--- /dev/null
+/*
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.controller.networkconfig.neutron.northbound;
+
+
+import org.codehaus.enunciate.jaxrs.ResponseCode;
+import org.codehaus.enunciate.jaxrs.StatusCodes;
+import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyAware;
+import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyCRUD;
+import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
+import org.opendaylight.controller.networkconfig.neutron.NeutronFirewallPolicy;
+import org.opendaylight.controller.northbound.commons.RestMessages;
+import org.opendaylight.controller.northbound.commons.exception.BadRequestException;
+import org.opendaylight.controller.northbound.commons.exception.ResourceNotFoundException;
+import org.opendaylight.controller.northbound.commons.exception.ServiceUnavailableException;
+import org.opendaylight.controller.sal.utils.ServiceHelper;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * Neutron Northbound REST APIs for Firewall Policies.<br>
+ * This class provides REST APIs for managing neutron Firewall Policies
+ *
+ * <br>
+ * <br>
+ * Authentication scheme : <b>HTTP Basic</b><br>
+ * Authentication realm : <b>opendaylight</b><br>
+ * Transport : <b>HTTP and HTTPS</b><br>
+ * <br>
+ * HTTPS Authentication is disabled by default. Administrator can enable it in
+ * tomcat-server.xml after adding a proper keystore / SSL certificate from a
+ * trusted authority.<br>
+ * More info :
+ * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
+ *
+ */
+@Path("/fw/firewalls_policies")
+public class NeutronFirewallPolicyNorthbound {
+
+ private NeutronFirewallPolicy extractFields(NeutronFirewallPolicy o, List<String> fields) {
+ return o.extractFields(fields);
+ }
+
+ /**
+ * Returns a list of all Firewall Policies */
+ @GET
+ @Produces({ MediaType.APPLICATION_JSON })
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 501, condition = "Not Implemented") })
+
+ public Response listGroups(
+ // return fields
+ @QueryParam("fields") List<String> fields,
+ // OpenStack Firewall Policy attributes
+ @QueryParam("id") String queryFirewallPolicyUUID,
+ @QueryParam("tenant_id") String queryFirewallPolicyTenantID,
+ @QueryParam("name") String queryFirewallPolicyName,
+ @QueryParam("description") String querySecurityPolicyDescription,
+ @QueryParam("shared") String querySecurityPolicyIsShared,
+ @QueryParam("firewall_rules") List<String> querySecurityPolicyFirewallRules,
+ @QueryParam("audited") Boolean querySecurityPolicyIsAudited,
+ // pagination
+ @QueryParam("limit") String limit,
+ @QueryParam("marker") String marker,
+ @QueryParam("page_reverse") String pageReverse
+ // sorting not supported
+ ) {
+ INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
+
+ if (firewallPolicyInterface == null) {
+ throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ List<NeutronFirewallPolicy> allFirewallPolicies = firewallPolicyInterface.getAllNeutronFirewallPolicies();
+ List<NeutronFirewallPolicy> ans = new ArrayList<NeutronFirewallPolicy>();
+ Iterator<NeutronFirewallPolicy> i = allFirewallPolicies.iterator();
+ while (i.hasNext()) {
+ NeutronFirewallPolicy nsg = i.next();
+ if ((queryFirewallPolicyUUID == null ||
+ queryFirewallPolicyUUID.equals(nsg.getFirewallPolicyUUID())) &&
+ (queryFirewallPolicyTenantID == null ||
+ queryFirewallPolicyTenantID.equals(nsg.getFirewallPolicyTenantID())) &&
+ (queryFirewallPolicyName == null ||
+ queryFirewallPolicyName.equals(nsg.getFirewallPolicyName())) &&
+ (querySecurityPolicyDescription == null ||
+ querySecurityPolicyDescription.equals(nsg.getFirewallPolicyDescription())) &&
+ (querySecurityPolicyIsShared == null ||
+ querySecurityPolicyIsShared.equals(nsg.getFirewallPolicyIsShared())) &&
+ (querySecurityPolicyFirewallRules.size() == 0 ||
+ querySecurityPolicyFirewallRules.equals(nsg.getFirewallPolicyRules())) &&
+ (querySecurityPolicyIsAudited == null ||
+ querySecurityPolicyIsAudited.equals(nsg.getFirewallPolicyIsAudited()))) {
+ if (fields.size() > 0) {
+ ans.add(extractFields(nsg,fields));
+ } else {
+ ans.add(nsg);
+ }
+ }
+ } // ans.add((NeutronFirewallPolicy) rules);
+ //TODO: apply pagination to results
+ return Response.status(200).entity(
+ new NeutronFirewallPolicyRequest(ans)).build();
+ }
+
+ /**
+ * Returns a specific Firewall Policy */
+
+ @Path("{firewallPolicyUUID}")
+ @GET
+ @Produces({ MediaType.APPLICATION_JSON })
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 501, condition = "Not Implemented") })
+ public Response showFirewallPolicy(@PathParam("firewallPolicyUUID") String firewallPolicyUUID,
+ // return fields
+ @QueryParam("fields") List<String> fields) {
+ INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
+ if (firewallPolicyInterface == null) {
+ throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
+ throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
+ }
+ if (fields.size() > 0) {
+ NeutronFirewallPolicy ans = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
+ return Response.status(200).entity(
+ new NeutronFirewallPolicyRequest(extractFields(ans, fields))).build();
+ } else {
+ return Response.status(200).entity(new NeutronFirewallPolicyRequest(firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID))).build();
+ }
+ }
+
+ /**
+ * Creates new Firewall Policy
+ * */
+ @POST
+ @Produces({ MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_JSON })
+ @StatusCodes({
+ @ResponseCode(code = 201, condition = "Created"),
+ @ResponseCode(code = 400, condition = "Bad Request"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 403, condition = "Forbidden"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 409, condition = "Conflict"),
+ @ResponseCode(code = 501, condition = "Not Implemented") })
+ public Response createFirewallPolicies(final NeutronFirewallPolicyRequest input) {
+ INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
+ if (firewallPolicyInterface == null) {
+ throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ if (input.isSingleton()) {
+ NeutronFirewallPolicy singleton = input.getSingleton();
+
+ /*
+ * Verify that the Firewall Policy doesn't already exist.
+ */
+ if (firewallPolicyInterface.neutronFirewallPolicyExists(singleton.getFirewallPolicyUUID())) {
+ throw new BadRequestException("Firewall Policy UUID already exists");
+ }
+ firewallPolicyInterface.addNeutronFirewallPolicy(singleton);
+
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ int status = service.canCreateNeutronFirewallPolicy(singleton);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+ firewallPolicyInterface.addNeutronFirewallPolicy(singleton);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ service.neutronFirewallPolicyCreated(singleton);
+ }
+ }
+ } else {
+ List<NeutronFirewallPolicy> bulk = input.getBulk();
+ Iterator<NeutronFirewallPolicy> i = bulk.iterator();
+ HashMap<String, NeutronFirewallPolicy> testMap = new HashMap<String, NeutronFirewallPolicy>();
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
+ while (i.hasNext()) {
+ NeutronFirewallPolicy test = i.next();
+
+ /*
+ * Verify that the firewall policy doesn't already exist
+ */
+
+ if (firewallPolicyInterface.neutronFirewallPolicyExists(test.getFirewallPolicyUUID())) {
+ throw new BadRequestException("Firewall Policy UUID already is already created");
+ }
+ if (testMap.containsKey(test.getFirewallPolicyUUID())) {
+ throw new BadRequestException("Firewall Policy UUID already exists");
+ }
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ int status = service.canCreateNeutronFirewallPolicy(test);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+ }
+ /*
+ * now, each element of the bulk request can be added to the cache
+ */
+ i = bulk.iterator();
+ while (i.hasNext()) {
+ NeutronFirewallPolicy test = i.next();
+ firewallPolicyInterface.addNeutronFirewallPolicy(test);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ service.neutronFirewallPolicyCreated(test);
+ }
+ }
+ }
+ }
+ return Response.status(201).entity(input).build();
+ }
+
+ /**
+ * Updates a Firewall Policy
+ */
+ @Path("{firewallPolicyUUID}")
+ @PUT
+ @Produces({ MediaType.APPLICATION_JSON })
+ @Consumes({ MediaType.APPLICATION_JSON })
+ //@TypeHint(OpenStackSubnets.class)
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 400, condition = "Bad Request"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 403, condition = "Forbidden"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 501, condition = "Not Implemented") })
+ public Response updateFirewallPolicy(
+ @PathParam("firewallPolicyUUID") String firewallPolicyUUID, final NeutronFirewallPolicyRequest input) {
+ INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
+ if (firewallPolicyInterface == null) {
+ throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+
+ /*
+ * verify the Firewall Policy exists and there is only one delta provided
+ */
+ if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
+ throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
+ }
+ if (!input.isSingleton()) {
+ throw new BadRequestException("Only singleton edit supported");
+ }
+ NeutronFirewallPolicy delta = input.getSingleton();
+ NeutronFirewallPolicy original = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
+
+ /*
+ * updates restricted by Neutron
+ */
+ if (delta.getFirewallPolicyUUID() != null ||
+ delta.getFirewallPolicyTenantID() != null ||
+ delta.getFirewallPolicyName() != null ||
+ delta.getFirewallPolicyDescription() != null ||
+ delta.getFirewallPolicyIsShared() != null ||
+ delta.getFirewallPolicyRules().size() > 0 ||
+ delta.getFirewallPolicyIsAudited() != null) {
+ throw new BadRequestException("Attribute edit blocked by Neutron");
+ }
+
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ int status = service.canUpdateNeutronFirewallPolicy(delta, original);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+
+ /*
+ * update the object and return it
+ */
+ firewallPolicyInterface.updateNeutronFirewallPolicy(firewallPolicyUUID, delta);
+ NeutronFirewallPolicy updatedFirewallPolicy = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ service.neutronFirewallPolicyUpdated(updatedFirewallPolicy);
+ }
+ }
+ return Response.status(200).entity(new NeutronFirewallPolicyRequest(firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID))).build();
+ }
+
+ /**
+ * Deletes a Firewall Policy */
+
+ @Path("{firewallPolicyUUID}")
+ @DELETE
+ @StatusCodes({
+ @ResponseCode(code = 204, condition = "No Content"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 409, condition = "Conflict"),
+ @ResponseCode(code = 501, condition = "Not Implemented") })
+ public Response deleteFirewallPolicy(
+ @PathParam("firewallPolicyUUID") String firewallPolicyUUID) {
+ INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
+ if (firewallPolicyInterface == null) {
+ throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+
+ /*
+ * verify the Firewall Policy exists and it isn't currently in use
+ */
+ if (!firewallPolicyInterface.neutronFirewallPolicyExists(firewallPolicyUUID)) {
+ throw new ResourceNotFoundException("Firewall Policy UUID does not exist.");
+ }
+ if (firewallPolicyInterface.neutronFirewallPolicyInUse(firewallPolicyUUID)) {
+ return Response.status(409).build();
+ }
+ NeutronFirewallPolicy singleton = firewallPolicyInterface.getNeutronFirewallPolicy(firewallPolicyUUID);
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallPolicyAware.class, this, null);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ int status = service.canDeleteNeutronFirewallPolicy(singleton);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+
+ firewallPolicyInterface.removeNeutronFirewallPolicy(firewallPolicyUUID);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallPolicyAware service = (INeutronFirewallPolicyAware) instance;
+ service.neutronFirewallPolicyDeleted(singleton);
+ }
+ }
+ return Response.status(204).build();
+ }
+}