summaryrefslogtreecommitdiffstats
path: root/acl/acl-impl
diff options
context:
space:
mode:
authorJan Srnicek <jsrnicek@cisco.com>2017-03-23 09:39:12 +0100
committerMarek Gradzki <mgradzki@cisco.com>2017-03-29 06:20:48 +0000
commitb9e4c4b1d3455201d33248739bba01c7373c2c9f (patch)
tree75ebc74eb3de89c8e69bb310325745241ecf2fa2 /acl/acl-impl
parent212774e6dc3e3f74b100ac4f66420146e8f2472c (diff)
HC2VPP-118 - reference check for acl's
Adds reference cecking before delete for Acl and MacIpAcl Change-Id: I7acc92784498928059a96f88ba89604fc70bc075 Signed-off-by: Jan Srnicek <jsrnicek@cisco.com>
Diffstat (limited to 'acl/acl-impl')
-rw-r--r--acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java73
-rw-r--r--acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java86
-rw-r--r--acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java34
-rw-r--r--acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json21
-rw-r--r--acl/acl-impl/src/test/resources/reference/acl-references.json57
5 files changed, 269 insertions, 2 deletions
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java
index ee6a9aeed..70fdbdea2 100644
--- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java
+++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java
@@ -16,6 +16,13 @@
package io.fd.hc2vpp.acl.write;
+import static com.google.common.base.Preconditions.checkState;
+import static io.fd.hc2vpp.acl.write.VppAclCustomizer.AclReferenceCheck.checkAclReferenced;
+import static java.lang.String.format;
+import static java.util.Collections.emptyList;
+import static java.util.Optional.ofNullable;
+
+import com.google.common.base.Optional;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
import io.fd.hc2vpp.acl.util.acl.AclDataExtractor;
@@ -26,9 +33,24 @@ import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer;
import io.fd.honeycomb.translate.write.WriteContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.InterfaceAclAttributes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppMacipAclsBaseAttributes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class VppAclCustomizer extends FutureJVppAclCustomizer
@@ -91,10 +113,14 @@ public class VppAclCustomizer extends FutureJVppAclCustomizer
@Override
public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore,
@Nonnull final WriteContext writeContext) throws WriteFailedException {
- // According to VPP team, acl references should be removed before trying to remove ACL
- // For mac-ip, reference should be removed during removal of mac-ip, so no need to check in hc
validateAcl(dataBefore);
+ final List<Interface> references = checkAclReferenced(writeContext, dataBefore);
+ // references must be check, to not leave dead references in configuration
+ checkState(references.isEmpty(),
+ "%s cannot be removed, it is referenced in following interfaces %s", dataBefore,
+ references);
+
final MappingContext mappingContext = writeContext.getMappingContext();
if (isStandardAcl(dataBefore)) {
@@ -107,4 +133,47 @@ public class VppAclCustomizer extends FutureJVppAclCustomizer
new IllegalArgumentException("Unsupported acl option"));
}
}
+
+ static final class AclReferenceCheck {
+
+ static List<Interface> checkAclReferenced(@Nonnull final WriteContext writeContext,
+ @Nonnull final Acl acl) {
+ final Optional<Interfaces> readAfter = writeContext.readAfter(InstanceIdentifier.create(Interfaces.class));
+ if (!readAfter.isPresent() || readAfter.get().getInterface() == null) {
+ return Collections.emptyList();
+ }
+
+ final List<Interface> interfaces = readAfter.get().getInterface();
+ final Class<? extends AclBase> aclType = acl.getAclType();
+ final String aclName = acl.getAclName();
+
+ if (aclType.equals(VppAcl.class)) {
+ return interfaces.stream()
+ .filter(iface -> ofNullable(iface.getAugmentation(VppAclInterfaceAugmentation.class))
+ .map(InterfaceAclAttributes::getAcl)
+ .filter(references ->
+ checkVppAcls(references.getIngress(), aclName) ||
+ checkVppAcls(references.getEgress(), aclName)).isPresent()
+ ).collect(Collectors.toList());
+ } else if (aclType.equals(VppMacipAcl.class)) {
+ return interfaces.stream()
+ .filter(iface -> ofNullable(iface.getAugmentation(VppAclInterfaceAugmentation.class))
+ .map(InterfaceAclAttributes::getAcl)
+ .map(aclAttr -> aclAttr.getIngress())
+ .map(VppMacipAclsBaseAttributes::getVppMacipAcl)
+ .filter(vppMacipAcl -> vppMacipAcl.getName().equals(aclName))
+ .isPresent())
+ .collect(Collectors.toList());
+ } else {
+ throw new IllegalArgumentException(format("Acl type %s not supported", aclType));
+ }
+ }
+
+ static boolean checkVppAcls(@Nullable final VppAclsBaseAttributes attrs, @Nonnull final String name) {
+ return ofNullable(attrs).map(VppAclsBaseAttributes::getVppAcls)
+ .orElse(emptyList())
+ .stream().anyMatch(acl -> acl.getName().equals(name));
+
+ }
+ }
}
diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java
new file mode 100644
index 000000000..61783af57
--- /dev/null
+++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.acl.write;
+
+import static io.fd.hc2vpp.acl.write.VppAclCustomizer.AclReferenceCheck.checkAclReferenced;
+import static java.util.stream.Collectors.toSet;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.hamcrest.Matchers.hasSize;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.initMocks;
+
+import com.google.common.base.Optional;
+import io.fd.hc2vpp.acl.AclTestSchemaContext;
+import io.fd.honeycomb.test.tools.HoneycombTestRunner;
+import io.fd.honeycomb.test.tools.annotations.InjectTestData;
+import io.fd.honeycomb.translate.write.WriteContext;
+import java.util.List;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+
+@RunWith(HoneycombTestRunner.class)
+public class AclReferenceCheckTest implements AclTestSchemaContext {
+
+ @InjectTestData(id = "/ietf-interfaces:interfaces", resourcePath = "/reference/acl-references.json")
+ private Interfaces interfaces;
+
+ @Mock
+ private WriteContext writeContext;
+
+ @Before
+ public void init(){
+ initMocks(this);
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.of(interfaces));
+ }
+
+ @Test
+ public void testReferencedVppAclFirst() {
+ final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setAclName("acl1").setAclType(VppAcl.class).build());
+ assertThat(referenced, hasSize(3));
+ assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
+ containsInAnyOrder("eth0", "eth1", "eth2"));
+ }
+
+ @Test
+ public void testReferencedVppAclSecond() {
+ final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setAclName("acl2").setAclType(VppAcl.class).build());
+ assertThat(referenced, hasSize(1));
+ assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
+ containsInAnyOrder("eth1"));
+ }
+
+ @Test
+ public void testReferencedMacipAcl() {
+ final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setAclName("acl4").setAclType(VppMacipAcl.class).build());
+ assertThat(referenced, hasSize(1));
+ assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
+ containsInAnyOrder("eth2"));
+ }
+} \ No newline at end of file
diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java
index 197b68626..daf2c0922 100644
--- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java
+++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java
@@ -18,11 +18,14 @@ package io.fd.hc2vpp.acl.write;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.never;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import com.google.common.base.Optional;
import io.fd.hc2vpp.acl.AclTestSchemaContext;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.test.write.WriterCustomizerTest;
@@ -40,6 +43,7 @@ import io.fd.vpp.jvpp.acl.types.AclRule;
import io.fd.vpp.jvpp.acl.types.MacipAclRule;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
+import java.util.Collections;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
@@ -48,6 +52,11 @@ import org.mockito.Mock;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@@ -223,6 +232,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes
@Test
public void deleteCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
@@ -235,6 +245,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes
public void deleteCurrentAttributesIcmpIpv6(
@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
@@ -246,6 +257,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes
@Test
public void deleteCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
@@ -257,6 +269,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes
@Test
public void deleteCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
@@ -265,6 +278,27 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes
assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex);
}
+ @Test
+ public void deleteCurrentAttributesUdpReferenced(
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
+ AccessLists standardAcls,
+ @InjectTestData(resourcePath = "/acl/standard/interface-ref-acl-udp.json")
+ Interfaces references) throws Exception {
+ // TODO - HONEYCOMB-349 - change after resolving to specific node injection
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(
+ Optional.of(new InterfacesBuilder().setInterface(references.getInterface()).build()));
+
+ final int aclIndex = 4;
+ when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
+ try {
+ aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
+ } catch (IllegalStateException e) {
+ verify(aclApi, never()).aclDel(any(AclDel.class));
+ return;
+ }
+ fail("IllegalStateException should have been thrown");
+ }
+
private void verifyUdpRequest(final int aclIndex) {
final AclAddReplace request = aclAddReplaceRequestCaptor.getValue();
assertEquals(aclIndex, request.aclIndex);
diff --git a/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json
new file mode 100644
index 000000000..ae987a798
--- /dev/null
+++ b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json
@@ -0,0 +1,21 @@
+{
+ "interfaces":{
+ "interface": [{
+ "name": "eth2",
+ "acl": {
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl:vpp-acl",
+ "name": "standard-acl"
+ }
+ ],
+ "vpp-macip-acl": {
+ "name": "acl4",
+ "type": "vpp-acl:vpp-macip-acl"
+ }
+ }
+ }
+ }]
+ }
+} \ No newline at end of file
diff --git a/acl/acl-impl/src/test/resources/reference/acl-references.json b/acl/acl-impl/src/test/resources/reference/acl-references.json
new file mode 100644
index 000000000..d60eeca45
--- /dev/null
+++ b/acl/acl-impl/src/test/resources/reference/acl-references.json
@@ -0,0 +1,57 @@
+{
+ "interfaces": {
+ "interface": [
+ {
+ "name": "eth0",
+ "acl": {
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl1"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "name": "eth1",
+ "acl": {
+ "egress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl1"
+ }
+ ]
+ },
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl2"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "name": "eth2",
+ "acl": {
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl1"
+ }
+ ],
+ "vpp-macip-acl": {
+ "name": "acl4",
+ "type": "vpp-macip-acl"
+ }
+ }
+ }
+ }
+ ]
+ }
+} \ No newline at end of file