Examples with SecurityGroups org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroups used on opensource projects

Example 1 with SecurityGroups

use of org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroups in project netvirt by opendaylight.

the class AclInterfaceStateListener method add.

@Override
public void add(InstanceIdentifier<Interface> key, Interface added) {
    if (!L2vlan.class.equals(added.getType())) {
        return;
    }
    if (aclInterfaceCache.get(added.getName()) == null) {
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface iface = interfaceManager.getInterfaceInfoFromConfigDataStore(added.getName());
        if (iface == null) {
            LOG.error("No interface with name {} available in interfaceConfig, servicing interfaceState ADD" + "for ACL failed", added.getName());
            return;
        }
        InterfaceAcl aclInPort = iface.augmentation(InterfaceAcl.class);
        if (aclInPort == null) {
            LOG.trace("Interface {} is not an ACL Interface, ignoring ADD interfaceState event", added.getName());
            return;
        }
        aclInterfaceCache.addOrUpdate(added.getName(), (prevAclInterface, builder) -> {
            builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).interfaceType(aclInPort.getInterfaceType()).securityGroups(aclInPort.getSecurityGroups()).allowedAddressPairs(new ArrayList<AllowedAddressPairs>(aclInPort.nonnullAllowedAddressPairs().values())).subnetInfo(new ArrayList<SubnetInfo>(aclInPort.nonnullSubnetInfo().values()));
        });
    }
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(added.getName(), (prevAclInterface, builder) -> {
        builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(added)).lPortTag(added.getIfIndex()).isMarkedForDelete(false);
        if (AclServiceUtils.isOfInterest(prevAclInterface)) {
            SortedSet<Integer> ingressRemoteAclTags = aclServiceUtils.getRemoteAclTags(prevAclInterface.getSecurityGroups(), DirectionIngress.class);
            SortedSet<Integer> egressRemoteAclTags = aclServiceUtils.getRemoteAclTags(prevAclInterface.getSecurityGroups(), DirectionEgress.class);
            builder.ingressRemoteAclTags(ingressRemoteAclTags).egressRemoteAclTags(egressRemoteAclTags);
        }
    });
    if (AclServiceUtils.isOfInterest(aclInterface)) {
        List<Uuid> aclList = aclInterface.getSecurityGroups();
        if (aclList != null) {
            aclDataUtil.addOrUpdateAclInterfaceMap(aclList, aclInterface);
        }
        if (aclInterface.getElanId() == null) {
            LOG.debug("On Add event, skip ADD since ElanId is not updated");
            return;
        }
        if (aclClusterUtil.isEntityOwner()) {
            LOG.debug("On add event, notify ACL service manager to add ACL for interface: {}", aclInterface);
            aclServiceManger.notify(aclInterface, null, Action.BIND);
            if (aclList != null) {
                aclServiceUtils.addAclPortsLookup(aclInterface, aclList, aclInterface.getAllowedAddressPairs());
            }
            aclServiceManger.notify(aclInterface, null, Action.ADD);
        }
    }
}

Example 2 with SecurityGroups

use of org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroups in project netvirt by opendaylight.

the class AclInterfaceListener method addOrUpdateAclInterfaceCache.

private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort, boolean isSgChanged, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface interfaceState) {
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(interfaceId, (prevAclInterface, builder) -> {
        List<Uuid> sgs = new ArrayList<>();
        if (aclInPort != null) {
            sgs = aclInPort.getSecurityGroups();
            builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).securityGroups(sgs).allowedAddressPairs(aclInPort.getAllowedAddressPairs());
        }
        if ((prevAclInterface == null || prevAclInterface.getLPortTag() == null) && interfaceState != null) {
            builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(interfaceState)).lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
        }
        if (prevAclInterface == null) {
            builder.subnetIpPrefixes(AclServiceUtils.getSubnetIpPrefixes(dataBroker, interfaceId));
        }
        if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
            builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
        }
        if (prevAclInterface == null || isSgChanged) {
            builder.ingressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionIngress.class)).egressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionEgress.class));
        }
    });
    // Clone and return the ACL interface object
    return AclInterface.builder(aclInterface).build();
}

Example 3 with SecurityGroups

use of org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroups in project netvirt by opendaylight.

the class NeutronPortChangeListener method createOfPortInterface.

private String createOfPortInterface(Port port, TypedWriteTransaction<Datastore.Configuration> wrtConfigTxn) {
    Interface inf = createInterface(port);
    String infName = inf.getName();
    InstanceIdentifier<Interface> interfaceIdentifier = NeutronvpnUtils.buildVlanInterfaceIdentifier(infName);
    try {
        Optional<Interface> optionalInf = SingleTransactionDataBroker.syncReadOptional(dataBroker, LogicalDatastoreType.CONFIGURATION, interfaceIdentifier);
        if (!optionalInf.isPresent()) {
            wrtConfigTxn.put(interfaceIdentifier, inf);
        } else if (isInterfaceUpdated(inf, optionalInf.get())) {
            /*
                Case where an update DTCN wasn't received by this class due to node going down
                upon cluster reboot or any other unknown reason
                In such a case, updates contained in the missed DTCN won't be processed and have to be handled
                explicitly
                Update of subports (vlanId, splithorizon tag) is handled here
                Update of portSecurity (PortSecurityEnabled, SecurityGroups, AllowedAddressPairs) add is handled
                Update of portSecurity update/removed is not handled
                Update of parentrefs is not handled as parentrefs updation is handled by IFM Oxygen onwards
                */
            wrtConfigTxn.put(interfaceIdentifier, inf);
            LOG.error("Interface {} is already present and is updated", infName);
        } else {
            LOG.warn("Interface {} is already present", infName);
        }
    } catch (ExecutionException | InterruptedException e) {
        LOG.error("failed to create interface {}", infName, e);
    }
    return infName;
}

Example 4 with SecurityGroups

use of org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.secgroups.rev150712.security.groups.attributes.SecurityGroups in project netvirt by opendaylight.

the class AclInterfaceListener method addOrUpdateAclInterfaceCache.

private AclInterface addOrUpdateAclInterfaceCache(String interfaceId, InterfaceAcl aclInPort, boolean isSgChanged, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.@Nullable Interface interfaceState) {
    AclInterface aclInterface = aclInterfaceCache.addOrUpdate(interfaceId, (prevAclInterface, builder) -> {
        List<Uuid> sgs = new ArrayList<>();
        if (aclInPort != null) {
            sgs = aclInPort.getSecurityGroups();
            builder.portSecurityEnabled(aclInPort.isPortSecurityEnabled()).interfaceType(aclInPort.getInterfaceType()).securityGroups(sgs).allowedAddressPairs(new ArrayList<AllowedAddressPairs>(aclInPort.nonnullAllowedAddressPairs().values())).subnetInfo(new ArrayList<SubnetInfo>(aclInPort.nonnullSubnetInfo().values()));
        }
        if ((prevAclInterface == null || prevAclInterface.getLPortTag() == null) && interfaceState != null) {
            builder.dpId(AclServiceUtils.getDpIdFromIterfaceState(interfaceState)).lPortTag(interfaceState.getIfIndex()).isMarkedForDelete(false);
        }
        if (prevAclInterface == null || prevAclInterface.getElanId() == null) {
            builder.elanId(AclServiceUtils.getElanIdFromInterface(interfaceId, dataBroker));
        }
        if (prevAclInterface == null || isSgChanged) {
            builder.ingressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionIngress.class)).egressRemoteAclTags(aclServiceUtils.getRemoteAclTags(sgs, DirectionEgress.class));
        }
    });
    // Clone and return the ACL interface object
    return AclInterface.builder(aclInterface).build();
}