import org.opendaylight.netvirt.utils.neutron.utils.NeutronUtils;
import org.opendaylight.neutron.spi.NeutronNetwork;
import org.opendaylight.neutron.spi.NeutronPort;
+import org.opendaylight.neutron.spi.NeutronSecurityGroup;
import org.opendaylight.neutron.spi.NeutronSubnet;
import org.opendaylight.ovsdb.utils.southbound.utils.SouthboundUtils;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
* @param bridge bridge where the port will be created on OVS
* @param portName name for this port
* @param owner deviceOwner, e.g., "network:dhcp"
+ * @param secGroups Optional NeutronSecurityGroup objects see NeutronUtils.createNeutronSecurityGroup()
* @throws InterruptedException if we're interrupted while waiting for objects to be created
*/
- public void createPort(Node bridge, String portName, String owner) throws InterruptedException {
+ public void createPort(Node bridge, String portName, String owner, NeutronSecurityGroup... secGroups) throws InterruptedException {
long idx = neutronPorts.size() + 1;
Assert.assertTrue(idx < 256);
String mac = macFor(idx);
String ip = ipFor(idx);
String portId = UUID.randomUUID().toString();
- neutronPorts.add(neutronUtils.createNeutronPort(id, subnetId, portId, owner, ip, mac));
+ neutronPorts.add(neutronUtils.createNeutronPort(id, subnetId, portId, owner, ip, mac, secGroups));
//TBD: Use NotifyingDataChangeListener
Thread.sleep(1000);
package org.opendaylight.netvirt.utils.neutron.utils;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.List;
+import java.util.UUID;
+
import org.opendaylight.neutron.spi.INeutronNetworkCRUD;
import org.opendaylight.neutron.spi.INeutronPortCRUD;
+import org.opendaylight.neutron.spi.INeutronSecurityGroupCRUD;
+import org.opendaylight.neutron.spi.INeutronSecurityRuleCRUD;
import org.opendaylight.neutron.spi.INeutronSubnetCRUD;
import org.opendaylight.neutron.spi.NeutronNetwork;
import org.opendaylight.neutron.spi.NeutronPort;
import org.opendaylight.neutron.spi.NeutronSecurityGroup;
+import org.opendaylight.neutron.spi.NeutronSecurityRule;
import org.opendaylight.neutron.spi.NeutronSubnet;
import org.opendaylight.netvirt.utils.servicehelper.ServiceHelper;
public class NeutronUtils {
public NeutronPort createNeutronPort(String networkId, String subnetId,
- String id, String owner, String ipaddr, String mac) {
+ String id, String owner, String ipaddr, String mac, NeutronSecurityGroup... secGroups) {
INeutronPortCRUD iNeutronPortCRUD =
(INeutronPortCRUD) ServiceHelper.getGlobalInstance(INeutronPortCRUD.class, this);
NeutronPort np = new NeutronPort();
nip.setSubnetUUID(subnetId);
srcAddressList.add(nip);
np.setFixedIPs(srcAddressList);
- List<NeutronSecurityGroup> nsgs = new ArrayList<>();
+ List<NeutronSecurityGroup> nsgs = Arrays.asList(secGroups);
np.setSecurityGroups(nsgs);
iNeutronPortCRUD.add(np);
return np;
return iNeutronNetworkCRUD.removeNetwork(uuid);
}
+
+ /**
+ * Build a NeutronSecurityRule that can be passed in to createNeutronSecurityGroup.
+ * @param direction e.g., "ingress". May be null.
+ * @param ethertype e.g., "IPv4". May be null.
+ * @param protocol e.g., "TCP". May be null.
+ * @param ipPrefix e.g., "10.9.8.0/24". May be null.
+ * @param portMin or null
+ * @param portMax or null
+ * @return A new NeutronSecurityRule
+ */
+ public NeutronSecurityRule buildNeutronSecurityRule(String direction, String ethertype, String protocol,
+ String ipPrefix, Integer portMin, Integer portMax) {
+ NeutronSecurityRule rule = new NeutronSecurityRule();
+ rule.setSecurityRuleUUID(UUID.randomUUID().toString());
+ rule.setSecurityRemoteGroupID(null);
+ rule.setSecurityRuleDirection(direction);
+ rule.setSecurityRuleEthertype(ethertype);
+ rule.setSecurityRuleProtocol(protocol);
+ rule.setSecurityRuleRemoteIpPrefix(ipPrefix);
+ rule.setSecurityRulePortMin(portMin);
+ rule.setSecurityRulePortMax(portMax);
+
+ return rule;
+ }
+
+ /**
+ * Create a new NeutronSecurityGroup and create the NeutronSecurityRules passed in. This method will first create
+ * teh NeutronSecurityRules and then the NeutronSecurityGroup in md-sal.
+ * @param tenantId The tenant ID for both the rules and groups
+ * @param rules NeutronSecurityRules. You can create them with buildNeutronSecurityRule.
+ * @return A new NeutronSecurityGroup
+ */
+ public NeutronSecurityGroup createNeutronSecurityGroup(String tenantId, NeutronSecurityRule... rules) {
+ INeutronSecurityGroupCRUD groupCRUD =
+ (INeutronSecurityGroupCRUD) ServiceHelper.getGlobalInstance(INeutronSecurityGroupCRUD.class, this);
+ INeutronSecurityRuleCRUD ruleCRUD =
+ (INeutronSecurityRuleCRUD) ServiceHelper.getGlobalInstance(INeutronSecurityRuleCRUD.class, this);
+
+ String id = UUID.randomUUID().toString();
+ NeutronSecurityGroup sg = new NeutronSecurityGroup();
+ sg.setSecurityGroupName("SG-" + id);
+ sg.setSecurityGroupUUID(id);
+ sg.setTenantID(tenantId);
+
+ List<NeutronSecurityRule> ruleList = new ArrayList<>(rules.length);
+ for (NeutronSecurityRule rule : rules) {
+ rule.setTenantID(tenantId);
+ rule.setSecurityRuleGroupID(id);
+ ruleList.add(rule);
+ ruleCRUD.addNeutronSecurityRule(rule);
+ }
+
+ sg.setSecurityRules(ruleList);
+ groupCRUD.add(sg);
+
+ return sg;
+ }
+
+ /**
+ * Remove the NeutronSecurityGroup and its associated NeutronSecurityRules from md-sal
+ * @param sg NeutronSecurityGroup to remove
+ */
+ public void removeNeutronSecurityGroupAndRules(NeutronSecurityGroup sg) {
+ INeutronSecurityGroupCRUD groupCRUD =
+ (INeutronSecurityGroupCRUD) ServiceHelper.getGlobalInstance(INeutronSecurityGroupCRUD.class, this);
+ INeutronSecurityRuleCRUD ruleCRUD =
+ (INeutronSecurityRuleCRUD) ServiceHelper.getGlobalInstance(INeutronSecurityRuleCRUD.class, this);
+
+ for (NeutronSecurityRule rule : sg.getSecurityRules()) {
+ ruleCRUD.removeNeutronSecurityRule(rule.getSecurityRuleUUID());
+ }
+ groupCRUD.removeNeutronSecurityGroup(sg.getID());
+ }
}