diff options
Diffstat (limited to 'acl/acl-impl')
5 files changed, 269 insertions, 2 deletions
diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java index ee6a9aeed..70fdbdea2 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java @@ -16,6 +16,13 @@ package io.fd.hc2vpp.acl.write; +import static com.google.common.base.Preconditions.checkState; +import static io.fd.hc2vpp.acl.write.VppAclCustomizer.AclReferenceCheck.checkAclReferenced; +import static java.lang.String.format; +import static java.util.Collections.emptyList; +import static java.util.Optional.ofNullable; + +import com.google.common.base.Optional; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; @@ -26,9 +33,24 @@ import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.Collections; +import java.util.List; +import java.util.stream.Collectors; import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.InterfaceAclAttributes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppMacipAclsBaseAttributes; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class VppAclCustomizer extends FutureJVppAclCustomizer @@ -91,10 +113,14 @@ public class VppAclCustomizer extends FutureJVppAclCustomizer @Override public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore, @Nonnull final WriteContext writeContext) throws WriteFailedException { - // According to VPP team, acl references should be removed before trying to remove ACL - // For mac-ip, reference should be removed during removal of mac-ip, so no need to check in hc validateAcl(dataBefore); + final List<Interface> references = checkAclReferenced(writeContext, dataBefore); + // references must be check, to not leave dead references in configuration + checkState(references.isEmpty(), + "%s cannot be removed, it is referenced in following interfaces %s", dataBefore, + references); + final MappingContext mappingContext = writeContext.getMappingContext(); if (isStandardAcl(dataBefore)) { @@ -107,4 +133,47 @@ public class VppAclCustomizer extends FutureJVppAclCustomizer new IllegalArgumentException("Unsupported acl option")); } } + + static final class AclReferenceCheck { + + static List<Interface> checkAclReferenced(@Nonnull final WriteContext writeContext, + @Nonnull final Acl acl) { + final Optional<Interfaces> readAfter = writeContext.readAfter(InstanceIdentifier.create(Interfaces.class)); + if (!readAfter.isPresent() || readAfter.get().getInterface() == null) { + return Collections.emptyList(); + } + + final List<Interface> interfaces = readAfter.get().getInterface(); + final Class<? extends AclBase> aclType = acl.getAclType(); + final String aclName = acl.getAclName(); + + if (aclType.equals(VppAcl.class)) { + return interfaces.stream() + .filter(iface -> ofNullable(iface.getAugmentation(VppAclInterfaceAugmentation.class)) + .map(InterfaceAclAttributes::getAcl) + .filter(references -> + checkVppAcls(references.getIngress(), aclName) || + checkVppAcls(references.getEgress(), aclName)).isPresent() + ).collect(Collectors.toList()); + } else if (aclType.equals(VppMacipAcl.class)) { + return interfaces.stream() + .filter(iface -> ofNullable(iface.getAugmentation(VppAclInterfaceAugmentation.class)) + .map(InterfaceAclAttributes::getAcl) + .map(aclAttr -> aclAttr.getIngress()) + .map(VppMacipAclsBaseAttributes::getVppMacipAcl) + .filter(vppMacipAcl -> vppMacipAcl.getName().equals(aclName)) + .isPresent()) + .collect(Collectors.toList()); + } else { + throw new IllegalArgumentException(format("Acl type %s not supported", aclType)); + } + } + + static boolean checkVppAcls(@Nullable final VppAclsBaseAttributes attrs, @Nonnull final String name) { + return ofNullable(attrs).map(VppAclsBaseAttributes::getVppAcls) + .orElse(emptyList()) + .stream().anyMatch(acl -> acl.getName().equals(name)); + + } + } } diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java new file mode 100644 index 000000000..61783af57 --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclReferenceCheckTest.java @@ -0,0 +1,86 @@ +/* + * Copyright (c) 2017 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import static io.fd.hc2vpp.acl.write.VppAclCustomizer.AclReferenceCheck.checkAclReferenced; +import static java.util.stream.Collectors.toSet; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.hasSize; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import com.google.common.base.Optional; +import io.fd.hc2vpp.acl.AclTestSchemaContext; +import io.fd.honeycomb.test.tools.HoneycombTestRunner; +import io.fd.honeycomb.test.tools.annotations.InjectTestData; +import io.fd.honeycomb.translate.write.WriteContext; +import java.util.List; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + + +@RunWith(HoneycombTestRunner.class) +public class AclReferenceCheckTest implements AclTestSchemaContext { + + @InjectTestData(id = "/ietf-interfaces:interfaces", resourcePath = "/reference/acl-references.json") + private Interfaces interfaces; + + @Mock + private WriteContext writeContext; + + @Before + public void init(){ + initMocks(this); + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.of(interfaces)); + } + + @Test + public void testReferencedVppAclFirst() { + final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder() + .setAclName("acl1").setAclType(VppAcl.class).build()); + assertThat(referenced, hasSize(3)); + assertThat(referenced.stream().map(Interface::getName).collect(toSet()), + containsInAnyOrder("eth0", "eth1", "eth2")); + } + + @Test + public void testReferencedVppAclSecond() { + final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder() + .setAclName("acl2").setAclType(VppAcl.class).build()); + assertThat(referenced, hasSize(1)); + assertThat(referenced.stream().map(Interface::getName).collect(toSet()), + containsInAnyOrder("eth1")); + } + + @Test + public void testReferencedMacipAcl() { + final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder() + .setAclName("acl4").setAclType(VppMacipAcl.class).build()); + assertThat(referenced, hasSize(1)); + assertThat(referenced.stream().map(Interface::getName).collect(toSet()), + containsInAnyOrder("eth2")); + } +}
\ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java index 197b68626..daf2c0922 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java @@ -18,11 +18,14 @@ package io.fd.hc2vpp.acl.write; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.never; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import com.google.common.base.Optional; import io.fd.hc2vpp.acl.AclTestSchemaContext; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; @@ -40,6 +43,7 @@ import io.fd.vpp.jvpp.acl.types.AclRule; import io.fd.vpp.jvpp.acl.types.MacipAclRule; import java.nio.charset.StandardCharsets; import java.util.Arrays; +import java.util.Collections; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; @@ -48,6 +52,11 @@ import org.mockito.Mock; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; @@ -223,6 +232,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes @Test public void deleteCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); final int aclIndex = 4; when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); @@ -235,6 +245,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes public void deleteCurrentAttributesIcmpIpv6( @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") AccessLists standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); final int aclIndex = 4; when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); @@ -246,6 +257,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes @Test public void deleteCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") AccessLists standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); final int aclIndex = 4; when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); @@ -257,6 +269,7 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes @Test public void deleteCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") AccessLists standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); final int aclIndex = 4; when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); @@ -265,6 +278,27 @@ public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTes assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); } + @Test + public void deleteCurrentAttributesUdpReferenced( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") + AccessLists standardAcls, + @InjectTestData(resourcePath = "/acl/standard/interface-ref-acl-udp.json") + Interfaces references) throws Exception { + // TODO - HONEYCOMB-349 - change after resolving to specific node injection + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn( + Optional.of(new InterfacesBuilder().setInterface(references.getInterface()).build())); + + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + try { + aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + } catch (IllegalStateException e) { + verify(aclApi, never()).aclDel(any(AclDel.class)); + return; + } + fail("IllegalStateException should have been thrown"); + } + private void verifyUdpRequest(final int aclIndex) { final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); assertEquals(aclIndex, request.aclIndex); diff --git a/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json new file mode 100644 index 000000000..ae987a798 --- /dev/null +++ b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json @@ -0,0 +1,21 @@ +{ + "interfaces":{ + "interface": [{ + "name": "eth2", + "acl": { + "ingress": { + "vpp-acls": [ + { + "type": "vpp-acl:vpp-acl", + "name": "standard-acl" + } + ], + "vpp-macip-acl": { + "name": "acl4", + "type": "vpp-acl:vpp-macip-acl" + } + } + } + }] + } +}
\ No newline at end of file diff --git a/acl/acl-impl/src/test/resources/reference/acl-references.json b/acl/acl-impl/src/test/resources/reference/acl-references.json new file mode 100644 index 000000000..d60eeca45 --- /dev/null +++ b/acl/acl-impl/src/test/resources/reference/acl-references.json @@ -0,0 +1,57 @@ +{ + "interfaces": { + "interface": [ + { + "name": "eth0", + "acl": { + "ingress": { + "vpp-acls": [ + { + "type": "vpp-acl", + "name": "acl1" + } + ] + } + } + }, + { + "name": "eth1", + "acl": { + "egress": { + "vpp-acls": [ + { + "type": "vpp-acl", + "name": "acl1" + } + ] + }, + "ingress": { + "vpp-acls": [ + { + "type": "vpp-acl", + "name": "acl2" + } + ] + } + } + }, + { + "name": "eth2", + "acl": { + "ingress": { + "vpp-acls": [ + { + "type": "vpp-acl", + "name": "acl1" + } + ], + "vpp-macip-acl": { + "name": "acl4", + "type": "vpp-macip-acl" + } + } + } + } + ] + } +}
\ No newline at end of file |