
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
+ ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(serverIn80Tcp10_1_1_0, rwTx);
+ ruleAware.addNeutronSecurityRule(serverInIp20_1_1_0, rwTx);
+ ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
+ TenantId tenantId = new TenantId(tenant);
+ Optional<Tenant> potentialTenant =
+ rwTx.read(LogicalDatastoreType.CONFIGURATION, IidFactory.tenantIid(tenantId)).get();
+ assertTrue(potentialTenant.isPresent());
+ Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ Contract contract = potentialContract.get();
+ assertContract(contract, goldInIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, goldOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, serverOutIpv4);
+ potentialContract = rwTx
+ .read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContractWithEic(contract, serverIn80Tcp10_1_1_0);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContractWithEic(contract, serverInIp20_1_1_0);
+ Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp)))
+ .get();
+ assertTrue(potentialEpg.isPresent());
+ EndpointGroup epg = potentialEpg.get();
+ assertConsumerNamedSelectors(epg,
+ ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
+ new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
+ new ContractId(serverOutIpv4.getSecurityRuleUUID())));
+ potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp)))
+ .get();
+ assertTrue(potentialEpg.isPresent());
+ epg = potentialEpg.get();
+ assertConsumerNamedSelectors(epg,
+ ImmutableSet.of(new ContractId(serverIn80Tcp10_1_1_0.getSecurityRuleUUID()),
+ new ContractId(serverInIp20_1_1_0.getSecurityRuleUUID()),
+ new ContractId(goldInIpv4.getSecurityRuleUUID())));
+ }
+
+ @Test
+ public final void testAddNeutronSecurityRule_rulesWithoutRemote() throws Exception {
+ String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
+ String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
+ NeutronSecurityRule goldInIpv4 = createSecRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
+ NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp, null);
+ NeutronSecurityRule goldOutIpv4 = createSecRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp, null);
+ String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
+ NeutronSecurityRule serverOutIpv4 = createSecRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverInIpv4 = createSecRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac", tenant,
+ NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ secGroupDao.addSecGroup(createSecGroup(goldSecGrp, tenant));
+ secGroupDao.addSecGroup(createSecGroup(serverSecGrp, tenant));
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
+ ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(serverInIpv4, rwTx);
+ TenantId tenantId = new TenantId(tenant);
+ Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ Contract contract = potentialContract.get();
+ assertContract(contract, goldInIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, goldOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, serverOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverInIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, serverInIpv4);
+ Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp)))
+ .get();
+ assertTrue(potentialEpg.isPresent());
+ EndpointGroup epg = potentialEpg.get();
+ assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()), new ContractId(serverOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverInIpv4.getSecurityRuleUUID())));
+ potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp)))
+ .get();
+ assertTrue(potentialEpg.isPresent());
+ assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()), new ContractId(serverOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverInIpv4.getSecurityRuleUUID())));
+ }
+
+ @Test
+ public final void testAddNeutronSecurityRule_asymmetricRulesWithoutRemote() throws Exception {
+ String tenant = "ad4c6c25-2424-4ad3-97ee-f9691ce03645";
+ String goldSecGrp = "fe40e28f-ad6a-4a2d-b12a-47510876344a";
+ NeutronSecurityRule goldInIpv4 = createSecRuleWithEtherType("166aedab-fdf5-4788-9e36-2b00b5f8722f", tenant,
+ NeutronUtils.IPv4, NeutronUtils.INGRESS, goldSecGrp, null);
+ NeutronSecurityRule goldOutIpv4 = createSecRuleWithEtherType("dabfd4da-af89-45dd-85f8-181768c1b4c9", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, goldSecGrp, null);
+ String serverSecGrp = "71cf4fe5-b146-409e-8151-cd921298ce32";
+ NeutronSecurityRule serverOutIpv4 = createSecRuleWithEtherType("8b9c48d3-44a8-46be-be35-6f3237d98071", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, serverSecGrp, null);
+ NeutronSecurityRule serverIn80TcpIpv4 = createSecRuleWithEtherType("adf7e558-de47-4f9e-a9b8-96e19db5d1ac",
+ tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, serverSecGrp, null);
+ serverIn80TcpIpv4.setSecurityRuleProtocol(NeutronUtils.TCP);
+ serverIn80TcpIpv4.setSecurityRulePortMin(80);
+ serverIn80TcpIpv4.setSecurityRulePortMax(80);
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ secGroupDao.addSecGroup(createSecGroup(goldSecGrp, tenant));
+ secGroupDao.addSecGroup(createSecGroup(serverSecGrp, tenant));
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
+ ruleAware.addNeutronSecurityRule(goldInIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(goldOutIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(serverOutIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(serverIn80TcpIpv4, rwTx);
+ TenantId tenantId = new TenantId(tenant);
+ Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(goldInIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ Contract contract = potentialContract.get();
+ assertContract(contract, goldInIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(goldOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, goldOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, serverOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, serverIn80TcpIpv4);
+ Optional<EndpointGroup> potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(goldSecGrp)))
+ .get();
+ assertTrue(potentialEpg.isPresent());
+ EndpointGroup epg = potentialEpg.get();
+ assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(goldOutIpv4.getSecurityRuleUUID()), new ContractId(serverOutIpv4.getSecurityRuleUUID()),
+ new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
+ potentialEpg = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.endpointGroupIid(tenantId, new EndpointGroupId(serverSecGrp)))
+ .get();
+ assertTrue(potentialEpg.isPresent());
+ epg = potentialEpg.get();
+ assertConsumerNamedSelectors(epg, ImmutableSet.of(new ContractId(goldInIpv4.getSecurityRuleUUID()),
+ new ContractId(serverIn80TcpIpv4.getSecurityRuleUUID())));
+ }
+
+ @Test
+ public final void testAddNeutronSecurityRule_defaultSecGrp() throws Exception {
+ String tenant = "111aaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa";
+ String defaultSecGrp = "111fffff-ffff-ffff-ffff-ffffffffffff";
+ NeutronSecurityRule defaultInIpv4Default = createSecRuleWithEtherType("111ccccc-111c-cccc-cccc-cccccccccccc",
+ tenant, NeutronUtils.IPv4, NeutronUtils.INGRESS, defaultSecGrp, defaultSecGrp);
+ NeutronSecurityRule defaultInIpv6Default = createSecRuleWithEtherType("222ccccc-111c-cccc-cccc-cccccccccccc",
+ tenant, NeutronUtils.IPv6, NeutronUtils.INGRESS, defaultSecGrp, defaultSecGrp);
+ NeutronSecurityRule defaultOutIpv4 = createSecRuleWithEtherType("333ccccc-111c-cccc-cccc-cccccccccccc", tenant,
+ NeutronUtils.IPv4, NeutronUtils.EGRESS, defaultSecGrp, null);
+ NeutronSecurityRule defaultOutIpv6 = createSecRuleWithEtherType("444ccccc-111c-cccc-cccc-cccccccccccc", tenant,
+ NeutronUtils.IPv6, NeutronUtils.EGRESS, defaultSecGrp, null);
+ DataBroker dataBroker = getDataBroker();
+ SecRuleDao secRuleDao = new SecRuleDao();
+ SecGroupDao secGroupDao = new SecGroupDao();
+ secGroupDao.addSecGroup(createSecGroup(defaultSecGrp, tenant));
+ NeutronSecurityRuleAware ruleAware = new NeutronSecurityRuleAware(dataBroker, secRuleDao, secGroupDao);
+ ReadWriteTransaction rwTx = dataBroker.newReadWriteTransaction();
+ ruleAware.addNeutronSecurityRule(defaultInIpv4Default, rwTx);
+ ruleAware.addNeutronSecurityRule(defaultInIpv6Default, rwTx);
+ ruleAware.addNeutronSecurityRule(defaultOutIpv4, rwTx);
+ ruleAware.addNeutronSecurityRule(defaultOutIpv6, rwTx);
+ TenantId tenantId = new TenantId(tenant);
+ Optional<Contract> potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(defaultInIpv4Default.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ Contract contract = potentialContract.get();
+ assertContract(contract, defaultInIpv4Default);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(defaultInIpv6Default.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, defaultInIpv6Default);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv4.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, defaultOutIpv4);
+ potentialContract = rwTx.read(LogicalDatastoreType.CONFIGURATION,
+ IidFactory.contractIid(tenantId, new ContractId(defaultOutIpv6.getSecurityRuleUUID())))
+ .get();
+ assertTrue(potentialContract.isPresent());
+ contract = potentialContract.get();
+ assertContract(contract, defaultOutIpv6);
+ }
+
+ private final void assertContractWithEic(Contract contract, NeutronSecurityRule secRule) {
+ assertEquals(new ContractId(secRule.getSecurityRuleUUID()), contract.getId());
+ assertNull(contract.getQuality());
+ assertNull(contract.getTarget());
+ assertOneClauseWithEicWithOneSubject(contract, secRule);
+ assertOneSubjectWithOneRule(contract, secRule);
+ }
+
+ private final void assertOneClauseWithEicWithOneSubject(Contract contract, NeutronSecurityRule secRule) {
+ Clause clause = assertOneItem(contract.getClause());
+ assertNull(clause.getAnyMatchers());
+ Preconditions.checkArgument(!Strings.isNullOrEmpty(secRule.getSecurityRuleRemoteIpPrefix()));
+ IpPrefix expectedIpPrefix = Utils.createIpPrefix(secRule.getSecurityRuleRemoteIpPrefix());
+ assertNotNull(clause.getConsumerMatchers());
+ IpPrefix ipPrefix = clause.getConsumerMatchers()
+ .getEndpointIdentificationConstraints()
+ .getL3EndpointIdentificationConstraints()
+ .getPrefixConstraint()
+ .get(0)
+ .getIpPrefix();
+ assertEquals(expectedIpPrefix, ipPrefix);
+ SubjectName subjectRef = assertOneItem(clause.getSubjectRefs());
+ assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subjectRef);
+ }
+
+ private final void assertContract(Contract contract, NeutronSecurityRule secRule) {
+ assertEquals(new ContractId(secRule.getSecurityRuleUUID()), contract.getId());
+ assertNull(contract.getQuality());
+ assertNull(contract.getTarget());
+ assertOneClauseWithOneSubject(contract, secRule);
+ assertOneSubjectWithOneRule(contract, secRule);
+ }
+
+ private final void assertOneClauseWithOneSubject(Contract contract, NeutronSecurityRule secRule) {
+ Clause clause = assertOneItem(contract.getClause());
+ assertNull(clause.getAnyMatchers());
+ assertNull(clause.getConsumerMatchers());
+ assertNull(clause.getProviderMatchers());
+ SubjectName subjectRef = assertOneItem(clause.getSubjectRefs());
+ assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subjectRef);
+ }
+
+ private final void assertOneSubjectWithOneRule(Contract contract, NeutronSecurityRule secRule) {
+ Subject subject = assertOneItem(contract.getSubject());
+ assertEquals(SecRuleNameDecoder.getSubjectName(secRule), subject.getName());
+ Rule rule = assertOneItem(subject.getRule());
+ assertEquals(SecRuleNameDecoder.getRuleName(secRule), rule.getName());
+ ActionRef actionRef = assertOneItem(rule.getActionRef());
+ assertEquals(MappingUtils.ACTION_ALLOW.getName(), actionRef.getName());
+ ClassifierRef classifierRef = assertOneItem(rule.getClassifierRef());
+ assertEquals(SecRuleNameDecoder.getClassifierRefName(secRule), classifierRef.getName());
+ assertEquals(SecRuleNameDecoder.getClassifierInstanceName(secRule), classifierRef.getInstanceName());
+ assertEquals(SecRuleEntityDecoder.getDirection(secRule), classifierRef.getDirection());
+ }
+
+ private final <T> T assertOneItem(Collection<T> c) {
+ assertNotNull(c);
+ assertTrue(c.size() == 1);
+ return c.iterator().next();
+ }
+
+ private final void assertConsumerNamedSelectors(EndpointGroup epg, Set<ContractId> expectedContracts) {
+ Preconditions.checkNotNull(expectedContracts);
+ assertNotNull(epg.getConsumerNamedSelector());
+ int numberOfContracts = 0;
+ for (ConsumerNamedSelector cns : epg.getConsumerNamedSelector()) {
+ assertNotNull(cns.getContract());
+ numberOfContracts += cns.getContract().size();
+ for (ContractId contractId : cns.getContract()) {
+ assertTrue(expectedContracts.contains(contractId));
+ }
+ }
+ assertEquals(expectedContracts.size(), numberOfContracts);
+ }
+
+ private final NeutronSecurityRule createSecRuleWithEtherType(String id, String tenant, String etherType,
+ String direction, String ownerGroupId, String remoteGroupId) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRuleUUID(id);
+ secRule.setSecurityRuleTenantID(tenant);
+ secRule.setSecurityRuleEthertype(etherType);
+ secRule.setSecurityRuleDirection(direction);
+ secRule.setSecurityRuleGroupID(ownerGroupId);
+ secRule.setSecurityRemoteGroupID(remoteGroupId);
+ return secRule;
+ }
+
+ private final NeutronSecurityGroup createSecGroup(String id, String tenant) {
+ NeutronSecurityGroup secGrp = new NeutronSecurityGroup();
+ secGrp.setSecurityGroupUUID(id);
+ secGrp.setSecurityGroupTenantID(tenant);
+ return secGrp;
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+
+public class NeutronSecurityRuleAwareTest {
+
+ @Test
+ public final void testIsDirectionOpposite_InIn() {
+ assertFalse(NeutronSecurityRuleAware.isDirectionOpposite(Direction.In, Direction.In));
+ }
+
+ @Test
+ public final void testIsDirectionOpposite_OutOut() {
+ assertFalse(NeutronSecurityRuleAware.isDirectionOpposite(Direction.Out, Direction.Out));
+ }
+
+ @Test
+ public final void testIsDirectionOpposite_InOut() {
+ assertTrue(NeutronSecurityRuleAware.isDirectionOpposite(Direction.In, Direction.Out));
+ }
+
+ @Test
+ public final void testIsDirectionOpposite_OutIn() {
+ assertTrue(NeutronSecurityRuleAware.isDirectionOpposite(Direction.Out, Direction.In));
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleEntityDecoder;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.mapping.rule.SecRuleNameDecoder;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.MappingUtils;
+import org.opendaylight.groupbasedpolicy.neutron.mapper.util.NeutronUtils;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.EtherTypeClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.IpProtoClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.ofoverlay.sf.L4Classifier;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClauseName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.classifier.refs.ClassifierRef;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.EndpointIdentificationConstraints;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.L3EndpointIdentificationConstraints;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.has.endpoint.identification.constraints.endpoint.identification.constraints.l3.endpoint.identification.constraints.PrefixConstraint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.parameter.value.RangeValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.Clause;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.contract.clause.ConsumerMatchers;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.subject.feature.instances.ClassifierInstance;
+
+public class SecRuleDecoderTest {
+
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
+ private NeutronSecurityRule secRule;
+
+ @Before
+ public void setUp() throws Exception {
+ secRule = new NeutronSecurityRule();
+ }
+
+ @Test
+ public final void testGetTenantId_lowercaseUuidTenantID() {
+ secRule.setSecurityRuleTenantID("01234567-abcd-ef01-0123-0123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetTenantId_uppercaseUuidTenantID() {
+ secRule.setSecurityRuleTenantID("01234567-ABCD-EF01-0123-0123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetTenantId_mixUuidTenantID() {
+ secRule.setSecurityRuleTenantID("01234567-ABCD-ef01-0123-0123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetTenantId_noSlashLowercaseUuidTenantID() {
+ secRule.setSecurityRuleTenantID("01234567abcdef0101230123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetTenantId_noSlashUppercaseUuidTenantID() {
+ secRule.setSecurityRuleTenantID("01234567ABCDEF0101230123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetTenantId_noSlashMixUuidTenantID() {
+ secRule.setSecurityRuleTenantID("01234567ABCDef0101230123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getTenantId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetTenantId_emptyUuidTenantID() {
+ secRule.setSecurityRuleTenantID("");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getTenantId(secRule);
+ }
+
+ @Test
+ public final void testGetTenantId_badLengthUuidTenantID() {
+ secRule.setSecurityRuleTenantID("abc");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getTenantId(secRule);
+ }
+
+ @Test
+ public final void testGetTenantId_badContentUuidTenantID() {
+ secRule.setSecurityRuleTenantID("xyz34567-abcd-ef01-0123-0123456789ab");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getTenantId(secRule);
+ }
+
+ @Test
+ public final void testGetTenantId_nullUuidTenantID() {
+ secRule.setSecurityRuleTenantID(null);
+ thrown.expect(NullPointerException.class);
+ SecRuleEntityDecoder.getTenantId(secRule);
+ }
+
+ @Test
+ public final void testGetProviderEpgId_lowercaseUuidGroupID() {
+ secRule.setSecurityRuleGroupID("01234567-abcd-ef01-0123-0123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
+ SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetProviderEpgId_uppercaseUuidGroupID() {
+ secRule.setSecurityRuleGroupID("01234567-ABCD-EF01-0123-0123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
+ SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetProviderEpgId_mixUuidGroupID() {
+ secRule.setSecurityRuleGroupID("01234567-ABCD-ef01-0123-0123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
+ SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetProviderEpgId_noSlashLowercaseUuidGroupID() {
+ secRule.setSecurityRuleGroupID("01234567abcdef0101230123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
+ SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetProviderEpgId_noSlashUppercaseUuidGroupID() {
+ secRule.setSecurityRuleGroupID("01234567ABCDEF0101230123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
+ SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetProviderEpgId_noSlashMixUuidGroupID() {
+ secRule.setSecurityRuleGroupID("01234567ABCDef0101230123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
+ SecRuleEntityDecoder.getProviderEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetProviderEpgId_emptyUuidGroupID() {
+ secRule.setSecurityRuleGroupID("");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getProviderEpgId(secRule);
+ }
+
+ @Test
+ public final void testGetProviderEpgId_badLengthUuidGroupID() {
+ secRule.setSecurityRuleGroupID("abcdxy");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getProviderEpgId(secRule);
+ }
+
+ @Test
+ public final void testGetProviderEpgId_badContentUuidGroupID() {
+ secRule.setSecurityRuleGroupID("xyz34567-abcd-ef01-0123-0123456789ab");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getProviderEpgId(secRule);
+ }
+
+ @Test
+ public final void testGetProviderEpgId_nullUuidGroupID() {
+ secRule.setSecurityRuleGroupID(null);
+ thrown.expect(NullPointerException.class);
+ SecRuleEntityDecoder.getProviderEpgId(secRule);
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_lowercaseUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("01234567-abcd-ef01-0123-0123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
+ SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_uppercaseUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("01234567-ABCD-EF01-0123-0123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
+ SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_mixUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("01234567-ABCD-ef01-0123-0123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
+ SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_noSlashLowercaseUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("01234567abcdef0101230123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab",
+ SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_noSlashUppercaseUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("01234567ABCDEF0101230123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
+ SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_noSlashMixUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("01234567ABCDef0101230123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
+ SecRuleEntityDecoder.getConsumerEpgId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_emptyUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("");
+ Assert.assertSame(null, SecRuleEntityDecoder.getConsumerEpgId(secRule));
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_badLengthUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("abc");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_badContentUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID("xyz34567-abcd-ef01-0123-0123456789ab");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getConsumerEpgId(secRule);
+ }
+
+ @Test
+ public final void testGetConsumerEpgId_nullUuidRemoteGroupID() {
+ secRule.setSecurityRemoteGroupID(null);
+ Assert.assertSame(null, SecRuleEntityDecoder.getConsumerEpgId(secRule));
+ }
+
+ @Test
+ public final void testGetContractId_lowercaseUuidID() {
+ secRule.setSecurityRuleUUID("01234567-abcd-ef01-0123-0123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetContractId_uppercaseUuidID() {
+ secRule.setSecurityRuleUUID("01234567-ABCD-EF01-0123-0123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetContractId_mixUuidID() {
+ secRule.setSecurityRuleUUID("01234567-ABCD-ef01-0123-0123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetContractId_noSlashLowercaseUuidID() {
+ secRule.setSecurityRuleUUID("01234567abcdef0101230123456789ab");
+ Assert.assertEquals("01234567-abcd-ef01-0123-0123456789ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetContractId_noSlashUppercaseUuidID() {
+ secRule.setSecurityRuleUUID("01234567ABCDEF0101230123456789AB");
+ Assert.assertEquals("01234567-ABCD-EF01-0123-0123456789AB", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetContractId_noSlashMixUuidID() {
+ secRule.setSecurityRuleUUID("01234567ABCDef0101230123456789Ab");
+ Assert.assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", SecRuleEntityDecoder.getContractId(secRule).getValue());
+ }
+
+ @Test
+ public final void testGetContractId_emptyUuidID() {
+ secRule.setSecurityRuleUUID("");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getContractId(secRule);
+ }
+
+ @Test
+ public final void testGetContractId_badLengthUuidID() {
+ secRule.setSecurityRuleUUID("abcdxy");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getContractId(secRule);
+ }
+
+ @Test
+ public final void testGetContractId_badContentUuidID() {
+ secRule.setSecurityRuleUUID("xyz34567-abcd-ef01-0123-0123456789ab");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getContractId(secRule);
+ }
+
+ @Test
+ public final void testGetContractId_nullUuidID() {
+ secRule.setSecurityRuleUUID(null);
+ thrown.expect(NullPointerException.class);
+ SecRuleEntityDecoder.getContractId(secRule);
+ }
+
+ @Test
+ public final void testGetClassifierInstance_onlyEthertype() {
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ ClassifierInstance ci = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ Assert.assertEquals(EtherTypeClassifier.DEFINITION.getId(), ci.getClassifierDefinitionId());
+ // name is ether_type_IPv4
+ String expectedName = new StringBuilder().append(EtherTypeClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.IPv4)
+ .toString();
+ Assert.assertEquals(expectedName, ci.getName().getValue());
+ Assert.assertEquals(expectedName, ci.getName().getValue());
+ List<ParameterValue> parameterValues = ci.getParameterValue();
+ Assert.assertNotNull(parameterValues);
+ Assert.assertEquals(1, parameterValues.size());
+ ParameterValue parameter = parameterValues.get(0);
+ Assert.assertEquals(EtherTypeClassifier.ETHERTYPE_PARAM, parameter.getName().getValue());
+ assertClassifierParameterValue(parameter, EtherTypeClassifier.IPv4_VALUE, null, null);
+ }
+
+ @Test
+ public final void testGetClassifierInstance_EthertypeAndProtocol() {
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ secRule.setSecurityRuleProtocol(NeutronUtils.TCP);
+ ClassifierInstance ci = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ Assert.assertEquals(IpProtoClassifier.DEFINITION.getId(), ci.getClassifierDefinitionId());
+ // name is ip_proto_tcp__ether_type_IPv4
+ String expectedName = new StringBuilder().append(IpProtoClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.TCP)
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(EtherTypeClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.IPv4)
+ .toString();
+ Assert.assertEquals(expectedName, ci.getName().getValue());
+ List<ParameterValue> parameterValues = ci.getParameterValue();
+ Assert.assertNotNull(parameterValues);
+ Assert.assertEquals(2, parameterValues.size());
+ boolean containsEthertypeParam = false;
+ boolean containsProtoParam = false;
+ for (ParameterValue parameter : parameterValues) {
+ ParameterName parameterName = parameter.getName();
+ Assert.assertNotNull(parameterName);
+ if (EtherTypeClassifier.ETHERTYPE_PARAM.equals(parameterName.getValue())) {
+ containsEthertypeParam = true;
+ assertClassifierParameterValue(parameter, EtherTypeClassifier.IPv4_VALUE, null, null);
+ } else if (IpProtoClassifier.PROTO_PARAM.equals(parameterName.getValue())) {
+ containsProtoParam = true;
+ assertClassifierParameterValue(parameter, IpProtoClassifier.TCP_VALUE, null, null);
+ } else {
+ fail("This parameter is not expected: " + parameter);
+ }
+ }
+ Assert.assertTrue("Classifier-instance does not contain ethertype parameter", containsEthertypeParam);
+ Assert.assertTrue("Classifier-instance does not contain protocol parameter", containsProtoParam);
+ }
+
+ @Test
+ public final void testGetClassifierInstance_EthertypeAndProtocolAndPort() {
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ secRule.setSecurityRuleProtocol(NeutronUtils.TCP);
+ secRule.setSecurityRulePortMin(5);
+ secRule.setSecurityRulePortMax(5);
+ ClassifierInstance ci = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ Assert.assertEquals(L4Classifier.DEFINITION.getId(), ci.getClassifierDefinitionId());
+ // name is l4_destport-5__ip_proto-tcp__ether_type-IPv4
+ String expectedName = new StringBuilder().append(L4Classifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_DELIMETER)
+ .append(L4Classifier.DST_PORT_PARAM)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(secRule.getSecurityRulePortMin())
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(IpProtoClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.TCP)
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(EtherTypeClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.IPv4)
+ .toString();
+ Assert.assertEquals(expectedName, ci.getName().getValue());
+ List<ParameterValue> parameterValues = ci.getParameterValue();
+ Assert.assertNotNull(parameterValues);
+ Assert.assertEquals(3, parameterValues.size());
+ boolean containsEthertypeParam = false;
+ boolean containsProtoParam = false;
+ boolean containsDstPortParam = false;
+ for (ParameterValue parameter : parameterValues) {
+ ParameterName parameterName = parameter.getName();
+ Assert.assertNotNull(parameterName);
+ if (EtherTypeClassifier.ETHERTYPE_PARAM.equals(parameterName.getValue())) {
+ containsEthertypeParam = true;
+ assertClassifierParameterValue(parameter, EtherTypeClassifier.IPv4_VALUE, null, null);
+ } else if (IpProtoClassifier.PROTO_PARAM.equals(parameterName.getValue())) {
+ containsProtoParam = true;
+ assertClassifierParameterValue(parameter, IpProtoClassifier.TCP_VALUE, null, null);
+ } else if (L4Classifier.DST_PORT_PARAM.equals(parameterName.getValue())) {
+ containsDstPortParam = true;
+ assertClassifierParameterValue(parameter, 5L, null, null);
+ } else {
+ fail("This parameter is not expected: " + parameter);
+ }
+ }
+ Assert.assertTrue("Classifier-instance does not contain ethertype parameter", containsEthertypeParam);
+ Assert.assertTrue("Classifier-instance does not contain protocol parameter", containsProtoParam);
+ Assert.assertTrue("Classifier-instance does not contain destination port parameter", containsDstPortParam);
+ }
+
+ private final void assertClassifierParameterValue(ParameterValue parameter, Long expectedIntValue,
+ String expectedStringValue, RangeValue expectedRangeValue) {
+ Assert.assertEquals(expectedIntValue, parameter.getIntValue());
+ Assert.assertEquals(expectedStringValue, parameter.getStringValue());
+ Assert.assertEquals(expectedRangeValue, parameter.getRangeValue());
+ }
+
+ @Test
+ public final void testGetClassifierInstance_EthertypeAndProtocolAndPorts() {
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ secRule.setSecurityRuleProtocol(NeutronUtils.TCP);
+ secRule.setSecurityRulePortMin(5);
+ secRule.setSecurityRulePortMax(10);
+ ClassifierInstance ci = SecRuleEntityDecoder.getClassifierInstance(secRule);
+ Assert.assertEquals(L4Classifier.DEFINITION.getId(), ci.getClassifierDefinitionId());
+ // name is l4_destport_range_min-5_max-10__ip_proto-tcp__ether_type-IPv4
+ String expectedName = new StringBuilder().append(L4Classifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_DELIMETER)
+ .append(L4Classifier.DST_PORT_RANGE_PARAM)
+ .append(SecRuleNameDecoder.MIN_PORT)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(secRule.getSecurityRulePortMin())
+ .append(SecRuleNameDecoder.MAX_PORT)
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(secRule.getSecurityRulePortMax())
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(IpProtoClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.TCP)
+ .append(MappingUtils.NAME_DOUBLE_DELIMETER)
+ .append(EtherTypeClassifier.DEFINITION.getName().getValue())
+ .append(MappingUtils.NAME_VALUE_DELIMETER)
+ .append(NeutronUtils.IPv4)
+ .toString();
+ Assert.assertEquals(expectedName, ci.getName().getValue());
+ }
+
+ @Test
+ public final void testGetClassifierRef() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ ClassifierName expectedName = SecRuleNameDecoder.getClassifierRefName(secRule);
+ ClassifierRef cr = SecRuleEntityDecoder.getClassifierRef(secRule);
+ Assert.assertEquals(expectedName, cr.getName());
+ }
+
+ @Test
+ public final void testGetDirection_directionIngress() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ Assert.assertEquals(Direction.In, SecRuleEntityDecoder.getDirection(secRule));
+ }
+
+ @Test
+ public final void testGetDirection_directionEgress() {
+ secRule.setSecurityRuleDirection(NeutronUtils.EGRESS);
+ Assert.assertEquals(Direction.Out, SecRuleEntityDecoder.getDirection(secRule));
+ }
+
+ @Test
+ public final void testGetDirection_directionNull() {
+ secRule.setSecurityRuleDirection(null);
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getDirection(secRule);
+ }
+
+ @Test
+ public final void testGetDirection_directionUnknown() {
+ secRule.setSecurityRuleDirection("foo");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getDirection(secRule);
+ }
+
+ @Test
+ public final void testGetClause_noRemoteIpPrefix() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ ClauseName expectedClauseName = SecRuleNameDecoder.getClauseName(secRule);
+ Clause clause = SecRuleEntityDecoder.getClause(secRule);
+ Assert.assertEquals(expectedClauseName, clause.getName());
+ List<SubjectName> subjectRefs = clause.getSubjectRefs();
+ Assert.assertNotNull(subjectRefs);
+ Assert.assertEquals(1, subjectRefs.size());
+ SubjectName subjectNameFromClause = subjectRefs.get(0);
+ SubjectName expectedSubjectName = SecRuleNameDecoder.getSubjectName(secRule);
+ Assert.assertEquals(expectedSubjectName, subjectNameFromClause);
+ Assert.assertNull(clause.getConsumerMatchers());
+ Assert.assertNull(clause.getProviderMatchers());
+ }
+
+ @Test
+ public final void testGetClause_remoteIpPrefix() {
+ secRule.setSecurityRuleDirection(NeutronUtils.INGRESS);
+ secRule.setSecurityRuleEthertype(NeutronUtils.IPv4);
+ secRule.setSecurityRuleRemoteIpPrefix("10.0.0.0/8");
+ Clause clause = SecRuleEntityDecoder.getClause(secRule);
+ ClauseName expectedClauseName = SecRuleNameDecoder.getClauseName(secRule);
+ Assert.assertEquals(expectedClauseName, clause.getName());
+ List<SubjectName> subjectRefs = clause.getSubjectRefs();
+ Assert.assertNotNull(subjectRefs);
+ Assert.assertEquals(1, subjectRefs.size());
+ SubjectName subjectNameFromClause = subjectRefs.get(0);
+ SubjectName expectedSubjectName = SecRuleNameDecoder.getSubjectName(secRule);
+ Assert.assertEquals(expectedSubjectName, subjectNameFromClause);
+ Assert.assertNull(clause.getProviderMatchers());
+ ConsumerMatchers consumerMatchers = clause.getConsumerMatchers();
+ Assert.assertNotNull(consumerMatchers);
+ Assert.assertNull(consumerMatchers.getConditionMatcher());
+ Assert.assertNull(consumerMatchers.getGroupIdentificationConstraints());
+ EndpointIdentificationConstraints endpointIdentificationConstraints =
+ consumerMatchers.getEndpointIdentificationConstraints();
+ Assert.assertNotNull(endpointIdentificationConstraints);
+ L3EndpointIdentificationConstraints l3EndpointIdentificationConstraints =
+ endpointIdentificationConstraints.getL3EndpointIdentificationConstraints();
+ Assert.assertNotNull(l3EndpointIdentificationConstraints);
+ List<PrefixConstraint> prefixConstraints = l3EndpointIdentificationConstraints.getPrefixConstraint();
+ Assert.assertNotNull(prefixConstraints);
+ Assert.assertEquals(1, prefixConstraints.size());
+ PrefixConstraint prefixConstraint = prefixConstraints.get(0);
+ Assert.assertEquals(new Ipv4Prefix("10.0.0.0/8"), prefixConstraint.getIpPrefix().getIpv4Prefix());
+ }
+
+ @Test
+ public final void testIsEtherTypeOfOneWithinTwo_oneEthTypeIPv4TwoEthTypeIPv4() {
+ NeutronSecurityRule one = createSecRuleWithEtherType(NeutronUtils.IPv4);
+ NeutronSecurityRule two = createSecRuleWithEtherType(NeutronUtils.IPv4);
+ assertTrue(SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsEtherTypeOfOneWithinTwo_oneEthTypeIPv4TwoEthTypeNull() {
+ NeutronSecurityRule one = createSecRuleWithEtherType(NeutronUtils.IPv4);
+ NeutronSecurityRule two = createSecRuleWithEtherType(null);
+ assertTrue(SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsEtherTypeOfOneWithinTwo_oneEthTypeNullTwoEthTypeNull() {
+ NeutronSecurityRule one = createSecRuleWithEtherType(null);
+ NeutronSecurityRule two = createSecRuleWithEtherType(null);
+ assertTrue(SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsEtherTypeOfOneWithinTwo_oneEthTypeIPv4TwoEthTypeIPv6() {
+ NeutronSecurityRule one = createSecRuleWithEtherType(NeutronUtils.IPv4);
+ NeutronSecurityRule two = createSecRuleWithEtherType(NeutronUtils.IPv6);
+ assertFalse(SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsEtherTypeOfOneWithinTwo_oneEthTypeNullTwoEthTypeIPv4() {
+ NeutronSecurityRule one = createSecRuleWithEtherType(null);
+ NeutronSecurityRule two = createSecRuleWithEtherType(NeutronUtils.IPv4);
+ assertFalse(SecRuleEntityDecoder.isEtherTypeOfOneWithinTwo(one, two));
+ }
+
+ private final NeutronSecurityRule createSecRuleWithEtherType(String etherType) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRuleEthertype(etherType);
+ return secRule;
+ }
+
+ @Test
+ public void testIsProtocolOfOneWithinTwo_oneProtocolTcpTwoProtocolTcp() {
+ NeutronSecurityRule one = createSecRuleWithProtocol(NeutronUtils.TCP);
+ NeutronSecurityRule two = createSecRuleWithProtocol(NeutronUtils.TCP);
+ assertTrue(SecRuleEntityDecoder.isProtocolOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public void testIsProtocolOfOneWithinTwo_oneProtocolTcpTwoProtocolNull() {
+ NeutronSecurityRule one = createSecRuleWithProtocol(NeutronUtils.TCP);
+ NeutronSecurityRule two = createSecRuleWithProtocol(null);
+ assertTrue(SecRuleEntityDecoder.isProtocolOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public void testIsProtocolOfOneWithinTwo_oneProtocolNullTwoProtocolNull() {
+ NeutronSecurityRule one = createSecRuleWithProtocol(null);
+ NeutronSecurityRule two = createSecRuleWithProtocol(null);
+ assertTrue(SecRuleEntityDecoder.isProtocolOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public void testIsProtocolOfOneWithinTwo_oneProtocolTcpTwoProtocolUdp() {
+ NeutronSecurityRule one = createSecRuleWithProtocol(NeutronUtils.TCP);
+ NeutronSecurityRule two = createSecRuleWithProtocol(NeutronUtils.UDP);
+ assertFalse(SecRuleEntityDecoder.isProtocolOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public void testIsProtocolOfOneWithinTwo_oneProtocolNullTwoProtocolTcp() {
+ NeutronSecurityRule one = createSecRuleWithProtocol(null);
+ NeutronSecurityRule two = createSecRuleWithProtocol(NeutronUtils.TCP);
+ assertFalse(SecRuleEntityDecoder.isProtocolOfOneWithinTwo(one, two));
+ }
+
+ private NeutronSecurityRule createSecRuleWithProtocol(String protocol) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRuleProtocol(protocol);
+ return secRule;
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinGtTwoPortMinOnePortMaxLtTwoPortMax() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(6, 9);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(5, 10);
+ assertTrue(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinEqTwoPortMinOnePortMaxEqTwoPortMax() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(5, 10);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(5, 10);
+ assertTrue(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinTwoPortMinNullOnePortMaxTwoPortMaxNull() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(4, 9);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(null, null);
+ assertTrue(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinNullTwoPortMinNullOnePortMaxNullTwoPortMaxNull() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(null, null);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(null, null);
+ assertTrue(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinNullTwoPortMinOnePortMaxNullTwoPortMax() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(null, null);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(5, 10);
+ assertFalse(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinLtTwoPortMinOnePortMaxLtTwoPortMax() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(4, 9);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(5, 10);
+ assertFalse(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinGtTwoPortMinOnePortMaxGtTwoPortMax() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(6, 11);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(5, 10);
+ assertFalse(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ @Test
+ public final void testIsPortsOfOneWithinTwo_onePortMinLtTwoPortMinOnePortMaxGtTwoPortMax() {
+ NeutronSecurityRule one = createSecRuleWithMinMaxPort(4, 11);
+ NeutronSecurityRule two = createSecRuleWithMinMaxPort(5, 10);
+ assertFalse(SecRuleEntityDecoder.isPortsOfOneWithinTwo(one, two));
+ }
+
+ private NeutronSecurityRule createSecRuleWithMinMaxPort(Integer portMin, Integer portMax) {
+ NeutronSecurityRule secRule = new NeutronSecurityRule();
+ secRule.setSecurityRulePortMin(portMin);
+ secRule.setSecurityRulePortMax(portMax);
+ return secRule;
+ }
+
+ @Test
+ public final void testGetEtherType_ethertypeIPv4() {
+ secRule.setSecurityRuleEthertype("IPv4");
+ Assert.assertEquals(EtherTypeClassifier.IPv4_VALUE, SecRuleEntityDecoder.getEtherType(secRule));
+ }
+
+ @Test
+ public final void testGetEtherType_ethertypeIPv6() {
+ secRule.setSecurityRuleEthertype("IPv6");
+ Assert.assertEquals(EtherTypeClassifier.IPv6_VALUE, SecRuleEntityDecoder.getEtherType(secRule));
+ }
+
+ @Test
+ public final void testGetEtherType_ethertypeNull() {
+ secRule.setSecurityRuleEthertype(null);
+ Assert.assertNull(SecRuleEntityDecoder.getEtherType(secRule));
+ }
+
+ @Test
+ public final void testGetEtherType_ethertypeEmptyString() {
+ secRule.setSecurityRuleEthertype("");
+ Assert.assertNull(SecRuleEntityDecoder.getEtherType(secRule));
+ }
+
+ @Test
+ public final void testGetEtherType_ethertypeUnknown() {
+ secRule.setSecurityRuleEthertype("foo");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getEtherType(secRule);
+ }
+
+ @Test
+ public final void testGetProtocol_protoTcp() {
+ secRule.setSecurityRuleProtocol("tcp");
+ Assert.assertEquals(IpProtoClassifier.TCP_VALUE, SecRuleEntityDecoder.getProtocol(secRule));
+ }
+
+ @Test
+ public final void testGetProtocol_protoUdp() {
+ secRule.setSecurityRuleProtocol("udp");
+ Assert.assertEquals(IpProtoClassifier.UDP_VALUE, SecRuleEntityDecoder.getProtocol(secRule));
+ }
+
+ @Test
+ public final void testGetProtocol_protoIcmp() {
+ secRule.setSecurityRuleProtocol("icmp");
+ Assert.assertEquals(IpProtoClassifier.ICMP_VALUE, SecRuleEntityDecoder.getProtocol(secRule));
+ }
+
+ @Test
+ public final void testGetProtocol_protoNull() {
+ secRule.setSecurityRuleProtocol(null);
+ Assert.assertNull(SecRuleEntityDecoder.getProtocol(secRule));
+ }
+
+ @Test
+ public final void testGetProtocol_protoEmptyString() {
+ secRule.setSecurityRuleProtocol("");
+ Assert.assertNull(SecRuleEntityDecoder.getProtocol(secRule));
+ }
+
+ @Test
+ public final void testGetProtocol_protoUnknown() {
+ secRule.setSecurityRuleProtocol("foo");
+ thrown.expect(IllegalArgumentException.class);
+ SecRuleEntityDecoder.getProtocol(secRule);
+ }
+
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.test;
+
+import static com.google.common.base.Preconditions.checkState;
+
+import java.io.IOException;
+
+import org.opendaylight.controller.md.sal.binding.test.AbstractDataBrokerTest;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.Tenant;
+import org.opendaylight.yangtools.yang.binding.YangModuleInfo;
+import org.opendaylight.yangtools.yang.binding.util.BindingReflections;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.ImmutableSet.Builder;
+
+// TODO this class exists b/c https://bugs.opendaylight.org/show_bug.cgi?id=4281
+/**
+ * Loads only modules of GBP and it's dependencies for data broker.
+ * <br>Therefore this implementation is faster than {@link AbstractDataBrokerTest}
+ */
+public class GbpDataBrokerTest extends AbstractDataBrokerTest {
+
+ @Override
+ protected Iterable<YangModuleInfo> getModuleInfos() throws Exception {
+ Builder<YangModuleInfo> moduleInfoSet = ImmutableSet.<YangModuleInfo>builder();
+ loadModuleInfos(Tenant.class, moduleInfoSet);
+ return moduleInfoSet.build();
+ }
+
+ public static void loadModuleInfos(Class<?> clazzFromModule, Builder<YangModuleInfo> moduleInfoSet) throws Exception {
+ YangModuleInfo moduleInfo = BindingReflections.getModuleInfo(clazzFromModule);
+ checkState(moduleInfo != null, "Module Info for %s is not available.", clazzFromModule);
+ collectYangModuleInfo(moduleInfo, moduleInfoSet);
+ }
+
+ private static void collectYangModuleInfo(final YangModuleInfo moduleInfo,
+ final Builder<YangModuleInfo> moduleInfoSet) throws IOException {
+ moduleInfoSet.add(moduleInfo);
+ for (YangModuleInfo dependency : moduleInfo.getImportedModules()) {
+ collectYangModuleInfo(dependency, moduleInfoSet);
+ }
+ }
+}
--- /dev/null
+package org.opendaylight.groupbasedpolicy.neutron.mapper.util;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpAddress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Address;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Address;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev100924.Ipv6Prefix;
+
+public class UtilsTest {
+
+ @Rule
+ public ExpectedException thrown = ExpectedException.none();
+
+ @Test
+ public final void testCreateIpPrefix_ipv4() {
+ String ipv4Prefix = "1.1.1.1/8";
+ IpPrefix ipPrefix = Utils.createIpPrefix(ipv4Prefix);
+ Assert.assertNotNull(ipPrefix);
+ Assert.assertNull(ipPrefix.getIpv6Prefix());
+ assertEquals(ipv4Prefix, ipPrefix.getIpv4Prefix().getValue());
+ }
+
+ @Test
+ public final void testCreateIpPrefix_ipv6() {
+ String ipv6Prefix = "fd1c:29d6:85d1::/48";
+ IpPrefix ipPrefix = Utils.createIpPrefix(ipv6Prefix);
+ Assert.assertNotNull(ipPrefix);
+ Assert.assertNull(ipPrefix.getIpv4Prefix());
+ assertEquals(ipv6Prefix, ipPrefix.getIpv6Prefix().getValue());
+ }
+
+ @Test
+ public final void testCreateIpPrefix_null() {
+ thrown.expect(IllegalArgumentException.class);
+ Utils.createIpPrefix(null);
+ }
+
+ @Test
+ public final void testCreateIpPrefix_emptyString() {
+ thrown.expect(IllegalArgumentException.class);
+ Utils.createIpPrefix("");
+ }
+
+ @Test
+ public final void testCreateIpPrefix_invalidFormat() {
+ thrown.expect(IllegalArgumentException.class);
+ Utils.createIpPrefix("1.1.1.1/33");
+ }
+
+ @Test
+ public final void testCreateIpAddress_ipv4() {
+ String ipv4Address = "1.1.1.1";
+ IpAddress ipAddress = Utils.createIpAddress(ipv4Address);
+ Assert.assertNotNull(ipAddress);
+ Assert.assertNull(ipAddress.getIpv6Address());
+ assertEquals(ipv4Address, ipAddress.getIpv4Address().getValue());
+ }
+
+ @Test
+ public final void testCreateIpAddress_ipv6() {
+ String ipv6Address = "2001:db8::211:22ff:fe33:4455";
+ IpAddress ipAddress = Utils.createIpAddress(ipv6Address);
+ Assert.assertNotNull(ipAddress);
+ Assert.assertNull(ipAddress.getIpv4Address());
+ assertEquals(ipv6Address, ipAddress.getIpv6Address().getValue());
+ }
+
+ @Test
+ public final void testCreateIpAddress_null() {
+ thrown.expect(IllegalArgumentException.class);
+ Utils.createIpAddress(null);
+ }
+
+ @Test
+ public final void testCreateIpAddress_emptyString() {
+ thrown.expect(IllegalArgumentException.class);
+ Utils.createIpAddress("");
+ }
+
+ @Test
+ public final void testCreateIpAddress_invalidFormat() {
+ thrown.expect(IllegalArgumentException.class);
+ Utils.createIpAddress("1.1.1.256");
+ }
+
+ @Test
+ public final void testGetStringIpPrefix_ipv4() {
+ String ipv4Prefix = "1.1.1.1/8";
+ assertEquals(ipv4Prefix, Utils.getStringIpPrefix(new IpPrefix(new Ipv4Prefix(ipv4Prefix))));
+ }
+
+ @Test
+ public final void testGetStringIpPrefix_ipv6() {
+ String ipv6Prefix = "fd1c:29d6:85d1::/48";
+ assertEquals(ipv6Prefix, Utils.getStringIpPrefix(new IpPrefix(new Ipv6Prefix(ipv6Prefix))));
+ }
+
+ @Test
+ public final void testGetStringIpPrefix_null() {
+ thrown.expect(NullPointerException.class);
+ Utils.getStringIpPrefix(null);
+ }
+
+ @Test
+ public final void testGetStringIpAddress_ipv4() {
+ String ipv4Address = "1.1.1.1";
+ assertEquals(ipv4Address, Utils.getStringIpAddress(new IpAddress(new Ipv4Address(ipv4Address))));
+ }
+
+ @Test
+ public final void testGetStringIpAddress_ipv6() {
+ String ipv6Address = "2001:db8::211:22ff:fe33:4455";
+ assertEquals(ipv6Address, Utils.getStringIpAddress(new IpAddress(new Ipv6Address(ipv6Address))));
+ }
+
+ @Test
+ public final void testGetStringIpAddress_null() {
+ thrown.expect(NullPointerException.class);
+ Utils.getStringIpAddress(null);
+ }
+
+ @Test
+ public final void testNormalizeUuid_lowercaseUuid() {
+ assertEquals("01234567-abcd-ef01-0123-0123456789ab",
+ Utils.normalizeUuid("01234567-abcd-ef01-0123-0123456789ab"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_uppercaseUuid() {
+ assertEquals("01234567-ABCD-EF01-0123-0123456789AB",
+ Utils.normalizeUuid("01234567-ABCD-EF01-0123-0123456789AB"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_mixUuid() {
+ assertEquals("01234567-ABCD-ef01-0123-0123456789Ab",
+ Utils.normalizeUuid("01234567-ABCD-ef01-0123-0123456789Ab"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_noSlashLowercaseUuid() {
+ assertEquals("01234567-abcd-ef01-0123-0123456789ab", Utils.normalizeUuid("01234567abcdef0101230123456789ab"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_noSlashUppercaseUuid() {
+ assertEquals("01234567-ABCD-EF01-0123-0123456789AB", Utils.normalizeUuid("01234567ABCDEF0101230123456789AB"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_noSlashMixUuid() {
+ assertEquals("01234567-ABCD-ef01-0123-0123456789Ab", Utils.normalizeUuid("01234567ABCDef0101230123456789Ab"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_emptyUuid() {
+ assertEquals("", Utils.normalizeUuid(""));
+ }
+
+ @Test
+ public final void testNormalizeUuid_badUuid() {
+ assertEquals("abcdxy", Utils.normalizeUuid("abcdxy"));
+ }
+
+ @Test
+ public final void testNormalizeUuid_nullUuid() {
+ thrown.expect(NullPointerException.class);
+ Utils.normalizeUuid(null);
+ }
+
+}