}
}
leaf-list security-groups {
- type mef-types:identifier45;
+ type yang:uuid;
description "The security group ID to associate with this interface.";
}
leaf port-security-enabled {
}
}
leaf-list security-groups {
- type mef-types:identifier45;
+ type yang:uuid;
description "The security group ID to associate with this interface.";
}
leaf port-security-enabled {
<!-- <name> formatting is used by autorelease to parse and notify projects on
build failure. Please do not modify this unless you have a good reason. -->
<name>ODL :: unimgr :: ${project.artifactId}</name>
-
+
<build>
<plugins>
<plugin>
<groupId>org.opendaylight.netvirt</groupId>
<artifactId>elanmanager-impl</artifactId>
<version>${vpnservices.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.opendaylight.netvirt</groupId>
+ <artifactId>aclservice-api</artifactId>
+ <version>${vpnservices.version}</version>
</dependency>
<dependency>
<groupId>org.opendaylight.genius</groupId>
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.DataTreeIdentifier;
import org.opendaylight.controller.md.sal.binding.api.DataTreeModification;
+import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.unimgr.api.UnimgrDataTreeChangeListener;
import org.opendaylight.yang.gen.v1.http.metroethernetforum.org.ns.yang.mef.services.rev150526.mef.services.MefService;
@Override
public void connectUni(String uniId) {
List<RetailSvcIdType> allEvcs = MefServicesUtils.getAllEvcsServiceIds(dataBroker);
- allEvcs = (allEvcs != null) ? allEvcs : Collections.emptyList();
+ allEvcs = allEvcs != null ? allEvcs : Collections.emptyList();
for (RetailSvcIdType evcSerId : allEvcs) {
InstanceIdentifier<Evc> evcId = MefServicesUtils.getEvcInstanceIdentifier(evcSerId);
boolean isEtree = evc.getEvcType() == EvcType.RootedMultipoint;
List<Uni> toConnect = new ArrayList<>();
- List<Uni> unis = (evc.getUnis() != null) ? evc.getUnis().getUni() : null;
- unis = (unis != null) ? unis : Collections.emptyList();
+ List<Uni> unis = evc.getUnis() != null ? evc.getUnis().getUni() : null;
+ unis = unis != null ? unis : Collections.emptyList();
for (Uni uni : unis) {
if (uni.getUniId().getValue().equals(uniId)) {
Log.info("Connecting Uni {} to svc id {}", uniId, evcSerId);
@Override
public void disconnectUni(String uniId) {
List<RetailSvcIdType> allEvcs = MefServicesUtils.getAllEvcsServiceIds(dataBroker);
- allEvcs = (allEvcs != null) ? allEvcs : Collections.emptyList();
+ allEvcs = allEvcs != null ? allEvcs : Collections.emptyList();
for (RetailSvcIdType evcSerId : allEvcs) {
InstanceIdentifier<Evc> evcId = MefServicesUtils.getEvcInstanceIdentifier(evcSerId);
String instanceName = evc.getEvcId().getValue();
List<Uni> toDisconnect = new ArrayList<>();
- List<Uni> unis = (evc.getUnis() != null) ? evc.getUnis().getUni() : null;
- unis = (unis != null) ? unis : Collections.emptyList();
+ List<Uni> unis = evc.getUnis() != null ? evc.getUnis().getUni() : null;
+ unis = unis != null ? unis : Collections.emptyList();
for (Uni uni : unis) {
if (uni.getUniId().getValue().equals(uniId)) {
Log.info("Disconnecting Uni {} from svc id {}", uniId, evcSerId);
log.info("Creting elan interface for elan {} vlan {} interface {}", instanceName, 0, interfaceName);
NetvirtUtils.createElanInterface(dataBroker, instanceName, interfaceName, roleToInterfaceType(role),
isEtree);
+ if (uni.isPortSecurityEnabled() && uni.getSecurityGroups() != null && !uni.getSecurityGroups().isEmpty()) {
+ WriteTransaction tx = dataBroker.newWriteOnlyTransaction();
+ NetvirtUtils.addAclToInterface(interfaceName, uni.getSecurityGroups(), tx);
+ MdsalUtils.commitTransaction(tx);
+ }
uniQosManager.mapUniPortBandwidthLimits(uni.getUniId().getValue(), interfaceName,
uni.getIngressBwProfile());
setOperEvcElanPort(evcId, instanceName, interfaceName);
log.info("Creting elan interface for elan {} vlan {} interface {}", instanceName, 0, interfaceName);
NetvirtUtils.createElanInterface(dataBroker, instanceName, interfaceName, roleToInterfaceType(role),
isEtree);
+ if (uni.isPortSecurityEnabled() && uni.getSecurityGroups() != null && !uni.getSecurityGroups().isEmpty()) {
+ WriteTransaction tx = dataBroker.newWriteOnlyTransaction();
+ NetvirtUtils.addAclToInterface(interfaceName, uni.getSecurityGroups(), tx);
+ MdsalUtils.commitTransaction(tx); }
uniQosManager.mapUniPortBandwidthLimits(uni.getUniId().getValue(), interfaceName,
uni.getIngressBwProfile());
setOperEvcElanPort(evcId, instanceName, interfaceName);
private ListenerRegistration<IpvcListener> ipvcListenerRegistration;
@SuppressWarnings("unused")
private final UniAwareListener uniAwareListener;
- private OdlInterfaceRpcService odlInterfaceRpcService;
+ private final OdlInterfaceRpcService odlInterfaceRpcService;
private final SouthboundUtils southBoundUtils;
private final org.opendaylight.ovsdb.utils.mdsal.utils.MdsalUtils mdsalUtils;
private final NotificationPublishService notificationPublishService;
private static final String LOCAL_IP = "local_ip";
// TODO: make it as service
- private ConcurrentHashMap<String, BigInteger> portToDpn;
+ private final ConcurrentHashMap<String, BigInteger> portToDpn;
public IpvcListener(final DataBroker dataBroker, final IUniPortManager uniPortManager,
final ISubnetManager subnetManager, final UniQosManager uniQosManager,
uni.getMacAddress(), tx);
MefServicesUtils.addOperIpvcVpnElan(ipvcId, vpnName, uniInService.getUniId(), uniInService.getIpUniId(),
elanName, interfaceName, null, tx);
+
+ if (uniInService.isPortSecurityEnabled() && uniInService.getSecurityGroups() != null && !uniInService.getSecurityGroups().isEmpty()) {
+ NetvirtUtils.addAclToInterface(interfaceName, uniInService.getSecurityGroups(), tx);
+ }
+
MdsalUtils.commitTransaction(tx);
}
}
private void waitForInterfaceDpnClean(String vpnName, String rd, String interfaceName) {
InstanceIdentifier<VpnInstanceOpDataEntry> vpnId = NetvirtVpnUtils.getVpnInstanceOpDataIdentifier(rd);
DataWaitGetter<VpnInstanceOpDataEntry> getInterfByName = (vpn) -> {
- if (vpn.getVpnToDpnList() == null)
+ if (vpn.getVpnToDpnList() == null) {
return null;
+ }
for (VpnToDpnList is : vpn.getVpnToDpnList()) {
- if (is.getVpnInterfaces() == null)
+ if (is.getVpnInterfaces() == null) {
continue;
+ }
for (VpnInterfaces i : is.getVpnInterfaces()) {
if (i.getInterfaceName().equals(interfaceName)) {
Log.info("Waiting for deletion vpn interface from vpn to dpn list vpn : {} interface: {}",
package org.opendaylight.unimgr.mef.netvirt;
import java.math.BigInteger;
+import java.util.Collections;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.Uuid;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.IfL2vlan;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.IfL2vlanBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.genius.interfacemanager.rev160406.ParentRefs;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_pool.rev161214.dhcp_allocation_pool.network.AllocationPool;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_pool.rev161214.dhcp_allocation_pool.network.AllocationPoolBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.dhcp_allocation_pool.rev161214.dhcp_allocation_pool.network.AllocationPoolKey;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAclBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.etree.rev160614.EtreeInstance;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.etree.rev160614.EtreeInstanceBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.elan.etree.rev160614.EtreeInterface;
return interfaceBuilder.build();
}
+ public static void addAclToInterface(String interfaceName, List<Uuid> securityGroups, WriteTransaction tx) {
+ InterfaceBuilder interfaceBuilder = new InterfaceBuilder();
+ interfaceBuilder.setName(interfaceName);
+ InterfaceAclBuilder interfaceAclBuilder = new InterfaceAclBuilder();
+ interfaceAclBuilder.setPortSecurityEnabled(true);
+ interfaceAclBuilder.setSecurityGroups(securityGroups);
+ interfaceAclBuilder.setAllowedAddressPairs(Collections.emptyList());
+ interfaceBuilder.addAugmentation(InterfaceAcl.class, interfaceAclBuilder.build());
+ tx.merge(LogicalDatastoreType.CONFIGURATION, getInterfaceIdentifier(interfaceName), interfaceBuilder.build());
+ }
+
private static ElanInstanceBuilder createElanInstanceBuilder(String instanceName) {
return createElanInstanceBuilder(instanceName, Long.valueOf(Math.abs((short) instanceName.hashCode())));
}