From 6fbc68b26a0b4f90c4890ba348f3ed045a356d6a Mon Sep 17 00:00:00 2001 From: David Goldberg Date: Fri, 24 Mar 2017 21:16:52 +0300 Subject: [PATCH] add acl support to unimgr Change-Id: Ia17c821c6664eaa3d0aea680eda3ad90ac0f530d Signed-off-by: David Goldberg --- legato-api/src/main/yang/mef-services.yang | 4 ++-- netvirt/pom.xml | 7 +++++- .../unimgr/mef/netvirt/EvcListener.java | 22 ++++++++++++++----- .../unimgr/mef/netvirt/IpvcListener.java | 15 +++++++++---- .../unimgr/mef/netvirt/NetvirtUtils.java | 15 +++++++++++++ 5 files changed, 50 insertions(+), 13 deletions(-) diff --git a/legato-api/src/main/yang/mef-services.yang b/legato-api/src/main/yang/mef-services.yang index 774cafe7..869fb24a 100644 --- a/legato-api/src/main/yang/mef-services.yang +++ b/legato-api/src/main/yang/mef-services.yang @@ -87,7 +87,7 @@ module mef-services { } } leaf-list security-groups { - type mef-types:identifier45; + type yang:uuid; description "The security group ID to associate with this interface."; } leaf port-security-enabled { @@ -692,7 +692,7 @@ module mef-services { } } leaf-list security-groups { - type mef-types:identifier45; + type yang:uuid; description "The security group ID to associate with this interface."; } leaf port-security-enabled { diff --git a/netvirt/pom.xml b/netvirt/pom.xml index 3cead70d..d819f5af 100644 --- a/netvirt/pom.xml +++ b/netvirt/pom.xml @@ -27,7 +27,7 @@ ODL :: unimgr :: ${project.artifactId} - + @@ -75,6 +75,11 @@ org.opendaylight.netvirt elanmanager-impl ${vpnservices.version} + + + org.opendaylight.netvirt + aclservice-api + ${vpnservices.version} org.opendaylight.genius diff --git a/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/EvcListener.java b/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/EvcListener.java index b2bc4af5..d2721816 100644 --- a/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/EvcListener.java +++ b/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/EvcListener.java @@ -16,6 +16,7 @@ import java.util.stream.Collectors; import org.opendaylight.controller.md.sal.binding.api.DataBroker; import org.opendaylight.controller.md.sal.binding.api.DataTreeIdentifier; import org.opendaylight.controller.md.sal.binding.api.DataTreeModification; +import org.opendaylight.controller.md.sal.binding.api.WriteTransaction; import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType; import org.opendaylight.unimgr.api.UnimgrDataTreeChangeListener; import org.opendaylight.yang.gen.v1.http.metroethernetforum.org.ns.yang.mef.services.rev150526.mef.services.MefService; @@ -105,7 +106,7 @@ public class EvcListener extends UnimgrDataTreeChangeListener implements IU @Override public void connectUni(String uniId) { List allEvcs = MefServicesUtils.getAllEvcsServiceIds(dataBroker); - allEvcs = (allEvcs != null) ? allEvcs : Collections.emptyList(); + allEvcs = allEvcs != null ? allEvcs : Collections.emptyList(); for (RetailSvcIdType evcSerId : allEvcs) { InstanceIdentifier evcId = MefServicesUtils.getEvcInstanceIdentifier(evcSerId); @@ -119,8 +120,8 @@ public class EvcListener extends UnimgrDataTreeChangeListener implements IU boolean isEtree = evc.getEvcType() == EvcType.RootedMultipoint; List toConnect = new ArrayList<>(); - List unis = (evc.getUnis() != null) ? evc.getUnis().getUni() : null; - unis = (unis != null) ? unis : Collections.emptyList(); + List unis = evc.getUnis() != null ? evc.getUnis().getUni() : null; + unis = unis != null ? unis : Collections.emptyList(); for (Uni uni : unis) { if (uni.getUniId().getValue().equals(uniId)) { Log.info("Connecting Uni {} to svc id {}", uniId, evcSerId); @@ -149,7 +150,7 @@ public class EvcListener extends UnimgrDataTreeChangeListener implements IU @Override public void disconnectUni(String uniId) { List allEvcs = MefServicesUtils.getAllEvcsServiceIds(dataBroker); - allEvcs = (allEvcs != null) ? allEvcs : Collections.emptyList(); + allEvcs = allEvcs != null ? allEvcs : Collections.emptyList(); for (RetailSvcIdType evcSerId : allEvcs) { InstanceIdentifier evcId = MefServicesUtils.getEvcInstanceIdentifier(evcSerId); @@ -161,8 +162,8 @@ public class EvcListener extends UnimgrDataTreeChangeListener implements IU String instanceName = evc.getEvcId().getValue(); List toDisconnect = new ArrayList<>(); - List unis = (evc.getUnis() != null) ? evc.getUnis().getUni() : null; - unis = (unis != null) ? unis : Collections.emptyList(); + List unis = evc.getUnis() != null ? evc.getUnis().getUni() : null; + unis = unis != null ? unis : Collections.emptyList(); for (Uni uni : unis) { if (uni.getUniId().getValue().equals(uniId)) { Log.info("Disconnecting Uni {} from svc id {}", uniId, evcSerId); @@ -316,6 +317,11 @@ public class EvcListener extends UnimgrDataTreeChangeListener implements IU log.info("Creting elan interface for elan {} vlan {} interface {}", instanceName, 0, interfaceName); NetvirtUtils.createElanInterface(dataBroker, instanceName, interfaceName, roleToInterfaceType(role), isEtree); + if (uni.isPortSecurityEnabled() && uni.getSecurityGroups() != null && !uni.getSecurityGroups().isEmpty()) { + WriteTransaction tx = dataBroker.newWriteOnlyTransaction(); + NetvirtUtils.addAclToInterface(interfaceName, uni.getSecurityGroups(), tx); + MdsalUtils.commitTransaction(tx); + } uniQosManager.mapUniPortBandwidthLimits(uni.getUniId().getValue(), interfaceName, uni.getIngressBwProfile()); setOperEvcElanPort(evcId, instanceName, interfaceName); @@ -337,6 +343,10 @@ public class EvcListener extends UnimgrDataTreeChangeListener implements IU log.info("Creting elan interface for elan {} vlan {} interface {}", instanceName, 0, interfaceName); NetvirtUtils.createElanInterface(dataBroker, instanceName, interfaceName, roleToInterfaceType(role), isEtree); + if (uni.isPortSecurityEnabled() && uni.getSecurityGroups() != null && !uni.getSecurityGroups().isEmpty()) { + WriteTransaction tx = dataBroker.newWriteOnlyTransaction(); + NetvirtUtils.addAclToInterface(interfaceName, uni.getSecurityGroups(), tx); + MdsalUtils.commitTransaction(tx); } uniQosManager.mapUniPortBandwidthLimits(uni.getUniId().getValue(), interfaceName, uni.getIngressBwProfile()); setOperEvcElanPort(evcId, instanceName, interfaceName); diff --git a/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/IpvcListener.java b/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/IpvcListener.java index 244f5a23..a0aea4d1 100644 --- a/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/IpvcListener.java +++ b/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/IpvcListener.java @@ -63,7 +63,7 @@ public class IpvcListener extends UnimgrDataTreeChangeListener implements private ListenerRegistration ipvcListenerRegistration; @SuppressWarnings("unused") private final UniAwareListener uniAwareListener; - private OdlInterfaceRpcService odlInterfaceRpcService; + private final OdlInterfaceRpcService odlInterfaceRpcService; private final SouthboundUtils southBoundUtils; private final org.opendaylight.ovsdb.utils.mdsal.utils.MdsalUtils mdsalUtils; private final NotificationPublishService notificationPublishService; @@ -71,7 +71,7 @@ public class IpvcListener extends UnimgrDataTreeChangeListener implements private static final String LOCAL_IP = "local_ip"; // TODO: make it as service - private ConcurrentHashMap portToDpn; + private final ConcurrentHashMap portToDpn; public IpvcListener(final DataBroker dataBroker, final IUniPortManager uniPortManager, final ISubnetManager subnetManager, final UniQosManager uniQosManager, @@ -395,6 +395,11 @@ public class IpvcListener extends UnimgrDataTreeChangeListener implements uni.getMacAddress(), tx); MefServicesUtils.addOperIpvcVpnElan(ipvcId, vpnName, uniInService.getUniId(), uniInService.getIpUniId(), elanName, interfaceName, null, tx); + + if (uniInService.isPortSecurityEnabled() && uniInService.getSecurityGroups() != null && !uniInService.getSecurityGroups().isEmpty()) { + NetvirtUtils.addAclToInterface(interfaceName, uniInService.getSecurityGroups(), tx); + } + MdsalUtils.commitTransaction(tx); } } @@ -477,11 +482,13 @@ public class IpvcListener extends UnimgrDataTreeChangeListener implements private void waitForInterfaceDpnClean(String vpnName, String rd, String interfaceName) { InstanceIdentifier vpnId = NetvirtVpnUtils.getVpnInstanceOpDataIdentifier(rd); DataWaitGetter getInterfByName = (vpn) -> { - if (vpn.getVpnToDpnList() == null) + if (vpn.getVpnToDpnList() == null) { return null; + } for (VpnToDpnList is : vpn.getVpnToDpnList()) { - if (is.getVpnInterfaces() == null) + if (is.getVpnInterfaces() == null) { continue; + } for (VpnInterfaces i : is.getVpnInterfaces()) { if (i.getInterfaceName().equals(interfaceName)) { Log.info("Waiting for deletion vpn interface from vpn to dpn list vpn : {} interface: {}", diff --git a/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/NetvirtUtils.java b/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/NetvirtUtils.java index 61f8fed7..6b8948d6 100644 --- a/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/NetvirtUtils.java +++ b/netvirt/src/main/java/org/opendaylight/unimgr/mef/netvirt/NetvirtUtils.java @@ -9,6 +9,7 @@ package org.opendaylight.unimgr.mef.netvirt; import java.math.BigInteger; +import java.util.Collections; import java.util.List; import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; @@ -29,6 +30,7 @@ import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces. import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.IfL2vlan; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.IfL2vlanBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.ParentRefs; @@ -46,6 +48,8 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_poo import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_pool.rev161214.dhcp_allocation_pool.network.AllocationPool; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_pool.rev161214.dhcp_allocation_pool.network.AllocationPoolBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_pool.rev161214.dhcp_allocation_pool.network.AllocationPoolKey; +import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAclBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.etree.rev160614.EtreeInstance; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.etree.rev160614.EtreeInstanceBuilder; import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.etree.rev160614.EtreeInterface; @@ -167,6 +171,17 @@ public class NetvirtUtils { return interfaceBuilder.build(); } + public static void addAclToInterface(String interfaceName, List securityGroups, WriteTransaction tx) { + InterfaceBuilder interfaceBuilder = new InterfaceBuilder(); + interfaceBuilder.setName(interfaceName); + InterfaceAclBuilder interfaceAclBuilder = new InterfaceAclBuilder(); + interfaceAclBuilder.setPortSecurityEnabled(true); + interfaceAclBuilder.setSecurityGroups(securityGroups); + interfaceAclBuilder.setAllowedAddressPairs(Collections.emptyList()); + interfaceBuilder.addAugmentation(InterfaceAcl.class, interfaceAclBuilder.build()); + tx.merge(LogicalDatastoreType.CONFIGURATION, getInterfaceIdentifier(interfaceName), interfaceBuilder.build()); + } + private static ElanInstanceBuilder createElanInstanceBuilder(String instanceName) { return createElanInstanceBuilder(instanceName, Long.valueOf(Math.abs((short) instanceName.hashCode()))); } -- 2.36.6