org.opendaylight.groupbasedpolicy.api.*,
org.opendaylight.groupbasedpolicy.dto,
org.opendaylight.groupbasedpolicy.util,
+ org.opendaylight.groupbasedpolicy.renderer.util
</Export-Package>
<Embed-Dependency>java-ipv6</Embed-Dependency>
</instructions>
ParentContainmentEndpoint epAsParent = new ParentContainmentEndpointBuilder(endpoint).build();
for (ChildEndpoint child : nullToEmpty(endpoint.getChildEndpoint())) {
InstanceIdentifier<AddressEndpoint> childIid =
- IidFactory.addressEndpointIid(EndpointUtils.createAddressEndointKey(child));
+ IidFactory.addressEndpointIid(EndpointUtils.createAddressEndpointKey(child));
Optional<AddressEndpoint> childAddrEpOptional =
DataStoreHelper.readFromDs(LogicalDatastoreType.OPERATIONAL, childIid, t);
if (childAddrEpOptional.isPresent()) {
ParentEndpoint epAsParent = new ParentEndpointBuilder(endpoint).build();
for (ChildEndpoint child : nullToEmpty(endpoint.getChildEndpoint())) {
InstanceIdentifier<AddressEndpoint> childIid =
- IidFactory.addressEndpointIid(EndpointUtils.createAddressEndointKey(child));
+ IidFactory.addressEndpointIid(EndpointUtils.createAddressEndpointKey(child));
Optional<AddressEndpoint> childAddrEpOptional =
DataStoreHelper.readFromDs(LogicalDatastoreType.OPERATIONAL, childIid, t);
if (childAddrEpOptional.isPresent()) {
private void deleteAddressEndpointFromChilds(ReadWriteTransaction t, AddressEndpoint endpoint) {
for (ChildEndpoint childEndpoint : nullToEmpty(endpoint.getChildEndpoint())) {
KeyedInstanceIdentifier<ParentEndpoint, ParentEndpointKey> parentEp =
- IidFactory.addressEndpointIid(EndpointUtils.createAddressEndointKey(childEndpoint)).child(ParentEndpoint.class,
+ IidFactory.addressEndpointIid(EndpointUtils.createAddressEndpointKey(childEndpoint)).child(ParentEndpoint.class,
new ParentEndpointKey(endpoint.getAddress(), endpoint.getAddressType(),
endpoint.getContextId(), endpoint.getContextType()));
DataStoreHelper.removeIfExists(LogicalDatastoreType.OPERATIONAL, parentEp, t);
import java.util.List;
import java.util.Set;
+import org.opendaylight.groupbasedpolicy.renderer.util.EndpointLocationUtils;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.EndpointLocations;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoint.locations.AddressEndpointLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoint.locations.AddressEndpointLocationKey;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.ImmutableTable;
import com.google.common.collect.Table;
+
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
+
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+
import org.opendaylight.groupbasedpolicy.api.EndpointAugmentor;
import org.opendaylight.groupbasedpolicy.api.NetworkDomainAugmentor;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
+import org.opendaylight.groupbasedpolicy.renderer.util.ContainmentEndpointUtils;
+import org.opendaylight.groupbasedpolicy.renderer.util.EndpointLocationUtils;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoint.locations.AddressEndpointLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoint.locations.ContainmentEndpointLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.address.endpoints.AddressEndpoint;
return contEpWithLoc.build();
}
- public RuleGroups buildRuluGroups(ResolvedPolicyInfo policyInfo) {
+ public RuleGroups buildRuleGroups(ResolvedPolicyInfo policyInfo) {
List<RuleGroup> ruleGroups = resolveRuleGroups(getPolicyRuleGroupKeys(), policyInfo);
return new RuleGroupsBuilder().setRuleGroup(ruleGroups).build();
}
import static com.google.common.base.Preconditions.checkNotNull;
import javax.annotation.Nullable;
+
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
+
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Function;
import com.google.common.base.Optional;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableMultimap;
import com.google.common.collect.ImmutableSet;
+
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.renderer.listener.ForwardingListener;
import org.opendaylight.groupbasedpolicy.renderer.listener.RenderersListener;
import org.opendaylight.groupbasedpolicy.renderer.listener.ResolvedPoliciesListener;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
+import org.opendaylight.groupbasedpolicy.renderer.util.ContainmentEndpointUtils;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.EndpointLocations;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.Endpoints;
currentState.rendererByNode, epAugmentorRegistry.getEndpointAugmentors());
configBuilder.setEndpoints(endpoints);
- RuleGroups ruleGroups = rendererPolicyBuilder.buildRuluGroups(currentState.policyInfo);
+ RuleGroups ruleGroups = rendererPolicyBuilder.buildRuleGroups(currentState.policyInfo);
configBuilder.setRuleGroups(ruleGroups);
RendererForwarding rendererForwarding = rendererPolicyBuilder.buildRendererForwarding(currentState.forwarding,
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
-package org.opendaylight.groupbasedpolicy.renderer;
+package org.opendaylight.groupbasedpolicy.renderer.util;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.address.endpoints.AddressEndpointKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
return new AddressEndpointKey(peerExtEpKey.getAddress(), peerExtEpKey.getAddressType(),
peerExtEpKey.getContextId(), peerExtEpKey.getContextType());
}
-
}
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
-package org.opendaylight.groupbasedpolicy.renderer;
+package org.opendaylight.groupbasedpolicy.renderer.util;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.containment.endpoints.ContainmentEndpointKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerExternalContainmentEndpointKey;
public class ContainmentEndpointUtils {
+ //hiding default public constructor
+ private ContainmentEndpointUtils() {}
+
public static PeerExternalContainmentEndpointKey toPeerExtContEpKey(ContainmentEndpointKey peerContEpKey) {
return new PeerExternalContainmentEndpointKey(peerContEpKey.getContextId(), peerContEpKey.getContextType());
}
* and is available at http://www.eclipse.org/legal/epl-v10.html
*/
-package org.opendaylight.groupbasedpolicy.renderer;
+package org.opendaylight.groupbasedpolicy.renderer.util;
import java.util.List;
public class EndpointLocationUtils {
+ // hiding default public constructor
+ private EndpointLocationUtils() {}
+
public static ImmutableMultimap<InstanceIdentifier<?>, AddressEndpointLocation> resolveEndpointsByAbsoluteNodeLocation(
@Nullable List<AddressEndpointLocation> addressEndpointLocations) {
if (addressEndpointLocations == null) {
public class EndpointUtils {
- public static AddressEndpointKey createAddressEndointKey(ChildEndpoint child) {
+ public static AddressEndpointKey createAddressEndpointKey(ChildEndpoint child) {
return new AddressEndpointKey(child.getAddress(), child.getAddressType(), child.getContextId(),
child.getContextType());
}
}
return Collections.emptyList();
}
-
}
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableTable;
+
import java.util.Collections;
import java.util.Set;
+
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.groupbasedpolicy.base_endpoint.EndpointAugmentorRegistryImpl;
import org.opendaylight.groupbasedpolicy.forwarding.NetworkDomainAugmentorRegistryImpl;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.EndpointLocations;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.EndpointLocationsBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.Endpoints;
*/
package org.opendaylight.groupbasedpolicy.resolver;
+import com.google.common.base.Preconditions;
+
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
@Before
public void init() {
dataProvider = getDataBroker();
+ Preconditions.checkNotNull(dataProvider);
policyResolver = new PolicyResolver(dataProvider);
}
package org.opendaylight.groupbasedpolicy.neutron.mapper.infrastructure;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ConsumerNamedSelectorBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelector;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.endpoint.group.ProviderNamedSelectorBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ActionInstance;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstance;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tenants.tenant.policy.subject.feature.instances.ClassifierInstanceBuilder;
wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.classifierInstanceIid(tenantId, ci.getName()), ci,
true);
}
+ for (ActionInstance ai : Collections.singleton(MappingUtils.ACTION_ALLOW)) {
+ wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.actionInstanceIid(tenantId, ai.getName()), ai, true);
+ }
wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DHCP_CONTRACT_ID), DHCP_CONTRACT,
true);
wTx.put(LogicalDatastoreType.CONFIGURATION, IidFactory.contractIid(tenantId, DNS_CONTRACT_ID), DNS_CONTRACT,
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.EndpointGroupId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.NetworkDomainId;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L3Context;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2BridgeDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2FloodDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L3Context;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.Subnet;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.ContextType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.forwarding.fields.Parent;
public final class MappingUtils {
public static final String NEUTRON_ROUTER = "neutron_router-";
- public static final String NEUTRON_EXTERNAL = "neutron_external_network-";
- public static final String NEUTRON_GROUP = "neutron_group-";
public static final IpPrefix DEFAULT_ROUTE = new IpPrefix(new Ipv4Prefix("0.0.0.0/0"));
public static final ActionInstance ACTION_ALLOW = new ActionInstanceBuilder().setName(
- new ActionName("Allow"))
+ new ActionName("allow"))
.setActionDefinitionId(AllowActionDefinition.DEFINITION.getId())
.build();
public static final ActionChoice ALLOW_ACTION_CHOICE = new AllowActionCaseBuilder().setAllow(
--- /dev/null
+module neutron-gbp-mapper {
+ yang-version 1;
+
+ namespace "urn:opendaylight:groupbasedpolicy:neutron-gbp-mapper";
+ prefix "neutron-gbp-mapper";
+
+ import gbp-common { prefix gbp-common; }
+ import endpoint { prefix gbp-endpoint; }
+ import ietf-yang-types { prefix yang; revision-date 2013-07-15; }
+ import ietf-inet-types { prefix inet; revision-date 2013-07-15; }
+ import base-endpoint { prefix base-ep; revision-date 2016-04-27; }
+ import forwarding { prefix fwd; revision-date 2016-04-27; }
+ import l2-l3-forwarding { prefix l2-l3; revision-date 2016-04-27; }
+
+
+
+ description
+ "This module defines the mapping model between Neutron entities and GBP entities.";
+
+ revision "2015-05-13" {
+ description
+ "Initial revision.";
+ }
+
+ grouping neutron-port-key {
+ leaf port-id {
+ description "A unique ID for the neutron port";
+ type gbp-common:unique-id;
+ }
+ }
+
+ container mappings {
+ description "Mapping of neutron entities by groupbasedpolicy entities and vice versa.";
+ config false;
+ container neutron-by-gbp-mappings {
+ description "Neutron entities by groupbasedpolicy entities";
+ container ports-by-endpoints {
+ description "Neutron ports by groupbasedpolicy endpoint";
+ status deprecated;
+ list port-by-endpoint {
+ description "Neutron port key by groupbasedpolicy endpoint key";
+ key "l2-context mac-address";
+ uses gbp-endpoint:l2-key;
+ uses neutron-port-key;
+ }
+ }
+ container ports-by-base-endpoints {
+ description "Neutron ports by groupbasedpolicy base-endpoint";
+ list port-by-base-endpoint {
+ description "Neutron port key by groupbasedpolicy base-endpoint key";
+ key "context-type context-id address-type address";
+ uses base-ep:address-endpoint-key;
+ uses neutron-port-key;
+ }
+ }
+
+ container external-gateways-as-endpoints {
+ description "Endpoints that represent Neutron External Gateways for External Subnets.
+ Please note these ARE NOT Neutron router ports, they are outside of Neutron.";
+ list external-gateway-as-endpoint {
+ description "Endpoints that represent Neutron External Gateways for External Subnets.
+ Please note these ARE NOT Neutron router ports, they are outside of Neutron.";
+
+ key "context-id context-type address address-type";
+
+ uses base-ep:address-endpoint-key;
+ }
+ }
+
+ container external-gateways-as-l3-endpoints {
+ status deprecated; // use external-gateways-as-endpoints
+ description "L3Endpoints that represent Neutron External Gateways for External Subnets.
+ Please note these ARE NOT Neutron router ports, they are outside of Neutron.";
+ list external-gateway-as-l3-endpoint {
+ description "L3Endpoints that represent Neutron External Gateways for External Subnets.
+ Please note these ARE NOT Neutron router ports, they are outside of Neutron.";
+ key "l3-context ip-address";
+ uses gbp-endpoint:l3-key;
+ }
+ }
+
+ container provider-physical-networks-as-l2-flood-domains {
+ status deprecated;
+ list provider-physical-network-as-l2-flood-domain {
+ key "tenant-id l2-flood-domain-id";
+ leaf tenant-id {
+ description "Tenant of L2 Flood Domain";
+ type gbp-common:tenant-id;
+ }
+ leaf l2-flood-domain-id {
+ description "The L2 Flood Domain ID";
+ type gbp-common:l2-flood-domain-id;
+ }
+ leaf segmentation-id {
+ mandatory true;
+ description "An isolated segment on the physical network. The network-type
+ attribute defines the segmentation model. For example, if network-type
+ is vlan, this ID is a vlan identifier.";
+ type string;
+ }
+ }
+ }
+
+ container provider-networks-as-l2-flood-domains {
+ list provider-physical-network-as-l2-flood-domain {
+ key "tenant-id l2-flood-domain-id";
+ leaf tenant-id {
+ description "Tenant of L2 Flood Domain";
+ type gbp-common:tenant-id;
+ }
+ leaf l2-flood-domain-id {
+ type gbp-common:context-id;
+ }
+ leaf segmentation-id {
+ mandatory true;
+ description "An isolated segment on the physical network. The network-type
+ attribute defines the segmentation model. For example, if network-type
+ is vlan, this ID is a vlan identifier.";
+ type string;
+ }
+ }
+ }
+ }
+
+ container gbp-by-neutron-mappings {
+ description "Groupbasedpolicy entities by neutron entities";
+ container endpoints-by-ports {
+ description "Groupbasedpolicy endpoints by neutron ports";
+ status deprecated;
+ list endpoint-by-port {
+ description "Groupbasedpolicy endpoint key by neutron port key";
+ key port-id;
+ uses neutron-port-key;
+ uses gbp-endpoint:l2-key;
+ }
+ }
+ container base-endpoints-by-ports {
+ description "Groupbasedpolicy base-endpoints by neutron ports";
+ list base-endpoint-by-port {
+ description "Groupbasedpolicy base-endpoint key by neutron port key";
+ key port-id;
+ uses neutron-port-key;
+ uses base-ep:address-endpoint-key;
+ }
+ }
+ }
+ }
+
+ rpc change-action-of-security-group-rules {
+ input {
+ list security-group-rule {
+ key uuid;
+ leaf uuid {
+ type yang:uuid;
+ description "UUID to index this neutron security group rule.";
+ }
+ }
+ container action {
+ choice action-choice {
+ case sfc-action-case {
+ leaf sfc-chain-name {
+ type string;
+ }
+ }
+ case allow-action-case {
+ container allow {
+ presence true;
+ }
+ }
+ }
+ }
+ }
+ }
+
+}
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.mappings.gbp.by.neutron.mappings.base.endpoints.by.ports.BaseEndpointByPort;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.neutron.gbp.mapper.rev150513.mappings.gbp.by.neutron.mappings.base.endpoints.by.ports.BaseEndpointByPortKey;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.Config;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.ExcludeFromPolicy;\r
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.ExcludeFromPolicyBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.LoopbackCase;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.LoopbackCaseBuilder;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.TapCase;\r
.setName(createQRouterPortName(port.getUuid()))\r
.build();\r
vppEpBuilder.setInterfaceTypeChoice(tapCase);\r
+ vppEpBuilder.addAugmentation(ExcludeFromPolicy.class,\r
+ new ExcludeFromPolicyBuilder().setExcludeFromPolicy(true).build());\r
} else if (isValidVppRouterPort(port)) {\r
if (!DEFAULT_NODE.equals(routingNode.getValue())) {\r
LOG.warn(\r
--- /dev/null
+Manifest-Version: 1.0
+Bnd-LastModified: 1485939979022
+Build-Jdk: 1.8.0_112
+Built-By: tcechval
+Bundle-Description: OpenDaylight is leading the transformation to Open S
+ oftware Defined Networking (SDN). For more information, please see http
+ s://www.opendaylight.org
+Bundle-DocURL: https://www.opendaylight.org
+Bundle-License: https://www.eclipse.org/legal/epl-v10.html
+Bundle-ManifestVersion: 2
+Bundle-Name: iovisor-renderer
+Bundle-SymbolicName: org.opendaylight.groupbasedpolicy.iovisor-renderer
+Bundle-Vendor: OpenDaylight
+Bundle-Version: 0.5.0.SNAPSHOT
+Created-By: Apache Maven Bundle Plugin
+Export-Package: org.opendaylight.groupbasedpolicy.renderer.iovisor.endpo
+ int;version="0.5.0";uses:="org.opendaylight.controller.md.sal.binding.a
+ pi,org.opendaylight.groupbasedpolicy.api,org.opendaylight.groupbasedpol
+ icy.renderer.iovisor.module,org.opendaylight.groupbasedpolicy.util,org.
+ opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev
+ 140421,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.e
+ ndpoint.rev140421.endpoints,org.opendaylight.yangtools.yang.binding",or
+ g.opendaylight.groupbasedpolicy.renderer.iovisor;version="0.5.0";uses:=
+ "org.opendaylight.controller.md.sal.binding.api,org.opendaylight.groupb
+ asedpolicy.api,org.opendaylight.groupbasedpolicy.renderer.iovisor.endpo
+ int,org.opendaylight.groupbasedpolicy.renderer.iovisor.module,org.opend
+ aylight.groupbasedpolicy.util,org.opendaylight.yang.gen.v1.urn.opendayl
+ ight.groupbasedpolicy.iovisor.rev151030,org.opendaylight.yang.gen.v1.ur
+ n.opendaylight.groupbasedpolicy.renderer.rev151103,org.opendaylight.yan
+ g.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.re
+ solved.policies,org.opendaylight.yangtools.yang.binding",org.opendaylig
+ ht.groupbasedpolicy.renderer.iovisor.module;version="0.5.0";uses:="org.
+ opendaylight.controller.md.sal.binding.api,org.opendaylight.controller.
+ md.sal.common.api.data,org.opendaylight.groupbasedpolicy.util,org.opend
+ aylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.
+ rev151030,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolic
+ y.iovisor.rev151030.iovisor.module.instances,org.opendaylight.yang.gen.
+ v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.iovisor.modules.
+ by.tenant.by.endpointgroup.id.iovisor.module.by.tenant.by.endpointgroup
+ .id,org.opendaylight.yangtools.yang.binding",org.opendaylight.groupbase
+ dpolicy.renderer.iovisor.restclient;version="0.5.0",org.opendaylight.gr
+ oupbasedpolicy.renderer.iovisor.sf;version="0.5.0";uses:="org.opendayli
+ ght.controller.md.sal.binding.api,org.opendaylight.groupbasedpolicy.api
+ ,org.opendaylight.groupbasedpolicy.util,org.opendaylight.yang.gen.v1.ur
+ n.opendaylight.groupbasedpolicy.common.rev140421,org.opendaylight.yang.
+ gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421,org.opendayli
+ ght.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subj
+ ect.feature.definitions,org.opendaylight.yang.gen.v1.urn.opendaylight.g
+ roupbasedpolicy.policy.rev140421.subject.feature.instance,org.opendayli
+ ght.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.tena
+ nts.tenant.policy.subject.feature.instances,org.opendaylight.yang.gen.v
+ 1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.render
+ er.capabilities.supported.action.definition,org.opendaylight.yang.gen.v
+ 1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.render
+ er.capabilities.supported.classifier.definition,org.opendaylight.yangto
+ ols.yang.binding",org.opendaylight.groupbasedpolicy.renderer.iovisor.ut
+ ils;version="0.5.0";uses:="org.opendaylight.controller.md.sal.binding.a
+ pi,org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.t
+ ypes.rev130715,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbased
+ policy.common.rev140421,org.opendaylight.yang.gen.v1.urn.opendaylight.g
+ roupbasedpolicy.iovisor.rev151030,org.opendaylight.yang.gen.v1.urn.open
+ daylight.groupbasedpolicy.iovisor.rev151030.iovisor.module.instances,or
+ g.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.re
+ v151030.iovisor.modules.by.tenant.by.endpointgroup.id,org.opendaylight.
+ yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.iovisor
+ .resolved.endpoints,org.opendaylight.yang.gen.v1.urn.opendaylight.group
+ basedpolicy.iovisor.rev151030.iovisor.resolved.endpoints.by.tenant.by.e
+ ndpointgroup.id,org.opendaylight.yangtools.yang.binding",org.opendaylig
+ ht.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030;vers
+ ion="0.5.0";uses:="org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.
+ yang.ietf.inet.types.rev130715,org.opendaylight.yang.gen.v1.urn.openday
+ light.groupbasedpolicy.endpoint.rev140421,org.opendaylight.yang.gen.v1.
+ urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints,org.open
+ daylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev15103
+ 0.iovisor.module.instances,org.opendaylight.yang.gen.v1.urn.opendayligh
+ t.groupbasedpolicy.iovisor.rev151030.iovisor.modules.by.tenant.by.endpo
+ intgroup.id,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpol
+ icy.iovisor.rev151030.iovisor.resolved.endpoints,org.opendaylight.yang.
+ gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.iovisor.reso
+ lved.endpoints.by.tenant.by.endpointgroup.id,org.opendaylight.yangtools
+ .concepts,org.opendaylight.yangtools.yang.binding,org.opendaylight.yang
+ tools.yang.common",org.opendaylight.yang.gen.v1.urn.opendaylight.groupb
+ asedpolicy.iovisor.rev151030.iovisor.module.instances;version="0.5.0";u
+ ses:="org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ine
+ t.types.rev130715,org.opendaylight.yang.gen.v1.urn.opendaylight.groupba
+ sedpolicy.iovisor.rev151030,org.opendaylight.yangtools.concepts,org.ope
+ ndaylight.yangtools.yang.binding,org.opendaylight.yangtools.yang.common
+ ",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ioviso
+ r.rev151030.iovisor.modules.by.tenant.by.endpointgroup.id.iovisor.modul
+ e.by.tenant.by.endpointgroup.id;version="0.5.0";uses:="org.opendaylight
+ .yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030,org.op
+ endaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151
+ 030.iovisor.modules.by.tenant.by.endpointgroup.id,org.opendaylight.yang
+ tools.concepts,org.opendaylight.yangtools.yang.binding,org.opendaylight
+ .yangtools.yang.common",org.opendaylight.yang.gen.v1.urn.opendaylight.g
+ roupbasedpolicy.iovisor.rev151030.iovisor.modules.by.tenant.by.endpoint
+ group.id;version="0.5.0";uses:="org.opendaylight.yang.gen.v1.urn.openda
+ ylight.groupbasedpolicy.common.rev140421,org.opendaylight.yang.gen.v1.u
+ rn.opendaylight.groupbasedpolicy.iovisor.rev151030,org.opendaylight.yan
+ g.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.iovisor.mo
+ dules.by.tenant.by.endpointgroup.id.iovisor.module.by.tenant.by.endpoin
+ tgroup.id,org.opendaylight.yangtools.concepts,org.opendaylight.yangtool
+ s.yang.binding,org.opendaylight.yangtools.yang.common",org.opendaylight
+ .yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.ioviso
+ r.resolved.endpoints.by.tenant.by.endpointgroup.id.iovisor.resolved.end
+ point.by.tenant.by.endpointgroup.id;version="0.5.0";uses:="org.opendayl
+ ight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715,
+ org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.r
+ ev140421,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy
+ .endpoint.rev140421,org.opendaylight.yang.gen.v1.urn.opendaylight.group
+ basedpolicy.iovisor.rev151030.iovisor.resolved.endpoints.by.tenant.by.e
+ ndpointgroup.id,org.opendaylight.yangtools.concepts,org.opendaylight.ya
+ ngtools.yang.binding,org.opendaylight.yangtools.yang.common",org.openda
+ ylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.
+ iovisor.resolved.endpoints.by.tenant.by.endpointgroup.id;version="0.5.0
+ ";uses:="org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy
+ .common.rev140421,org.opendaylight.yang.gen.v1.urn.opendaylight.groupba
+ sedpolicy.iovisor.rev151030,org.opendaylight.yang.gen.v1.urn.opendaylig
+ ht.groupbasedpolicy.iovisor.rev151030.iovisor.resolved.endpoints.by.ten
+ ant.by.endpointgroup.id.iovisor.resolved.endpoint.by.tenant.by.endpoint
+ group.id,org.opendaylight.yangtools.concepts,org.opendaylight.yangtools
+ .yang.binding,org.opendaylight.yangtools.yang.common",org.opendaylight.
+ yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.iovisor
+ .resolved.endpoints;version="0.5.0";uses:="org.opendaylight.yang.gen.v1
+ .urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715,org.opendaylight
+ .yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421,org.ope
+ ndaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140
+ 421,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovi
+ sor.rev151030,org.opendaylight.yangtools.concepts,org.opendaylight.yang
+ tools.yang.binding,org.opendaylight.yangtools.yang.common"
+Import-Package: com.google.common.base;version="[18.0,19)",com.google.co
+ mmon.collect;version="[18.0,19)",com.google.common.net;version="[18.0,1
+ 9)",com.google.common.util.concurrent;version="[18.0,19)",com.sun.jerse
+ y.api.client;version="[1.17,2)",com.sun.jersey.api.client.config;versio
+ n="[1.17,2)",javax.ws.rs.core;version="[1.1,2)",org.opendaylight.contro
+ ller.config.api;version="[0.6,1)",org.opendaylight.controller.config.ap
+ i.annotations;version="[0.6,1)",org.opendaylight.controller.config.spi;
+ version="[0.6,1)",org.opendaylight.controller.md.sal.binding.api;versio
+ n="[1.5,2)",org.opendaylight.controller.md.sal.common.api.data;version=
+ "[1.5,2)",org.opendaylight.controller.sal.common.util;version="[1.5,2)"
+ ,org.opendaylight.groupbasedpolicy.api;version="[0.5,1)",org.opendaylig
+ ht.groupbasedpolicy.api.sf;version="[0.5,1)",org.opendaylight.groupbase
+ dpolicy.dto;version="[0.5,1)",org.opendaylight.groupbasedpolicy.rendere
+ r.iovisor;version="[0.5,1)",org.opendaylight.groupbasedpolicy.renderer.
+ iovisor.endpoint;version="[0.5,1)",org.opendaylight.groupbasedpolicy.re
+ nderer.iovisor.module;version="[0.5,1)",org.opendaylight.groupbasedpoli
+ cy.renderer.iovisor.restclient;version="[0.5,1)",org.opendaylight.group
+ basedpolicy.renderer.iovisor.sf;version="[0.5,1)",org.opendaylight.grou
+ pbasedpolicy.renderer.iovisor.utils;version="[0.5,1)",org.opendaylight.
+ groupbasedpolicy.util;version="[0.5,1)",org.opendaylight.mdsal.singleto
+ n.common.api;version="[2.2,3)",org.opendaylight.yang.gen.v1.urn.ietf.pa
+ rams.xml.ns.yang.ietf.inet.types.rev130715;version="[1.2,2)",org.openda
+ ylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421;v
+ ersion="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbas
+ edpolicy.endpoint.rev140421;version="[0.5,1)",org.opendaylight.yang.gen
+ .v1.urn.opendaylight.groupbasedpolicy.endpoint.rev140421.endpoints;vers
+ ion="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedp
+ olicy.iovisor.rev151030;version="[0.5,1)",org.opendaylight.yang.gen.v1.
+ urn.opendaylight.groupbasedpolicy.iovisor.rev151030.iovisor.module.inst
+ ances;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.g
+ roupbasedpolicy.iovisor.rev151030.iovisor.modules.by.tenant.by.endpoint
+ group.id;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendayligh
+ t.groupbasedpolicy.iovisor.rev151030.iovisor.modules.by.tenant.by.endpo
+ intgroup.id.iovisor.module.by.tenant.by.endpointgroup.id;version="[0.5,
+ 1)",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovi
+ sor.rev151030.iovisor.resolved.endpoints;version="[0.5,1)",org.opendayl
+ ight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.iovisor.rev151030.io
+ visor.resolved.endpoints.by.tenant.by.endpointgroup.id;version="[0.5,1)
+ ",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.ioviso
+ r.rev151030.iovisor.resolved.endpoints.by.tenant.by.endpointgroup.id.io
+ visor.resolved.endpoint.by.tenant.by.endpointgroup.id;version="[0.5,1)"
+ ,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.
+ rev140421;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylig
+ ht.groupbasedpolicy.policy.rev140421.subject.feature.definitions;versio
+ n="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpol
+ icy.policy.rev140421.subject.feature.instance;version="[0.5,1)",org.ope
+ ndaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev14042
+ 1.subject.feature.instance.parameter.value;version="[0.5,1)",org.openda
+ ylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.t
+ enants.tenant.policy.subject.feature.instances;version="[0.5,1)",org.op
+ endaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev15
+ 1103;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.gr
+ oupbasedpolicy.renderer.rev151103.has.parameters.type;version="[0.5,1)"
+ ,org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.rendere
+ r.rev151103.has.parameters.type.parameter.type;version="[0.5,1)",org.op
+ endaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev15
+ 1103.renderers;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opend
+ aylight.groupbasedpolicy.renderer.rev151103.renderers.renderer;version=
+ "[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolic
+ y.renderer.rev151103.renderers.renderer.capabilities;version="[0.5,1)",
+ org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer
+ .rev151103.renderers.renderer.capabilities.supported.action.definition;
+ version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.groupba
+ sedpolicy.renderer.rev151103.renderers.renderer.capabilities.supported.
+ classifier.definition;version="[0.5,1)",org.opendaylight.yang.gen.v1.ur
+ n.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.i
+ nterests.followed.tenants.followed.tenant;version="[0.5,1)",org.openday
+ light.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.
+ supported._int.value.fields;version="[0.5,1)",org.opendaylight.yang.gen
+ .v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.supported.rang
+ e.value.fields;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.opend
+ aylight.groupbasedpolicy.resolved.policy.rev150828;version="[0.5,1)",or
+ g.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.p
+ olicy.rev150828.resolved.policies;version="[0.5,1)",org.opendaylight.ya
+ ng.gen.v1.urn.opendaylight.params.xml.ns.yang.controller.config.groupba
+ sedpolicy.rev151106;version="[0.5,1)",org.opendaylight.yang.gen.v1.urn.
+ opendaylight.params.xml.ns.yang.controller.config.rev130405;version="[0
+ .6,1)",org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang
+ .controller.config.rev130405.modules.module;version="[0.6,1)",org.opend
+ aylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.controller.md.s
+ al.binding.impl.rev131028;version="[1.5,2)",org.opendaylight.yang.gen.v
+ 1.urn.opendaylight.params.xml.ns.yang.controller.md.sal.binding.rev1310
+ 28;version="[1.5,2)",org.opendaylight.yang.gen.v1.urn.opendaylight.yang
+ .extension.yang.ext.rev130709;version="[2013.9,2014)",org.opendaylight.
+ yangtools.concepts;version="[1.1,2)",org.opendaylight.yangtools.yang.bi
+ nding;version="[0.10,1)",org.opendaylight.yangtools.yang.binding.annota
+ tions;version="[0.10,1)",org.opendaylight.yangtools.yang.common;version
+ ="[1.1,2)",org.osgi.framework;version="[1.7,2)",org.slf4j;version="[1.7
+ ,2)"
+Originally-Created-By: Apache Maven Bundle Plugin
+Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
+Tool: Bnd-3.0.0.201509101326
package org.opendaylight.controller.config.yang.config.vpp_provider.impl;
+import java.util.ArrayList;
import java.util.List;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.sal.binding.api.BindingAwareProvider;
import org.opendaylight.groupbasedpolicy.renderer.vpp.api.BridgeDomainManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.adapter.VppRpcServiceImpl;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.InterfaceManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.listener.RendererPolicyListener;
import org.opendaylight.groupbasedpolicy.renderer.vpp.listener.VppEndpointListener;
import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.ForwardingManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.VppRendererPolicyManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.AllowAction;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier;
import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.EtherTypeClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.IpProtoClassifier;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.L4Classifier;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.MountedDataBrokerProvider;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.VppIidFactory;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.RendererName;
ImmutableList.of(new SupportedActionDefinitionBuilder().setActionDefinitionId(new AllowAction().getId())
.setSupportedParameterValues(new AllowAction().getSupportedParameterValues())
.build());
- private final List<SupportedClassifierDefinition> classifierDefinitions = ImmutableList
- .of(new SupportedClassifierDefinitionBuilder().setClassifierDefinitionId(new EtherTypeClassifier(null).getId())
- .setSupportedParameterValues(new EtherTypeClassifier(null).getSupportedParameterValues())
- .build());
+ private final List<SupportedClassifierDefinition> classifierDefinitions;
private final DataBroker dataBroker;
private VppNodeManager vppNodeManager;
private InterfaceManager interfaceManager;
+ private AclManager aclManager;
private VppRendererPolicyManager vppRendererPolicyManager;
private VppNodeListener vppNodeListener;
public VppRenderer(DataBroker dataBroker, BindingAwareBroker bindingAwareBroker) {
this.dataBroker = Preconditions.checkNotNull(dataBroker);
bindingAwareBroker.registerProvider(this);
+ EtherTypeClassifier etherTypeClassifier = new EtherTypeClassifier(null);
+ IpProtoClassifier ipProtoClassifier = new IpProtoClassifier(etherTypeClassifier);
+ classifierDefinitions =
+ buildClassifierDefinitions(etherTypeClassifier, ipProtoClassifier, new L4Classifier(ipProtoClassifier));
+ }
+
+ private List<SupportedClassifierDefinition> buildClassifierDefinitions(Classifier ... classifs) {
+ List<SupportedClassifierDefinition> clDefs = new ArrayList<>();
+ SupportedClassifierDefinitionBuilder clDefBuilder = new SupportedClassifierDefinitionBuilder();
+ for (Classifier classif : classifs) {
+ if (classif.getParent() != null) {
+ clDefBuilder.setParentClassifierDefinitionId(classif.getParent().getId());
+ }
+ clDefs.add(clDefBuilder.setClassifierDefinitionId(classif.getId())
+ .setSupportedParameterValues(classif.getSupportedParameterValues())
+ .build());
+ }
+ return clDefs;
}
@Override
EventBus dtoEventBus = new EventBus((exception, context) -> LOG.error("Could not dispatch event: {} to {}",
context.getSubscriber(), context.getSubscriberMethod(), exception));
interfaceManager = new InterfaceManager(mountDataProvider, dataBroker);
+ aclManager = new AclManager(mountDataProvider);
dtoEventBus.register(interfaceManager);
BridgeDomainManager bdManager = new BridgeDomainManagerImpl(dataBroker);
- ForwardingManager fwManager = new ForwardingManager(interfaceManager, bdManager, dataBroker);
- vppRendererPolicyManager = new VppRendererPolicyManager(fwManager, dataBroker);
+ ForwardingManager fwManager = new ForwardingManager(interfaceManager, aclManager, bdManager, dataBroker);
+ vppRendererPolicyManager = new VppRendererPolicyManager(fwManager, aclManager, dataBroker);
dtoEventBus.register(vppRendererPolicyManager);
vppNodeListener = new VppNodeListener(dataBroker, vppNodeManager, dtoEventBus);
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.iface;
+
+import java.util.stream.Collectors;
+
+import javax.annotation.Nonnull;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.PolicyContext;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.util.MountedDataBrokerProvider;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpointKey;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.ImmutableSet;
+
+public class AclManager {
+
+ private static final Logger LOG = LoggerFactory.getLogger(AclManager.class);
+ private final MountedDataBrokerProvider mountDataProvider;
+
+ public AclManager(@Nonnull MountedDataBrokerProvider mountDataProvider) {
+ this.mountDataProvider = Preconditions.checkNotNull(mountDataProvider);
+ }
+
+ public void updateAclsForPeers(PolicyContext policyCtx, RendererEndpointKey rEpKey) {
+ ImmutableSet<PeerEndpointKey> peers = policyCtx.getPolicyTable().row(rEpKey).keySet();
+ for (RendererEndpointKey peerRendEp : peers.stream()
+ .map(AddressEndpointUtils::fromPeerEpKey)
+ .collect(Collectors.toList())
+ .stream()
+ .map(AddressEndpointUtils::toRendererEpKey)
+ .collect(Collectors.toList())) {
+ updateAclsForRendEp(peerRendEp, policyCtx);
+ }
+ }
+
+ public void updateAclsForRendEp(RendererEndpointKey rEpKey, PolicyContext policyCtx) {
+ LOG.info("Updating policy for endpoint {}", rEpKey);
+ AddressEndpointWithLocation peerAddrEp = policyCtx.getAddrEpByKey().get(KeyFactory.addressEndpointKey(rEpKey));
+ ExternalLocationCase epLoc = InterfaceManager.resolveAndValidateLocation(peerAddrEp);
+ InstanceIdentifier<?> vppNodeIid = epLoc.getExternalNodeMountPoint();
+ Optional<InstanceIdentifier<Interface>> optInterfaceIid =
+ VppPathMapper.interfaceToInstanceIdentifier(epLoc.getExternalNodeConnector());
+ if (!optInterfaceIid.isPresent()) {
+ LOG.warn("Cannot find interface for endpoint {}. ACLs for endpoint not updated {}. ", rEpKey);
+ return;
+ }
+ Optional<DataBroker> optMountPoint = mountDataProvider.getDataBrokerForMountPoint(vppNodeIid);
+ AccessListUtil.resolveAclsOnInterface(rEpKey, policyCtx).forEach(aclWrapper -> aclWrapper
+ .writeAcl(optMountPoint.get(), optInterfaceIid.get().firstKeyOf(Interface.class)));
+ }
+}
package org.opendaylight.groupbasedpolicy.renderer.vpp.iface;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.ExecutionException;
+
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import java.util.concurrent.ExecutionException;
-import com.google.common.base.Optional;
-import com.google.common.base.Preconditions;
-import com.google.common.base.Strings;
-import com.google.common.eventbus.Subscribe;
-import com.google.common.util.concurrent.AsyncFunction;
-import com.google.common.util.concurrent.Futures;
-import com.google.common.util.concurrent.ListenableFuture;
+
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.renderer.vpp.commands.VhostUserCommand.VhostUserCommandBuilder;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.NodeOperEvent;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.VppEndpointConfEvent;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListWrapper;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.GbpNetconfTransaction;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.General.Operations;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.MountedDataBrokerProvider;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCaseBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.ExcludeFromPolicy;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes.InterfaceTypeChoice;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.LoopbackCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.TapCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.l2.base.attributes.Interconnection;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.l2.base.attributes.interconnection.BridgeBased;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.l2.base.attributes.interconnection.BridgeBasedBuilder;
+import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.base.Strings;
+import com.google.common.collect.HashMultimap;
+import com.google.common.collect.SetMultimap;
+import com.google.common.eventbus.Subscribe;
+import com.google.common.util.concurrent.AsyncFunction;
+import com.google.common.util.concurrent.Futures;
+import com.google.common.util.concurrent.ListenableFuture;
+
public class InterfaceManager implements AutoCloseable {
private static final Logger LOG = LoggerFactory.getLogger(InterfaceManager.class);
private final MountedDataBrokerProvider mountDataProvider;
private final VppEndpointLocationProvider vppEndpointLocationProvider;
+ private final SetMultimap<NodeId, String> excludedFromPolicy = HashMultimap.create();
public InterfaceManager(@Nonnull MountedDataBrokerProvider mountDataProvider, @Nonnull DataBroker dataProvider) {
this.mountDataProvider = Preconditions.checkNotNull(mountDataProvider);
switch (event.getDtoModificationType()) {
case CREATED: {
vppEndpointCreated(event.getAfter().get()).get();
+ updatePolicyExcludedEndpoints(event.getAfter().get(), true);
}
break;
case UPDATED:
vppEndpointUpdated(event.getBefore().get(), event.getAfter().get()).get();
+ updatePolicyExcludedEndpoints(event.getBefore().get(), false);
+ updatePolicyExcludedEndpoints(event.getAfter().get(), true);
break;
case DELETED:
vppEndpointDeleted(event.getBefore().get()).get();
+ updatePolicyExcludedEndpoints(event.getBefore().get(), false);
break;
}
} catch (InterruptedException | ExecutionException e) {
}
}
+ private void updatePolicyExcludedEndpoints(VppEndpoint vppEndpoint, boolean created) {
+ if (vppEndpoint.getAugmentation(ExcludeFromPolicy.class) != null) {
+ return;
+ }
+ if (created) {
+ excludedFromPolicy.put(vppEndpoint.getVppNodeId(), vppEndpoint.getVppInterfaceName());
+ return;
+ }
+ excludedFromPolicy.remove(vppEndpoint.getVppNodeId(), vppEndpoint.getVppInterfaceName());
+ }
+
private ListenableFuture<Void> vppEndpointCreated(VppEndpoint vppEndpoint) {
InterfaceTypeChoice interfaceTypeChoice = vppEndpoint.getInterfaceTypeChoice();
LOG.trace("Creating VPP endpoint {}, type of {}", vppEndpoint, interfaceTypeChoice);
*/
public synchronized ListenableFuture<Void> addBridgeDomainToInterface(@Nonnull String bridgeDomainName,
@Nonnull AddressEndpointWithLocation addrEpWithLoc,
+ @Nonnull List<AccessListWrapper> aclWrappers,
boolean enableBvi) {
ExternalLocationCase epLoc = resolveAndValidateLocation(addrEpWithLoc);
InstanceIdentifier<?> vppNodeIid = epLoc.getExternalNodeMountPoint();
GbpNetconfTransaction.RETRY_COUNT);
if (transactionState) {
LOG.debug("Adding bridge domain {} to interface {} successful", bridgeDomainName, interfacePath);
+ Set<String> excludedIfaces = excludedFromPolicy.get(vppNodeIid.firstKeyOf(Node.class).getNodeId());
+ if(excludedIfaces == null || !excludedIfaces.contains(interfaceIid.firstKeyOf(Interface.class).getName())) {
+ // can apply ACLs on interfaces in bridge domains
+ aclWrappers.forEach(aclWrapper -> {
+ LOG.debug("Writing access list for interface {} on a node {}.", interfaceIid,
+ vppNodeIid);
+ aclWrapper.writeAcl(mountpoint, interfaceIid.firstKeyOf(Interface.class));
+ aclWrapper.writeAclRefOnIface(mountpoint, interfaceIid);
+ });
+ }
String bridgeDomainPath = VppPathMapper.bridgeDomainToRestPath(bridgeDomainName);
return vppEndpointLocationProvider.replaceLocationForEndpoint(new ExternalLocationCaseBuilder()
.setExternalNode(bridgeDomainPath)
* and {@link ExternalLocationCase#getExternalNodeConnector()} MUST NOT be {@code null}
* @return {@link ListenableFuture}
*/
- public synchronized
- @Nonnull
- ListenableFuture<Void> deleteBridgeDomainFromInterface(
+ public synchronized @Nonnull ListenableFuture<Void> deleteBridgeDomainFromInterface(
@Nonnull AddressEndpointWithLocation addrEpWithLoc) {
+ // TODO update ACLs for peers
ExternalLocationCase epLoc = resolveAndValidateLocation(addrEpWithLoc);
InstanceIdentifier<?> vppNodeIid = epLoc.getExternalNodeMountPoint();
String interfacePath = epLoc.getExternalNodeConnector();
LOG.debug("Bridge domain does not exist therefore it is considered as deleted for interface {}",
interfacePath);
// bridge domain does not exist on interface so we consider job done
- return vppEndpointLocationProvider.replaceLocationForEndpoint(new ExternalLocationCaseBuilder()
- .setExternalNode(null)
- .setExternalNodeMountPoint(vppNodeIid)
- .setExternalNodeConnector(interfacePath)
- .build(), addrEpWithLoc.getKey());
+ return vppEndpointLocationProvider.replaceLocationForEndpoint(
+ new ExternalLocationCaseBuilder().setExternalNode(null)
+ .setExternalNodeMountPoint(vppNodeIid)
+ .setExternalNodeConnector(interfacePath)
+ .build(),
+ addrEpWithLoc.getKey());
}
InstanceIdentifier<L2> l2Iid =
interfaceIid.builder().augmentation(VppInterfaceAugmentation.class).child(L2.class).build();
LOG.debug("Deleting bridge domain from interface {}", interfacePath);
- final boolean transactionState = GbpNetconfTransaction.deleteIfExists(mountpoint, l2Iid,
- GbpNetconfTransaction.RETRY_COUNT);
+ final boolean transactionState =
+ GbpNetconfTransaction.deleteIfExists(mountpoint, l2Iid, GbpNetconfTransaction.RETRY_COUNT);
if (transactionState) {
- return vppEndpointLocationProvider.replaceLocationForEndpoint(new ExternalLocationCaseBuilder()
- .setExternalNode(null)
- .setExternalNodeMountPoint(vppNodeIid)
- .setExternalNodeConnector(interfacePath)
- .build(), addrEpWithLoc.getKey());
+ AccessListWrapper.removeAclsForInterface(mountpoint, interfaceIid.firstKeyOf(Interface.class));
+ AccessListWrapper.removeAclRefFromIface(mountpoint, interfaceIid.firstKeyOf(Interface.class));
+ return vppEndpointLocationProvider.replaceLocationForEndpoint(
+ new ExternalLocationCaseBuilder().setExternalNode(null)
+ .setExternalNodeMountPoint(vppNodeIid)
+ .setExternalNodeConnector(interfacePath)
+ .build(),
+ addrEpWithLoc.getKey());
} else {
final String message = "Failed to delete bridge domain from interface " + interfacePath;
LOG.warn(message);
}
}
- private static ExternalLocationCase resolveAndValidateLocation(AddressEndpointWithLocation addrEpWithLoc) {
+ static ExternalLocationCase resolveAndValidateLocation(AddressEndpointWithLocation addrEpWithLoc) {
LocationType locationType = addrEpWithLoc.getAbsoluteLocation().getLocationType();
if (!(locationType instanceof ExternalLocationCase)) {
throw new IllegalArgumentException("Endpoint does not have external location " + addrEpWithLoc);
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.renderer.vpp.api.BridgeDomainManager;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.InterfaceManager;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.common.endpoint.fields.NetworkContainment;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererNetworkDomainKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.Config;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.VlanNetwork;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes.InterfaceTypeChoice;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.LoopbackCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.config.GbpBridgeDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.config.GbpBridgeDomainKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.config.VppEndpoint;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425.config.VppEndpointKey;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes.InterfaceTypeChoice;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.vpp_renderer.rev160425._interface.attributes._interface.type.choice.LoopbackCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.l2.types.rev130827.VlanId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.VxlanVni;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
private long lastVxlanVni = 1L;
private final Map<String, VxlanVni> vxlanVniByBridgeDomain = new HashMap<>();
private final InterfaceManager ifaceManager;
+ private final AclManager aclManager;
private final BridgeDomainManager bdManager;
private final DataBroker dataBroker;
- public ForwardingManager(@Nonnull InterfaceManager ifaceManager, @Nonnull BridgeDomainManager bdManager, @Nonnull DataBroker dataBroker) {
+
+ public ForwardingManager(@Nonnull InterfaceManager ifaceManager, @Nonnull AclManager aclManager,
+ @Nonnull BridgeDomainManager bdManager, @Nonnull DataBroker dataBroker) {
this.ifaceManager = Preconditions.checkNotNull(ifaceManager);
this.bdManager = Preconditions.checkNotNull(bdManager);
this.dataBroker = Preconditions.checkNotNull(dataBroker);
+ this.aclManager = Preconditions.checkNotNull(aclManager);
}
public Optional<GbpBridgeDomain> readGbpBridgeDomainConfig(String name) {
.child(GbpBridgeDomain.class, new GbpBridgeDomainKey(name))
.build();
ReadOnlyTransaction rTx = dataBroker.newReadOnlyTransaction();
- return DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, bdIid, rTx);
+ Optional<GbpBridgeDomain> optBd = DataStoreHelper.readFromDs(LogicalDatastoreType.CONFIGURATION, bdIid, rTx);
+ rTx.close();
+ return optBd;
}
public void createBridgeDomainOnNodes(SetMultimap<String, NodeId> vppNodesByBridgeDomain) {
}
String l2FloodDomain = optL2FloodDomain.get();
try {
- ifaceManager.addBridgeDomainToInterface(l2FloodDomain, rEp, isBviForEndpoint(rEp)).get();
+ ifaceManager.addBridgeDomainToInterface(l2FloodDomain, rEp, AccessListUtil.resolveAclsOnInterface(
+ rEpKey, policyCtx), isBviForEndpoint(rEp)).get();
+ aclManager.updateAclsForPeers(policyCtx, rEpKey);
LOG.debug("Interface added to bridge-domain {} for endpoint {}", l2FloodDomain, rEp);
} catch (InterruptedException | ExecutionException e) {
// TODO add it to the status for renderer manager
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.NodeOperEvent;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.RendererPolicyConfEvent;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
import org.opendaylight.groupbasedpolicy.util.IidFactory;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.address.endpoints.AddressEndpointKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCase;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicy;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicyBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroupKey;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
private static final Logger LOG = LoggerFactory.getLogger(VppRendererPolicyManager.class);
private final DataBroker dataProvider;
private ForwardingManager fwManager;
+ private final AclManager aclManager;
- public VppRendererPolicyManager(@Nonnull ForwardingManager fwManager, @Nonnull DataBroker dataProvider) {
+ public VppRendererPolicyManager(@Nonnull ForwardingManager fwManager, @Nonnull AclManager aclManager,
+ @Nonnull DataBroker dataProvider) {
this.fwManager = Preconditions.checkNotNull(fwManager);
this.dataProvider = Preconditions.checkNotNull(dataProvider);
+ this.aclManager = Preconditions.checkNotNull(aclManager);
}
@Subscribe
fwManager.createForwardingForEndpoint(rEpKey, policyCtxAfter);
}
});
+ updatePolicy(policyCtxBefore, policyCtxAfter);
+ }
+
+ /**
+ * Looks for changed rule groups in {@code policyCtxBefore} and {@code policyCtxAfter}.
+ * Access lists are updated for endpoints in {@code policyCtxAfter} affected by changed rule
+ * groups.
+ *
+ * @param policyCtxBefore policy before
+ * @param policyCtxAfter policy after
+ */
+ private void updatePolicy(PolicyContext policyCtxBefore, PolicyContext policyCtxAfter) {
+ LOG.info("Updating policy by rule groups.");
+ Set<RuleGroupKey> diffRuleGroups = new HashSet<>();
+ diffRuleGroups.addAll(Sets.difference(policyCtxBefore.getRuleGroupByKey().keySet(),
+ policyCtxAfter.getRuleGroupByKey().keySet()));
+ diffRuleGroups.addAll(Sets.difference(policyCtxAfter.getRuleGroupByKey().keySet(), policyCtxBefore.getRuleGroupByKey().keySet()));
+ LOG.trace("Rule groups changed: {} ", diffRuleGroups.size());
+ Set<RendererEndpointKey> updates = new HashSet<>();
+ for (PolicyContext policy : new PolicyContext[] {policyCtxBefore, policyCtxAfter}) {
+ if (policy.getPolicy().getConfiguration() == null
+ || policy.getPolicy().getConfiguration().getRendererEndpoints() == null
+ || policy.getPolicy().getConfiguration().getRendererEndpoints().getRendererEndpoint() == null) {
+ continue;
+ }
+ policy.getPolicy()
+ .getConfiguration()
+ .getRendererEndpoints()
+ .getRendererEndpoint()
+ .stream()
+ .filter(rEp -> !updates.contains(rEp.getKey()))
+ .forEach(rEp -> {
+ for (PeerEndpoint pEp : rEp.getPeerEndpoint()) {
+ for (RuleGroupWithRendererEndpointParticipation rg : pEp
+ .getRuleGroupWithRendererEndpointParticipation()) {
+ if (!diffRuleGroups.contains(
+ new RuleGroupKey(rg.getContractId(), rg.getSubjectName(), rg.getTenantId()))) {
+ continue;
+ }
+ LOG.debug("Updated resolved rule group: {}. Affected endpoints {} and {}.", rg.getKey(), rEp.getKey(), pEp.getKey());
+ updates.add(rEp.getKey());
+ AddressEndpointKey k1 = AddressEndpointUtils.fromPeerEpKey(pEp.getKey());
+ updates.add(AddressEndpointUtils.toRendererEpKey(k1));
+ }
+ }
+ });
+ }
+ for (RendererEndpointKey rEpKey : updates) {
+ aclManager.updateAclsForRendEp(rEpKey, policyCtxAfter);
+ }
}
private static boolean isLocationChanged(AddressEndpointWithLocation before, AddressEndpointWithLocation after) {
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.net.Inet4Address;
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.annotation.Nonnull;
+
+import org.opendaylight.groupbasedpolicy.api.sf.AllowActionDefinition;
+import org.opendaylight.groupbasedpolicy.renderer.util.AddressEndpointUtils;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.PolicyContext;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.RendererResolvedPolicy;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.sf.SubjectFeatures;
+import org.opendaylight.groupbasedpolicy.util.EndpointUtils;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.parent.child.endpoints.parent.endpoint.choice.parent.endpoint._case.ParentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2BridgeDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.SubnetAugmentRenderer;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.has.subnet.Subnet;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.EndpointPolicyParticipation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpointKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.RendererForwardingByTenant;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.actions.Action;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.Classifier;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.resolved.rules.ResolvedRule;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.google.common.base.Optional;
+
+ /*
+ * Transforms Renderer policy into access-list configuration for Honeycomb.
+ *
+ * */
+
+public class AccessListUtil {
+
+ private static final Logger LOG = LoggerFactory.getLogger(AccessListUtil.class);
+ private static final String UNDERSCORE = "_";
+ private static final String PERMIT_EXTERNAL_INGRESS = "permit_external_ingress";
+ private static final String PERMIT_EXTERNAL_EGRESS = "permit_external_egress";
+ private static final String DENY_INGRESS_IPV4 = "deny_ingress_ipv4";
+ private static final String DENY_INGRESS_IPV6 = "deny_ingress_ipv6";
+ private static final String DENY_EGRESS_IPV4 = "deny_egress_ipv4";
+ private static final String DENY_EGRESS_IPV6 = "deny_egress_ipv6";
+
+ public enum ACE_DIRECTION {
+ INGRESS, EGRESS
+ }
+
+ // hiding default public constructor
+ private AccessListUtil() {}
+
+ public static List<AccessListWrapper> resolveAclsOnInterface(RendererEndpointKey rEpKey, PolicyContext ctx) {
+ List<AccessListWrapper> aclWrappers = new ArrayList<>();
+ for (ACE_DIRECTION dir : new ACE_DIRECTION[] {ACE_DIRECTION.INGRESS, ACE_DIRECTION.EGRESS}) {
+ aclWrappers.add(buildAccessListWrappers(dir, ctx, rEpKey));
+ }
+ return aclWrappers;
+ }
+
+ /**
+ * @param policyDirection direction for which policy should be resolved. EP -> VPP = OUTBOUND, EP <- VPP = INBOUND
+ * @param ctx with cached data
+ * @param rEpKey key of EP for which to create ACLs.
+ * @return synchronization futures, so that INGRESS and EGRESS ACLS can be resolved in parallel.
+ */
+ private static AccessListWrapper buildAccessListWrappers(ACE_DIRECTION policyDirection, PolicyContext ctx,
+ RendererEndpointKey rEpKey) {
+ LOG.trace("Resolving policy for VPP renderer endpoint {} in a separate thread in {} direction.", rEpKey,
+ policyDirection);
+ AccessListWrapper aclWrapper = AccessListUtil.ACE_DIRECTION.INGRESS
+ .equals(policyDirection) ? new IngressAccessListWrapper() : new EgressAccessListWrapper();
+ ctx.getPolicyTable()
+ .row(rEpKey)
+ .keySet()
+ .stream()
+ .filter(peerEpKey -> peerHasLocation(ctx, peerEpKey))
+ .forEach(peerEpKey -> {
+ ctx.getPolicyTable().get(rEpKey, peerEpKey).forEach(resolvedRules -> {
+ List<GbpAceBuilder> rules = new ArrayList<>();
+ LOG.debug("Resolving policy for {} and peer endpoint {}", rEpKey, peerEpKey);
+ Direction classifDir =
+ calculateClassifDirection(resolvedRules.getRendererEndpointParticipation(), policyDirection);
+ rules.addAll(resolveAclRulesFromPolicy(resolvedRules, classifDir,
+ rEpKey.getAddress() + UNDERSCORE + peerEpKey.getAddress()));
+ updateAddressesInRules(rules, rEpKey, peerEpKey, ctx, policyDirection, true);
+ aclWrapper.writeRules(rules);
+ });
+ });
+ // resolve peers with no location
+ aclWrapper.writeRules(denyDomainSubnets(ctx, policyDirection));
+ // TODO currently any traffic heading to/from outside of managed domain is
+ // permitted for demonstration purposes
+ if (rEpKey.getContextType().isAssignableFrom(L2BridgeDomain.class) && findAddrEp(ctx, rEpKey) != null) {
+ Optional<GbpAceBuilder> allowExtAccess =
+ allowExternalNetworksForEp(findAddrEp(ctx, rEpKey), policyDirection);
+ if (allowExtAccess.isPresent()) {
+ aclWrapper.writeRule(allowExtAccess.get());
+ }
+ }
+ return aclWrapper;
+ }
+
+ /**
+ * Resolves direction for classifiers that will be applied to INBOUND or OUTBOUND direction.
+ * </p>
+ * Rule is applied in INGRESS direction when participation is PROVIDER and classifier direction is OUT
+ * </p>
+ * Rule is applied in INGRESS direction when participation is CONSUMER and classifier direction is IN
+ * </p>
+ * INBOUND direction is applied otherwise.
+ * </p>
+ * Based on this
+ * </p>
+ * OUT classifier direction is resolved for INGRESS traffic when participation is PROVIDER
+ * </p>
+ * OUT classifier direction is resolved for EGRESS traffic when participation is CONSUMER
+ * </p>
+ * IN is resolved otherwise.
+ * </p>
+ * @param participation provider or consumer
+ * @param direction EGRESS or INGRESS
+ * @return Direction that classifiers should match for given policy direction.
+ */
+ private static Direction calculateClassifDirection(EndpointPolicyParticipation participation, ACE_DIRECTION direction) {
+ if (EndpointPolicyParticipation.PROVIDER.equals(participation) && ACE_DIRECTION.INGRESS.equals(direction)) {
+ return Direction.Out;
+ }
+ if (EndpointPolicyParticipation.CONSUMER.equals(participation) && ACE_DIRECTION.EGRESS.equals(direction)) {
+ return Direction.Out;
+ }
+ return Direction.In;
+ }
+
+ private static void updateAddressesInRules(List<GbpAceBuilder> rules, RendererEndpointKey rEpKey,
+ PeerEndpointKey peerEpKey, PolicyContext ctx, ACE_DIRECTION policyDirection,
+ boolean resolveForLocationPeers) {
+ for (AddressMapper addrMapper : Arrays.asList(new SourceMapper(policyDirection),
+ new DestinationMapper(policyDirection))) {
+ if (peerHasLocation(ctx, peerEpKey) && resolveForLocationPeers) {
+ addrMapper.updateRules(rules, findAddrEp(ctx, rEpKey), findAddrEp(ctx, peerEpKey));
+ } else if (!peerHasLocation(ctx, peerEpKey) && !resolveForLocationPeers) {
+ addrMapper.updateExtRules(rules, findAddrEp(ctx, rEpKey), null);
+ }
+ }
+ }
+
+ private static boolean peerHasLocation(PolicyContext ctx, PeerEndpointKey peerEpKey) {
+ return ctx.getAddrEpByKey().get(
+ AddressEndpointUtils.fromPeerEpKey(peerEpKey)) != null;
+ }
+
+ private static AddressEndpointWithLocation findAddrEp(PolicyContext ctx, RendererEndpointKey rEpKey) {
+ return ctx.getAddrEpByKey().get(
+ AddressEndpointUtils.fromRendererEpKey(rEpKey));
+ }
+
+ private static AddressEndpointWithLocation findAddrEp(PolicyContext ctx, PeerEndpointKey rEpKey) {
+ return ctx.getAddrEpByKey().get(
+ AddressEndpointUtils.fromPeerEpKey(rEpKey));
+ }
+
+ /** Transform a resolved rule to ACE with corresponding classification and action fields
+ *
+ * @param resolvedPolicy resolved rules, with the same participation - provider or consumer
+ * @param direction rules matching corresponding direction will be collected
+ * @return resolved ACE entries
+ */
+ private static List<GbpAceBuilder> resolveAclRulesFromPolicy(RendererResolvedPolicy resolvedPolicy,
+ Direction direction, String namePasphrase) {
+ List<GbpAceBuilder> aclRules = new ArrayList<>();
+ for (ResolvedRule resolvedRule : resolvedPolicy.getRuleGroup().getRules()) {
+ Map<String, ParameterValue> params = resolveClassifParamsForDir(direction, resolvedRule.getClassifier());
+ if (params.isEmpty()) {
+ continue;
+ }
+ LOG.debug("Processing classifification params {} in resolved rule {}.", params,
+ resolvedRule.getName() + UNDERSCORE + namePasphrase);
+ org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier classif =
+ resolveImplementedClassifForDir(direction, resolvedRule.getClassifier());
+ GbpAceBuilder aclRuleBuilder =
+ new GbpAceBuilder(resolvedRule.getName().getValue() + UNDERSCORE + namePasphrase);
+ boolean updated = classif != null && classif.updateMatch(aclRuleBuilder, params);
+ Optional<Actions> optAction = resolveActions(resolvedRule.getAction());
+ if (!optAction.isPresent() || !updated) {
+ LOG.error("Failed to process rule {}. Resolved parameters {}, resolved classifier. Actions resolved: {}"
+ + "{}.", resolvedRule.getName().getValue(), params, classif, optAction.isPresent());
+ continue;
+ }
+ aclRuleBuilder.setAction(optAction.get());
+ aclRules.add(aclRuleBuilder);
+ }
+ return aclRules;
+ }
+
+ private static org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier resolveImplementedClassifForDir(
+ @Nonnull Direction direction, @Nonnull List<Classifier> classifiers) {
+ org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier feasibleClassifier = null;
+ for (Classifier cl : classifiers) {
+ if (direction.equals(cl.getDirection()) || direction.equals(Direction.Bidirectional)) {
+ org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier classif =
+ SubjectFeatures.getClassifier(cl.getClassifierDefinitionId());
+ if (feasibleClassifier == null) {
+ feasibleClassifier = classif;
+ }
+ if (classif.getParent() != null && classif.getParent().equals(feasibleClassifier)) {
+ feasibleClassifier = classif;
+ }
+ }
+ }
+ return feasibleClassifier;
+ }
+
+ private static Map<String, ParameterValue> resolveClassifParamsForDir(Direction direction,
+ List<Classifier> classifier) {
+ Map<String, ParameterValue> params = new HashMap<>();
+ classifier.stream()
+ .filter(classif -> direction.equals(classif.getDirection()) || direction.equals(Direction.Bidirectional))
+ .forEach(classif -> {
+ LOG.trace("Resolving parameters for classiifier: {} with direction", classif, direction);
+ classif.getParameterValue()
+ .stream()
+ .filter(v -> params.get(v.getName().getValue()) == null) // not unique
+ .filter(v -> v.getIntValue() != null || v.getStringValue() != null || v.getRangeValue() != null)
+ .forEach(v -> params.put(v.getName().getValue(), v));
+ LOG.trace("Resolved parameters {} for classiifier: {} with direction {}", params, classif, direction);
+ });
+ return params;
+ }
+
+ private static Optional<Actions> resolveActions(List<Action> actions) {
+ for (Action action : actions) {
+ if (AllowActionDefinition.ID
+ .equals(action.getActionDefinitionId())) {
+ LOG.trace("Applying supported action: {}", action);
+ return Optional
+ .of(new ActionsBuilder().setPacketHandling(new PermitBuilder().setPermit(true).build()).build());
+ }
+ }
+ LOG.warn("No supported action found among actions: {}", actions);
+ return Optional.absent();
+ }
+
+ /*
+ * so far any traffic heading to/from outside of managed domain is permitted for demonstration
+ * purposes
+ * TODO initial workaround for external networking
+ */
+ private static Optional<GbpAceBuilder> allowExternalNetworksForEp(@Nonnull AddressEndpointWithLocation addrEp,
+ AccessListUtil.ACE_DIRECTION dir) {
+ List<ParentEndpoint> parentEndpoints = EndpointUtils.getParentEndpoints(addrEp.getParentEndpointChoice());
+ if (parentEndpoints.isEmpty()) {
+ return Optional.absent();
+ }
+ for (ParentEndpoint parentEp : parentEndpoints) {
+ InetAddress byName;
+ try {
+ byName = InetAddress.getByName(substringBeforeSlash(parentEp.getAddress()));
+ } catch (UnknownHostException e) {
+ LOG.error("Failed to parse IP address {}", e);
+ return Optional.absent();
+ }
+ if (byName instanceof Inet4Address) {
+ if (AccessListUtil.ACE_DIRECTION.INGRESS.equals(dir)) {
+ return Optional.of(new GbpAceBuilder(PERMIT_EXTERNAL_INGRESS).setIpAddresses(
+ new Ipv4Prefix(parentEp.getAddress()), null).setPermit());
+ } else {
+ return Optional.of(new GbpAceBuilder(PERMIT_EXTERNAL_EGRESS).setIpAddresses(null,
+ new Ipv4Prefix(parentEp.getAddress())).setPermit());
+ }
+ } else if (byName instanceof Inet6Address) {
+ if (AccessListUtil.ACE_DIRECTION.INGRESS.equals(dir)) {
+ return Optional.of(new GbpAceBuilder(PERMIT_EXTERNAL_INGRESS).setIpAddresses(
+ new Ipv6Prefix(parentEp.getAddress()), null).setPermit());
+ } else {
+ return Optional.of(new GbpAceBuilder(PERMIT_EXTERNAL_EGRESS).setIpAddresses(null,
+ new Ipv6Prefix(parentEp.getAddress())).setPermit());
+ }
+ }
+ }
+ return Optional.absent();
+ }
+
+ /**
+ * Helps stripping address part of a CIDR
+ */
+ private static String substringBeforeSlash(String address) {
+ return (address.contains("/") && address.split("/").length > 0) ? address.split("/")[0] : address;
+ }
+
+ private static List<GbpAceBuilder> denyDomainSubnets(@Nonnull PolicyContext ctx, @Nonnull ACE_DIRECTION policyDirection) {
+ List<GbpAceBuilder> aclRuleBuilders = new ArrayList<>();
+ for (RendererForwardingByTenant rf : ctx.getPolicy()
+ .getConfiguration()
+ .getRendererForwarding()
+ .getRendererForwardingByTenant()) {
+ rf.getRendererNetworkDomain()
+ .stream()
+ .filter(rnd -> org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.Subnet.class
+ .equals(rnd.getNetworkDomainType()))
+ .forEach(rnd -> {
+ SubnetAugmentRenderer subnetAug = rnd.getAugmentation(SubnetAugmentRenderer.class);
+ // subnetAug should not be null
+ subnetAug.getSubnet();
+ if (policyDirection.equals(ACE_DIRECTION.INGRESS)) {
+ aclRuleBuilders.add(denyIngressTrafficForPrefix(subnetAug.getSubnet()));
+ }
+ else {
+ aclRuleBuilders.add(denyEgressTrafficForPrefix(subnetAug.getSubnet()));
+ }
+ });
+ }
+ return aclRuleBuilders;
+ }
+
+ private static GbpAceBuilder denyEgressTrafficForPrefix(Subnet subnet) {
+ IpPrefix ipPrefix = subnet.getIpPrefix();
+ if (ipPrefix.getIpv4Prefix() != null) {
+ return new GbpAceBuilder(DENY_EGRESS_IPV4 + UNDERSCORE + String.valueOf(ipPrefix.getValue()))
+ .setIpAddresses(ipPrefix.getIpv4Prefix(), null).setDeny();
+ } else if (ipPrefix.getIpv6Prefix() != null) {
+ return new GbpAceBuilder(DENY_EGRESS_IPV6 + UNDERSCORE + String.valueOf(ipPrefix.getValue()))
+ .setIpAddresses(ipPrefix.getIpv6Prefix(), null).setDeny();
+ }
+ throw new IllegalStateException("Unknown prefix type " + subnet.getIpPrefix());
+ }
+
+ static void setSourceL3Address(GbpAceBuilder rule, String address) throws UnknownHostException {
+ InetAddress addr = InetAddress.getByName(substringBeforeSlash(address));
+ if (addr instanceof Inet6Address) {
+ rule.setIpAddresses(new Ipv6Prefix(address), null);
+ } else {
+ rule.setIpAddresses(new Ipv4Prefix(address), null);
+ }
+ }
+
+ static void setDestinationL3Address(GbpAceBuilder rule, String address) throws UnknownHostException {
+ InetAddress addr = InetAddress.getByName(substringBeforeSlash(address));
+ if (addr instanceof Inet6Address) {
+ rule.setIpAddresses(null, new Ipv6Prefix(address));
+ } else {
+ rule.setIpAddresses(null, new Ipv4Prefix(address));
+ }
+ }
+
+ static GbpAceBuilder denyIngressTrafficForPrefix(Subnet subnet) {
+ IpPrefix ipPrefix = subnet.getIpPrefix();
+ if (ipPrefix.getIpv4Prefix() != null) {
+ return new GbpAceBuilder(DENY_INGRESS_IPV4 + UNDERSCORE + String.valueOf(ipPrefix.getValue()))
+ .setIpAddresses(null, ipPrefix.getIpv4Prefix()).setDeny();
+ } else if (ipPrefix.getIpv6Prefix() != null) {
+ return new GbpAceBuilder(DENY_INGRESS_IPV6 + UNDERSCORE + String.valueOf(ipPrefix.getValue()))
+ .setIpAddresses(null, ipPrefix.getIpv6Prefix()).setDeny();
+ }
+ throw new IllegalStateException("Unknown prefix type " + subnet.getIpPrefix());
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.annotation.Nonnull;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil.ACE_DIRECTION;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.util.GbpNetconfTransaction;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.util.VppIidFactory;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntries;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntriesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public abstract class AccessListWrapper {
+
+ private static final Logger LOG = LoggerFactory.getLogger(AccessListWrapper.class);
+ private List<GbpAceBuilder> rules;
+
+ public AccessListWrapper() {
+ rules = new ArrayList<>();
+ }
+
+ public void writeRule(GbpAceBuilder rule) {
+ if (rule != null) {
+ this.rules.add(rule);
+ }
+ }
+
+ public void writeRules(List<GbpAceBuilder> rules) {
+ if (rules != null) {
+ rules.forEach(this::writeRule);
+ }
+ }
+
+ public List<GbpAceBuilder> readRules() {
+ return rules;
+ }
+
+ protected String resolveAclName(InterfaceKey key) {
+ return key.getName() + getDirection();
+ }
+
+ public abstract AccessListUtil.ACE_DIRECTION getDirection();
+
+ public abstract void writeAclRefOnIface(@Nonnull DataBroker mountPoint,
+ @Nonnull InstanceIdentifier<Interface> ifaceIid);
+
+ public Acl buildVppAcl(@Nonnull InterfaceKey ifaceKey) {
+ List<Ace> aces = new ArrayList<>();
+ for (GbpAceBuilder rule : rules) {
+ aces.add(rule.build());
+ }
+ AccessListEntries entries = new AccessListEntriesBuilder().setAce(aces).build();
+ return new AclBuilder().setAclType(VppAcl.class)
+ .setAclName(resolveAclName(ifaceKey))
+ .setAccessListEntries(entries)
+ .build();
+ }
+
+ public void writeAcl(@Nonnull DataBroker mountPoint, @Nonnull InterfaceKey ifaceKey) {
+ Acl builtAcl = this.buildVppAcl(ifaceKey);
+ LOG.info("Writing access-list {}", builtAcl.getAclName());
+ boolean write = GbpNetconfTransaction.write(mountPoint, VppIidFactory.getVppAcl(resolveAclName(ifaceKey)),
+ builtAcl, GbpNetconfTransaction.RETRY_COUNT);
+ if (!write) {
+ LOG.error("Failed to write rule {}", builtAcl);
+ }
+ }
+
+ public static void removeAclsForInterface(@Nonnull DataBroker mountPoint, @Nonnull InterfaceKey ifaceKey) {
+ LOG.debug("Removing access-list {}", ifaceKey);
+ for (ACE_DIRECTION dir : new ACE_DIRECTION[] {ACE_DIRECTION.INGRESS, ACE_DIRECTION.EGRESS}) {
+ GbpNetconfTransaction.deleteIfExists(mountPoint, VppIidFactory.getVppAcl(ifaceKey.getName() + dir),
+ GbpNetconfTransaction.RETRY_COUNT);
+ }
+ }
+
+ public static void removeAclRefFromIface(@Nonnull DataBroker mountPoint, @Nonnull InterfaceKey ifaceKey) {
+ LOG.debug("Removing access-lists from interface {}", ifaceKey.getName());
+ GbpNetconfTransaction.deleteIfExists(mountPoint, VppIidFactory.getInterfaceIetfAcl(ifaceKey),
+ GbpNetconfTransaction.RETRY_COUNT);
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.util.List;
+
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.containment.endpoints.ContainmentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+
+
+abstract class AddressMapper {
+
+ private AccessListUtil.ACE_DIRECTION direction;
+
+ private static final PortNumber DHCP_67 = new PortNumber(67);
+ private static final PortNumber DHCP_68 = new PortNumber(68);
+ private static final PortNumber DHCPV6_547 = new PortNumber(547);
+ private static final PortNumber DHCPV6_548 = new PortNumber(548);
+
+ AddressMapper(AccessListUtil.ACE_DIRECTION direction) {
+ this.direction = direction;
+ }
+
+ abstract void updateRule(AddressEndpointWithLocation addrEp, GbpAceBuilder aclRuleBuilder);
+
+ //TODO implement for peers with no location
+ abstract List<GbpAceBuilder> updateExtRules(List<GbpAceBuilder> rules, AddressEndpointWithLocation localEp,
+ ContainmentEndpoint cEp);
+
+ public List<GbpAceBuilder> updateRules(List<GbpAceBuilder> rules, AddressEndpointWithLocation localEp,
+ AddressEndpointWithLocation peerEp) {
+ if (this instanceof SourceMapper) {
+ if (AccessListUtil.ACE_DIRECTION.INGRESS.equals(direction)) {
+ return updateRules(rules, localEp);
+ }
+ return updateRules(rules, peerEp);
+ }
+ if (this instanceof DestinationMapper) {
+ if (AccessListUtil.ACE_DIRECTION.INGRESS.equals(direction)) {
+ return updateRules(rules, peerEp);
+ }
+ return updateRules(rules, localEp);
+ }
+ return rules;
+ }
+
+ private List<GbpAceBuilder> updateRules(List<GbpAceBuilder> rules, AddressEndpointWithLocation addrEp) {
+ for (GbpAceBuilder rule : rules) {
+ if (isInRange(rule.getSourcePortRangeBuilder(), DHCP_67)
+ && isInRange(rule.getDestinationPortRangeBuilder(), DHCP_68)) {
+ continue;
+ }
+ if (isInRange(rule.getSourcePortRangeBuilder(), DHCP_68)
+ && isInRange(rule.getDestinationPortRangeBuilder(), DHCP_67)) {
+ continue;
+ }
+ if (isInRange(rule.getSourcePortRangeBuilder(), DHCPV6_547)
+ && isInRange(rule.getDestinationPortRangeBuilder(), DHCPV6_548)) {
+ continue;
+ }
+ if (isInRange(rule.getSourcePortRangeBuilder(), DHCPV6_548)
+ && isInRange(rule.getDestinationPortRangeBuilder(), DHCPV6_547)) {
+ continue;
+ }
+ updateRule(addrEp, rule);
+ }
+ return rules;
+ }
+
+ private boolean isInRange(SourcePortRangeBuilder spr, PortNumber portNumber) {
+ return spr != null && isInRange(spr.getLowerPort(), spr.getUpperPort(), portNumber);
+ }
+
+ private boolean isInRange(DestinationPortRangeBuilder dpr, PortNumber portNumber) {
+ return dpr != null && isInRange(dpr.getLowerPort(),dpr.getUpperPort(), portNumber);
+ }
+
+ private boolean isInRange(PortNumber lower, PortNumber upper, PortNumber ref) {
+ if (lower != null && upper != null) {
+ return (lower.getValue() <= ref.getValue()) && (ref.getValue() <= upper.getValue());
+ }
+ return (lower != null && lower.getValue().equals(ref.getValue()))
+ || (upper != null && upper.getValue().equals(ref.getValue()));
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.net.UnknownHostException;
+import java.util.List;
+
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil.ACE_DIRECTION;
+import org.opendaylight.groupbasedpolicy.util.EndpointUtils;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.containment.endpoints.ContainmentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.parent.child.endpoints.parent.endpoint.choice.parent.endpoint._case.ParentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L3Context;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+class DestinationMapper extends AddressMapper {
+
+ private static final Logger LOG = LoggerFactory.getLogger(DestinationMapper.class);
+
+ DestinationMapper(ACE_DIRECTION direction) {
+ super(direction);
+ }
+
+ @Override
+ List<GbpAceBuilder> updateExtRules(List<GbpAceBuilder> rules, AddressEndpointWithLocation localEp,
+ ContainmentEndpoint cEp) {
+ // TODO external networking.
+ return rules;
+ }
+
+ @Override
+ void updateRule(AddressEndpointWithLocation addrEp, GbpAceBuilder aclRuleBuilder) {
+ if (!EndpointUtils.getParentEndpoints(addrEp.getParentEndpointChoice()).isEmpty()) {
+ // TODO more parents, when supported
+ ParentEndpoint parentEp = EndpointUtils.getParentEndpoints(addrEp.getParentEndpointChoice()).get(0);
+ if (parentEp != null && parentEp.getContextType().isAssignableFrom(L3Context.class)) {
+ LOG.trace("Setting dst IP address {} in rule {}", parentEp.getAddress(), aclRuleBuilder);
+ try {
+ AccessListUtil.setDestinationL3Address(aclRuleBuilder, parentEp.getAddress());
+ } catch (UnknownHostException e) {
+ LOG.error("Failed to parse address {}. Cannot apply ACL entry {}. {}", parentEp.getAddress(),
+ aclRuleBuilder, e);
+ }
+ }
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import javax.annotation.Nonnull;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil.ACE_DIRECTION;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.util.GbpNetconfTransaction;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+import com.google.common.collect.ImmutableList;
+
+public class EgressAccessListWrapper extends AccessListWrapper {
+
+ @Override
+ public ACE_DIRECTION getDirection() {
+ return AccessListUtil.ACE_DIRECTION.EGRESS;
+ }
+
+ @Override
+ public void writeAclRefOnIface(@Nonnull DataBroker mountPoint, @Nonnull InstanceIdentifier<Interface> ifaceIid) {
+ InstanceIdentifier<Egress> egressRefIid = outboundIfaceAclRefIid(ifaceIid);
+ VppAcls vppAcl = new VppAclsBuilder().setName(resolveAclName(ifaceIid.firstKeyOf(Interface.class)))
+ .setType(VppAcl.class)
+ .build();
+ Egress egressAcl = new EgressBuilder().setVppAcls(ImmutableList.<VppAcls>of(vppAcl)).build();
+ GbpNetconfTransaction.write(mountPoint, egressRefIid, egressAcl, GbpNetconfTransaction.RETRY_COUNT);
+ }
+
+ private InstanceIdentifier<Egress> outboundIfaceAclRefIid(InstanceIdentifier<Interface> ifaceIid) {
+ return ifaceIid.builder()
+ .augmentation(VppAclInterfaceAugmentation.class)
+ .child(Acl.class)
+ .child(Egress.class)
+ .build();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import javax.annotation.Nullable;
+
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAceBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodesBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.AceIpVersion;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.icmp.header.fields.IcmpCodeRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.icmp.header.fields.IcmpTypeRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.IpProtocol;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.OtherBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.TcpBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.UdpBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodesBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.other.OtherNodesBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodesBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodesBuilder;
+
+import com.google.common.base.Preconditions;
+
+public class GbpAceBuilder {
+
+ private final String name;
+ private Short protocol;
+ private SourcePortRangeBuilder sourcePortRangeBuilder;
+ private DestinationPortRangeBuilder destinationPortRangeBuilder;
+ private AceIpVersion aceIpVersion;
+ private AceIpv4 aceIpv4;
+ private AceIpv6 aceIpv6;
+ private IpProtocol ipProtocol;
+ private Actions action; // deny is a default action in the model
+
+ private static final Short FIRST_ICMP = 0;
+ private static final Short LAST_ICMP = 254;
+
+ GbpAceBuilder(String name) {
+ this.name = Preconditions.checkNotNull(name, "Cannot build rule with empty name.");
+ this.sourcePortRangeBuilder = new SourcePortRangeBuilder();
+ this.destinationPortRangeBuilder = new DestinationPortRangeBuilder();
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public Short getProtocol() {
+ return protocol;
+ }
+
+ public SourcePortRangeBuilder getSourcePortRangeBuilder() {
+ return sourcePortRangeBuilder;
+ }
+
+ public DestinationPortRangeBuilder getDestinationPortRangeBuilder() {
+ return destinationPortRangeBuilder;
+ }
+
+ public AceIpVersion getAceIpVersion() {
+ return aceIpVersion;
+ }
+
+ public Actions getAction() {
+ return action;
+ }
+
+ public GbpAceBuilder setProtocol(short protocol) {
+ this.protocol = protocol;
+ return this;
+ }
+
+ public GbpAceBuilder setSourcePortRange(SourcePortRangeBuilder sourcePortRangeBuilder) {
+ if (sourcePortRangeBuilder != null) {
+ this.sourcePortRangeBuilder = sourcePortRangeBuilder;
+ }
+ return this;
+ }
+
+ public GbpAceBuilder setDestinationPortRange(DestinationPortRangeBuilder destPortRangeBuilder) {
+ if (destPortRangeBuilder != null) {
+ this.destinationPortRangeBuilder = destPortRangeBuilder;
+ }
+ return this;
+ }
+
+ public GbpAceBuilder setIpAddresses(@Nullable Ipv4Prefix srcIp, @Nullable Ipv4Prefix dstIp) {
+ AceIpv4Builder aceIpv4Builder = (aceIpv4 != null) ? new AceIpv4Builder(aceIpv4) : new AceIpv4Builder();
+ if (srcIp != null) {
+ aceIpv4Builder.setSourceIpv4Network(srcIp);
+ }
+ if (dstIp != null) {
+ aceIpv4Builder.setDestinationIpv4Network(dstIp);
+ }
+ this.aceIpv4 = aceIpv4Builder.build();
+ this.aceIpVersion = aceIpv4;
+ return this;
+ }
+
+ public GbpAceBuilder setIpAddresses(@Nullable Ipv6Prefix srcIp, @Nullable Ipv6Prefix dstIp) {
+ AceIpv6Builder aceIpv6Builder = (aceIpv6 != null) ? new AceIpv6Builder(aceIpv6) : new AceIpv6Builder();
+ if (srcIp != null) {
+ aceIpv6Builder.setSourceIpv6Network(srcIp);
+ }
+ if (dstIp != null) {
+ aceIpv6Builder.setDestinationIpv6Network(dstIp);
+ }
+ this.aceIpv6 = aceIpv6Builder.build();
+ this.aceIpVersion = aceIpv6;
+ return this;
+ }
+
+ public GbpAceBuilder setPermit() {
+ this.action = new ActionsBuilder().setPacketHandling(new PermitBuilder().setPermit(true).build()).build();
+ return this;
+ }
+
+ public GbpAceBuilder setDeny() {
+ this.action = new ActionsBuilder().setPacketHandling(new DenyBuilder().setDeny(true).build()).build();
+ return this;
+ }
+
+ public GbpAceBuilder setAction(Actions actions) {
+ this.action = actions;
+ return this;
+ }
+
+ public Ace build() {
+ if (protocol == null || protocol == 0) {
+ ipProtocol =
+ new OtherBuilder().setOtherNodes(new OtherNodesBuilder().setProtocol((short) 0).build()).build();
+ } else {
+ if (protocol == 1) {
+ ipProtocol = new IcmpBuilder().setIcmpNodes(new IcmpNodesBuilder()
+ .setIcmpTypeRange(new IcmpTypeRangeBuilder().setFirst(FIRST_ICMP).setLast(LAST_ICMP).build())
+ .setIcmpCodeRange(new IcmpCodeRangeBuilder().setFirst(FIRST_ICMP).setLast(LAST_ICMP).build())
+ .build()).build();
+ }
+ SourcePortRange sourcePortRange = (sourcePortRangeBuilder.getLowerPort() != null
+ && sourcePortRangeBuilder.getUpperPort() != null) ? sourcePortRangeBuilder.build() : null;
+ DestinationPortRange destPortRange = (destinationPortRangeBuilder.getLowerPort() != null
+ && destinationPortRangeBuilder.getUpperPort() != null) ? destinationPortRangeBuilder.build() : null;
+ if (protocol == 6) {
+ TcpNodes tcpNodes = new TcpNodesBuilder().setSourcePortRange(sourcePortRange)
+ .setDestinationPortRange(destPortRange)
+ .build();
+ ipProtocol = new TcpBuilder().setTcpNodes(tcpNodes).build();
+ }
+ if (protocol == 17) {
+ UdpNodes udpNodes = new UdpNodesBuilder().setSourcePortRange(sourcePortRange)
+ .setDestinationPortRange(destPortRange)
+ .build();
+ ipProtocol = new UdpBuilder().setUdpNodes(udpNodes).build();
+ ipProtocol = new UdpBuilder().setUdpNodes(udpNodes).build();
+ }
+ }
+ VppAce vppAce = new VppAceBuilder()
+ .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(aceIpVersion).setIpProtocol(ipProtocol).build())
+ .build();
+ Matches matches = new MatchesBuilder().setAceType(vppAce).build();
+ AceBuilder aceBuilder = new AceBuilder();
+ aceBuilder.setMatches(matches);
+ aceBuilder.setActions(action);
+ aceBuilder.setRuleName(name);
+ return aceBuilder.build();
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder();
+ appendNonNullTo(sb, "GbpAceBuilder [name=", name);
+ if (sourcePortRangeBuilder != null) {
+ appendNonNullTo(sb, ", srcPort=lower:", sourcePortRangeBuilder.getLowerPort());
+ appendNonNullTo(sb, ", srcPort=upper:", sourcePortRangeBuilder.getUpperPort());
+ }
+ if (sourcePortRangeBuilder != null) {
+ appendNonNullTo(sb, ", dstPort=lower:", destinationPortRangeBuilder.getLowerPort());
+ appendNonNullTo(sb, ", dstPort=upper:", destinationPortRangeBuilder.getUpperPort());
+ }
+ appendNonNullTo(sb, ", protocol=", protocol);
+ appendNonNullTo(sb, ", aceIpVersion=", aceIpVersion);
+ appendNonNullTo(sb, ", action=", action);
+ return sb.toString();
+ }
+
+ private void appendNonNullTo(StringBuilder sb, String key, Object value) {
+ if (value != null && key!= null) {
+ sb.append(key).append(value);
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import javax.annotation.Nonnull;
+
+import org.opendaylight.controller.md.sal.binding.api.DataBroker;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil.ACE_DIRECTION;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.util.GbpNetconfTransaction;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+import com.google.common.collect.ImmutableList;
+
+public class IngressAccessListWrapper extends AccessListWrapper {
+
+ @Override
+ public ACE_DIRECTION getDirection() {
+ return AccessListUtil.ACE_DIRECTION.INGRESS;
+ }
+
+ @Override
+ public void writeAclRefOnIface(@Nonnull DataBroker mountPoint, @Nonnull InstanceIdentifier<Interface> ifaceIid) {
+ InstanceIdentifier<Ingress> ingressRefIid = outboundIfaceAclRefIid(ifaceIid);
+ VppAcls vppAcl = new VppAclsBuilder().setName(resolveAclName(ifaceIid.firstKeyOf(Interface.class)))
+ .setType(VppAcl.class)
+ .build();
+ Ingress egressAcl = new IngressBuilder().setVppAcls(ImmutableList.<VppAcls>of(vppAcl)).build();
+ GbpNetconfTransaction.write(mountPoint, ingressRefIid, egressAcl, GbpNetconfTransaction.RETRY_COUNT);
+ }
+
+ private InstanceIdentifier<Ingress> outboundIfaceAclRefIid(InstanceIdentifier<Interface> ifaceIid) {
+ return ifaceIid.builder()
+ .augmentation(VppAclInterfaceAugmentation.class)
+ .child(Acl.class)
+ .child(Ingress.class)
+ .build();
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.net.UnknownHostException;
+import java.util.List;
+
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil.ACE_DIRECTION;
+import org.opendaylight.groupbasedpolicy.util.EndpointUtils;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.endpoints.containment.endpoints.ContainmentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.parent.child.endpoints.parent.endpoint.choice.parent.endpoint._case.ParentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L3Context;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+class SourceMapper extends AddressMapper {
+
+ private static final Logger LOG = LoggerFactory.getLogger(SourceMapper.class);
+
+ SourceMapper(ACE_DIRECTION direction) {
+ super(direction);
+ }
+
+ @Override
+ List<GbpAceBuilder> updateExtRules(List<GbpAceBuilder> rules, AddressEndpointWithLocation localEp,
+ ContainmentEndpoint cEp) {
+ // TODO external networking as a next step.
+ return rules;
+ }
+
+ @Override
+ void updateRule(AddressEndpointWithLocation addrEp, GbpAceBuilder aclRuleBuilder) {
+ if (!EndpointUtils.getParentEndpoints(addrEp.getParentEndpointChoice()).isEmpty()) {
+ // TODO more parents
+ ParentEndpoint parentEp = EndpointUtils.getParentEndpoints(addrEp.getParentEndpointChoice()).get(0);
+ if (parentEp != null && parentEp.getContextType().isAssignableFrom(L3Context.class)) {
+ LOG.trace("Setting src IP address {} in rule {}", parentEp.getAddress(), aclRuleBuilder);
+ try {
+ AccessListUtil.setSourceL3Address(aclRuleBuilder, parentEp.getAddress());
+ } catch (UnknownHostException e) {
+ LOG.error("Failed to parse address {}. Cannot apply ACL entry {}. {}", parentEp.getAddress(),
+ aclRuleBuilder, e);
+ }
+ }
+ }
+ }
+}
package org.opendaylight.groupbasedpolicy.renderer.vpp.sf;
+import java.util.ArrayList;
import java.util.List;
import java.util.Map;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.GbpAceBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.definitions.ClassifierDefinition;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.capabilities.supported.classifier.definition.SupportedParameterValues;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Represent a classifier definition.
*/
public abstract class Classifier {
+ private static final Logger LOG = LoggerFactory.getLogger(Classifier.class);
protected final Classifier parent;
- public static final EtherTypeClassifier ETHER_TYPE_CL = new EtherTypeClassifier(null);
- public static final IpProtoClassifier IP_PROTO_CL = new IpProtoClassifier(ETHER_TYPE_CL);
- public static final L4Classifier L4_CL = new L4Classifier(IP_PROTO_CL);
-
protected Classifier(Classifier parent) {
this.parent = parent;
}
+ /**
+ * Template method for resolving {@code matches}.
+ *
+ * @param aclRuleBuilder list of builders containing {@code matches} to update
+ * @param params parameters of classifier-instance inserted by user
+ * @return result, which indicates if all the matching fields were updated successfully
+ */
+ public final boolean updateMatch(GbpAceBuilder aclRuleBuilder, Map<String, ParameterValue> params) {
+ LOG.debug("Updating ACE entries {} with parameters {}",aclRuleBuilder, params);
+ if (params == null) {
+ return false;
+ }
+ GbpAceBuilder matchBuilders = aclRuleBuilder;
+ try {
+ checkPresenceOfRequiredParams(params);
+ matchBuilders = this.update(matchBuilders, params);
+ Classifier clParent = this.getParent();
+ List<Classifier> updatedClassifiers = new ArrayList<>();
+ updatedClassifiers.add(this);
+ while (clParent != null) {
+ boolean hasReqParams = true;
+ try {
+ clParent.checkPresenceOfRequiredParams(params);
+ } catch (IllegalArgumentException e) {
+ LOG.error("Missing required params for classifier {}. {}", clParent.getId(), e);
+ hasReqParams = false;
+ }
+ if (hasReqParams) {
+ matchBuilders = clParent.update(matchBuilders, params);
+ updatedClassifiers.add(clParent);
+ }
+ clParent = clParent.getParent();
+ }
+ for (Classifier updatedClassifier : updatedClassifiers) {
+ updatedClassifier.checkPrereqs(matchBuilders);
+ }
+ } catch (IllegalArgumentException e) {
+ LOG.error("Failed to update matches {}", e);
+ return false;
+ }
+ return true;
+ }
+
+ abstract GbpAceBuilder update(GbpAceBuilder ruleBuilder, Map<String, ParameterValue> params);
+
+ abstract void checkPrereqs(GbpAceBuilder matchBuilders);
+
/**
* Get the classifier definition id for this classifier.
*
import java.util.Map;
import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.GbpAceBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.definitions.ClassifierDefinition;
@Override
protected void checkPresenceOfRequiredParams(Map<String, ParameterValue> params) {
if (params.get(EtherTypeClassifierDefinition.ETHERTYPE_PARAM) == null) {
- throw new IllegalArgumentException(
- "Parameter " + EtherTypeClassifierDefinition.ETHERTYPE_PARAM + " not specified.");
+ throw new IllegalArgumentException("Parameter " + EtherTypeClassifierDefinition.ETHERTYPE_PARAM
+ + " not specified.");
}
if (params.get(EtherTypeClassifierDefinition.ETHERTYPE_PARAM).getIntValue() == null) {
- throw new IllegalArgumentException(
- "Value of " + EtherTypeClassifierDefinition.ETHERTYPE_PARAM + " parameter is not present.");
+ throw new IllegalArgumentException("Value of " + EtherTypeClassifierDefinition.ETHERTYPE_PARAM
+ + " parameter is not present.");
}
}
+
+ @Override
+ GbpAceBuilder update(GbpAceBuilder ruleBuilder, Map<String, ParameterValue> params) {
+ // ETHER_TYPE matching not supported yet
+ return ruleBuilder;
+ }
+
+ @Override
+ void checkPrereqs(GbpAceBuilder matchBuilders) {
+ // Nothing to consider yet.
+ }
}
import java.util.Map;
import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.GbpAceBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.definitions.ClassifierDefinition;
*/
public class IpProtoClassifier extends Classifier {
- protected IpProtoClassifier(Classifier parent) {
+ public IpProtoClassifier(Classifier parent) {
super(parent);
}
}
}
+ @Override
+ GbpAceBuilder update(GbpAceBuilder ruleBuilder, Map<String, ParameterValue> params) {
+ Long proto = getIpProtoValue(params);
+ if (ruleBuilder.getProtocol() == null && proto != null) {
+ ruleBuilder.setProtocol(proto.shortValue());
+ }
+ return ruleBuilder;
+ }
+
+ @Override
+ void checkPrereqs(GbpAceBuilder matchBuilders) {
+ // TODO check whether mandatory fields are set in builder
+ }
+
/**
* Return the IpProtocol value. May return null.
*
/*
- * Copyright (c) 2014 Cisco Systems, Inc. and others. All rights reserved.
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
package org.opendaylight.groupbasedpolicy.renderer.vpp.sf;
-import com.google.common.collect.ImmutableList;
+import java.util.List;
+import java.util.Map;
+
import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.GbpAceBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.definitions.ClassifierDefinition;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.supported._int.value.fields.SupportedIntValueInRangeBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.supported.range.value.fields.SupportedRangeValue;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.supported.range.value.fields.SupportedRangeValueBuilder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
-import java.util.List;
-import java.util.Map;
+import com.google.common.collect.ImmutableList;
/**
* Match against TCP or UDP, and source and/or destination ports
*/
public class L4Classifier extends Classifier {
+ private static final Logger LOG = LoggerFactory.getLogger(L4Classifier.class);
+
static final String EXC_MSG_PARAM_VALUE_NOT_SPECIFIED = "Value of parameter not specified: ";
static final String EXC_MSG_MUT_EXCLUSIVE_PARAMS = "Mutually exclusive parameters: ";
static final String EXC_MSG_RANGE_VALUE_MISMATCH = "Range value mismatch: ";
- protected L4Classifier(Classifier parent) {
+ public L4Classifier(Classifier parent) {
super(parent);
}
}
}
+ @Override
+ GbpAceBuilder update(GbpAceBuilder ruleBuilder, Map<String, ParameterValue> params) {
+ ruleBuilder.setSourcePortRange(resolveSourcePortRange(params, L4ClassifierDefinition.SRC_PORT_PARAM,
+ L4ClassifierDefinition.SRC_PORT_RANGE_PARAM));
+ ruleBuilder.setDestinationPortRange(resolveDestinationPortRange(params, L4ClassifierDefinition.DST_PORT_PARAM,
+ L4ClassifierDefinition.DST_PORT_RANGE_PARAM));
+ return ruleBuilder;
+ }
+
+ private SourcePortRangeBuilder resolveSourcePortRange(Map<String, ParameterValue> params, String portParam, String portRangeParam) {
+ LOG.info("Updating dest port params:{}", params);
+ SourcePortRangeBuilder srcRange = new SourcePortRangeBuilder();
+ if (params.get(portParam) != null) {
+ PortNumber portNumber = new PortNumber(params.get(portParam).getIntValue().intValue());
+ srcRange.setLowerPort(portNumber).setUpperPort(portNumber);
+ }
+ if (params.get(portRangeParam) != null) {
+ srcRange.setLowerPort(new PortNumber(params.get(portParam).getRangeValue().getMin().intValue()));
+ srcRange.setUpperPort(new PortNumber(params.get(portParam).getRangeValue().getMax().intValue()));
+ }
+ return srcRange;
+ }
+
+ private DestinationPortRangeBuilder resolveDestinationPortRange(Map<String, ParameterValue> params, String portParam, String portRangeParam) {
+ LOG.info("Updating source port params:{}", params);
+ DestinationPortRangeBuilder dstRange = new DestinationPortRangeBuilder();
+ if (params.get(portParam) != null) {
+ PortNumber portNumber = new PortNumber(params.get(portParam).getIntValue().intValue());
+ dstRange.setLowerPort(portNumber).setUpperPort(portNumber);
+ }
+ if (params.get(portRangeParam) != null) {
+ dstRange.setLowerPort(new PortNumber(params.get(portParam).getRangeValue().getMin().intValue()));
+ dstRange.setUpperPort(new PortNumber(params.get(portParam).getRangeValue().getMax().intValue()));
+ }
+ return dstRange;
+ }
+
+ @Override
+ void checkPrereqs(GbpAceBuilder matchBuilders) {
+ // TODO check whether mandatory fields are set in builder
+ }
+
}
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.sf;
+
+import java.util.Map;
+
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
+
+import com.google.common.collect.ImmutableMap;
+
+public class SubjectFeatures {
+
+ private static final EtherTypeClassifier ETHER_TYPE_CL = new EtherTypeClassifier(null);
+ private static final IpProtoClassifier IP_PROTO_CL = new IpProtoClassifier(ETHER_TYPE_CL);
+ private static final L4Classifier L4_CL = new L4Classifier(IP_PROTO_CL);
+
+ private static final Map<ClassifierDefinitionId, org.opendaylight.groupbasedpolicy.renderer.vpp.sf.Classifier> CLASSIFIERS =
+ ImmutableMap.of(ETHER_TYPE_CL.getId(), ETHER_TYPE_CL, IP_PROTO_CL.getId(), IP_PROTO_CL, L4_CL.getId(), L4_CL);
+
+ public static Classifier getClassifier(ClassifierDefinitionId id) {
+ return CLASSIFIERS.get(id);
+ }
+}
package org.opendaylight.groupbasedpolicy.renderer.vpp.util;
-import com.google.common.base.Optional;
-import com.google.common.base.Preconditions;
-import com.google.common.util.concurrent.CheckedFuture;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.ReadOnlyTransaction;
import org.opendaylight.controller.md.sal.binding.api.ReadWriteTransaction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.google.common.base.Optional;
+import com.google.common.base.Preconditions;
+import com.google.common.util.concurrent.CheckedFuture;
+
public class GbpNetconfTransaction {
public static final byte RETRY_COUNT = 3;
package org.opendaylight.groupbasedpolicy.renderer.vpp.util;
import org.opendaylight.controller.config.yang.config.vpp_provider.impl.VppRenderer;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.nodes.RendererNodeKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.VppInterfaceAugmentation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.VppState;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.interfaces._interface.IetfAcl;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.interfaces._interface.L2;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.vpp.state.BridgeDomains;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.vpp.state.bridge.domains.BridgeDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.v3po.rev161214.vpp.state.bridge.domains.BridgeDomainKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId;
.child(BridgeDomain.class, bridgeDomainStateKey)
.build();
}
+
+ public static InstanceIdentifier<Acl> getVppAcl(String aclName) {
+ return InstanceIdentifier.builder(AccessLists.class)
+ .child(Acl.class, new AclKey(aclName, VppAcl.class))
+ .build();
+ }
+
+ /**
+ * IID to access list references on an interface
+ */
+ public static InstanceIdentifier<IetfAcl> getInterfaceIetfAcl(InterfaceKey ifaceKey) {
+ return getInterfaceIID(ifaceKey).builder()
+ .augmentation(VppInterfaceAugmentation.class)
+ .child(IetfAcl.class)
+ .build();
+ }
}
import opendaylight-l2-types { prefix l2-types; revision-date "2013-08-27"; }
import ietf-yang-types { prefix yang-types; revision-date "2013-07-15"; }
import ietf-inet-types { prefix "inet-types"; }
+ import yang-ext {prefix ext; revision-date "2013-07-09";}
description
"This module is a baseline for the group-based policy vpp renderer model.";
}
}
}
+
+ augment "/vpp-renderer:config/vpp-renderer:vpp-endpoint" {
+ ext:augment-identifier "exclude-from-policy";
+ leaf exclude-from-policy {
+ description "Device attached as an endpoint may act as network element,
+ e.g. qrouter attached via tap interface.";
+ type empty;
+ }
+ }
}
package org.opendaylight.controller.config.yang.config.vpp_provider.impl;
import com.google.common.base.Optional;
+import com.google.common.collect.ImmutableList;
+
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.opendaylight.controller.md.sal.binding.api.MountPointService;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.controller.sal.binding.api.BindingAwareBroker;
+import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;
import org.opendaylight.groupbasedpolicy.renderer.vpp.VppRendererDataBrokerTest;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.VppIidFactory;
import org.opendaylight.groupbasedpolicy.util.DataStoreHelper;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierDefinitionId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.Renderer;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.RendererKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.capabilities.SupportedActionDefinition;
@RunWith(MockitoJUnitRunner.class)
public class VppRendererTest extends VppRendererDataBrokerTest {
- private final String CLASSIFIER = "Classifier-EtherType";
+
+ private final List<ClassifierDefinitionId> classifDefs = ImmutableList.<ClassifierDefinitionId>of(
+ EtherTypeClassifierDefinition.ID, IpProtoClassifierDefinition.ID, L4ClassifierDefinition.ID);
+
private final String ACTION_ALLOW = "Action-Allow";
- private final String SUPPORTED_PARAM_NAME = "ethertype";
private DataBroker dataBroker;
@Mock
- DataBroker dataBroker2;
+ private DataBroker dataBroker2;
@Mock
- BindingAwareBroker bindingAwareBroker;
+ private BindingAwareBroker bindingAwareBroker;
@Mock
- MountPointService mountPointService;
+ private MountPointService mountPointService;
@Mock
- MountPoint mountPoint;
+ private MountPoint mountPoint;
@Mock
- BindingAwareBroker.ProviderContext providerContext;
+ private BindingAwareBroker.ProviderContext providerContext;
@Before
public void init(){
Renderer renderer = rendererOptional.get();
Assert.assertEquals(VppRenderer.NAME, renderer.getName());
List<SupportedClassifierDefinition> definition = renderer.getCapabilities().getSupportedClassifierDefinition();
- Assert.assertEquals(1, definition.size());
- Assert.assertEquals(CLASSIFIER, definition.get(0).getClassifierDefinitionId().getValue());
- Assert.assertEquals(SUPPORTED_PARAM_NAME, definition.get(0).getSupportedParameterValues().get(0).getParameterName().getValue());
-
+ Assert.assertEquals(3, definition.size());
+ definition.forEach(cl -> Assert.assertTrue(classifDefs.contains(cl.getClassifierDefinitionId())));
List<SupportedActionDefinition> actionDefinition = renderer.getCapabilities().getSupportedActionDefinition();
Assert.assertEquals(1, actionDefinition.size());
Assert.assertEquals(ACTION_ALLOW, actionDefinition.get(0).getActionDefinitionId().getValue());
import java.util.stream.Collectors;
import java.util.stream.Stream;
+import org.opendaylight.groupbasedpolicy.api.sf.AllowActionDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.VppPathMapper;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.common.endpoint.fields.NetworkContainment;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.common.endpoint.fields.NetworkContainmentBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.common.endpoint.fields.network.containment.containment.ForwardingContextContainmentBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.AbsoluteLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.AbsoluteLocationBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.absolute.location.location.type.ExternalLocationCaseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContextId;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.NetworkDomainId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2BridgeDomain;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2FloodDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L3Context;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.Subnet;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.SubnetAugmentRenderer;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.SubnetAugmentRendererBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.has.subnet.SubnetBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.AddressType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.ContextType;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.forwarding.fields.Parent;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.forwarding.fields.ParentBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.EndpointPolicyParticipation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipationBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.Endpoints;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.EndpointsBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RendererEndpointsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RendererForwardingBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RuleGroups;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RuleGroupsBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocationBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpoint;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpointBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.RendererForwardingByTenant;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.RendererForwardingByTenantBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererForwardingContext;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererForwardingContextBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererNetworkDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererNetworkDomainBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroup;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroupBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.actions.Action;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.actions.ActionBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.Classifier;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.ClassifierBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.resolved.rules.ResolvedRule;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.resolved.rules.ResolvedRuleBuilder;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import com.google.common.base.Strings;
+import com.google.common.collect.ImmutableList;
public class DtoFactory {
+ static IpPrefix subnetPrefix = new IpPrefix(new Ipv4Prefix("10.0.0.0/24"));
+ static IpAddress virtRouterIp = new IpAddress(new Ipv4Address("10.0.0.1"));
+
public static final ContextId CTX_ID = new ContextId("ctx");
+ public static final ContextId L3_CTX = new ContextId("l3ctx");
+ public static final ContextId L2BD_CTX = new ContextId("l2bd");
public static final ContextId L2FD_CTX = new ContextId("l2fd");
public static final ContractId CONTRACT_ID = new ContractId("contract");
public static final TenantId TENANT_ID = new TenantId("tenant");
public static final SubjectName SUBJECT_NAME = new SubjectName("subject");
public static final RuleName RULE_NAME = new RuleName("rule");
+
+ public static final Name L2_FD_ID = new Name("l2fd");
+ public static final Name L3_CTX_ID = new Name("l3ctx");
+ public static final Name L2_BD_ID = new Name("l2bd");
+ public static final Name SUBNET_ID = new Name("subnetId");
+
public static final RuleGroupWithRendererEndpointParticipation RULE_GROUP_WITH_CONSUMER =
new RuleGroupWithRendererEndpointParticipationBuilder().setContractId(CONTRACT_ID)
.setTenantId(TENANT_ID)
.setSubjectName(SUBJECT_NAME)
.setRendererEndpointParticipation(EndpointPolicyParticipation.PROVIDER)
.build();
- public static final RuleGroup RULE_GROUP = new RuleGroupBuilder().setContractId(CONTRACT_ID)
- .setTenantId(TENANT_ID)
- .setSubjectName(SUBJECT_NAME)
- .setResolvedRule(Arrays.asList(new ResolvedRuleBuilder().setName(RULE_NAME).build()))
- .build();
public final static TopologyKey TOPO_KEY = new TopologyKey(new TopologyId("topology-netconf"));
public final static InstanceIdentifier<Node> VPP_NODE_1_IID = InstanceIdentifier.builder(NetworkTopology.class)
.child(Topology.class, TOPO_KEY)
.concat(consumersAsRendererEps.stream(), providersAsRendererEps.stream()).collect(Collectors.toList());
return new ConfigurationBuilder().setEndpoints(endpoints)
.setRendererEndpoints(new RendererEndpointsBuilder().setRendererEndpoint(rendererEps).build())
- .setRuleGroups(new RuleGroupsBuilder().setRuleGroup(Arrays.asList(RULE_GROUP)).build())
+ .setRuleGroups(new RuleGroupsBuilder(createRuleGroups()).build())
+ .setRendererForwarding(new RendererForwardingBuilder()
+ .setRendererForwardingByTenant(ImmutableList.<RendererForwardingByTenant>of(createForwarding()))
+ .build())
+ .build();
+ }
+
+ private static RendererForwardingByTenant createForwarding() {
+ RendererForwardingContext l2Fd = createRendererForwardingCtx(L2FD_CTX, L2_FD_ID, L2FloodDomain.class).setParent(
+ createParent(L2BD_CTX, L2BridgeDomain.class))
+ .build();
+ RendererForwardingContext l2Bd = createRendererForwardingCtx(L3_CTX, L3_CTX_ID, L3Context.class).setParent(
+ createParent(L3_CTX, L3Context.class))
+ .build();
+ RendererForwardingContext l3Ctx = createRendererForwardingCtx(L2BD_CTX, L2_BD_ID, L2BridgeDomain.class).build();
+ RendererNetworkDomain subnet = new RendererNetworkDomainBuilder().setNetworkDomainId(new NetworkDomainId(SUBNET_ID.getValue()))
+ .setName(SUBNET_ID)
+ .setNetworkDomainType(Subnet.class)
+ .setParent(createParent(L2FD_CTX, L2FloodDomain.class))
+ .addAugmentation(
+ SubnetAugmentRenderer.class,
+ new SubnetAugmentRendererBuilder().setSubnet(
+ new SubnetBuilder().setIpPrefix(subnetPrefix).setVirtualRouterIp(virtRouterIp).build())
+ .build())
+ .build();
+ return new RendererForwardingByTenantBuilder().setTenantId(TENANT_ID)
+ .setRendererForwardingContext(ImmutableList.<RendererForwardingContext>of(l2Fd, l2Bd, l3Ctx))
+ .setRendererNetworkDomain(ImmutableList.<RendererNetworkDomain>of(subnet))
+ .build();
+ }
+
+ static RendererForwardingContextBuilder createRendererForwardingCtx(ContextId id, Name name,
+ Class<? extends ContextType> type) {
+ return new RendererForwardingContextBuilder().setName(name).setContextId(id).setContextType(type);
+ }
+
+ static Parent createParent(ContextId ctxId, Class<? extends ContextType> type) {
+ return new ParentBuilder().setContextId(ctxId).setContextType(type).build();
+ }
+
+ public static RuleGroups createRuleGroups() {
+ ParameterValue param = new ParameterValueBuilder().setIntValue(EtherTypeClassifierDefinition.IPv4_VALUE)
+ .setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))
+ .build();
+ Classifier classif = new ClassifierBuilder().setClassifierDefinitionId(EtherTypeClassifierDefinition.ID)
+ .setDirection(Direction.In)
+ .setName(new ClassifierName("cl-name"))
+ .setParameterValue(ImmutableList.<ParameterValue>of(param))
+ .build();
+ Action action = new ActionBuilder().setActionDefinitionId(AllowActionDefinition.ID)
+ .setName(new ActionName("Allow"))
+ .build();
+ ResolvedRuleBuilder rrBuilder = new ResolvedRuleBuilder();
+ rrBuilder.setClassifier(ImmutableList.<Classifier>of(classif));
+ rrBuilder.setAction(ImmutableList.<Action>of(action));
+ rrBuilder.setName(RULE_NAME);
+ rrBuilder.setOrder(0);
+ RuleGroup ruleGroup = new RuleGroupBuilder().setTenantId(TENANT_ID)
+ .setOrder(0)
+ .setSubjectName(SUBJECT_NAME)
+ .setContractId(CONTRACT_ID)
+ .setResolvedRule(ImmutableList.<ResolvedRule>of(rrBuilder.build()))
.build();
+ return new RuleGroupsBuilder().setRuleGroup(ImmutableList.<RuleGroup>of(ruleGroup)).build();
}
public static AddressEndpointWithLocation createEndpoint(String ip, String l2FdIdAsNetCont,
AbsoluteLocation absoluteLocation) {
AddressEndpointWithLocationKey key =
- new AddressEndpointWithLocationKey(ip, AddressType.class, CTX_ID, ContextType.class);
+ new AddressEndpointWithLocationKey(ip, AddressType.class, CTX_ID, L3Context.class);
NetworkContainment networkContainment =
new NetworkContainmentBuilder().setContainment(new ForwardingContextContainmentBuilder()
.setContextType(L2FloodDomain.class).setContextId(new ContextId(l2FdIdAsNetCont)).build()).build();
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.InterfaceManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.VppIidFactory;
import org.opendaylight.groupbasedpolicy.test.CustomDataBrokerTest;
dataBroker = getDataBroker();
bridgeDomainManager = new BridgeDomainManagerImpl(dataBroker);
final InterfaceManager interfaceManager = Mockito.mock(InterfaceManager.class);
- final ForwardingManager fwManager = new ForwardingManager(interfaceManager, bridgeDomainManager, dataBroker);
+ final AclManager aclManager = Mockito.mock(AclManager.class);
+ final ForwardingManager fwManager =
+ new ForwardingManager(interfaceManager, aclManager, bridgeDomainManager, dataBroker);
fwManager.setTimer((byte) 1);
}
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.groupbasedpolicy.renderer.vpp.DtoFactory;
import org.opendaylight.groupbasedpolicy.renderer.vpp.api.BridgeDomainManager;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.InterfaceManager;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListWrapper;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
import org.opendaylight.groupbasedpolicy.test.CustomDataBrokerTest;
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.absolute.location.AbsoluteLocation;
@Mock
private InterfaceManager ifaceManager;
@Mock
+ private AclManager aclManager;
+ @Mock
private BridgeDomainManager bdManager;
private ForwardingManager fwdManager;
@Before
public void init() {
- fwdManager = new ForwardingManager(ifaceManager, bdManager, getDataBroker());
+ fwdManager = new ForwardingManager(ifaceManager, aclManager, bdManager, getDataBroker());
}
@Override
public void testRemoveBridgeDomainOnNodes() throws Exception {
Mockito.when(bdManager.removeBridgeDomainFromVppNode(Mockito.eq(BD_1), Mockito.eq(NODE_1)))
.thenReturn(Futures.immediateFuture(null));
- SetMultimap<String, NodeId> vppNodesByBd = ImmutableSetMultimap.of(BD_1, NODE_1);
-
bdManager.removeBridgeDomainFromVppNode(BD_1, NODE_1);
Mockito.verify(bdManager).removeBridgeDomainFromVppNode(Matchers.eq(BD_1), Matchers.eq(NODE_1));
}
AddressEndpointWithLocation firstAddrEpWithLoc =
policyCtx.getAddrEpByKey().get(KeyFactory.addressEndpointKey(firstRendererEp.getKey()));
Mockito.when(ifaceManager.addBridgeDomainToInterface(Mockito.eq(DtoFactory.L2FD_CTX.getValue()),
- Mockito.eq(firstAddrEpWithLoc), Mockito.eq(IS_BVI)))
+ Mockito.eq(firstAddrEpWithLoc), Mockito.anyListOf(AccessListWrapper.class),Mockito.eq(IS_BVI)))
.thenReturn(Futures.immediateFuture(null));
-
fwdManager.createForwardingForEndpoint(firstRendererEp.getKey(), policyCtx);
Mockito.verify(ifaceManager).addBridgeDomainToInterface(Matchers.eq(DtoFactory.L2FD_CTX.getValue()),
- Matchers.eq(firstAddrEpWithLoc), Mockito.eq(IS_BVI));
+ Matchers.eq(firstAddrEpWithLoc), Mockito.anyListOf(AccessListWrapper.class), Mockito.eq(IS_BVI));
}
@Test
import org.opendaylight.groupbasedpolicy.renderer.vpp.DtoFactory;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.RendererPolicyConfEvent;
import org.opendaylight.groupbasedpolicy.renderer.vpp.event.VppEndpointConfEvent;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.AclManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.InterfaceManager;
import org.opendaylight.groupbasedpolicy.renderer.vpp.iface.VppEndpointLocationProvider;
import org.opendaylight.groupbasedpolicy.renderer.vpp.util.KeyFactory;
private BridgeDomainManagerImpl bdManager;
private InterfaceManager ifaceManager;
+ private AclManager aclManager;
private ForwardingManager fwManager;
private VppRendererPolicyManager vppRendererPolicyManager;
.thenReturn(Optional.of(mountPointDataBroker));
ifaceManager =
new InterfaceManager(mountedDataProviderMock, dataBroker);
+ aclManager = new AclManager(mountedDataProviderMock);
bdManager = new BridgeDomainManagerImpl(mountPointDataBroker);
- fwManager = new ForwardingManager(ifaceManager, bdManager, dataBroker);
- vppRendererPolicyManager = new VppRendererPolicyManager(fwManager, dataBroker);
+ fwManager = new ForwardingManager(ifaceManager, aclManager, bdManager, dataBroker);
+ vppRendererPolicyManager = new VppRendererPolicyManager(fwManager, aclManager, dataBroker);
fwManager.setTimer((byte) 1);
}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.PolicyContext;
+
+public class AccessListUtilTest extends TestResources {
+
+ private PolicyContext ctx;
+
+ @Before
+ public void init() {
+ ctx = super.createPolicyContext();
+ }
+
+ @Test
+ public void resolveAclsOnInterfaceTest() {
+ // TODO add more checking
+ List<AccessListWrapper> acls =
+ AccessListUtil.resolveAclsOnInterface(rendererEndpoint(l2AddrEp2).build().getKey(), ctx);
+ Assert.assertEquals(2, acls.size());
+ Assert.assertEquals(2, acls.stream().map(AccessListWrapper::getDirection).collect(Collectors.toSet()).size());
+ acls.stream().forEach(ace -> {
+ // allow peer + deny rest of tenant net + permit external
+ if (ace instanceof IngressAccessListWrapper) {
+ Assert.assertEquals(3, ace.readRules().size());
+ } else if (ace instanceof EgressAccessListWrapper) {
+ Assert.assertEquals(3, ace.readRules().size());
+ }
+ });
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl.AccessListUtil.ACE_DIRECTION;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+
+import com.google.common.collect.ImmutableList;
+
+public class AccessListWrapperTest {
+
+ private GbpAceBuilder rule1;
+
+ @Before
+ public void init() {
+ rule1 = Mockito.mock(GbpAceBuilder.class);
+ }
+
+ @Test
+ public void testGetDirection_ingress() {
+ AccessListWrapper aclWrapper = new IngressAccessListWrapper();
+ Assert.assertEquals(ACE_DIRECTION.INGRESS, aclWrapper.getDirection());
+ aclWrapper = new EgressAccessListWrapper();
+ Assert.assertEquals(ACE_DIRECTION.EGRESS, aclWrapper.getDirection());
+ }
+
+ @Test
+ public void writeRulesTest() {
+ AccessListWrapper aclWrapper = new IngressAccessListWrapper();
+ List<GbpAceBuilder> rules = ImmutableList.of(rule1);
+ aclWrapper.writeRules(rules);
+ Assert.assertEquals(rule1, aclWrapper.readRules().get(0));
+ Assert.assertEquals(1, aclWrapper.readRules().size());
+ }
+
+ @Test
+ public void buildVppAclTest() {
+ AccessListWrapper aclWrapper = new IngressAccessListWrapper();
+ aclWrapper.writeRule(rule1);
+ String key1 = "key1";
+ Acl acl = aclWrapper.buildVppAcl(new InterfaceKey(key1));
+ Assert.assertEquals(VppAcl.class, acl.getAclType());
+ Assert.assertEquals(key1 + ACE_DIRECTION.INGRESS, acl.getAclName());
+ Assert.assertEquals(1, acl.getAccessListEntries().getAce().size());
+ }
+}
--- /dev/null
+/*
+ * Copyright (c) 2016 Cisco Systems, Inc. and others. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.groupbasedpolicy.renderer.vpp.policy.acl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.opendaylight.groupbasedpolicy.api.sf.AllowActionDefinition;
+import org.opendaylight.groupbasedpolicy.api.sf.EtherTypeClassifierDefinition;
+import org.opendaylight.groupbasedpolicy.renderer.vpp.policy.PolicyContext;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpAddress;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Address;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.child.endpoints.ChildEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.has.child.endpoints.ChildEndpointBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.parent.child.endpoints.parent.endpoint.choice.ParentEndpointCaseBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.parent.child.endpoints.parent.endpoint.choice.parent.endpoint._case.ParentEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.base_endpoint.rev160427.parent.child.endpoints.parent.endpoint.choice.parent.endpoint._case.ParentEndpointBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ActionName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ClassifierName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContextId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ContractId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.Name;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.NetworkDomainId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.RuleName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.SubjectName;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.TenantId;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.IpPrefixType;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2BridgeDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L2FloodDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.L3Context;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.MacAddressType;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.Subnet;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.SubnetAugmentRenderer;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.SubnetAugmentRendererBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.l2_l3.rev160427.has.subnet.SubnetBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.ContextType;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.forwarding.fields.Parent;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.forwarding.rev160427.forwarding.fields.ParentBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.HasDirection.Direction;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValueBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.EndpointPolicyParticipation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.has.rule.group.with.renderer.endpoint.participation.RuleGroupWithRendererEndpointParticipationBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.RendererPolicyBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.ConfigurationBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.EndpointsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RendererEndpointsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RendererForwardingBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RuleGroups;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.RuleGroupsBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.endpoints.AddressEndpointWithLocationBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.RendererEndpointBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpoint;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.endpoints.renderer.endpoint.PeerEndpointBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.RendererForwardingByTenant;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.RendererForwardingByTenantBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererForwardingContext;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererForwardingContextBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererNetworkDomain;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.renderer.forwarding.renderer.forwarding.by.tenant.RendererNetworkDomainBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroup;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.renderer.rev151103.renderers.renderer.renderer.policy.configuration.rule.groups.RuleGroupBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.actions.Action;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.actions.ActionBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.Classifier;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.classifiers.ClassifierBuilder;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.resolved.rules.ResolvedRule;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.resolved.policy.rev150828.has.resolved.rules.ResolvedRuleBuilder;
+
+import com.google.common.collect.ImmutableList;
+
+public class TestResources {
+
+ private static final String EP1_IP = "10.0.0.10/32";
+ private static final String EP2_EP = "10.0.0.20/32";
+ private static final String EP1_MAC = "aa:bb:cc:dd:ee:ff";
+ private static final String EP2_MAC = "ff:ee:dd:cc:bb:aa";
+ private static final ContextId L2_FD_ID = new ContextId("l2FdId");
+ private static final ContextId L2_BD_ID = new ContextId("l2BridgeDomainId");
+ private static final ContextId L3_CTX_ID = new ContextId("l3CtxId");
+ private static final SubjectName SUBJECT_NAME = new SubjectName("subject");
+ private static final ContractId CONTRACT_ID = new ContractId("contract");
+ private static final RuleName RULE_NAME_IN = new RuleName("rule_in");
+ private static final RuleName RULE_NAME_OUT = new RuleName("rule_out");
+ private static final ClassifierName CLASSIF_NAME = new ClassifierName("cl-name");
+
+ private static final NetworkDomainId SUBNET_ID = new NetworkDomainId("subnet");
+ private static final IpPrefix SUBNET_PREFIX = new IpPrefix(new Ipv4Prefix("10.0.0.0/24"));
+ private static final IpAddress VIRTUAL_ROUTER_IP = new IpAddress(new Ipv4Address("10.0.0.1"));
+
+ protected static final TenantId TENANT_ID = new TenantId("tenant1");
+
+ public final AddressEndpointWithLocation l2AddrEp1 = l2AddressEndpointWithLocation(EP1_MAC, L2_BD_ID,
+ EP1_IP, L3_CTX_ID);
+ public final AddressEndpointWithLocation l3AddrEp1 = l3AddressEndpointWithLocation(EP1_MAC, L2_BD_ID,
+ EP1_IP, L3_CTX_ID);
+ public final AddressEndpointWithLocation l2AddrEp2 = l2AddressEndpointWithLocation(EP2_MAC, L2_BD_ID,
+ EP2_EP, L3_CTX_ID);
+ public final AddressEndpointWithLocation l3AddrEp2 = l3AddressEndpointWithLocation(EP2_MAC, L2_BD_ID,
+ EP2_EP, L3_CTX_ID);
+
+ PolicyContext createPolicyContext() {
+ List<AddressEndpointWithLocation> addrEps = new ArrayList<>();
+ addrEps.add(l2AddrEp1);
+ addrEps.add(l3AddrEp1);
+ addrEps.add(l2AddrEp2);
+ addrEps.add(l3AddrEp2);
+ ConfigurationBuilder config = new ConfigurationBuilder();
+ config.setEndpoints(new EndpointsBuilder().setAddressEndpointWithLocation(addrEps).build()).build();
+ config.setRendererEndpoints(new RendererEndpointsBuilder().setRendererEndpoint(createRendEps()).build());
+ config.setRuleGroups(createRuleGroups());
+ config.setRendererForwarding(new RendererForwardingBuilder().setRendererForwardingByTenant(
+ ImmutableList.<RendererForwardingByTenant>of(createForwarding())).build());
+ return new PolicyContext(new RendererPolicyBuilder().setConfiguration(config.build()).build());
+ }
+
+ private List<RendererEndpoint> createRendEps() {
+ List<RendererEndpoint> rEps = new ArrayList<>();
+ PeerEndpointBuilder pEp1 = peerEndpoint(l2AddrEp1).setRuleGroupWithRendererEndpointParticipation(
+ ImmutableList.<RuleGroupWithRendererEndpointParticipation>of(createRuleGroup(CONTRACT_ID, SUBJECT_NAME,
+ TENANT_ID, EndpointPolicyParticipation.PROVIDER)));
+ PeerEndpointBuilder pEp2 = peerEndpoint(l2AddrEp2).setRuleGroupWithRendererEndpointParticipation(
+ ImmutableList.<RuleGroupWithRendererEndpointParticipation>of(createRuleGroup(CONTRACT_ID, SUBJECT_NAME,
+ TENANT_ID, EndpointPolicyParticipation.CONSUMER)));
+ RendererEndpointBuilder l2RendEp1 = rendererEndpoint(l2AddrEp1);
+ l2RendEp1.setPeerEndpoint(ImmutableList.<PeerEndpoint>of(pEp2.build()));
+ RendererEndpointBuilder l2RendEp2 = rendererEndpoint(l2AddrEp2);
+ l2RendEp2.setPeerEndpoint(ImmutableList.<PeerEndpoint>of(pEp1.build()));
+ rEps.add(l2RendEp1.build());
+ rEps.add(l2RendEp2.build());
+ return rEps;
+ }
+
+ private RuleGroupWithRendererEndpointParticipation createRuleGroup(ContractId ctrctId, SubjectName sn,
+ TenantId tnntId, EndpointPolicyParticipation participation) {
+ return new RuleGroupWithRendererEndpointParticipationBuilder().setRendererEndpointParticipation(participation)
+ .setContractId(ctrctId)
+ .setSubjectName(sn)
+ .setTenantId(tnntId)
+ .build();
+ }
+
+ public RuleGroups createRuleGroups() {
+ ParameterValue param = new ParameterValueBuilder().setIntValue(EtherTypeClassifierDefinition.IPv4_VALUE)
+ .setName(new ParameterName(EtherTypeClassifierDefinition.ETHERTYPE_PARAM))
+ .build();
+ Classifier classif_in = new ClassifierBuilder().setClassifierDefinitionId(EtherTypeClassifierDefinition.ID)
+ .setDirection(Direction.In)
+ .setName(CLASSIF_NAME)
+ .setParameterValue(ImmutableList.<ParameterValue>of(param))
+ .build();
+ Classifier classif_out = new ClassifierBuilder().setClassifierDefinitionId(EtherTypeClassifierDefinition.ID)
+ .setDirection(Direction.Out)
+ .setName(CLASSIF_NAME)
+ .setParameterValue(ImmutableList.<ParameterValue>of(param))
+ .build();
+ Action action = new ActionBuilder().setActionDefinitionId(AllowActionDefinition.ID)
+ .setName(new ActionName("Allow"))
+ .build();
+ ResolvedRule ruleIn = resolveRule(RULE_NAME_IN, ImmutableList.<Classifier>of(classif_in),
+ ImmutableList.<Action>of(action), 0);
+ ResolvedRule ruleOut = resolveRule(RULE_NAME_OUT, ImmutableList.<Classifier>of(classif_out),
+ ImmutableList.<Action>of(action), 1);
+ RuleGroup ruleGroup = new RuleGroupBuilder().setTenantId(TENANT_ID)
+ .setOrder(0)
+ .setSubjectName(SUBJECT_NAME)
+ .setContractId(CONTRACT_ID)
+ .setResolvedRule(ImmutableList.<ResolvedRule>of(ruleIn, ruleOut))
+ .build();
+ return new RuleGroupsBuilder().setRuleGroup(ImmutableList.<RuleGroup>of(ruleGroup)).build();
+ }
+
+ private ResolvedRule resolveRule(RuleName ruleName, List<Classifier> classifs, List<Action> actions, Integer order) {
+ ResolvedRuleBuilder rrBuilder = new ResolvedRuleBuilder();
+ rrBuilder.setClassifier(classifs);
+ rrBuilder.setAction(actions);
+ rrBuilder.setName(ruleName);
+ rrBuilder.setOrder(order);
+ return rrBuilder.build();
+ }
+
+ private RendererForwardingByTenant createForwarding() {
+ RendererForwardingContext l2Fd = createRendererForwardingCtx(L2_FD_ID, new Name("l2fd"), L2FloodDomain.class).setParent(
+ createParent(L2_BD_ID, L2BridgeDomain.class))
+ .build();
+ RendererForwardingContext l2Bd = createRendererForwardingCtx(L3_CTX_ID, new Name("l3ctx"), L3Context.class).setParent(
+ createParent(L3_CTX_ID, L3Context.class))
+ .build();
+ RendererForwardingContext l3Ctx = createRendererForwardingCtx(L2_BD_ID, new Name("l2bd"), L2BridgeDomain.class).build();
+ RendererNetworkDomain subnet = new RendererNetworkDomainBuilder().setNetworkDomainId(SUBNET_ID)
+ .setName(new Name("subnet"))
+ .setNetworkDomainType(Subnet.class)
+ .setParent(createParent(L2_FD_ID, L2FloodDomain.class))
+ .addAugmentation(
+ SubnetAugmentRenderer.class,
+ new SubnetAugmentRendererBuilder().setSubnet(
+ new SubnetBuilder().setIpPrefix(SUBNET_PREFIX).setVirtualRouterIp(VIRTUAL_ROUTER_IP).build())
+ .build())
+ .build();
+ return new RendererForwardingByTenantBuilder().setTenantId(TENANT_ID)
+ .setRendererForwardingContext(ImmutableList.<RendererForwardingContext>of(l2Fd, l2Bd, l3Ctx))
+ .setRendererNetworkDomain(ImmutableList.<RendererNetworkDomain>of(subnet))
+ .build();
+ }
+
+ RendererForwardingContextBuilder createRendererForwardingCtx(ContextId id, Name name,
+ Class<? extends ContextType> type) {
+ return new RendererForwardingContextBuilder().setName(name).setContextId(id).setContextType(type);
+ }
+
+ Parent createParent(ContextId ctxId, Class<? extends ContextType> type) {
+ return new ParentBuilder().setContextId(ctxId).setContextType(type).build();
+ }
+
+ RendererEndpointBuilder rendererEndpoint(AddressEndpointWithLocation addrEp) {
+ return new RendererEndpointBuilder().setAddress(addrEp.getAddress())
+ .setAddressType(addrEp.getAddressType())
+ .setContextId(addrEp.getContextId())
+ .setContextType(addrEp.getContextType());
+
+ }
+
+ PeerEndpointBuilder peerEndpoint(AddressEndpointWithLocation addrEp) {
+ return new PeerEndpointBuilder().setAddress(addrEp.getAddress())
+ .setAddressType(addrEp.getAddressType())
+ .setContextId(addrEp.getContextId())
+ .setContextType(addrEp.getContextType());
+ }
+
+ AddressEndpointWithLocation l3AddressEndpointWithLocation(String macAddress, ContextId macAddrContextId,
+ String ipAddress, ContextId ipAddressContextId) {
+ ChildEndpoint childEndpoint = new ChildEndpointBuilder().setAddress(macAddress)
+ .setAddressType(MacAddressType.class)
+ .setContextType(L2BridgeDomain.class)
+ .setContextId(macAddrContextId)
+ .build();
+ return new AddressEndpointWithLocationBuilder().setAddress(ipAddress)
+ .setAddressType(IpPrefixType.class)
+ .setContextId(ipAddressContextId)
+ .setContextType(L3Context.class)
+ .setChildEndpoint(ImmutableList.<ChildEndpoint>of(childEndpoint))
+ .build();
+ }
+
+ AddressEndpointWithLocation l2AddressEndpointWithLocation(String macAddress, ContextId macAddrContextId,
+ String ipAddress, ContextId ipAddressContextId) {
+ ParentEndpoint parentEndpoint = new ParentEndpointBuilder().setAddress(ipAddress)
+ .setAddressType(IpPrefixType.class)
+ .setContextType(L3Context.class)
+ .setContextId(ipAddressContextId)
+ .build();
+ return new AddressEndpointWithLocationBuilder().setAddress(macAddress)
+ .setAddressType(MacAddressType.class)
+ .setContextId(macAddrContextId)
+ .setContextType(L2BridgeDomain.class)
+ .setParentEndpointChoice(
+ new ParentEndpointCaseBuilder().setParentEndpoint(ImmutableList.<ParentEndpoint>of(parentEndpoint))
+ .build())
+ .build();
+ }
+}
import java.util.Map;
import org.junit.Assert;
+import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
public class EtherTypeClassifierTest {
+ private Classifier ethTypeCl;
@Rule
public ExpectedException thrown = ExpectedException.none();
+ @Before
+ public void init() {
+ ethTypeCl = SubjectFeatures.getClassifier(EtherTypeClassifierDefinition.ID);
+ }
+
@Test
public void testGetSupportedParameterValues() {
List<SupportedParameterValues> supportedParameterValues =
- Classifier.ETHER_TYPE_CL.getSupportedParameterValues();
+ ethTypeCl.getSupportedParameterValues();
Assert.assertEquals(1, supportedParameterValues.size());
Assert.assertEquals(ClassifierTestUtils.SUPPORTED_PARAM_NAME_ETH,
supportedParameterValues.get(0).getParameterName().getValue());
Assert.assertEquals(EtherTypeClassifierDefinition.DEFINITION,
- Classifier.ETHER_TYPE_CL.getClassifierDefinition());
- Assert.assertEquals(EtherTypeClassifierDefinition.ID, Classifier.ETHER_TYPE_CL.getId());
- Assert.assertNull(Classifier.ETHER_TYPE_CL.getParent());
+ ethTypeCl.getClassifierDefinition());
+ Assert.assertEquals(EtherTypeClassifierDefinition.ID, ethTypeCl.getId());
+ Assert.assertNull(ethTypeCl.getParent());
}
@Test
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage(ClassifierTestUtils.MSG_NOT_SPECIFIED);
- Classifier.ETHER_TYPE_CL.checkPresenceOfRequiredParams(params);
+ ethTypeCl.checkPresenceOfRequiredParams(params);
}
@Test
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage(ClassifierTestUtils.MSG_PARAMETER_IS_NOT_PRESENT);
- Classifier.ETHER_TYPE_CL.checkPresenceOfRequiredParams(params);
+ ethTypeCl.checkPresenceOfRequiredParams(params);
}
}
import java.util.Map;
import org.junit.Assert;
+import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
public class IpProtoClassifierTest {
+ private Classifier ipProtoCl;
@Rule
public ExpectedException thrown = ExpectedException.none();
+ @Before
+ public void init() {
+ ipProtoCl = SubjectFeatures.getClassifier(IpProtoClassifierDefinition.ID);
+ }
+
@Test
public void testGetSupportedParameterValues() {
- List<SupportedParameterValues> supportedParameterValues = Classifier.IP_PROTO_CL.getSupportedParameterValues();
+ List<SupportedParameterValues> supportedParameterValues =
+ ipProtoCl.getSupportedParameterValues();
Assert.assertEquals(1, supportedParameterValues.size());
Assert.assertEquals(ClassifierTestUtils.SUPPORTED_PARAM_NAME_IP,
supportedParameterValues.get(0).getParameterName().getValue());
- Assert.assertEquals(IpProtoClassifierDefinition.DEFINITION, Classifier.IP_PROTO_CL.getClassifierDefinition());
- Assert.assertEquals(IpProtoClassifierDefinition.ID, Classifier.IP_PROTO_CL.getId());
- Assert.assertEquals(Classifier.ETHER_TYPE_CL, Classifier.IP_PROTO_CL.getParent());
+ Assert.assertEquals(IpProtoClassifierDefinition.DEFINITION, ipProtoCl.getClassifierDefinition());
+ Assert.assertEquals(IpProtoClassifierDefinition.ID, ipProtoCl.getId());
+ Assert.assertEquals(SubjectFeatures.getClassifier(EtherTypeClassifierDefinition.ID), ipProtoCl.getParent());
}
@Test
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage(ClassifierTestUtils.MSG_NOT_SPECIFIED);
- Classifier.IP_PROTO_CL.checkPresenceOfRequiredParams(params);
+ ipProtoCl.checkPresenceOfRequiredParams(params);
}
@Test
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage(ClassifierTestUtils.MSG_PARAMETER_IS_NOT_PRESENT);
- Classifier.IP_PROTO_CL.checkPresenceOfRequiredParams(params);
+ ipProtoCl.checkPresenceOfRequiredParams(params);
}
@Test
params.putAll(ClassifierTestUtils.createIntValueParam(IpProtoClassifierDefinition.PROTO_PARAM,
IpProtoClassifierDefinition.TCP_VALUE));
- Classifier.IP_PROTO_CL.checkPresenceOfRequiredParams(params);
+ ipProtoCl.checkPresenceOfRequiredParams(params);
Assert.assertEquals(ClassifierTestUtils.TCP, IpProtoClassifier.getIpProtoValue(params));
}
import org.junit.Rule;\r
import org.junit.Test;\r
import org.junit.rules.ExpectedException;\r
+import org.opendaylight.groupbasedpolicy.api.sf.IpProtoClassifierDefinition;\r
import org.opendaylight.groupbasedpolicy.api.sf.L4ClassifierDefinition;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.common.rev140421.ParameterName;\r
import org.opendaylight.yang.gen.v1.urn.opendaylight.groupbasedpolicy.policy.rev140421.subject.feature.instance.ParameterValue;\r
private ParameterValue pvDstRange81_82;\r
private ParameterValue pvDstRange82_81;\r
private ParameterValue pvDstRange_null;\r
+ private Classifier l4Cl;\r
\r
@Rule\r
public ExpectedException thrown = ExpectedException.none();\r
new ParameterName(L4ClassifierDefinition.DST_PORT_RANGE_PARAM))\r
//.setRangeValue(new RangeValueBuilder().setMin(82L).setMax(81L).build())\r
.build();\r
+ l4Cl = SubjectFeatures.getClassifier(L4ClassifierDefinition.ID);\r
}\r
\r
@Test\r
public void testGetId() {\r
- assertEquals(L4ClassifierDefinition.ID, Classifier.L4_CL.getId());\r
+ assertEquals(L4ClassifierDefinition.ID, l4Cl.getId());\r
}\r
\r
@Test\r
public void testGetClassifierDefinition() {\r
- assertEquals(L4ClassifierDefinition.DEFINITION, Classifier.L4_CL.getClassifierDefinition());\r
+ assertEquals(L4ClassifierDefinition.DEFINITION, l4Cl.getClassifierDefinition());\r
}\r
\r
@Test\r
public void testGetSupportedParameterValues() {\r
- List<SupportedParameterValues> valuesList = Classifier.L4_CL.getSupportedParameterValues();\r
+ List<SupportedParameterValues> valuesList = l4Cl.getSupportedParameterValues();\r
assertEquals(4, valuesList.size());\r
\r
SupportedParameterValues values = valuesList.get(0);\r
@Test\r
public void testCheckPresenceOfRequiredParams_Empty() throws Exception {\r
// TODO check: sending empty map is ok?\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(new HashMap<String, ParameterValue>());\r
+ l4Cl.checkPresenceOfRequiredParams(new HashMap<String, ParameterValue>());\r
}\r
\r
@Test\r
params.put(L4ClassifierDefinition.SRC_PORT_PARAM, pvSrcPort80);\r
params.put(L4ClassifierDefinition.DST_PORT_PARAM, pvDstPort80);\r
\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(params);\r
+ l4Cl.checkPresenceOfRequiredParams(params);\r
}\r
\r
@Test\r
params.put(L4ClassifierDefinition.SRC_PORT_RANGE_PARAM, pvSrcRange81_82);\r
params.put(L4ClassifierDefinition.DST_PORT_RANGE_PARAM, pvDstRange81_82);\r
\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(params);\r
+ l4Cl.checkPresenceOfRequiredParams(params);\r
}\r
\r
@Test\r
\r
thrown.expect(IllegalArgumentException.class);\r
thrown.expectMessage(L4Classifier.EXC_MSG_PARAM_VALUE_NOT_SPECIFIED);\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(params);\r
+ l4Cl.checkPresenceOfRequiredParams(params);\r
}\r
\r
@Test\r
\r
thrown.expect(IllegalArgumentException.class);\r
thrown.expectMessage(L4Classifier.EXC_MSG_PARAM_VALUE_NOT_SPECIFIED);\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(params);\r
+ l4Cl.checkPresenceOfRequiredParams(params);\r
}\r
\r
@Test\r
\r
thrown.expect(IllegalArgumentException.class);\r
thrown.expectMessage(L4Classifier.EXC_MSG_MUT_EXCLUSIVE_PARAMS);\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(params);\r
+ l4Cl.checkPresenceOfRequiredParams(params);\r
}\r
\r
@Test\r
\r
thrown.expect(IllegalArgumentException.class);\r
thrown.expectMessage(L4Classifier.EXC_MSG_RANGE_VALUE_MISMATCH);\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(params);\r
+ l4Cl.checkPresenceOfRequiredParams(params);\r
}\r
\r
@Test\r
public void testCheckPresenceOfRequiredParams_emptyParams() {\r
\r
- Classifier.L4_CL.checkPresenceOfRequiredParams(new HashMap<String, ParameterValue>());\r
+ l4Cl.checkPresenceOfRequiredParams(new HashMap<String, ParameterValue>());\r
}\r
\r
@Test\r
public void testGetParent() {\r
- assertEquals(Classifier.L4_CL.getParent(), Classifier.IP_PROTO_CL);\r
+ assertEquals(l4Cl.getParent(), SubjectFeatures.getClassifier(IpProtoClassifierDefinition.ID));\r
}\r
\r
}\r
Code Review / groupbasedpolicy.git / commitdiff