diff options
author | Jan Srnicek <jsrnicek@cisco.com> | 2016-12-16 13:07:56 +0100 |
---|---|---|
committer | Marek Gradzki <mgradzki@cisco.com> | 2016-12-20 13:59:56 +0100 |
commit | f8273e10b19ecc82bdda81feef9982ce28d5de21 (patch) | |
tree | 98d2d9686bcf24f64c0c18c633554e8629f2e22e /acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java | |
parent | e3b9212110528217c2477f588ebccc0d76ee31e1 (diff) |
HONEYCOMB-310: translation layer for acl plugin
Not covered by this patch (moved to subsequent commits):
- postman collection
- distinguish ingress/egress ACLs while reading assigned acls
- proper support for acl tag
- unit tests improvements
- read for acls (not necessarily assigned)
- initializers
Change-Id: I5a198ce1a6e20d0b1d95b4d2d83d0464fb86580c
Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
Signed-off-by: Marek Gradzki <mgradzki@cisco.com>
Diffstat (limited to 'acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java')
-rw-r--r-- | acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java new file mode 100644 index 000000000..a2956784f --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java @@ -0,0 +1,110 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; +import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; +import io.fd.hc2vpp.acl.util.acl.AclValidator; +import io.fd.hc2vpp.acl.util.acl.AclWriter; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; +import io.fd.honeycomb.translate.write.WriteContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class VppAclCustomizer extends FutureJVppAclCustomizer + implements ListWriterCustomizer<Acl, AclKey>, AclValidator, AclDataExtractor, AclWriter { + + private final NamingContext standardAclContext; + private final NamingContext macIpAclContext; + + public VppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, + @Nonnull final NamingContext standardAclContext, + @Nonnull final NamingContext macIpAclContext) { + super(jVppAclFacade); + this.standardAclContext = standardAclContext; + this.macIpAclContext = macIpAclContext; + } + + @Override + public void writeCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataAfter, + @Nonnull final WriteContext writeContext) throws WriteFailedException { + validateAcl(dataAfter); + + final MappingContext mappingContext = writeContext.getMappingContext(); + + if (isStandardAcl(dataAfter)) { + addStandardAcl(getjVppAclFacade(), id, dataAfter, standardAclContext, mappingContext); + } else if (isMacIpAcl(dataAfter)) { + addMacIpAcl(getjVppAclFacade(), id, dataAfter, macIpAclContext, mappingContext); + } else { + // double check, first one done by validation + throw new WriteFailedException.CreateFailedException(id, dataAfter, + new IllegalArgumentException("Unsupported acl option")); + } + } + + @Override + public void updateCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore, + @Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext) + throws WriteFailedException { + validateAcl(dataAfter); + + final MappingContext mappingContext = writeContext.getMappingContext(); + + if (isStandardAcl(dataAfter)) { + updateStandardAcl(getjVppAclFacade(), id, dataAfter, standardAclContext, mappingContext); + } else if (isMacIpAcl(dataAfter)) { + synchronized (macIpAclContext) { + // there is no direct support for update of mac-ip acl, but only one is allowed per interface + // so it is atomic from vpp standpoint. Enclosed in synchronized block to prevent issues with + // multiple threads managing naming context + deleteMacIpAcl(getjVppAclFacade(), id, dataBefore, macIpAclContext, mappingContext); + addMacIpAcl(getjVppAclFacade(), id, dataAfter, macIpAclContext, mappingContext); + } + } else { + // double check, first one done by validation + throw new WriteFailedException.CreateFailedException(id, dataAfter, + new IllegalArgumentException("Unsupported acl option")); + } + } + + @Override + public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore, + @Nonnull final WriteContext writeContext) throws WriteFailedException { + // According to VPP team, acl references should be removed before trying to remove ACL + // For mac-ip, reference should be removed during removal of mac-ip, so no need to check in hc + validateAcl(dataBefore); + + final MappingContext mappingContext = writeContext.getMappingContext(); + + if (isStandardAcl(dataBefore)) { + deleteStandardAcl(getjVppAclFacade(), id, dataBefore, standardAclContext, mappingContext); + } else if (isMacIpAcl(dataBefore)) { + deleteMacIpAcl(getjVppAclFacade(), id, dataBefore, macIpAclContext, mappingContext); + } else { + // double check, first one done by validation + throw new WriteFailedException.DeleteFailedException(id, + new IllegalArgumentException("Unsupported acl option")); + } + } +} |