--- /dev/null
+/*
+ * Copyright (C) 2014 Red Hat, Inc.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v1.0 which accompanies this distribution,
+ * and is available at http://www.eclipse.org/legal/epl-v10.html
+ */
+
+package org.opendaylight.controller.networkconfig.neutron.northbound;
+
+
+import org.codehaus.enunciate.jaxrs.ResponseCode;
+import org.codehaus.enunciate.jaxrs.StatusCodes;
+import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallPolicyCRUD;
+import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallRuleAware;
+import org.opendaylight.controller.networkconfig.neutron.INeutronFirewallRuleCRUD;
+import org.opendaylight.controller.networkconfig.neutron.NeutronCRUDInterfaces;
+import org.opendaylight.controller.networkconfig.neutron.NeutronFirewallRule;
+import org.opendaylight.controller.northbound.commons.RestMessages;
+import org.opendaylight.controller.northbound.commons.exception.BadRequestException;
+import org.opendaylight.controller.northbound.commons.exception.ResourceNotFoundException;
+import org.opendaylight.controller.northbound.commons.exception.ServiceUnavailableException;
+import org.opendaylight.controller.sal.utils.ServiceHelper;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * Neutron Northbound REST APIs for Firewall Rule.<br>
+ * This class provides REST APIs for managing neutron Firewall Rule
+ *
+ * <br>
+ * <br>
+ * Authentication scheme : <b>HTTP Basic</b><br>
+ * Authentication realm : <b>opendaylight</b><br>
+ * Transport : <b>HTTP and HTTPS</b><br>
+ * <br>
+ * HTTPS Authentication is disabled by default. Administrator can enable it in
+ * tomcat-server.xml after adding a proper keystore / SSL certificate from a
+ * trusted authority.<br>
+ * More info :
+ * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
+ */
+
+@Path("fw/firewalls_rules")
+public class NeutronFirewallRulesNorthbound {
+
+ private NeutronFirewallRule extractFields(NeutronFirewallRule o, List<String> fields) {
+ return o.extractFields(fields);
+ }
+
+ /**
+ * Returns a list of all Firewall Rules
+ */
+ @GET
+ @Produces({MediaType.APPLICATION_JSON})
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 501, condition = "Not Implemented")})
+ public Response listRules(
+ // return fields
+ @QueryParam("fields") List<String> fields,
+ // OpenStack firewall rule attributes
+ @QueryParam("id") String queryFirewallRuleUUID,
+ @QueryParam("tenant_id") String queryFirewallRuleTenantID,
+ @QueryParam("name") String queryFirewallRuleName,
+ @QueryParam("description") String queryFirewallRuleDescription,
+ @QueryParam("admin_state_up") Boolean queryFirewallRuleAdminStateIsUp,
+ @QueryParam("status") String queryFirewallRuleStatus,
+ @QueryParam("shared") Boolean queryFirewallRuleIsShared,
+ @QueryParam("firewall_policy_id") String queryFirewallRulePolicyID,
+ @QueryParam("protocol") String queryFirewallRuleProtocol,
+ @QueryParam("ip_version") Integer queryFirewallRuleIpVer,
+ @QueryParam("source_ip_address") String queryFirewallRuleSrcIpAddr,
+ @QueryParam("destination_ip_address") String queryFirewallRuleDstIpAddr,
+ @QueryParam("source_port") Integer queryFirewallRuleSrcPort,
+ @QueryParam("destination_port") Integer queryFirewallRuleDstPort,
+ @QueryParam("position") Integer queryFirewallRulePosition,
+ @QueryParam("action") String queryFirewallRuleAction,
+ @QueryParam("enabled") Boolean queryFirewallRuleIsEnabled,
+ // pagination
+ @QueryParam("limit") String limit,
+ @QueryParam("marker") String marker,
+ @QueryParam("page_reverse") String pageReverse
+ // sorting not supported
+ ) {
+ INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
+ if (firewallRuleInterface == null) {
+ throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ List<NeutronFirewallRule> allFirewallRules = firewallRuleInterface.getAllNeutronFirewallRules();
+ List<NeutronFirewallRule> ans = new ArrayList<NeutronFirewallRule>();
+ Iterator<NeutronFirewallRule> i = allFirewallRules.iterator();
+ while (i.hasNext()) {
+ NeutronFirewallRule nsr = i.next();
+ if ((queryFirewallRuleUUID == null ||
+ queryFirewallRuleUUID.equals(nsr.getFirewallRuleUUID())) &&
+ (queryFirewallRuleTenantID == null ||
+ queryFirewallRuleTenantID.equals(nsr.getFirewallRuleTenantID())) &&
+ (queryFirewallRuleName == null ||
+ queryFirewallRuleName.equals(nsr.getFirewallRuleName())) &&
+ (queryFirewallRuleDescription == null ||
+ queryFirewallRuleDescription.equals(nsr.getFirewallRuleDescription())) &&
+ (queryFirewallRuleAdminStateIsUp == null ||
+ queryFirewallRuleAdminStateIsUp.equals(nsr.getFirewallRuleAdminStateIsUp())) &&
+ (queryFirewallRuleStatus == null ||
+ queryFirewallRuleStatus.equals(nsr.getFirewallRuleStatus())) &&
+ (queryFirewallRuleIsShared == null ||
+ queryFirewallRuleIsShared.equals(nsr.getFirewallRuleIsShared())) &&
+ (queryFirewallRulePolicyID == null ||
+ queryFirewallRulePolicyID.equals(nsr.getFirewallRulePolicyID())) &&
+ (queryFirewallRuleProtocol == null ||
+ queryFirewallRuleProtocol.equals(nsr.getFirewallRuleProtocol())) &&
+ (queryFirewallRuleIpVer == null ||
+ queryFirewallRuleIpVer.equals(nsr.getFirewallRuleIpVer())) &&
+ (queryFirewallRuleSrcIpAddr == null ||
+ queryFirewallRuleSrcIpAddr.equals(nsr.getFirewallRuleSrcIpAddr())) &&
+ (queryFirewallRuleDstIpAddr == null ||
+ queryFirewallRuleDstIpAddr.equals(nsr.getFirewallRuleDstIpAddr())) &&
+ (queryFirewallRuleSrcPort == null ||
+ queryFirewallRuleSrcPort.equals(nsr.getFirewallRuleSrcPort())) &&
+ (queryFirewallRuleDstPort == null ||
+ queryFirewallRuleDstPort.equals(nsr.getFirewallRuleDstPort())) &&
+ (queryFirewallRulePosition == null ||
+ queryFirewallRulePosition.equals(nsr.getFirewallRulePosition())) &&
+ (queryFirewallRuleAction == null ||
+ queryFirewallRuleAction.equals(nsr.getFirewallRuleAction())) &&
+ (queryFirewallRuleIsEnabled == null ||
+ queryFirewallRuleIsEnabled.equals(nsr.getFirewallRuleIsEnabled()))) {
+ if (fields.size() > 0) {
+ ans.add(extractFields(nsr, fields));
+ } else {
+ ans.add(nsr);
+ }
+ }
+ }
+ //TODO: apply pagination to results
+ return Response.status(200).entity(
+ new NeutronFirewallRuleRequest(ans)).build();
+ }
+
+ /**
+ * Returns a specific Firewall Rule
+ */
+
+ @Path("{firewallRuleUUID}")
+ @GET
+ @Produces({MediaType.APPLICATION_JSON})
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 501, condition = "Not Implemented")})
+ public Response showFirewallRule(@PathParam("firewallRuleUUID") String firewallRuleUUID,
+ // return fields
+ @QueryParam("fields") List<String> fields) {
+ INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
+ if (firewallRuleInterface == null) {
+ throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
+ throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
+ }
+ if (fields.size() > 0) {
+ NeutronFirewallRule ans = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
+ return Response.status(200).entity(
+ new NeutronFirewallRuleRequest(extractFields(ans, fields))).build();
+ } else {
+ return Response.status(200)
+ .entity(new NeutronFirewallRuleRequest(
+ firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID)))
+ .build();
+ }
+ }
+
+ /**
+ * Creates new Firewall Rule
+ */
+
+ @POST
+ @Produces({MediaType.APPLICATION_JSON})
+ @Consumes({MediaType.APPLICATION_JSON})
+ @StatusCodes({
+ @ResponseCode(code = 201, condition = "Created"),
+ @ResponseCode(code = 400, condition = "Bad Request"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 403, condition = "Forbidden"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 409, condition = "Conflict"),
+ @ResponseCode(code = 501, condition = "Not Implemented")})
+ public Response createFirewallRules(final NeutronFirewallRuleRequest input) {
+ INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
+ if (firewallRuleInterface == null) {
+ throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ INeutronFirewallPolicyCRUD firewallPolicyInterface = NeutronCRUDInterfaces.getINeutronFirewallPolicyCRUD(this);
+ if (firewallPolicyInterface == null) {
+ throw new ServiceUnavailableException("Firewall Policy CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+
+ if (input.isSingleton()) {
+ NeutronFirewallRule singleton = input.getSingleton();
+ if (firewallRuleInterface.neutronFirewallRuleExists(singleton.getFirewallRuleUUID())) {
+ throw new BadRequestException("Firewall Rule UUID already exists");
+ }
+ firewallRuleInterface.addNeutronFirewallRule(singleton);
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ int status = service.canCreateNeutronFirewallRule(singleton);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+ // add rule to cache
+ singleton.initDefaults();
+ firewallRuleInterface.addNeutronFirewallRule(singleton);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ service.neutronFirewallRuleCreated(singleton);
+ }
+ }
+ } else {
+ List<NeutronFirewallRule> bulk = input.getBulk();
+ Iterator<NeutronFirewallRule> i = bulk.iterator();
+ HashMap<String, NeutronFirewallRule> testMap = new HashMap<String, NeutronFirewallRule>();
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
+ while (i.hasNext()) {
+ NeutronFirewallRule test = i.next();
+
+ /*
+ * Verify that the Firewall rule doesn't already exist
+ */
+
+ if (firewallRuleInterface.neutronFirewallRuleExists(test.getFirewallRuleUUID())) {
+ throw new BadRequestException("Firewall Rule UUID already exists");
+ }
+ if (testMap.containsKey(test.getFirewallRuleUUID())) {
+ throw new BadRequestException("Firewall Rule UUID already exists");
+ }
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ int status = service.canCreateNeutronFirewallRule(test);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+ }
+ /*
+ * now, each element of the bulk request can be added to the cache
+ */
+ i = bulk.iterator();
+ while (i.hasNext()) {
+ NeutronFirewallRule test = i.next();
+ firewallRuleInterface.addNeutronFirewallRule(test);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ service.neutronFirewallRuleCreated(test);
+ }
+ }
+ }
+ }
+ return Response.status(201).entity(input).build();
+ }
+
+ /**
+ * Updates a Firewall Rule
+ */
+ @Path("{firewallRuleUUID}")
+ @PUT
+ @Produces({MediaType.APPLICATION_JSON})
+ @Consumes({MediaType.APPLICATION_JSON})
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 400, condition = "Bad Request"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 403, condition = "Forbidden"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 501, condition = "Not Implemented")})
+ public Response updateFirewallRule(
+ @PathParam("firewallRuleUUID") String firewallRuleUUID, final NeutronFirewallRuleRequest input) {
+ INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
+ if (firewallRuleInterface == null) {
+ throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+ /*
+ * verify the Firewall Rule exists
+ */
+ if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
+ throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
+ }
+ if (!input.isSingleton()) {
+ throw new BadRequestException("Only singleton edit supported");
+ }
+ NeutronFirewallRule delta = input.getSingleton();
+ NeutronFirewallRule original = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
+
+ /*
+ * updates restricted by Neutron
+ *
+ */
+ if (delta.getFirewallRuleUUID() != null ||
+ delta.getFirewallRuleTenantID() != null ||
+ delta.getFirewallRuleName() != null ||
+ delta.getFirewallRuleDescription() != null ||
+ delta.getFirewallRuleAdminStateIsUp() != null ||
+ delta.getFirewallRuleStatus() != null ||
+ delta.getFirewallRuleIsShared() != null ||
+ delta.getFirewallRulePolicyID() != null ||
+ delta.getFirewallRuleProtocol() != null ||
+ delta.getFirewallRuleIpVer() != null ||
+ delta.getFirewallRuleSrcIpAddr() != null ||
+ delta.getFirewallRuleDstIpAddr() != null ||
+ delta.getFirewallRuleSrcPort() != null ||
+ delta.getFirewallRuleDstPort() != null ||
+ delta.getFirewallRulePosition() != null ||
+ delta.getFirewallRuleAction() != null ||
+ delta.getFirewallRuleIsEnabled() != null) {
+ throw new BadRequestException("Attribute edit blocked by Neutron");
+ }
+
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ int status = service.canUpdateNeutronFirewallRule(delta, original);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+
+ /*
+ * update the object and return it
+ */
+ firewallRuleInterface.updateNeutronFirewallRule(firewallRuleUUID, delta);
+ NeutronFirewallRule updatedFirewallRule = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ service.neutronFirewallRuleUpdated(updatedFirewallRule);
+ }
+ }
+ return Response.status(200)
+ .entity(new NeutronFirewallRuleRequest(firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID)))
+ .build();
+ }
+
+ /**
+ * Deletes a Firewall Rule
+ */
+
+ @Path("{firewallRuleUUID}")
+ @DELETE
+ @StatusCodes({
+ @ResponseCode(code = 204, condition = "No Content"),
+ @ResponseCode(code = 401, condition = "Unauthorized"),
+ @ResponseCode(code = 404, condition = "Not Found"),
+ @ResponseCode(code = 409, condition = "Conflict"),
+ @ResponseCode(code = 501, condition = "Not Implemented")})
+ public Response deleteFirewallRule(
+ @PathParam("firewallRuleUUID") String firewallRuleUUID) {
+ INeutronFirewallRuleCRUD firewallRuleInterface = NeutronCRUDInterfaces.getINeutronFirewallRuleCRUD(this);
+ if (firewallRuleInterface == null) {
+ throw new ServiceUnavailableException("Firewall Rule CRUD Interface "
+ + RestMessages.SERVICEUNAVAILABLE.toString());
+ }
+
+ /*
+ * verify the Firewall Rule exists and it isn't currently in use
+ */
+ if (!firewallRuleInterface.neutronFirewallRuleExists(firewallRuleUUID)) {
+ throw new ResourceNotFoundException("Firewall Rule UUID does not exist.");
+ }
+ if (firewallRuleInterface.neutronFirewallRuleInUse(firewallRuleUUID)) {
+ return Response.status(409).build();
+ }
+ NeutronFirewallRule singleton = firewallRuleInterface.getNeutronFirewallRule(firewallRuleUUID);
+ Object[] instances = ServiceHelper.getGlobalInstances(INeutronFirewallRuleAware.class, this, null);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ int status = service.canDeleteNeutronFirewallRule(singleton);
+ if (status < 200 || status > 299) {
+ return Response.status(status).build();
+ }
+ }
+ }
+
+ /*
+ * remove it and return 204 status
+ */
+ firewallRuleInterface.removeNeutronFirewallRule(firewallRuleUUID);
+ if (instances != null) {
+ for (Object instance : instances) {
+ INeutronFirewallRuleAware service = (INeutronFirewallRuleAware) instance;
+ service.neutronFirewallRuleDeleted(singleton);
+ }
+ }
+ return Response.status(204).build();
+ }
+}