Examples with InterfaceAcl org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl used on opensource projects

Example 6 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class NeutronPortChangeListener method update.

@Override
protected void update(InstanceIdentifier<Port> identifier, Port original, Port update) {
    // in order to validate the supported vnic types from the hostconfig
    if (isPortTypeSwitchdev(original) && !isPortBound(original) && isPortBound(update)) {
        handleNeutronPortCreated(update);
    }
    final String portName = update.getUuid().getValue();
    Network network = neutronvpnUtils.getNeutronNetwork(update.getNetworkId());
    LOG.info("Update port {} from network {}", portName, update.getNetworkId().toString());
    if (network == null || !NeutronvpnUtils.isNetworkTypeSupported(network)) {
        LOG.error("neutron vpn received a port update() for a network without a provider extension augmentation " + "or with an unsupported network type for the port {} which is part of network {}", portName, network);
        return;
    }
    neutronvpnUtils.addToPortCache(update);
    if ((Strings.isNullOrEmpty(original.getDeviceOwner()) || Strings.isNullOrEmpty(original.getDeviceId()) || NeutronConstants.FLOATING_IP_DEVICE_ID_PENDING.equalsIgnoreCase(original.getDeviceId())) && !Strings.isNullOrEmpty(update.getDeviceOwner()) && !Strings.isNullOrEmpty(update.getDeviceId())) {
        if (update.getDeviceOwner().equals(NeutronConstants.DEVICE_OWNER_ROUTER_INF)) {
            handleRouterInterfaceAdded(update);
            return;
        }
        if (NeutronConstants.DEVICE_OWNER_GATEWAY_INF.equals(update.getDeviceOwner())) {
            handleRouterGatewayUpdated(update);
        } else if (NeutronConstants.DEVICE_OWNER_FLOATING_IP.equals(update.getDeviceOwner())) {
            handleFloatingIpPortUpdated(original, update);
        }
    } else {
        Set<FixedIps> oldIPs = getFixedIpSet(original.getFixedIps());
        Set<FixedIps> newIPs = getFixedIpSet(update.getFixedIps());
        if (!oldIPs.equals(newIPs)) {
            handleNeutronPortUpdated(original, update);
        }
    }
    // check if port security enabled/disabled as part of port update
    boolean origSecurityEnabled = NeutronvpnUtils.getPortSecurityEnabled(original);
    boolean updatedSecurityEnabled = NeutronvpnUtils.getPortSecurityEnabled(update);
    if (origSecurityEnabled || updatedSecurityEnabled) {
        InstanceIdentifier<Interface> interfaceIdentifier = NeutronvpnUtils.buildVlanInterfaceIdentifier(portName);
        jobCoordinator.enqueueJob("PORT- " + portName, () -> {
            WriteTransaction wrtConfigTxn = dataBroker.newWriteOnlyTransaction();
            try {
                Optional<Interface> optionalInf = SingleTransactionDataBroker.syncReadOptional(dataBroker, LogicalDatastoreType.CONFIGURATION, interfaceIdentifier);
                if (optionalInf.isPresent()) {
                    InterfaceBuilder interfaceBuilder = new InterfaceBuilder(optionalInf.get());
                    InterfaceAcl infAcl = handlePortSecurityUpdated(original, update, origSecurityEnabled, updatedSecurityEnabled, interfaceBuilder).build();
                    interfaceBuilder.addAugmentation(InterfaceAcl.class, infAcl);
                    LOG.info("update: Of-port-interface updation for port {}", portName);
                    // Update OFPort interface for this neutron port
                    wrtConfigTxn.put(LogicalDatastoreType.CONFIGURATION, interfaceIdentifier, interfaceBuilder.build());
                } else {
                    LOG.warn("update: Interface {} is not present", portName);
                }
            } catch (ReadFailedException e) {
                LOG.error("update: Failed to update interface {}", portName, e);
            }
            List<ListenableFuture<Void>> futures = new ArrayList<>();
            futures.add(wrtConfigTxn.submit());
            return futures;
        });
    }
}

Example 7 with InterfaceAcl

use of org.opendaylight.yang.gen.v1.urn.opendaylight.netvirt.aclservice.rev160608.InterfaceAcl in project netvirt by opendaylight.

the class NeutronPortChangeListener method handlePortSecurityUpdated.

private static InterfaceAclBuilder handlePortSecurityUpdated(Port portOriginal, Port portUpdated, boolean origSecurityEnabled, boolean updatedSecurityEnabled, InterfaceBuilder interfaceBuilder) {
    InterfaceAclBuilder interfaceAclBuilder = null;
    if (origSecurityEnabled != updatedSecurityEnabled) {
        interfaceAclBuilder = new InterfaceAclBuilder();
        interfaceAclBuilder.setPortSecurityEnabled(updatedSecurityEnabled);
        if (updatedSecurityEnabled) {
            // Handle security group enabled
            NeutronvpnUtils.populateInterfaceAclBuilder(interfaceAclBuilder, portUpdated);
        } else {
            // Handle security group disabled
            interfaceAclBuilder.setSecurityGroups(new ArrayList<>());
            interfaceAclBuilder.setAllowedAddressPairs(new ArrayList<>());
        }
    } else {
        if (updatedSecurityEnabled) {
            // handle SG add/delete delta
            InterfaceAcl interfaceAcl = interfaceBuilder.getAugmentation(InterfaceAcl.class);
            interfaceAclBuilder = new InterfaceAclBuilder(interfaceAcl);
            interfaceAclBuilder.setSecurityGroups(NeutronvpnUtils.getUpdatedSecurityGroups(interfaceAcl.getSecurityGroups(), portOriginal.getSecurityGroups(), portUpdated.getSecurityGroups()));
            List<AllowedAddressPairs> updatedAddressPairs = NeutronvpnUtils.getUpdatedAllowedAddressPairs(interfaceAcl.getAllowedAddressPairs(), portOriginal.getAllowedAddressPairs(), portUpdated.getAllowedAddressPairs());
            interfaceAclBuilder.setAllowedAddressPairs(NeutronvpnUtils.getAllowedAddressPairsForFixedIps(updatedAddressPairs, portOriginal.getMacAddress(), portOriginal.getFixedIps(), portUpdated.getFixedIps()));
        }
    }
    return interfaceAclBuilder;
}