-
/*
* Copyright (c) 2013 Cisco Systems, Inc. and others. All rights reserved.
*
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
import javax.xml.bind.JAXBElement;
import org.codehaus.enunciate.jaxrs.ResponseCode;
import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
import org.opendaylight.controller.northbound.commons.RestMessages;
import org.opendaylight.controller.northbound.commons.exception.InternalServerErrorException;
+import org.opendaylight.controller.northbound.commons.exception.MethodNotAllowedException;
import org.opendaylight.controller.northbound.commons.exception.NotAcceptableException;
import org.opendaylight.controller.northbound.commons.exception.ResourceConflictException;
import org.opendaylight.controller.northbound.commons.exception.ResourceNotFoundException;
import org.opendaylight.controller.northbound.commons.exception.ServiceUnavailableException;
+import org.opendaylight.controller.northbound.commons.exception.UnauthorizedException;
+import org.opendaylight.controller.northbound.commons.utils.NorthboundUtils;
+import org.opendaylight.controller.sal.authorization.Privilege;
import org.opendaylight.controller.sal.core.Node;
import org.opendaylight.controller.sal.utils.GlobalConstants;
import org.opendaylight.controller.sal.utils.ServiceHelper;
/**
* Flow Configuration Northbound API
*
- * <br><br>
+ * <br>
+ * <br>
* Authentication scheme : <b>HTTP Basic</b><br>
* Authentication realm : <b>opendaylight</b><br>
* Transport : <b>HTTP and HTTPS</b><br>
* <br>
- * HTTPS Authentication is disabled by default. Administrator can enable it in tomcat-server.xml after adding
- * a proper keystore / SSL certificate from a trusted authority.<br>
- * More info : http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
+ * HTTPS Authentication is disabled by default. Administrator can enable it in
+ * tomcat-server.xml after adding a proper keystore / SSL certificate from a
+ * trusted authority.<br>
+ * More info :
+ * http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration
*
*/
@Path("/")
public class FlowProgrammerNorthbound {
+ private String username;
+
+ @Context
+ public void setSecurityContext(SecurityContext context) {
+ username = context.getUserPrincipal().getName();
+ }
+
+ protected String getUserName() {
+ return username;
+ }
+
private IForwardingRulesManager getForwardingRulesManagerService(
String containerName) {
IContainerManager containerManager = (IContainerManager) ServiceHelper
/**
* Returns a list of Flows configured on the given container
*
- * @param containerName Name of the Container. The Container name for the base controller is "default".
- * @return List of configured flows configured on a given container
+ * @param containerName
+ * Name of the Container (Eg. 'default')
+ * @return List of flows configured on a given container
+ *
+ * <pre>
+ *
+ * Example:
+ *
+ * RequestURL:
+ * http://localhost:8080/controller/nb/v2/flow/default
+ *
+ * Response in XML:
+ * <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+ * <list>
+ *    <flowConfig>
+ *       <installInHw>true</installInHw>
+ *       <name>flow1</name>
+ *       <node id="00:00:00:00:00:00:00:01" type="OF"/>
+ *       <ingressPort>1</ingressPort>
+ *       <priority>500</priority>
+ *       <etherType>0x800</etherType>
+ *       <nwSrc>9.9.1.1</nwSrc>
+ *       <actions>OUTPUT=2</actions>
+ *    </flowConfig>
+ * </list>
+ *
+ * Response in JSON:
+ * {"flowConfig":{"installInHw":"true","name":"flow1","node":{"@id":"00:00:00:00:00:00:00:01","@type":"OF"},
+ * "ingressPort":"1","priority":"500","etherType":"0x800","nwSrc":"9.9.1.1","actions":"OUTPUT=2"}}
+ *
+ * </pre>
*/
@Path("/{containerName}")
@GET
- @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+ @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@TypeHint(FlowConfigs.class)
- @StatusCodes( {
+ @StatusCodes({
@ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "User not authorized to perform this operation"),
@ResponseCode(code = 404, condition = "The containerName is not found"),
@ResponseCode(code = 503, condition = "One or more of Controller Services are unavailable") })
public FlowConfigs getStaticFlows(
@PathParam("containerName") String containerName) {
- List<FlowConfig> flowConfigs = getStaticFlowsInternal(containerName, null);
+ if (!NorthboundUtils.isAuthorized(
+ getUserName(), containerName, Privilege.READ, this)) {
+ throw new UnauthorizedException(
+ "User is not authorized to perform this operation on container "
+ + containerName);
+ }
+
+ List<FlowConfig> flowConfigs = getStaticFlowsInternal(containerName,
+ null);
return new FlowConfigs(flowConfigs);
}
/**
* Returns a list of Flows configured on a Node in a given container
*
- * @param containerName Name of the Container. The Container name
- * for the base controller is "default".
- * @param nodeType Type of the node being programmed
- * @param nodeId Node Identifier
- * @return List of configured flows configured on a Node in a container
+ * @param containerName
+ * Name of the Container (Eg. 'default')
+ * @param nodeType
+ * Type of the node being programmed (Eg. 'OF')
+ * @param nodeId
+ * Node Identifier (Eg. '00:00:00:00:00:00:00:01')
+ * @return List of flows configured on a Node in a container
+ *
+ * <pre>
+ *
+ * Example:
+ *
+ * RequestURL:
+ * http://localhost:8080/controller/nb/v2/flow/default/node/OF/00:00:00:00:00:00:00:01
+ *
+ * Response in XML:
+ * <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+ * <list>
+ *    <flowConfig>
+ *       <installInHw>true</installInHw>
+ *       <name>flow1</name>
+ *       <node id="00:00:00:00:00:00:00:01" type="OF"/>
+ *       <ingressPort>1</ingressPort>
+ *       <priority>500</priority>
+ *       <etherType>0x800</etherType>
+ *       <nwSrc>9.9.1.1</nwSrc>
+ *       <actions>OUTPUT=2</actions>
+ *    </flowConfig>
+ * </list>
+ *
+ * Response in JSON:
+ * {"flowConfig":{"installInHw":"true","name":"flow1","node":{"@id":"00:00:00:00:00:00:00:01","@type":"OF"},
+ * "ingressPort":"1","priority":"500","etherType":"0x800","nwSrc":"9.9.1.1","actions":"OUTPUT=2"}}
+ *
+ * </pre>
*/
- @Path("/{containerName}/{nodeType}/{nodeId}")
+ @Path("/{containerName}/node/{nodeType}/{nodeId}")
@GET
- @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+ @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@TypeHint(FlowConfigs.class)
- @StatusCodes( {
+ @StatusCodes({
@ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "User not authorized to perform this operation"),
@ResponseCode(code = 404, condition = "The containerName or nodeId is not found"),
@ResponseCode(code = 503, condition = "One or more of Controller Services are unavailable") })
public FlowConfigs getStaticFlows(
@PathParam("containerName") String containerName,
@PathParam("nodeType") String nodeType,
@PathParam("nodeId") String nodeId) {
+ if (!NorthboundUtils.isAuthorized(
+ getUserName(), containerName, Privilege.READ, this)) {
+ throw new UnauthorizedException(
+ "User is not authorized to perform this operation on container "
+ + containerName);
+ }
Node node = Node.fromString(nodeType, nodeId);
if (node == null) {
throw new ResourceNotFoundException(nodeId + " : "
}
/**
- * Returns the flow configuration matching a human-readable name and nodeId on a
- * given Container.
- *
- * @param containerName Name of the Container. The Container name
- * for the base controller is "default".
- * @param nodeType Type of the node being programmed
- * @param nodeId Node Identifier
- * @param name Human-readable name for the configured flow.
+ * Returns the flow configuration matching a human-readable name and nodeId
+ * on a given Container.
+ *
+ * @param containerName
+ * Name of the Container (Eg. 'default')
+ * @param nodeType
+ * Type of the node being programmed (Eg. 'OF')
+ * @param nodeId
+ * Node Identifier (Eg. '00:00:00:00:00:00:00:01')
+ * @param name
+ * Human-readable name for the configured flow (Eg. 'Flow1')
* @return Flow configuration matching the name and nodeId on a Container
+ *
+ * <pre>
+ *
+ * Example:
+ *
+ * RequestURL:
+ * http://localhost:8080/controller/nb/v2/flow/default/node/OF/00:00:00:00:00:00:00:01/static-flow/flow1
+ *
+ * Response in XML:
+ * <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+ * <flowConfig>
+ *    <installInHw>true</installInHw>
+ *    <name>flow1</name>
+ *    <node id="00:00:00:00:00:00:00:01" type="OF"/>
+ *    <ingressPort>1</ingressPort>
+ *    <priority>500</priority>
+ *    <etherType>0x800</etherType>
+ *    <nwSrc>9.9.1.1</nwSrc>
+ *    <actions>OUTPUT=2</actions>
+ * </flowConfig>
+ *
+ * Response in JSON:
+ * {"installInHw":"true","name":"flow1","node":{"@id":"00:00:00:00:00:00:00:01","@type":"OF"},
+ * "ingressPort":"1","priority":"500","etherType":"0x800","nwSrc":"9.9.1.1","actions":"OUTPUT=2"}
+ *
+ * </pre>
*/
- @Path("/{containerName}/{nodeType}/{nodeId}/{name}")
+ @Path("/{containerName}/node/{nodeType}/{nodeId}/static-flow/{name}")
@GET
- @Produces( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+ @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@TypeHint(FlowConfig.class)
- @StatusCodes( {
+ @StatusCodes({
@ResponseCode(code = 200, condition = "Operation successful"),
+ @ResponseCode(code = 401, condition = "User not authorized to perform this operation"),
@ResponseCode(code = 404, condition = "The containerName or NodeId or Configuration name is not found"),
@ResponseCode(code = 503, condition = "One or more of Controller Services are unavailable") })
public FlowConfig getStaticFlow(
@PathParam("containerName") String containerName,
@PathParam("nodeType") String nodeType,
- @PathParam("nodeId") String nodeId,
- @PathParam("name") String name) {
+ @PathParam("nodeId") String nodeId, @PathParam("name") String name) {
+ if (!NorthboundUtils.isAuthorized(
+ getUserName(), containerName, Privilege.READ, this)) {
+ throw new UnauthorizedException(
+ "User is not authorized to perform this operation on container "
+ + containerName);
+ }
IForwardingRulesManager frm = getForwardingRulesManagerService(containerName);
if (frm == null) {
/**
* Add a flow configuration
*
- * @param containerName Name of the Container. The Container name
- * for the base controller is "default".
- * @param nodeType Type of the node being programmed
- * @param nodeId Node Identifier
- * @param name Name of the Static Flow configuration
- * @param FlowConfig Flow Configuration in JSON or XML format
+ * @param containerName
+ * Name of the Container (Eg. 'default')
+ * @param nodeType
+ * Type of the node being programmed (Eg. 'OF')
+ * @param nodeId
+ * Node Identifier (Eg. '00:00:00:00:00:00:00:01')
+ * @param name
+ * Name of the Static Flow configuration (Eg. 'Flow2')
+ * @param FlowConfig
+ * Flow Configuration in JSON or XML format
* @return Response as dictated by the HTTP Response Status code
+ *
+ * <pre>
+ *
+ * Example:
+ *
+ * RequestURL:
+ * http://localhost:8080/controller/nb/v2/flow/default/node/OF/00:00:00:00:00:00:00:01/static-flow/flow1
+ *
+ * Request in XML:
+ * <flowConfig>
+ *    <installInHw>true</installInHw>
+ *    <name>flow1</name>
+ *    <node id="00:00:00:00:00:00:00:01" type="OF"/>
+ *    <ingressPort>1</ingressPort>
+ *    <priority>500</priority>
+ *    <etherType>0x800</etherType>
+ *    <nwSrc>9.9.1.1</nwSrc>
+ *    <actions>OUTPUT=2</actions>
+ * </flowConfig>
+ *
+ * Request in JSON:
+ * {"installInHw":"true","name":"flow1","node":{"@id":"00:00:00:00:00:00:00:01","@type":"OF"},
+ * "ingressPort":"1","priority":"500","etherType":"0x800","nwSrc":"9.9.1.1","actions":"OUTPUT=2"}
+ *
+ * </pre>
*/
- @Path("/{containerName}/{nodeType}/{nodeId}/{name}")
- @POST
- @Consumes( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
- @StatusCodes( {
+ @Path("/{containerName}/node/{nodeType}/{nodeId}/static-flow/{name}")
+ @PUT
+ @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+ @StatusCodes({
@ResponseCode(code = 201, condition = "Flow Config processed successfully"),
- @ResponseCode(code = 404, condition = "The Container Name or nodeId or configuration name is not found"),
+ @ResponseCode(code = 400, condition = "Failed to create Static Flow entry due to invalid flow configuration"),
+ @ResponseCode(code = 401, condition = "User not authorized to perform this operation"),
+ @ResponseCode(code = 404, condition = "The Container Name or nodeId is not found"),
@ResponseCode(code = 406, condition = "Cannot operate on Default Container when other Containers are active"),
- @ResponseCode(code = 409, condition = "Failed to create Static Flow entry due to Conflicting Name"),
+ @ResponseCode(code = 409, condition = "Failed to create Static Flow entry due to Conflicting Name or configuration"),
@ResponseCode(code = 500, condition = "Failed to create Static Flow entry. Failure Reason included in HTTP Error response"),
@ResponseCode(code = 503, condition = "One or more of Controller services are unavailable") })
public Response addFlow(
@PathParam(value = "nodeId") String nodeId,
@TypeHint(FlowConfig.class) JAXBElement<FlowConfig> flowConfig) {
+ if (!NorthboundUtils.isAuthorized(
+ getUserName(), containerName, Privilege.WRITE, this)) {
+ throw new UnauthorizedException(
+ "User is not authorized to perform this operation on container "
+ + containerName);
+ }
+ handleResourceCongruence(name, flowConfig.getValue().getName());
+ handleResourceCongruence(nodeId, flowConfig.getValue().getNode().getNodeIDString());
handleDefaultDisabled(containerName);
IForwardingRulesManager frm = getForwardingRulesManagerService(containerName);
+ RestMessages.RESOURCECONFLICT.toString());
}
- Status status = frm.addStaticFlow(flowConfig.getValue(), false);
+ Status status = frm.addStaticFlow(flowConfig.getValue());
+
if (status.isSuccess()) {
- return Response.status(Response.Status.CREATED).build();
+ NorthboundUtils.auditlog("Flow", username, "added", name, containerName);
+ return Response.status(Response.Status.CREATED).entity("Success").build();
}
- throw new InternalServerErrorException(status.getDescription());
+ return NorthboundUtils.getResponse(status);
}
/**
* Delete a Flow configuration
*
- * DELETE /flows/{containerName}/{nodeType}/{nodeId}/{name}
- *
- * @param containerName Name of the Container. The Container name
- * for the base controller is "default".
- * @param nodeType Type of the node being programmed
- * @param nodeId Node Identifier
- * @param name Name of the Static Flow configuration
+ * @param containerName
+ * Name of the Container (Eg. 'default')
+ * @param nodeType
+ * Type of the node being programmed (Eg. 'OF')
+ * @param nodeId
+ * Node Identifier (Eg. '00:00:00:00:00:00:00:01')
+ * @param name
+ * Name of the Static Flow configuration (Eg. 'Flow1')
* @return Response as dictated by the HTTP Response code
+ *
+ * <pre>
+ *
+ * Example:
+ *
+ * RequestURL:
+ * http://localhost:8080/controller/nb/v2/flow/default/node/OF/00:00:00:00:00:00:00:01/static-flow/flow1
+ *
+ * </pre>
*/
- @Path("/{containerName}/{nodeType}/{nodeId}/{name}")
+ @Path("/{containerName}/node/{nodeType}/{nodeId}/static-flow/{name}")
@DELETE
- @Consumes( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
- @StatusCodes( {
+ @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+ @StatusCodes({
@ResponseCode(code = 200, condition = "Flow Config deleted successfully"),
+ @ResponseCode(code = 401, condition = "User not authorized to perform this operation"),
@ResponseCode(code = 404, condition = "The Container Name or Node-id or Flow Name passed is not found"),
- @ResponseCode(code = 406, condition = "Cannot operate on Default Container when other Containers are active"),
+ @ResponseCode(code = 406, condition = "Failed to delete Flow config due to invalid operation. Failure details included in HTTP Error response"),
@ResponseCode(code = 500, condition = "Failed to delete Flow config. Failure Reason included in HTTP Error response"),
@ResponseCode(code = 503, condition = "One or more of Controller service is unavailable") })
public Response deleteFlow(
@PathParam("nodeType") String nodeType,
@PathParam(value = "nodeId") String nodeId) {
+ if (!NorthboundUtils.isAuthorized(
+ getUserName(), containerName, Privilege.WRITE, this)) {
+ throw new UnauthorizedException(
+ "User is not authorized to perform this operation on container "
+ + containerName);
+ }
handleDefaultDisabled(containerName);
IForwardingRulesManager frm = getForwardingRulesManagerService(containerName);
Status status = frm.removeStaticFlow(name, node);
if (status.isSuccess()) {
- return Response.ok().build();
+ NorthboundUtils.auditlog("Flow", username, "removed", name, containerName);
}
- throw new InternalServerErrorException(status.getDescription());
+ return NorthboundUtils.getResponse(status);
}
/**
* Toggle a Flow configuration
*
- * @param containerName Name of the Container. The Container name
- * for the base controller is "default".
- * @param nodeType Type of the node being programmed
- * @param nodeId Node Identifier
- * @param name Name of the Static Flow configuration
+ * @param containerName
+ * Name of the Container (Eg. 'default')
+ * @param nodeType
+ * Type of the node being programmed (Eg. 'OF')
+ * @param nodeId
+ * Node Identifier (Eg. '00:00:00:00:00:00:00:01')
+ * @param name
+ * Name of the Static Flow configuration (Eg. 'Flow1')
* @return Response as dictated by the HTTP Response code
+ *
+ * <pre>
+ *
+ * Example:
+ *
+ * RequestURL:
+ * http://localhost:8080/controller/nb/v2/flow/default/node/OF/00:00:00:00:00:00:00:01/static-flow/flow1
+ *
+ * </pre>
*/
-
- @Path("/{containerName}/{nodeType}/{nodeId}/{name}")
- @PUT
- @Consumes( { MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
- @StatusCodes( {
- @ResponseCode(code = 200, condition = "Flow Config deleted successfully"),
+ @Path("/{containerName}/node/{nodeType}/{nodeId}/static-flow/{name}")
+ @POST
+ @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+ @StatusCodes({
+ @ResponseCode(code = 200, condition = "Flow Config processed successfully"),
+ @ResponseCode(code = 401, condition = "User not authorized to perform this operation"),
@ResponseCode(code = 404, condition = "The Container Name or Node-id or Flow Name passed is not found"),
- @ResponseCode(code = 406, condition = "Cannot operate on Default Container when other Containers are active"),
+ @ResponseCode(code = 406, condition = "Failed to delete Flow config due to invalid operation. Failure details included in HTTP Error response"),
@ResponseCode(code = 500, condition = "Failed to delete Flow config. Failure Reason included in HTTP Error response"),
@ResponseCode(code = 503, condition = "One or more of Controller service is unavailable") })
public Response toggleFlow(
@PathParam(value = "nodeId") String nodeId,
@PathParam(value = "name") String name) {
+ if (!NorthboundUtils.isAuthorized(
+ getUserName(), containerName, Privilege.WRITE, this)) {
+ throw new UnauthorizedException(
+ "User is not authorized to perform this operation on container "
+ + containerName);
+ }
+
handleDefaultDisabled(containerName);
IForwardingRulesManager frm = getForwardingRulesManagerService(containerName);
Status status = frm.toggleStaticFlowStatus(staticFlow);
if (status.isSuccess()) {
- return Response.ok().build();
+ NorthboundUtils.auditlog("Flow", username, "toggled", name, containerName);
}
- throw new InternalServerErrorException(status.getDescription());
+ return NorthboundUtils.getResponse(status);
}
private Node handleNodeAvailability(String containerName, String nodeType,
- String nodeId) {
+ String nodeId) {
Node node = Node.fromString(nodeType, nodeId);
if (node == null) {
IContainerManager containerManager = (IContainerManager) ServiceHelper
.getGlobalInstance(IContainerManager.class, this);
if (containerManager == null) {
- throw new InternalServerErrorException(RestMessages.INTERNALERROR
- .toString());
+ throw new InternalServerErrorException(
+ RestMessages.INTERNALERROR.toString());
}
if (containerName.equals(GlobalConstants.DEFAULT.toString())
&& containerManager.hasNonDefaultContainer()) {
- throw new NotAcceptableException(RestMessages.DEFAULTDISABLED
- .toString());
+ throw new NotAcceptableException(
+ RestMessages.DEFAULTDISABLED.toString());
+ }
+ }
+
+ private void handleResourceCongruence(String resource, String configured) {
+ if (!resource.equals(configured)) {
+ throw new MethodNotAllowedException("Path's resource name conflicts with payload's resource name");
}
}