From 718e9a3c7cac01860f3e3fe6174fcc1bd33fb4eb Mon Sep 17 00:00:00 2001 From: Michal Cmarada Date: Mon, 19 Nov 2018 14:59:14 +0100 Subject: HC2VPP-291: ACL model bump - bump ACL yang models - fix ACL module implementation and validation - fix ACL Unit tests - update postman collection Change-Id: Iaab64e6d92d17babc3ccef7921b41070c3716516 Signed-off-by: Michal Cmarada --- .../yang/ietf-access-control-list@2016-07-08.yang | 212 ------- .../yang/ietf-access-control-list@2018-10-01.yang | 667 +++++++++++++++++++++ .../src/main/yang/ietf-ethertypes@2018-10-01.yang | 362 +++++++++++ .../main/yang/ietf-packet-fields@2016-07-08.yang | 180 ------ .../main/yang/ietf-packet-fields@2018-10-01.yang | 588 ++++++++++++++++++ .../src/main/yang/interface-acl@2016-12-14.yang | 103 ---- .../src/main/yang/vpp-acl-context@2017-01-04.yang | 2 +- acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang | 284 --------- acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang | 230 +++++++ .../src/main/java/io/fd/hc2vpp/acl/AclIIds.java | 116 ++++ .../src/main/java/io/fd/hc2vpp/acl/AclModule.java | 4 +- .../fd/hc2vpp/acl/read/AbstractAclCustomizer.java | 133 ++++ .../hc2vpp/acl/read/AbstractVppAclCustomizer.java | 180 ------ .../java/io/fd/hc2vpp/acl/read/AclCustomizer.java | 36 +- .../io/fd/hc2vpp/acl/read/EgressAclCustomizer.java | 102 ++++ .../fd/hc2vpp/acl/read/EgressVppAclCustomizer.java | 60 -- .../fd/hc2vpp/acl/read/IngressAclCustomizer.java | 226 +++++++ .../hc2vpp/acl/read/IngressVppAclCustomizer.java | 60 -- .../fd/hc2vpp/acl/read/InterfaceAclCustomizer.java | 136 +++++ .../fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java | 160 ----- .../hc2vpp/acl/read/factory/AclReaderFactory.java | 23 +- .../read/factory/InterfaceAclReaderFactory.java | 57 +- .../io/fd/hc2vpp/acl/util/AclContextManager.java | 2 +- .../fd/hc2vpp/acl/util/AclContextManagerImpl.java | 24 +- .../io/fd/hc2vpp/acl/util/ace/AceConverter.java | 129 ++-- .../util/ace/extractor/MacIpAceDataExtractor.java | 140 +++-- .../ace/extractor/StandardAceDataExtractor.java | 234 ++++---- .../fd/hc2vpp/acl/util/acl/AclDataExtractor.java | 39 +- .../java/io/fd/hc2vpp/acl/util/acl/AclWriter.java | 134 ----- .../io/fd/hc2vpp/acl/util/factory/AclFactory.java | 71 --- .../iface/acl/AclInterfaceAssignmentRequest.java | 170 ------ .../macip/MacIpInterfaceAssignmentRequest.java | 112 ---- .../hc2vpp/acl/util/protocol/IpProtocolReader.java | 176 ++++-- .../util/protocol/ProtoPreBindRuleProducer.java | 285 ++++----- .../java/io/fd/hc2vpp/acl/write/AclCustomizer.java | 99 +++ .../java/io/fd/hc2vpp/acl/write/AclValidator.java | 233 +++++++ .../hc2vpp/acl/write/InterfaceAclCustomizer.java | 155 ++++- .../acl/write/InterfaceAclMacIpCustomizer.java | 69 --- .../io/fd/hc2vpp/acl/write/VppAclCustomizer.java | 101 ---- .../io/fd/hc2vpp/acl/write/VppAclValidator.java | 178 ------ .../write/factory/AbstractAclWriterFactory.java | 6 +- .../hc2vpp/acl/write/factory/AclWriterFactory.java | 39 ++ .../write/factory/InterfaceAclWriterFactory.java | 35 +- .../acl/write/factory/VppAclWriterFactory.java | 46 -- .../acl/write/request/AclAddReplaceRequest.java | 132 ++++ .../request/AclInterfaceAssignmentRequest.java | 172 ++++++ .../request/MacIpInterfaceAssignmentRequest.java | 113 ++++ .../io/fd/hc2vpp/acl/AclTestSchemaContext.java | 8 +- .../hc2vpp/acl/read/AbstractAclCustomizerTest.java | 215 +++++++ .../acl/read/AbstractVppAclCustomizerTest.java | 168 ------ .../io/fd/hc2vpp/acl/read/AclCustomizerTest.java | 52 +- .../hc2vpp/acl/read/EgressAclCustomizerTest.java | 70 +++ .../acl/read/EgressVppAclCustomizerTest.java | 68 --- .../hc2vpp/acl/read/IngressAclCustomizerTest.java | 70 +++ .../acl/read/IngressVppAclCustomizerTest.java | 68 --- .../fd/hc2vpp/acl/read/MacIpAclCustomizerTest.java | 183 ++++++ .../hc2vpp/acl/read/VppMacIpAclCustomizerTest.java | 150 ----- .../ace/extractor/MacIpAceDataExtractorTest.java | 144 ++--- .../extractor/StandardAceDataExtractorTest.java | 327 +++++----- .../acl/AclInterfaceAssignmentRequestTest.java | 20 +- .../macip/MacIpInterfaceAssignmentRequestTest.java | 24 +- .../acl/util/protocol/ProtocolParsingTest.java | 143 +++-- .../io/fd/hc2vpp/acl/write/AclCustomizerTest.java | 373 ++++++++++++ .../io/fd/hc2vpp/acl/write/AclValidatorTest.java | 141 +++++ .../acl/write/InterfaceAclCustomizerTest.java | 72 ++- .../acl/write/InterfaceAclMacipCustomizerTest.java | 45 +- .../fd/hc2vpp/acl/write/VppAclCustomizerTest.java | 374 ------------ .../fd/hc2vpp/acl/write/VppAclValidatorTest.java | 143 ----- .../src/test/resources/acl/ipv4/ipv4-acl.json | 10 +- .../src/test/resources/acl/macip/macip-acl.json | 18 +- .../acl/standard/interface-ref-acl-udp.json | 28 +- .../acl/standard/standard-acl-icmp-v6.json | 24 +- .../resources/acl/standard/standard-acl-icmp.json | 24 +- .../acl/standard/standard-acl-tcp-src-only.json | 40 +- .../resources/acl/standard/standard-acl-tcp.json | 40 +- .../resources/acl/standard/standard-acl-udp.json | 34 +- .../resources/interface-acl/acl-references.json | 45 +- .../src/test/resources/rules/icmp-rule.json | 22 +- .../src/test/resources/rules/icmp-v6-rule.json | 24 +- .../src/test/resources/rules/no-protocol-rule.json | 16 +- .../src/test/resources/rules/other-rule.json | 26 - .../test/resources/rules/tcp-rule-no-flags.json | 28 +- .../src/test/resources/rules/tcp-rule.json | 38 +- .../src/test/resources/rules/udp-rule.json | 32 +- acl/acl_postman_collection.json | 349 ++++++++--- 85 files changed, 6075 insertions(+), 4396 deletions(-) delete mode 100644 acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang create mode 100755 acl/acl-api/src/main/yang/ietf-access-control-list@2018-10-01.yang create mode 100755 acl/acl-api/src/main/yang/ietf-ethertypes@2018-10-01.yang delete mode 100644 acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang create mode 100755 acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang delete mode 100644 acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang delete mode 100644 acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang create mode 100644 acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclIIds.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizer.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressAclCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizer.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressAclCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizer.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/InterfaceAclCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclWriter.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/factory/AclFactory.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequest.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequest.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclCustomizer.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclValidator.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclMacIpCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclValidator.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AclWriterFactory.java delete mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/VppAclWriterFactory.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclAddReplaceRequest.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclInterfaceAssignmentRequest.java create mode 100644 acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/MacIpInterfaceAssignmentRequest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizerTest.java delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizerTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressAclCustomizerTest.java delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizerTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressAclCustomizerTest.java delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizerTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/MacIpAclCustomizerTest.java delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclCustomizerTest.java create mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclValidatorTest.java delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java delete mode 100644 acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclValidatorTest.java delete mode 100644 acl/acl-impl/src/test/resources/rules/other-rule.json mode change 100644 => 100755 acl/acl_postman_collection.json diff --git a/acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang b/acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang deleted file mode 100644 index bdd0d0ee3..000000000 --- a/acl/acl-api/src/main/yang/ietf-access-control-list@2016-07-08.yang +++ /dev/null @@ -1,212 +0,0 @@ -module ietf-access-control-list { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; - prefix acl; - import ietf-yang-types { - prefix yang; - } - import ietf-packet-fields { - prefix packet-fields; - } - organization "IETF NETMOD (NETCONF Data Modeling Language) - Working Group"; - contact - "WG Web: http://tools.ietf.org/wg/netmod/ - WG List: netmod@ietf.org - WG Chair: Juergen Schoenwaelder - j.schoenwaelder@jacobs-university.de - WG Chair: Tom Nadeau - tnadeau@lucidvision.com - Editor: Dean Bogdanovic - ivandean@gmail.com - Editor: Kiran Agrahara Sreenivasa - kkoushik@cisco.com - Editor: Lisa Huang - lyihuang16@gmail.com - Editor: Dana Blair - dblair@cisco.com"; - description - "This YANG module defines a component that describing the - configuration of Access Control Lists (ACLs). - Copyright (c) 2015 IETF Trust and the persons identified as - the document authors. All rights reserved. - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD - License set forth in Section 4.c of the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - revision 2016-07-08 { - description - "Base model for Network Access Control List (ACL)."; - reference - "RFC XXXX: Network Access Control List (ACL) - YANG Data Model"; - } - identity acl-base { - description - "Base Access Control List type for all Access Control List type - identifiers."; - } - identity ipv4-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields from the IPv4 header - (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP - destination port). An acl of type ipv4-acl does not contain - matches on fields in the ethernet header or the IPv6 header."; - } - identity ipv6-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields from the IPv6 header - (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP - destination port). An acl of type ipv6-acl does not contain - matches on fields in the ethernet header or the IPv4 header."; - } - identity eth-acl { - base acl:acl-base; - description - "ACL that primarily matches on fields in the ethernet header, - like 10/100/1000baseT or WiFi Access Control List. An acl of - type eth-acl does not contain matches on fields in the IPv4 - header, IPv6 header or layer 4 headers."; - } - typedef acl-type { - type identityref { - base acl:acl-base; - } - description - "This type is used to refer to an Access Control List - (ACL) type"; - } - /* - HC2VPP-290: access-control-list-ref was modified to fix pyang errors - TODO(HC2VPP-291): bump ietf-access-control-list version to resolve the issue - */ - typedef access-control-list-ref { - type leafref { - path "/acl:access-lists/acl:acl/acl:acl-name"; - } - description - "This type is used by data models that need to reference an - Access Control List"; - } - container access-lists { - description - "This is a top level container for Access Control Lists. - It can have one or more Access Control Lists."; - list acl { - key "acl-type acl-name"; - description - "An Access Control List(ACL) is an ordered list of - Access List Entries (ACE). Each Access Control Entry has a - list of match criteria and a list of actions. - Since there are several kinds of Access Control Lists - implemented with different attributes for - different vendors, this - model accommodates customizing Access Control Lists for - each kind and for each vendor."; - leaf acl-name { - type string; - description - "The name of access-list. A device MAY restrict the length - and value of this name, possibly space and special - characters are not allowed."; - } - leaf acl-type { - type acl-type; - description - "Type of access control list. Indicates the primary intended - type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, etc) - used in the list instance."; - } - container acl-oper-data { - config false; - description - "Overall Access Control List operational data"; - } - container access-list-entries { - description - "The access-list-entries container contains - a list of access-list-entries(ACE)."; - list ace { - key "rule-name"; - ordered-by user; - description - "List of access list entries(ACE)"; - leaf rule-name { - type string; - description - "A unique name identifying this Access List - Entry(ACE)."; - } - container matches { - description - "Definitions for match criteria for this Access List - Entry."; - choice ace-type { - description - "Type of access list entry."; - case ace-ip { - description "IP Access List Entry."; - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses packet-fields:acl-ipv4-header-fields; - } - case ace-ipv6 { - uses packet-fields:acl-ipv6-header-fields; - } - } - uses packet-fields:acl-ip-header-fields; - } - case ace-eth { - description - "Ethernet Access List entry."; - uses packet-fields:acl-eth-header-fields; - } - } - } - container actions { - description - "Definitions of action criteria for this Access List - Entry."; - choice packet-handling { - default "deny"; - description - "Packet handling action."; - case deny { - leaf deny { - type empty; - description - "Deny action."; - } - } - case permit { - leaf permit { - type empty; - description - "Permit action."; - } - } - } - } - container ace-oper-data { - config false; - description - "Operational data for this Access List Entry."; - leaf match-counter { - type yang:counter64; - description - "Number of matches for this Access List Entry"; - } - } - } - } - } - } -} diff --git a/acl/acl-api/src/main/yang/ietf-access-control-list@2018-10-01.yang b/acl/acl-api/src/main/yang/ietf-access-control-list@2018-10-01.yang new file mode 100755 index 000000000..cc1dcb59f --- /dev/null +++ b/acl/acl-api/src/main/yang/ietf-access-control-list@2018-10-01.yang @@ -0,0 +1,667 @@ +module ietf-access-control-list { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-access-control-list"; + prefix acl; + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991 - Common YANG Data Types."; + } + + import ietf-packet-fields { + prefix pf; + reference + "RFC XXXX - Network ACL YANG Model."; + } + + import ietf-interfaces { + prefix if; + reference + "RFC 8343 - A YANG Data Model for Interface Management."; + } + + organization + "IETF NETMOD (Network Modeling Language) + Working Group"; + + contact + "WG Web: http://tools.ietf.org/wg/netmod/ + WG List: netmod@ietf.org + + Editor: Mahesh Jethanandani + mjethanandani@gmail.com + Editor: Lisa Huang + lyihuang16@gmail.com + Editor: Sonal Agarwal + sagarwal12@gmail.com + Editor: Dana Blair + dblair@cisco.com"; + + description + "This YANG module defines a component that describe the + configuration of Access Control Lists (ACLs). + + Copyright (c) 2018 IETF Trust and the persons identified as + the document authors. All rights reserved. + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + + revision 2018-10-01 { + description + "Initial version."; + reference + "RFC XXX: Network Access Control List (ACL) YANG Data Model."; + } + + /* + * Identities + */ + /* + * Forwarding actions for a packet + */ + identity forwarding-action { + description + "Base identity for actions in the forwarding category"; + } + + identity accept { + base forwarding-action; + description + "Accept the packet"; + } + + identity drop { + base forwarding-action; + description + "Drop packet without sending any ICMP error message"; + } + + identity reject { + base forwarding-action; + description + "Drop the packet and send an ICMP error message to the source"; + } + + /* + * Logging actions for a packet + */ + identity log-action { + description + "Base identity for defining the destination for logging actions"; + } + + identity log-syslog { + base log-action; + description + "System log (syslog) the information for the packet"; + } + + identity log-none { + base log-action; + description + "No logging for the packet"; + } + + /* + * ACL type identities + */ + identity acl-base { + description + "Base Access Control List type for all Access Control List type + identifiers."; + } + + identity ipv4-acl-type { + base acl:acl-base; + if-feature "ipv4"; + description + "An ACL that matches on fields from the IPv4 header + (e.g. IPv4 destination address) and layer 4 headers (e.g. TCP + destination port). An acl of type ipv4 does not contain + matches on fields in the ethernet header or the IPv6 header."; + } + + identity ipv6-acl-type { + base acl:acl-base; + if-feature "ipv6"; + description + "An ACL that matches on fields from the IPv6 header + (e.g. IPv6 destination address) and layer 4 headers (e.g. TCP + destination port). An acl of type ipv6 does not contain + matches on fields in the ethernet header or the IPv4 header."; + } + + identity eth-acl-type { + base acl:acl-base; + if-feature "eth"; + description + "An ACL that matches on fields in the ethernet header, + like 10/100/1000baseT or WiFi Access Control List. An acl of + type ethernet does not contain matches on fields in the IPv4 + header, IPv6 header or layer 4 headers."; + } + + identity mixed-eth-ipv4-acl-type { + base "acl:eth-acl-type"; + base "acl:ipv4-acl-type"; + if-feature "mixed-eth-ipv4"; + description + "An ACL that contains a mix of entries that + match on fields in ethernet headers, + entries that match on IPv4 headers. + Matching on layer 4 header fields may also exist in the + list."; + } + identity mixed-eth-ipv6-acl-type { + base "acl:eth-acl-type"; + base "acl:ipv6-acl-type"; + if-feature "mixed-eth-ipv6"; + description + "ACL that contains a mix of entries that + match on fields in ethernet headers, entries + that match on fields in IPv6 headers. Matching on + layer 4 header fields may also exist in the list."; + } + + identity mixed-eth-ipv4-ipv6-acl-type { + base "acl:eth-acl-type"; + base "acl:ipv4-acl-type"; + base "acl:ipv6-acl-type"; + if-feature "mixed-eth-ipv4-ipv6"; + description + "ACL that contains a mix of entries that + match on fields in ethernet headers, entries + that match on fields in IPv4 headers, and entries + that match on fields in IPv6 headers. Matching on + layer 4 header fields may also exist in the list."; + } + + /* + * Features + */ + + /* + * Features supported by device + */ + feature match-on-eth { + description + "The device can support matching on ethernet headers."; + } + + feature match-on-ipv4 { + description + "The device can support matching on IPv4 headers."; + } + + feature match-on-ipv6 { + description + "The device can support matching on IPv6 headers."; + } + + feature match-on-tcp { + description + "The device can support matching on TCP headers."; + } + + feature match-on-udp { + description + "The device can support matching on UDP headers."; + } + + feature match-on-icmp { + description + "The device can support matching on ICMP (v4 and v6) headers."; + } + + /* + * Header classifications combinations supported by + * device + */ + feature eth { + if-feature "match-on-eth"; + description + "Plain Ethernet ACL supported"; + } + + feature ipv4 { + if-feature "match-on-ipv4"; + description + "Plain IPv4 ACL supported"; + } + + feature ipv6 { + if-feature "match-on-ipv6"; + description + "Plain IPv6 ACL supported"; + } + + feature mixed-eth-ipv4 { + if-feature "match-on-eth and match-on-ipv4"; + description + "Ethernet and IPv4 ACL combinations supported"; + } + + feature mixed-eth-ipv6 { + if-feature "match-on-eth and match-on-ipv6"; + description + "Ethernet and IPv6 ACL combinations supported"; + } + + feature mixed-eth-ipv4-ipv6 { + if-feature "match-on-eth and match-on-ipv4 + and match-on-ipv6"; + description + "Ethernet, IPv4 and IPv6 ACL combinations supported."; + } + + /* + * Stats Features + */ + feature interface-stats { + description + "ACL counters are available and reported only per interface"; + } + + feature acl-aggregate-stats { + description + "ACL counters are aggregated over all interfaces, and reported + only per ACL entry"; + } + + /* + * Attachment point features + */ + feature interface-attachment { + description + "ACLs are set on interfaces."; + } + + /* + * Typedefs + */ + typedef acl-type { + type identityref { + base acl-base; + } + description + "This type is used to refer to an Access Control List + (ACL) type"; + } + + /* + * Groupings + */ + grouping acl-counters { + description + "Common grouping for ACL counters"; + + leaf matched-packets { + type yang:counter64; + config false; + description + "Count of the number of packets matching the current ACL + entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry basis if possible. + + If an implementation only supports ACL counters on a per + entry basis (i.e., not broken out per interface), then the + value should be equal to the aggregate count across all + interfaces. + + An implementation that provides counters on a per entry per + interface basis is not required to also provide an aggregate + count, e.g., per entry -- the user is expected to be able + implement the required aggregation if such a count is + needed."; + } + + leaf matched-octets { + type yang:counter64; + config false; + description + "Count of the number of octets (bytes) matching the current + ACL entry. + + An implementation should provide this counter on a + per-interface per-ACL-entry if possible. + + If an implementation only supports ACL counters per entry + (i.e., not broken out per interface), then the value + should be equal to the aggregate count across all interfaces. + + An implementation that provides counters per entry per + interface is not required to also provide an aggregate count, + e.g., per entry -- the user is expected to be able implement + the required aggregation if such a count is needed."; + } + } + + /* + * Configuration data nodes + */ + container acls { + description + "This is a top level container for Access Control Lists. + It can have one or more acl nodes."; + list acl { + key "name"; + description + "An Access Control List (ACL) is an ordered list of + Access Control Entries (ACE). Each ACE has a + list of match criteria and a list of actions. + Since there are several kinds of Access Control Lists + implemented with different attributes for + different vendors, this model accommodates customizing + Access Control Lists for each kind and, for each vendor."; + leaf name { + type string { + length "1..64"; + } + description + "The name of access list. A device MAY restrict the length + and value of this name, possibly space and special + characters are not allowed."; + } + leaf type { + type acl-type; + description + "Type of access control list. Indicates the primary intended + type of match criteria (e.g. ethernet, IPv4, IPv6, mixed, + etc) used in the list instance."; + } + container aces { + description + "The aces container contains one or more ace nodes."; + list ace { + key "name"; + ordered-by user; + description + "List of Access Control Entries (ACEs)"; + leaf name { + type string { + length "1..64"; + } + description + "A unique name identifying this Access Control + Entry (ACE)."; + } + + container matches { + description + "The rules in this set determine what fields will be + matched upon before any action is taken on them. + The rules are selected based on the feature set + defined by the server and the acl-type defined. + If no matches are defined in a particular container, + then any packet will match that container. If no + matches are specified at all in an ACE, then any + packet will match the ACE."; + + choice l2 { + container eth { + when "derived-from-or-self(/acls/acl/type, " + + "'acl:eth-acl-type')"; + if-feature match-on-eth; + uses pf:acl-eth-header-fields; + description + "Rule set that matches ethernet headers."; + } + description + "Match layer 2 headers, for example ethernet + header fields."; + } + + choice l3 { + container ipv4 { + when "derived-from-or-self(/acls/acl/type, " + + "'acl:ipv4-acl-type')"; + if-feature match-on-ipv4; + uses pf:acl-ip-header-fields; + uses pf:acl-ipv4-header-fields; + description + "Rule set that matches IPv4 headers."; + } + + container ipv6 { + when "derived-from-or-self(/acls/acl/type, " + + "'acl:ipv6-acl-type')"; + if-feature match-on-ipv6; + uses pf:acl-ip-header-fields; + uses pf:acl-ipv6-header-fields; + description + "Rule set that matches IPv6 headers."; + } + description + "Choice of either ipv4 or ipv6 headers"; + } + + choice l4 { + container tcp { + if-feature match-on-tcp; + uses pf:acl-tcp-header-fields; + container source-port { + choice source-port { + case range-or-operator { + uses pf:port-range-or-operator; + description + "Source port definition from range or + operator."; + } + description + "Choice of source port definition using + range/operator or a choice to support future + 'case' statements, such as one enabling a + group of source ports to be referenced."; + } + description + "Source port definition."; + } + container destination-port { + choice destination-port { + case range-or-operator { + uses pf:port-range-or-operator; + description + "Destination port definition from range or + operator."; + } + description + "Choice of destination port definition using + range/operator or a choice to support future + 'case' statements, such as one enabling a + group of destination ports to be referenced."; + } + description + "Destination port definition."; + } + description + "Rule set that matches TCP headers."; + } + + container udp { + if-feature match-on-udp; + uses pf:acl-udp-header-fields; + container source-port { + choice source-port { + case range-or-operator { + uses pf:port-range-or-operator; + description + "Source port definition from range or + operator."; + } + description + "Choice of source port definition using + range/operator or a choice to support future + 'case' statements, such as one enabling a + group of source ports to be referenced."; + } + description + "Source port definition."; + } + container destination-port { + choice destination-port { + case range-or-operator { + uses pf:port-range-or-operator; + description + "Destination port definition from range or + operator."; + } + description + "Choice of destination port definition using + range/operator or a choice to support future + 'case' statements, such as one enabling a + group of destination ports to be referenced."; + } + description + "Destination port definition."; + } + description + "Rule set that matches UDP headers."; + } + + container icmp { + if-feature match-on-icmp; + uses pf:acl-icmp-header-fields; + description + "Rule set that matches ICMP headers."; + } + description + "Choice of TCP, UDP or ICMP headers."; + } + + leaf egress-interface { + type if:interface-ref; + description + "Egress interface. This should not be used if this ACL + is attached as an egress ACL (or the value should + equal the interface to which the ACL is attached)."; + } + + leaf ingress-interface { + type if:interface-ref; + description + "Ingress interface. This should not be used if this ACL + is attached as an ingress ACL (or the value should + equal the interface to which the ACL is attached)"; + } + } + + container actions { + description + "Definitions of action for this ace entry"; + leaf forwarding { + type identityref { + base forwarding-action; + } + mandatory true; + description + "Specifies the forwarding action per ace entry"; + } + + leaf logging { + type identityref { + base log-action; + } + default log-none; + description + "Specifies the log action and destination for + matched packets. Default value is not to log the + packet."; + } + } + container statistics { + if-feature "acl-aggregate-stats"; + config false; + description + "Statistics gathered across all attachment points for the + given ACL."; + uses acl-counters; + } + } + } + } + container attachment-points { + description + "Enclosing container for the list of + attachment-points on which ACLs are set"; + + /* + * Groupings + */ + grouping interface-acl { + description + "Grouping for per-interface ingress ACL data"; + + container acl-sets { + description + "Enclosing container the list of ingress ACLs on the + interface"; + + list acl-set { + key "name"; + ordered-by user; + description + "List of ingress ACLs on the interface"; + + leaf name { + type leafref { + path "/acls/acl/name"; + } + description + "Reference to the ACL name applied on ingress"; + } + + list ace-statistics { + if-feature "interface-stats"; + key "name"; + config false; + description + "List of Access Control Entries (ACEs)"; + leaf name { + type leafref { + path "/acls/acl/aces/ace/name"; + } + description + "The ace name"; + } + uses acl-counters; + } + } + } + } + + list interface { + if-feature interface-attachment; + key "interface-id"; + description + "List of interfaces on which ACLs are set"; + + leaf interface-id { + type if:interface-ref; + description + "Reference to the interface id list key"; + } + + container ingress { + uses interface-acl; + description + "The ACLs applied to ingress interface"; + } + container egress { + uses interface-acl; + description + "The ACLs applied to egress interface"; + } + } + } + } +} diff --git a/acl/acl-api/src/main/yang/ietf-ethertypes@2018-10-01.yang b/acl/acl-api/src/main/yang/ietf-ethertypes@2018-10-01.yang new file mode 100755 index 000000000..c06426912 --- /dev/null +++ b/acl/acl-api/src/main/yang/ietf-ethertypes@2018-10-01.yang @@ -0,0 +1,362 @@ +module ietf-ethertypes { + namespace "urn:ietf:params:xml:ns:yang:ietf-ethertypes"; + prefix ethertypes; + + organization + "IETF NETMOD (NETCONF Data Modeling Language)"; + + contact + "WG Web: + WG List: + + Editor: Mahesh Jethanandani + "; + + description + "This module contains the common definitions for the + Ethertype used by different modules. It is a + placeholder module, till such time that IEEE + starts a project to define these Ethertypes + and publishes a standard. + + At that time this module can be deprecated."; + + revision 2018-10-01 { + description + "Initial revision."; + reference + "RFC XXXX: IETF Ethertype YANG Data Module."; + } + + typedef ethertype { + type union { + type uint16; + type enumeration { + enum ipv4 { + value 2048; + description + "Internet Protocol version 4 (IPv4) with a + hex value of 0x0800."; + reference + "RFC 791: Internet Protocol."; + } + enum arp { + value 2054; + description + "Address Resolution Protocol (ARP) with a + hex value of 0x0806."; + reference + "RFC 826: An Ethernet Address Resolution Protocol."; + } + enum wlan { + value 2114; + description + "Wake-on-LAN. Hex value of 0x0842."; + } + enum trill { + value 8947; + description + "Transparent Interconnection of Lots of Links. + Hex value of 0x22F3."; + reference + "RFC 6325: Routing Bridges (RBridges): Base Protocol + Specification."; + } + enum srp { + value 8938; + description + "Stream Reservation Protocol. Hex value of + 0x22EA."; + reference + "IEEE 801.1Q-2011."; + } + enum decnet { + value 24579; + description + "DECnet Phase IV. Hex value of 0x6003."; + } + enum rarp { + value 32821; + description + "Reverse Address Resolution Protocol. + Hex value 0x8035."; + reference + "RFC 903. A Reverse Address Resolution Protocol."; + } + enum appletalk { + value 32923; + description + "Appletalk (Ethertalk). Hex value 0x809B."; + } + enum aarp { + value 33011; + description + "Appletalk Address Resolution Protocol. Hex value + of 0x80F3."; + } + enum vlan { + value 33024; + description + "VLAN-tagged frame (802.1Q) and Shortest Path + Bridging IEEE 802.1aq with NNI compatibility. + Hex value 0x8100."; + reference + "802.1Q."; + } + enum ipx { + value 33079; + description + "Internetwork Packet Exchange (IPX). Hex value + of 0x8137."; + } + enum qnx { + value 33284; + description + "QNX Qnet. Hex value of 0x8204."; + } + enum ipv6 { + value 34525; + description + "Internet Protocol Version 6 (IPv6). Hex value + of 0x86DD."; + reference + "RFC 8200: Internet Protocol, Version 6 (IPv6) + Specification + RFC 8201: Path MTU Discovery for IPv6."; + } + enum efc { + value 34824; + description + "Ethernet flow control using pause frames. + Hex value of 0x8808"; + reference + "IEEE Std. 802.1Qbb."; + } + enum esp { + value 34825; + description + "Ethernet Slow Protocol. Hex value of 0x8809."; + reference + "IEEE Std. 802.3-2015"; + } + enum cobranet { + value 34841; + description + "CobraNet. Hex value of 0x"; + } + enum mpls-unicast { + value 34887; + description + "MultiProtocol Label Switch (MPLS) unicast traffic. + Hex value of 0x8847."; + reference + "RFC 3031: Multiprotocol Label Switching Architecture."; + } + enum mpls-multicast { + value 34888; + description + "MultiProtocol Label Switch (MPLS) multicast traffic. + Hex value of 0x8848."; + reference + "RFC 3031: Multiprotocol Label Switching Architecture."; + } + enum pppoe-discovery { + value 34915; + description + "Point-to-Point Protocol over Ethernet. Used during + the discovery process. Hex value of 0x8863."; + reference + "RFC 2516: A method for Transmitting PPP over Ethernet + PPPoE."; + } + enum pppoe-session { + value 34916; + description + "Point-to-Point Protocol over Ethernet. Used during + session stage. Hex value of 0x8864."; + reference + "RFC 2516: A method for Transmitting PPP over Ethernet + PPPoE."; + } + enum intel-ans { + value 34925; + description + "Intel Advanced Networking Services. Hex value of + 0x886D."; + } + enum jumbo-frames { + value 34928; + description + "Jumbo frames or Ethernet frames with more than + 1500 bytes of payload, upto 9000 bytes."; + } + enum homeplug { + value 34939; + description + "Family name for the various power line + communications. Hex value of 0x887B."; + } + enum eap { + value 34958; + description + "Ethernet Access Protocol (EAP) over LAN. Hex value + of 0x888E."; + reference + "IEEE 802.1X"; + } + enum profinet { + value 34962; + description + "PROcess FIeld Net (PROFINET). Hex value of 0x8892."; + } + enum hyperscsi { + value 34970; + description + "SCSI over Ethernet. Hex value of 0x889A"; + } + enum aoe { + value 34978; + description + "Advanced Technology Advancement (ATA) over Ethernet. + Hex value of 0x88A2."; + } + enum ethercat { + value 34980; + description + "Ethernet for Control Automation Technology (EtherCAT). + Hex value of 0x88A4."; + } + enum provider-bridging { + value 34984; + description + "Provider Bridging (802.1ad) and Shortest Path Bridging + (801.1aq). Hex value of 0x88A8."; + reference + "IEEE 802.1ad, IEEE 802.1aq)."; + } + enum ethernet-powerlink { + value 34987; + description + "Ethernet Powerlink. Hex value of 0x88AB."; + } + enum goose { + value 35000; + description + "Generic Object Oriented Substation Event (GOOSE). + Hex value of 0x88B8."; + reference + "IEC/ISO 8802-2 and 8802-3."; + } + enum gse { + value 35001; + description + "Generic Substation Events. Hex value of 88B9."; + reference + "IEC 61850."; + } + enum sv { + value 35002; + description + "Sampled Value Transmission. Hex value of 0x88BA."; + reference + "IEC 61850."; + } + enum lldp { + value 35020; + description + "Link Layer Discovery Protocol (LLDP). Hex value of + 0x88CC."; + reference + "IEEE 802.1AB."; + } + enum sercos { + value 35021; + description + "Sercos Interface. Hex value of 0x88CD."; + } + enum wsmp { + value 35036; + description + "WAVE Short Message Protocl (WSMP). Hex value of + 0x88DC."; + } + enum homeplug-av-mme { + value 35041; + description + "HomePlug AV MME. Hex value of 88E1."; + } + enum mrp { + value 35043; + description + "Media Redundancy Protocol (MRP). Hex value of + 0x88E3."; + reference + "IEC62439-2."; + } + enum macsec { + value 35045; + description + "MAC Security. Hex value of 0x88E5."; + reference + "IEEE 802.1AE."; + } + enum pbb { + value 35047; + description + "Provider Backbone Bridges (PBB). Hex value of + 0x88E7."; + reference + "IEEE 802.1ah."; + } + enum cfm { + value 35074; + description + "Connectivity Fault Management (CFM). Hex value of + 0x8902."; + reference + "IEEE 802.1ag."; + } + enum fcoe { + value 35078; + description + "Fiber Channel over Ethernet (FCoE). Hex value of + 0x8906."; + reference + "T11 FC-BB-5."; + } + enum fcoe-ip { + value 35092; + description + "FCoE Initialization Protocol. Hex value of 0x8914."; + } + enum roce { + value 35093; + description + "RDMA over Converged Ethernet (RoCE). Hex value of + 0x8915."; + } + enum tte { + value 35101; + description + "TTEthernet Protocol Control Frame (TTE). Hex value + of 0x891D."; + reference + "SAE AS6802."; + } + enum hsr { + value 35119; + description + "High-availability Seamless Redundancy (HSR). Hex + value of 0x892F."; + reference + "IEC 62439-3:2016."; + } + } + } + description + "The uint16 type placeholder is defined to enable + users to manage their own ethertypes not + covered by the module. Otherwise the module contains + enum definitions for the more commonly used ethertypes."; + } +} diff --git a/acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang b/acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang deleted file mode 100644 index 0b1ce5cdd..000000000 --- a/acl/acl-api/src/main/yang/ietf-packet-fields@2016-07-08.yang +++ /dev/null @@ -1,180 +0,0 @@ -module ietf-packet-fields { - yang-version 1.1; - namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields"; - prefix packet-fields; - import ietf-inet-types { - prefix inet; - } - import ietf-yang-types { - prefix yang; - } - organization "IETF NETMOD (NETCONF Data Modeling Language) Working - Group"; - contact - "WG Web: http://tools.ietf.org/wg/netmod/ - WG List: netmod@ietf.org - WG Chair: Juergen Schoenwaelder - j.schoenwaelder@jacobs-university.de - WG Chair: Tom Nadeau - tnadeau@lucidvision.com - Editor: Dean Bogdanovic - deanb@juniper.net - Editor: Kiran Agrahara Sreenivasa - kkoushik@cisco.com - Editor: Lisa Huang - lyihuang16@gmail.com - Editor: Dana Blair - dblair@cisco.com"; - description - "This YANG module defines groupings that are used by - ietf-access-control-list YANG module. Their usage is not - limited to ietf-access-control-list and can be - used anywhere as applicable. - Copyright (c) 2015 IETF Trust and the persons identified as - the document authors. All rights reserved. - Redistribution and use in source and binary forms, with or - without modification, is permitted pursuant to, and subject - to the license terms contained in, the Simplified BSD - License set forth in Section 4.c of the IETF Trust's Legal - Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info). - This version of this YANG module is part of RFC XXXX; see - the RFC itself for full legal notices."; - revision 2016-07-08 { - description - "Initial version of packet fields used by - ietf-access-control-list"; - reference - "RFC XXXX: Network Access Control List (ACL) - YANG Data Model"; - } - grouping acl-transport-header-fields { - description - "Transport header fields"; - container source-port-range { - presence "Enables setting source port range"; - description - "Inclusive range representing source ports to be used. - When only lower-port is present, it represents a single port."; - leaf lower-port { - type inet:port-number; - mandatory true; - description - "Lower boundary for port."; - } - leaf upper-port { - type inet:port-number; - must ". >= ../lower-port" { - error-message - "The upper-port must be greater than or equal to lower-port"; - } - description - "Upper boundary for port . If existing, the upper port - must be greater or equal to lower-port."; - } - } - container destination-port-range { - presence "Enables setting destination port range"; - description - "Inclusive range representing destination ports to be used. When - only lower-port is present, it represents a single port."; - leaf lower-port { - type inet:port-number; - mandatory true; - description - "Lower boundary for port."; - } - leaf upper-port { - type inet:port-number; - must ". >= ../lower-port" { - error-message - "The upper-port must be greater than or equal to lower-port"; - } - - description - "Upper boundary for port. If existing, the upper port must - be greater or equal to lower-port"; - } - } - } - grouping acl-ip-header-fields { - description - "IP header fields common to ipv4 and ipv6"; - leaf dscp { - type inet:dscp; - description - "Value of dscp."; - } - leaf protocol { - type uint8; - description - "Internet Protocol number."; - } - uses acl-transport-header-fields; - } - grouping acl-ipv4-header-fields { - description - "Fields in IPv4 header."; - leaf destination-ipv4-network { - type inet:ipv4-prefix; - description - "Destination IPv4 address prefix."; - } - leaf source-ipv4-network { - type inet:ipv4-prefix; - description - "Source IPv4 address prefix."; - } - } - grouping acl-ipv6-header-fields { - description - "Fields in IPv6 header"; - leaf destination-ipv6-network { - type inet:ipv6-prefix; - description - "Destination IPv6 address prefix."; - } - leaf source-ipv6-network { - type inet:ipv6-prefix; - description - "Source IPv6 address prefix."; - } - leaf flow-label { - type inet:ipv6-flow-label; - description - "IPv6 Flow label."; - } - reference - "RFC 4291: IP Version 6 Addressing Architecture - RFC 4007: IPv6 Scoped Address Architecture - RFC 5952: A Recommendation for IPv6 Address Text Representation"; - } - grouping acl-eth-header-fields { - description - "Fields in Ethernet header."; - leaf destination-mac-address { - type yang:mac-address; - description - "Destination IEEE 802 MAC address."; - } - leaf destination-mac-address-mask { - type yang:mac-address; - description - "Destination IEEE 802 MAC address mask."; - } - leaf source-mac-address { - type yang:mac-address; - description - "Source IEEE 802 MAC address."; - } - leaf source-mac-address-mask { - type yang:mac-address; - description - "Source IEEE 802 MAC address mask."; - } - reference - "IEEE 802: IEEE Standard for Local and Metropolitan Area - Networks: Overview and Architecture."; - } - -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang b/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang new file mode 100755 index 000000000..dc175d335 --- /dev/null +++ b/acl/acl-api/src/main/yang/ietf-packet-fields@2018-10-01.yang @@ -0,0 +1,588 @@ +module ietf-packet-fields { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-packet-fields"; + prefix packet-fields; + + import ietf-inet-types { + prefix inet; + reference + "RFC 6991 - Common YANG Data Types."; + } + + import ietf-yang-types { + prefix yang; + reference + "RFC 6991 - Common YANG Data Types."; + } + + import ietf-ethertypes { + prefix eth; + reference + "RFC XXXX - Network ACL YANG Model."; + } + + organization + "IETF NETMOD (Network Modeling Language) Working + Group"; + + contact + "WG Web: http://tools.ietf.org/wg/netmod/ + WG List: netmod@ietf.org + + Editor: Mahesh Jethanandani + mjethanandani@gmail.com + Editor: Lisa Huang + lyihuang16@gmail.com + Editor: Sonal Agarwal + sagarwal12@gmail.com + Editor: Dana Blair + dblair@cisco.com"; + + description + "This YANG module defines groupings that are used by + ietf-access-control-list YANG module. Their usage is not + limited to ietf-access-control-list and can be + used anywhere as applicable. + + Copyright (c) 2018 IETF Trust and the persons identified as + the document authors. All rights reserved. + Redistribution and use in source and binary forms, with or + without modification, is permitted pursuant to, and subject + to the license terms contained in, the Simplified BSD + License set forth in Section 4.c of the IETF Trust's Legal + Provisions Relating to IETF Documents + (http://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX; see + the RFC itself for full legal notices."; + + revision 2018-10-01 { + description + "Initial version."; + reference + "RFC XXX: Network Access Control List (ACL) YANG Data Model."; + } + + /* + * Typedefs + */ + typedef operator { + type enumeration { + enum lte { + description + "Less than or equal."; + } + enum gte { + description + "Greater than or equal."; + } + enum eq { + description + "Equal to."; + } + enum neq { + description + "Not equal to."; + } + } + description + "The source and destination port range definitions + can be further qualified using an operator. An + operator is needed only if lower-port is specified + and upper-port is not specified. The operator + therefore further qualifies lower-port only."; + } + + /* + * Groupings + */ + grouping port-range-or-operator { + choice port-range-or-operator { + case range { + leaf lower-port { + type inet:port-number; + must ". <= ../upper-port" { + error-message + "The lower-port must be less than or equal to + upper-port."; + } + mandatory true; + description + "Lower boundry for a port."; + } + leaf upper-port { + type inet:port-number; + mandatory true; + description + "Upper boundry for port."; + } + } + case operator { + leaf operator { + type operator; + default eq; + description + "Operator to be applied on the port below."; + } + leaf port { + type inet:port-number; + mandatory true; + description + "Port number along with operator on which to + match."; + } + } + description + "Choice of specifying a port range or a single + port along with an operator."; + } + description + "Grouping for port definitions in the form of a + choice statement."; + } + + grouping acl-ip-header-fields { + description + "IP header fields common to ipv4 and ipv6"; + reference + "RFC 791: Internet Protocol."; + + leaf dscp { + type inet:dscp; + description + "Differentiated Services Code Point."; + reference + "RFC 2474: Definition of Differentiated services field + (DS field) in the IPv4 and IPv6 headers."; + } + + leaf ecn { + type uint8 { + range 0..3; + } + description + "Explicit Congestion Notification."; + reference + "RFC 3168: Explicit Congestion Notification."; + } + + leaf length { + type uint16; + description + "In IPv4 header field, this field is known as the Total Length. + Total Length is the length of the datagram, measured in octets, + including internet header and data. + + In IPv6 header field, this field is known as the Payload + Length, the length of the IPv6 payload, i.e. the rest of + the packet following the IPv6 header, in octets."; + reference + "RFC 791: Internet Protocol, + RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; + } + + leaf ttl { + type uint8; + description + "This field indicates the maximum time the datagram is allowed + to remain in the internet system. If this field contains the + value zero, then the datagram must be dropped. + + In IPv6, this field is known as the Hop Limit."; + reference + "RFC 791: Internet Protocol, + RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; + } + + leaf protocol { + type uint8; + description + "Internet Protocol number. Refers to the protocol of the + payload. In IPv6, this field is known as 'next-header, + and if extension headers are present, the protocol is + present in the 'upper-layer' header."; + reference + "RFC 791: Internet Protocol, + RFC 8200: Internet Protocol, Version 6 (IPv6) Specification."; + } + } + + grouping acl-ipv4-header-fields { + description + "Fields in IPv4 header."; + + leaf ihl { + type uint8 { + range "5..60"; + } + description + "An IPv4 header field, the Internet Header Length (IHL) is + the length of the internet header in 32 bit words, and + thus points to the beginning of the data. Note that the + minimum value for a correct header is 5."; + } + + leaf flags { + type bits { + bit reserved { + position 0; + description + "Reserved. Must be zero."; + } + bit fragment { + position 1; + description + "Setting value to 0 indicates may fragment, while setting + the value to 1 indicates do not fragment."; + } + bit more { + position 2; + description + "Setting the value to 0 indicates this is the last fragment, + and setting the value to 1 indicates more fragments are + coming."; + } + } + description + "Bit definitions for the flags field in IPv4 header."; + } + + leaf offset { + type uint16 { + range "20..65535"; + } + description + "The fragment offset is measured in units of 8 octets (64 bits). + The first fragment has offset zero. The length is 13 bits"; + } + + leaf identification { + type uint16; + description + "An identifying value assigned by the sender to aid in + assembling the fragments of a datagram."; + } + + choice destination-network { + case destination-ipv4-network { + leaf destination-ipv4-network { + type inet:ipv4-prefix; + description + "Destination IPv4 address prefix."; + } + } + description + "Choice of specifying a destination IPv4 address or + referring to a group of IPv4 destination addresses."; + } + choice source-network { + case source-ipv4-network { + leaf source-ipv4-network { + type inet:ipv4-prefix; + description + "Source IPv4 address prefix."; + } + } + description + "Choice of specifying a source IPv4 address or + referring to a group of IPv4 source addresses."; + } + } + + grouping acl-ipv6-header-fields { + description + "Fields in IPv6 header"; + + choice destination-network { + case destination-ipv6-network { + leaf destination-ipv6-network { + type inet:ipv6-prefix; + description + "Destination IPv6 address prefix."; + } + } + description + "Choice of specifying a destination IPv6 address + or referring to a group of IPv6 destination + addresses."; + } + + choice source-network { + case source-ipv6-network { + leaf source-ipv6-network { + type inet:ipv6-prefix; + description + "Source IPv6 address prefix."; + } + } + description + "Choice of specifying a source IPv6 address or + referring to a group of IPv6 source addresses."; + } + + leaf flow-label { + type inet:ipv6-flow-label; + description + "IPv6 Flow label."; + } + reference + "RFC 4291: IP Version 6 Addressing Architecture + RFC 4007: IPv6 Scoped Address Architecture + RFC 5952: A Recommendation for IPv6 Address Text + Representation"; + } + + grouping acl-eth-header-fields { + description + "Fields in Ethernet header."; + + leaf destination-mac-address { + type yang:mac-address; + description + "Destination IEEE 802 MAC address."; + } + leaf destination-mac-address-mask { + type yang:mac-address; + description + "Destination IEEE 802 MAC address mask."; + } + leaf source-mac-address { + type yang:mac-address; + description + "Source IEEE 802 MAC address."; + } + leaf source-mac-address-mask { + type yang:mac-address; + description + "Source IEEE 802 MAC address mask."; + } + leaf ethertype { + type eth:ethertype; + description + "The Ethernet Type (or Length) value represented + in the canonical order defined by IEEE 802. + The canonical representation uses lowercase + characters."; + reference + "IEEE 802-2014 Clause 9.2"; + } + reference + "IEEE 802: IEEE Standard for Local and Metropolitan + Area Networks: Overview and Architecture."; + } + + grouping acl-tcp-header-fields { + description + "Collection of TCP header fields that can be used to + setup a match filter."; + + leaf sequence-number { + type uint32; + description + "Sequence number that appears in the packet."; + } + + leaf acknowledgement-number { + type uint32; + description + "The acknowledgement number that appears in the + packet."; + } + + leaf data-offset { + type uint8 { + range "5..15"; + } + description + "Specifies the size of the TCP header in 32-bit + words. The minimum size header is 5 words and + the maximum is 15 words thus giving the minimum + size of 20 bytes and maximum of 60 bytes, + allowing for up to 40 bytes of options in the + header."; + } + + leaf reserved { + type uint8; + description + "Reserved for future use."; + } + + leaf flags { + type bits { + bit cwr { + position 1; + description + "Congestion Window Reduced (CWR) flag is set by + the sending host to indicate that it received + a TCP segment with the ECE flag set and had + responded in congestion control mechanism."; + reference + "RFC 3168: The Addition of Explicit Congestion + Notification (ECN) to IP."; + } + bit ece { + position 2; + description + "ECN-Echo has a dual role, depending on the value + of the SYN flag. It indicates: + If the SYN flag is set (1), that the TCP peer is ECN + capable. If the SYN flag is clear (0), that a packet + with Congestion Experienced flag set (ECN=11) in IP + header was received during normal transmission + (added to header by RFC 3168). This serves as an + indication of network congestion (or impending + congestion) to the TCP sender."; + reference + "RFC 3168: The Addition of Explicit Congestion + Notification (ECN) to IP."; + } + bit urg { + position 3; + description + "Indicates that the Urgent pointer field is significant."; + } + bit ack { + position 4; + description + "Indicates that the Acknowledgment field is significant. + All packets after the initial SYN packet sent by the + client should have this flag set."; + } + bit psh { + position 5; + description + "Push function. Asks to push the buffered data to the + receiving application."; + } + bit rst { + position 6; + description + "Reset the connection."; + } + bit syn { + position 7; + description + "Synchronize sequence numbers. Only the first packet + sent from each end should have this flag set. Some + other flags and fields change meaning based on this + flag, and some are only valid for when it is set, + and others when it is clear."; + } + bit fin { + position 8; + description + "Last package from sender."; + } + } + description + "Also known as Control Bits. Contains 9 1-bit flags."; + reference + "RFC 793: Transmission Control Protocol (TCP)."; + } + + leaf window-size { + type uint16; + units "bytes"; + description + "The size of the receive window, which specifies + the number of window size units beyond the segment + identified by the sequence number in the acknowledgment + field that the sender of this segment is currently + willing to receive."; + } + + leaf urgent-pointer { + type uint16; + description + "This field is an offset from the sequence number + indicating the last urgent data byte."; + } + + leaf options { + type binary { + length "1..40"; + } + description + "The length of this field is determined by the + data offset field. Options have up to three + fields: Option-Kind (1 byte), Option-Length + (1 byte), Option-Data (variable). The Option-Kind + field indicates the type of option, and is the + only field that is not optional. Depending on + what kind of option we are dealing with, + the next two fields may be set: the Option-Length + field indicates the total length of the option, + and the Option-Data field contains the value of + the option, if applicable."; + } + } + + grouping acl-udp-header-fields { + description + "Collection of UDP header fields that can be used + to setup a match filter."; + + leaf length { + type uint16; + description + "A field that specifies the length in bytes of + the UDP header and UDP data. The minimum + length is 8 bytes because that is the length of + the header. The field size sets a theoretical + limit of 65,535 bytes (8 byte header + 65,527 + bytes of data) for a UDP datagram. However the + actual limit for the data length, which is + imposed by the underlying IPv4 protocol, is + 65,507 bytes (65,535 minus 8 byte UDP header + minus 20 byte IP header). + + In IPv6 jumbograms it is possible to have + UDP packets of size greater than 65,535 bytes. + RFC 2675 specifies that the length field is set + to zero if the length of the UDP header plus + UDP data is greater than 65,535."; + } + } + + grouping acl-icmp-header-fields { + description + "Collection of ICMP header fields that can be + used to setup a match filter."; + + leaf type { + type uint8; + description + "Also known as Control messages."; + reference + "RFC 792: Internet Control Message Protocol (ICMP), + RFC 4443: Internet Control Message Protocol (ICMPv6) + for Internet Protocol Version 6 (IPv6) + Specifciation."; + } + + leaf code { + type uint8; + description + "ICMP subtype. Also known as Control messages."; + reference + "RFC 792: Internet Control Message Protocol (ICMP), + RFC 4443: Internet Control Message Protocol (ICMPv6) + for Internet Protocol Version 6 (IPv6) + Specifciation."; + } + + leaf rest-of-header { + type binary; + description + "Unbounded in length, the contents vary based on the + ICMP type and code. Also referred to as 'Message Body' + in ICMPv6."; + reference + "RFC 792: Internet Control Message Protocol (ICMP), + RFC 4443: Internet Control Message Protocol (ICMPv6) + for Internet Protocol Version 6 (IPv6) + Specifciation."; + } + } +} diff --git a/acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang b/acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang deleted file mode 100644 index f051830fe..000000000 --- a/acl/acl-api/src/main/yang/interface-acl@2016-12-14.yang +++ /dev/null @@ -1,103 +0,0 @@ -module interface-acl { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:interface:acl"; - prefix "ifc-acl"; - - import ietf-interfaces { - prefix "if"; - } - - import yang-ext { - prefix "ext"; - } - - import ietf-access-control-list { - prefix "acl"; - } - - organization - "FD.io - The Fast Data Project"; - - contact - "Hc2vpp Wiki - Mailing List "; - - description - "This module contains a collection of YANG definitions for - applying ACLs on VPP interfaces. - Uses ACL implementation provided by ACL plugin of VPP. - - Copyright (c) 2016 Cisco and/or its affiliates. - - Licensed under the Apache License, Version 2.0 (the 'License'); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an 'AS IS' BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License."; - - revision "2016-12-14" { - description "Initial revision of interface-acl model"; - } - - grouping vpp-acls-base-attributes { - description - "List of ACLs of vpp-acl type"; // TODO(HC2VPP-201): express constraint in the model if possible - list vpp-acls { - key "type name"; - ordered-by user; - - leaf type { - type acl:acl-type; - } - - // FIXME(HC2VPP-290): define leafref in interface-acl or bump ietf-access-control-list - leaf name { - type acl:access-control-list-ref; - } - } - } - - grouping vpp-macip-acls-base-attributes { - container vpp-macip-acl { - description - "ACL of vpp-macip-acl type"; // TODO(HC2VPP-201): express constraint in the model if possible - - leaf type { - type acl:acl-type; - } - - leaf name { - type acl:access-control-list-ref; - } - } - } - - grouping interface-acl-attributes { - container acl { - container ingress { - uses vpp-acls-base-attributes; - uses vpp-macip-acls-base-attributes; - } - container egress { - uses vpp-acls-base-attributes; - } - } - } - - augment /if:interfaces/if:interface { - ext:augment-identifier "vpp-acl-interface-augmentation"; - uses interface-acl-attributes; - } - - augment /if:interfaces-state/if:interface { - ext:augment-identifier "vpp-acl-interface-state-augmentation"; - uses interface-acl-attributes; - } - -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang b/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang index 016883e1e..34ac3b9f5 100644 --- a/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang +++ b/acl/acl-api/src/main/yang/vpp-acl-context@2017-01-04.yang @@ -1,6 +1,6 @@ module vpp-acl-context { yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl:context"; + namespace "http://fd.io/hc2vpp/yang/vpp/acl/context"; prefix "vac"; import naming-context { diff --git a/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang b/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang deleted file mode 100644 index 2f7f82e9c..000000000 --- a/acl/acl-api/src/main/yang/vpp-acl@2017-06-15.yang +++ /dev/null @@ -1,284 +0,0 @@ -module vpp-acl { - yang-version 1; - namespace "urn:opendaylight:params:xml:ns:yang:vpp:acl"; - prefix "vpp-acl"; - - import ietf-access-control-list { - prefix "acl"; - } - - import yang-ext { - prefix "ext"; - } - - import ietf-packet-fields { - prefix packet-fields; - } - - import ietf-inet-types { - prefix inet; - } - - import ietf-yang-types { - prefix yang; - } - - organization - "FD.io - The Fast Data Project"; - - contact - "Hc2vpp Wiki - Mailing List "; - - description - "This module contains a collection of YANG definitions - that extend ietf-access-control-list module - with VPP specific features provided by the VPP ACL plugin. - - Copyright (c) 2016-2017 Cisco and/or its affiliates. - - Licensed under the Apache License, Version 2.0 (the 'License'); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an 'AS IS' BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License."; - - revision "2017-06-15" { - description - "Renamed stateful/permit leaf to permit-and-reflect"; - } - - revision "2016-12-14" { - description - "Initial revision of vpp-acl model."; - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:actions/acl:packet-handling { - ext:augment-identifier "stateful-acl-action-augmentation"; - when "../acl:matches/acl:ace-type = 'vpp-acl:vpp-acl'"; - case stateful { - leaf permit-and-reflect { - type empty; - description - "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs."; - } - } - } - - identity vpp-acl { - base acl:acl-base; - description - "ACL that contains only aces of vpp-ace type."; - } - - identity vpp-macip-acl { - base acl:acl-base; - description - "ACL that contains only aces of vpp-macip-acl type."; - } - - grouping value-range { - description "Defines value range with first and last value defined"; - - leaf first { - type uint8; - mandatory true; - description "Lower boundary for range"; - } - - leaf last { - type uint8; - mandatory true; - description "Upper boundary for range"; - must "last >= first"; - } - } - - grouping acl-icmp-header-fields { - description - "ICMP header fields"; - container icmp-type-range { - presence "Enables setting icmp-type"; - description - "Inclusive range representing icmp types to be used."; - uses value-range; - } - - container icmp-code-range { - presence "Enables setting icmp-code"; - description - "Inclusive range representing icmp codes to be used."; - uses value-range; - } - } - - grouping acl-tcp-header-fields { - description - "TCP header fields"; - leaf tcp-flags-mask { - description - "Binary mask for tcp flags to match. MSB order (FIN at position 0). - Applied as logical AND to tcp flags field of the packet being matched, - before it is compared with tcp-flags-value."; - type uint8; - } - leaf tcp-flags-value { - description - "Binary value for tcp flags to match. MSB order (FIN at position 0). - Before tcp-flags-value is compared with tcp flags field of the packet being matched, - tcp-flags-mask is applied to packet field value."; - type uint8; - } - } - - grouping acl-other-protocol-fields { - description "Used for any other protocol than TCP/UDP/ICMP/ICMPv6"; - leaf protocol { - must "protocol != 1 and protocol != 6 and protocol != 17 and protocol != 58"; - type uint8; - description "Internet Protocol number."; - } - } - - grouping acl-ip-protocol-header-fields { - description - "Defines header fields for TCP/UDP or ICMP protocols"; - choice ip-protocol { - case icmp { - container icmp-nodes { - uses acl-icmp-header-fields; - } - } - case icmp-v6 { - container icmp-v6-nodes { - uses acl-icmp-header-fields; - } - } - case udp { - container udp-nodes { - uses packet-fields:acl-transport-header-fields; - } - } - case tcp { - container tcp-nodes { - uses packet-fields:acl-transport-header-fields; - uses acl-tcp-header-fields; - } - } - case other { - container other-nodes { - uses acl-other-protocol-fields; - } - } - } - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { - ext:augment-identifier "vpp-acl-type-augmentation"; - case vpp-ace { - description - "Access List entry that can define: - - IP4/IP6 src/dst ip prefix- Internet Protocol number - - Internet Protocol number - - selected L4 headers: - * ICMP (type range) - * UDP (port range) - * TCP (port range, flags mask, flags value)"; - container vpp-ace-nodes { - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses packet-fields:acl-ipv4-header-fields; - } - case ace-ipv6 { - uses packet-fields:acl-ipv6-header-fields; - } - } - uses acl-ip-protocol-header-fields; - } - } - } - - grouping vpp-macip-ace-eth-header-fields { - description - "Fields in Ethernet header supported by vpp-macip rule"; - leaf source-mac-address { - type yang:mac-address; - description - "Source IEEE 802 MAC address. - Before source-mac-address is compared with source mac address field of the packet being matched, - source-mac-address-mask is applied to packet field value."; - } - leaf source-mac-address-mask { - type yang:mac-address; - description - "Source IEEE 802 MAC address mask. - Applied as logical AND with source mac address field of the packet being matched, - before it is compared with source-mac-address."; - } - } - - grouping vpp-macip-ace-ipv4-header-fields { - description - "Fields in IPv4 header supported by vpp-macip rule"; - leaf source-ipv4-network { - type inet:ipv4-prefix; - description - "Source IPv4 address prefix."; - } - } - - grouping vpp-macip-ace-ipv6-header-fields { - description - "Fields in IPv6 header supported by vpp-macip rule"; - leaf source-ipv6-network { - type inet:ipv6-prefix; - description - "Source IPv6 address prefix."; - } - } - - augment /acl:access-lists/acl:acl/acl:access-list-entries/acl:ace/acl:matches/acl:ace-type { - ext:augment-identifier "vpp-macip-acl-type-augmentation"; - case vpp-macip-ace { - description - "Access List entry that can define: - - IP4/IP6 src ip prefix - - src MAC address mask - - src MAC address value - - can be used only for static ACLs."; - container vpp-macip-ace-nodes { - choice ace-ip-version { - description - "IP version used in this Access List Entry."; - case ace-ipv4 { - uses vpp-macip-ace-ipv4-header-fields; - } - case ace-ipv6 { - uses vpp-macip-ace-ipv6-header-fields; - } - } - uses vpp-macip-ace-eth-header-fields; - } - } - } - - augment /acl:access-lists/acl:acl { - ext:augment-identifier "vpp-acl-augmentation"; - leaf tag { - type string { - length 1..63; - } - description - "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp, - and returned in read requests. No processing involved."; - } - } -} \ No newline at end of file diff --git a/acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang b/acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang new file mode 100644 index 000000000..f94dfa29a --- /dev/null +++ b/acl/acl-api/src/main/yang/vpp-acl@2018-10-22.yang @@ -0,0 +1,230 @@ +module vpp-acl { + yang-version 1; + namespace "http://fd.io/hc2vpp/yang/vpp/acl"; + prefix "vpp-acl"; + + import ietf-access-control-list { + prefix "acl"; + } + + import yang-ext { + prefix "ext"; + } + + import ietf-packet-fields { + prefix packet-fields; + } + + import ietf-inet-types { + prefix inet; + } + + import ietf-yang-types { + prefix yang; + } + + organization + "FD.io - The Fast Data Project"; + + contact + "Hc2vpp Wiki + Mailing List "; + + description + "This module contains a collection of YANG definitions + that extend ietf-access-control-list module + with VPP specific features provided by the VPP ACL plugin. + + Copyright (c) 2016-2017 Cisco and/or its affiliates. + + Licensed under the Apache License, Version 2.0 (the 'License'); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an 'AS IS' BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License."; + + revision "2018-10-22" { + description + "Updated vpp dependencies to match changes in ietf-access-control-list@2018-10-01 yang model."; + } + + revision "2017-06-15" { + description + "Renamed stateful/permit leaf to permit-and-reflect"; + } + + revision "2016-12-14" { + description + "Initial revision of vpp-acl model."; + } + + identity vpp-acl { + base acl:acl-base; + description + "ACL that contains only aces of vpp-ace type."; + } + + identity vpp-macip-acl { + base acl:acl-base; + description + "ACL that contains only aces of vpp-macip-acl type."; + } + + identity accept-and-reflect { + base acl:forwarding-action; + description + "Permits egress TCP/UDP traffic and ingress in reverse direction by creating reflexive ACEs."; + } + + grouping value-range { + description "Defines value range with first and last value defined"; + + leaf first { + type uint8; + mandatory true; + description "Lower boundary for range"; + } + + leaf last { + type uint8; + mandatory true; + description "Upper boundary for range"; + must "last >= first"; + } + } + + grouping acl-icmp-header-fields { + description + "ICMP header fields"; + container icmp-type-range { + presence "Enables setting icmp-type"; + description + "Inclusive range representing icmp types to be used."; + uses value-range; + } + + container icmp-code-range { + presence "Enables setting icmp-code"; + description + "Inclusive range representing icmp codes to be used."; + uses value-range; + } + } + + grouping acl-tcp-header-fields { + + description "ICMP header fields"; + + leaf flags-mask { + type bits { + bit cwr { + position 1; + description + "Congestion Window Reduced (CWR) flag is set by + the sending host to indicate that it received + a TCP segment with the ECE flag set and had + responded in congestion control mechanism."; + reference + "RFC 3168: The Addition of Explicit Congestion + Notification (ECN) to IP."; + } + bit ece { + position 2; + description + "ECN-Echo has a dual role, depending on the value + of the SYN flag. It indicates: + If the SYN flag is set (1), that the TCP peer is ECN + capable. If the SYN flag is clear (0), that a packet + with Congestion Experienced flag set (ECN=11) in IP + header was received during normal transmission + (added to header by RFC 3168). This serves as an + indication of network congestion (or impending + congestion) to the TCP sender."; + reference + "RFC 3168: The Addition of Explicit Congestion + Notification (ECN) to IP."; + } + bit urg { + position 3; + description + "Indicates that the Urgent pointer field is significant."; + } + bit ack { + position 4; + description + "Indicates that the Acknowledgment field is significant. + All packets after the initial SYN packet sent by the + client should have this flag set."; + } + bit psh { + position 5; + description + "Push function. Asks to push the buffered data to the + receiving application."; + } + bit rst { + position 6; + description + "Reset the connection."; + } + bit syn { + position 7; + description + "Synchronize sequence numbers. Only the first packet + sent from each end should have this flag set. Some + other flags and fields change meaning based on this + flag, and some are only valid for when it is set, + and others when it is clear."; + } + bit fin { + position 8; + description + "Last package from sender."; + } + } + description + "Also known as Control Bits. Contains 9 1-bit flags."; + reference + "RFC 793: Transmission Control Protocol (TCP)."; + } + } + + augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4/acl:icmp/acl:icmp { + ext:augment-identifier "vpp-icmp-ace-augmentation"; + container vpp-icmp-ace { + description + "Access List entry that can define: + - icmp code range fields + - icmp type range fields."; + uses acl-icmp-header-fields; + } + } + + augment /acl:acls/acl:acl/acl:aces/acl:ace/acl:matches/acl:l4/acl:tcp/acl:tcp { + ext:augment-identifier "vpp-tcp-ace-augmentation"; + container vpp-tcp-ace { + description + "Access List entry that can define: + - Flag mask"; + uses acl-tcp-header-fields; + } + } + + augment /acl:acls/acl:acl { + ext:augment-identifier "vpp-acl-augmentation"; + leaf tag { + type string { + length 1..63; + } + description + "ASCII tag that can be used as a placeholder for ACL metadata. Value is stored in vpp, + and returned in read requests. No processing involved."; + } + } +} \ No newline at end of file diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclIIds.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclIIds.java new file mode 100644 index 000000000..ad4bcae68 --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclIIds.java @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package io.fd.hc2vpp.acl; + +import com.google.common.collect.ImmutableSet; +import java.util.Set; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpCodeRange; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpTypeRange; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.icmp.icmp.VppIcmpAce; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.tcp.tcp.VppTcpAce; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPoints; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.Aces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Actions; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Matches; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.Eth; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.icmp.Icmp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.Tcp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.DestinationPort; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.SourcePort; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.Udp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Egress; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Ingress; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class AclIIds { + public final static InstanceIdentifier ACLS = InstanceIdentifier.create(Acls.class); + public final static InstanceIdentifier ACLS_ACL = ACLS.child(Acl.class); + public final static InstanceIdentifier ACL = InstanceIdentifier.create(Acl.class); + + public final static InstanceIdentifier ACLS_AP = ACLS.child(AttachmentPoints.class); + public final static InstanceIdentifier ACLS_AP_INT = ACLS_AP.child(Interface.class); + public static final InstanceIdentifier ACLS_AP_INT_ING = ACLS_AP_INT.child(Ingress.class); + public static final InstanceIdentifier ACLS_AP_INT_ING_ACLS = ACLS_AP_INT_ING.child(AclSets.class); + public static final InstanceIdentifier ACLS_AP_INT_ING_ACLS_ACL = ACLS_AP_INT_ING_ACLS.child(AclSet.class); + public static final InstanceIdentifier ACLS_AP_INT_EGR = ACLS_AP_INT.child(Egress.class); + public static final InstanceIdentifier ACLS_AP_INT_EGR_ACLS = ACLS_AP_INT_EGR.child(AclSets.class); + public static final InstanceIdentifier ACLS_AP_INT_EGR_ACLS_ACL = ACLS_AP_INT_EGR_ACLS.child(AclSet.class); + public final static InstanceIdentifier IFC_ACL = InstanceIdentifier.create(Interface.class); + public final static InstanceIdentifier + IFC = InstanceIdentifier.create(Interfaces.class) + .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface.class); + public static final InstanceIdentifier + IFC_STATE = InstanceIdentifier.create(InterfacesState.class) + .child(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface.class); + + + public static Set> vppAclChildren(final InstanceIdentifier parentId) { + final InstanceIdentifier matchesIid = + parentId.child(Aces.class).child(Ace.class).child(Matches.class); + return ImmutableSet.of( + parentId.augmentation(VppAclAugmentation.class), + parentId.child(Aces.class), + parentId.child(Aces.class).child(Ace.class), + parentId.child(Aces.class).child(Ace.class).child(Actions.class), + matchesIid, + matchesIid.child(Eth.class), + matchesIid.child(Ipv4.class), + matchesIid.child(Ipv6.class), + matchesIid.child(Tcp.class), + matchesIid.child(Tcp.class).augmentation(VppTcpAceAugmentation.class), + matchesIid.child(Tcp.class).augmentation(VppTcpAceAugmentation.class).child(VppTcpAce.class), + matchesIid.child(Tcp.class).child(DestinationPort.class), + matchesIid.child(Tcp.class).child(SourcePort.class), + matchesIid.child(Udp.class), + matchesIid.child(Udp.class).child( + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.DestinationPort.class), + matchesIid.child(Udp.class).child( + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.SourcePort.class), + matchesIid.child(Icmp.class), + matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class), + matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class).child(VppIcmpAce.class), + matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class).child(VppIcmpAce.class) + .child(IcmpTypeRange.class), + matchesIid.child(Icmp.class).augmentation(VppIcmpAceAugmentation.class).child(VppIcmpAce.class) + .child(IcmpCodeRange.class) + ); + } + + public static Set> aclHandledChildren(final InstanceIdentifier parentId) { + return ImmutableSet.of( + parentId.child(Ingress.class), + parentId.child(Ingress.class).child(AclSets.class), + parentId.child(Ingress.class).child(AclSets.class).child(AclSet.class), + parentId.child(Egress.class), + parentId.child(Egress.class).child(AclSets.class), + parentId.child(Egress.class).child(AclSets.class).child(AclSet.class)); + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclModule.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclModule.java index afb7da669..a21978e73 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclModule.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/AclModule.java @@ -26,8 +26,8 @@ import io.fd.hc2vpp.acl.read.factory.AclReaderFactory; import io.fd.hc2vpp.acl.read.factory.InterfaceAclReaderFactory; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.acl.util.AclContextManagerImpl; +import io.fd.hc2vpp.acl.write.factory.AclWriterFactory; import io.fd.hc2vpp.acl.write.factory.InterfaceAclWriterFactory; -import io.fd.hc2vpp.acl.write.factory.VppAclWriterFactory; import io.fd.honeycomb.translate.read.ReaderFactory; import io.fd.honeycomb.translate.write.WriterFactory; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; @@ -72,7 +72,7 @@ public class AclModule extends AbstractModule { final Multibinder writerFactoryMultibinder = Multibinder.newSetBinder(binder(), WriterFactory.class); - writerFactoryMultibinder.addBinding().to(VppAclWriterFactory.class); + writerFactoryMultibinder.addBinding().to(AclWriterFactory.class); writerFactoryMultibinder.addBinding().to(InterfaceAclWriterFactory.class); final Multibinder readerFactoryMultibinder = diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizer.java new file mode 100644 index 000000000..5f6ca36b3 --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizer.java @@ -0,0 +1,133 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.read; + +import com.google.common.base.Optional; +import com.google.common.collect.ImmutableSet; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.ModificationCache; +import io.fd.honeycomb.translate.read.ReadContext; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager; +import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager.DumpCacheManagerBuilder; +import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor; +import io.fd.honeycomb.translate.util.read.cache.TypeAwareIdentifierCacheKeyFactory; +import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.AclDump; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.Arrays; +import java.util.stream.Stream; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +abstract class AbstractAclCustomizer extends FutureJVppAclCustomizer implements JvppReplyConsumer { + + final NamingContext interfaceContext; + final AclContextManager standardAclContext; + + final DumpCacheManager aclReferenceDumpManager; + final DumpCacheManager aclDumpManager; + + protected AbstractAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, + @Nonnull final NamingContext interfaceContext, + @Nonnull final AclContextManager standardAclContext) { + super(jVppAclFacade); + this.interfaceContext = interfaceContext; + this.standardAclContext = standardAclContext; + + aclReferenceDumpManager = + new DumpCacheManagerBuilder() + .withExecutor(createAclReferenceDumpExecutor()) + // Key needs to contain interface ID to distinguish dumps between interfaces + .withCacheKeyFactory( + new TypeAwareIdentifierCacheKeyFactory(AclInterfaceListDetailsReplyDump.class, + ImmutableSet.of(Interface.class))) + .build(); + + aclDumpManager = new DumpCacheManagerBuilder() + .withExecutor(createAclExecutor()) + .acceptOnly(AclDetailsReplyDump.class) + .build(); + } + + private EntityDumpExecutor createAclExecutor() { + return (identifier, params) -> { + AclDump request = new AclDump(); + request.aclIndex = params; + return getReplyForRead(getjVppAclFacade().aclDump(request).toCompletableFuture(), identifier); + }; + } + + private EntityDumpExecutor createAclReferenceDumpExecutor() { + return (identifier, params) -> { + AclInterfaceListDump dumpRequest = new AclInterfaceListDump(); + dumpRequest.swIfIndex = params; + return getReplyForRead(getjVppAclFacade().aclInterfaceListDump(dumpRequest).toCompletableFuture(), + identifier); + }; + } + + Stream getStandardAclSetKeys(@Nonnull final ReadContext readContext, + final Optional dumpReply, + final boolean isIngress) { + if (dumpReply.isPresent() && !dumpReply.get().aclInterfaceListDetails.isEmpty()) { + // if dumpReply is present, then aclInterfaceListDetails contains single element (actually it should not be + // dump message in vpp) + final AclInterfaceListDetails aclDetails = dumpReply.get().aclInterfaceListDetails.get(0); + + if (isIngress) { + return Arrays.stream(aclDetails.acls).limit(aclDetails.nInput) + .mapToObj(aclIndex -> standardAclContext.getAclName(aclIndex, readContext.getMappingContext())) + .map(AclSetKey::new); + } else { + return Arrays.stream(aclDetails.acls).skip(aclDetails.nInput) + .mapToObj(aclIndex -> standardAclContext.getAclName(aclIndex, readContext.getMappingContext())) + .map(AclSetKey::new); + } + } else { + return Stream.empty(); + } + } + + void parseStandardAclSet(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final AclSetBuilder aclSetBuilder, final String aclName, + final MappingContext mappingContext, final ModificationCache modificationCache) + throws ReadFailedException { + final int aclIndex = standardAclContext.getAclIndex(aclName, mappingContext); + + final Optional dumpReply = + aclDumpManager.getDump(instanceIdentifier, modificationCache, aclIndex); + + if (dumpReply.isPresent() && !dumpReply.get().aclDetails.isEmpty()) { + aclSetBuilder.setName(aclName); + } else { + throw new ReadFailedException(instanceIdentifier, + new IllegalArgumentException(String.format("Acl with name %s not found", aclName))); + } + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizer.java deleted file mode 100644 index c6d61f653..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizer.java +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import com.google.common.base.Optional; -import com.google.common.collect.ImmutableSet; -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; -import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; -import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.read.ReadContext; -import io.fd.honeycomb.translate.read.ReadFailedException; -import io.fd.honeycomb.translate.spi.read.Initialized; -import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer; -import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager; -import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager.DumpCacheManagerBuilder; -import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor; -import io.fd.honeycomb.translate.util.read.cache.TypeAwareIdentifierCacheKeyFactory; -import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump; -import io.fd.vpp.jvpp.acl.dto.AclDump; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import java.util.Collections; -import java.util.List; -import java.util.stream.Collectors; -import java.util.stream.IntStream; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -abstract class AbstractVppAclCustomizer extends FutureJVppAclCustomizer - implements InitializingListReaderCustomizer, JvppReplyConsumer, - ByteDataTranslator { - - private final NamingContext interfaceContext; - private final AclContextManager standardAclContext; - - private final DumpCacheManager aclReferenceDumpManager; - private final DumpCacheManager aclDumpManager; - - protected AbstractVppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, - @Nonnull final NamingContext interfaceContext, - @Nonnull final AclContextManager standardAclContext) { - super(jVppAclFacade); - this.interfaceContext = interfaceContext; - this.standardAclContext = standardAclContext; - - aclReferenceDumpManager = - new DumpCacheManagerBuilder() - .withExecutor(createAclReferenceDumpExecutor()) - // Key needs to contain interface ID to distinguish dumps between interfaces - .withCacheKeyFactory(new TypeAwareIdentifierCacheKeyFactory(AclInterfaceListDetailsReplyDump.class, - ImmutableSet.of(Interface.class))) - .build(); - - aclDumpManager = new DumpCacheManagerBuilder() - .withExecutor(createAclExecutor()) - .acceptOnly(AclDetailsReplyDump.class) - .build(); - } - - protected static InstanceIdentifier getAclCfgId( - final InstanceIdentifier id) { - return InstanceIdentifier.create(Interfaces.class).child( - org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface.class, - new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey( - id.firstKeyOf(Interface.class).getName())).augmentation(VppAclInterfaceAugmentation.class) - .child(Acl.class); - } - - private EntityDumpExecutor createAclExecutor() { - return (identifier, params) -> { - AclDump request = new AclDump(); - request.aclIndex = params; - return getReplyForRead(getjVppAclFacade().aclDump(request).toCompletableFuture(), identifier); - }; - } - - private EntityDumpExecutor createAclReferenceDumpExecutor() { - return (identifier, params) -> { - AclInterfaceListDump dumpRequest = new AclInterfaceListDump(); - dumpRequest.swIfIndex = params; - return getReplyForRead(getjVppAclFacade().aclInterfaceListDump(dumpRequest).toCompletableFuture(), - identifier); - }; - } - - @Nonnull - @Override - public final List getAllIds(@Nonnull final InstanceIdentifier id, - @Nonnull final ReadContext context) - throws ReadFailedException { - - final String parentInterfaceName = id.firstKeyOf(Interface.class).getName(); - final int parentInterfaceIndex = interfaceContext.getIndex(parentInterfaceName, context.getMappingContext()); - - final Optional dumpReply = - aclReferenceDumpManager.getDump(id, context.getModificationCache(), parentInterfaceIndex); - - if (dumpReply.isPresent() && !dumpReply.get().aclInterfaceListDetails.isEmpty()) { - // if dumpReply is present, then aclInterfaceListDetails contains single element (actually it should not be - // dump message in vpp) - final AclInterfaceListDetails aclDetails = dumpReply.get().aclInterfaceListDetails.get(0); - return filterAcls(aclDetails) - .mapToObj(aclIndex -> standardAclContext.getAclName(aclIndex, context.getMappingContext())) - .map(aclName -> new VppAclsKey(aclName, VppAcl.class)) - .collect(Collectors.toList()); - } else { - return Collections.emptyList(); - } - } - - /** - * Streams ids of ACLs. - * - * @param aclDetails describes ACLs assigned to interface - * @return sequence of acl ids - */ - protected abstract IntStream filterAcls(@Nonnull final AclInterfaceListDetails aclDetails); - - @Nonnull - @Override - public final VppAclsBuilder getBuilder(@Nonnull final InstanceIdentifier id) { - return new VppAclsBuilder(); - } - - @Override - public final void readCurrentAttributes(@Nonnull final InstanceIdentifier id, - @Nonnull final VppAclsBuilder builder, - @Nonnull final ReadContext ctx) throws ReadFailedException { - final VppAclsKey vppAclsKey = id.firstKeyOf(VppAcls.class); - final String aclName = vppAclsKey.getName(); - final int aclIndex = standardAclContext.getAclIndex(aclName, ctx.getMappingContext()); - - final Optional dumpReply = - aclDumpManager.getDump(id, ctx.getModificationCache(), aclIndex); - - if (dumpReply.isPresent() && !dumpReply.get().aclDetails.isEmpty()) { - builder.setName(aclName); - builder.setType(vppAclsKey.getType()); - } else { - throw new ReadFailedException(id, - new IllegalArgumentException(String.format("Acl with name %s not found", aclName))); - } - } - - @Nonnull - @Override - public Initialized init(@Nonnull final InstanceIdentifier id, - @Nonnull final VppAcls vppAcls, - @Nonnull final ReadContext readContext) { - return Initialized.create(getCfgId(id), vppAcls); - } - - protected abstract InstanceIdentifier getCfgId(final InstanceIdentifier id); -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AclCustomizer.java index 0ebc938ea..e1f0ccf14 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AclCustomizer.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/AclCustomizer.java @@ -41,16 +41,13 @@ import java.util.ArrayList; import java.util.List; import javax.annotation.Nonnull; import javax.annotation.Nullable; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntriesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentationBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentationBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.AcesBuilder; import org.opendaylight.yangtools.concepts.Builder; import org.opendaylight.yangtools.yang.binding.DataObject; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; @@ -119,7 +116,7 @@ public class AclCustomizer extends FutureJVppAclCustomizer if (vppAclDump.isPresent()) { vppAclDump.get().aclDetails.stream() .map(details -> standardAclContext.getAclName(details.aclIndex, context.getMappingContext())) - .forEach(name -> keys.add(new AclKey(name, VppAcl.class))); + .forEach(name -> keys.add(new AclKey(name))); } final Optional macipAclDump = @@ -127,7 +124,7 @@ public class AclCustomizer extends FutureJVppAclCustomizer if (macipAclDump.isPresent()) { macipAclDump.get().macipAclDetails.stream() .map(details -> macipAclContext.getAclName(details.aclIndex, context.getMappingContext())) - .forEach(name -> keys.add(new AclKey(name, VppMacipAcl.class))); + .forEach(name -> keys.add(new AclKey(name))); } return keys; @@ -135,7 +132,7 @@ public class AclCustomizer extends FutureJVppAclCustomizer @Override public void merge(@Nonnull final Builder builder, @Nonnull final List readData) { - ((AccessListsBuilder)builder).setAcl(readData); + ((AclsBuilder) builder).setAcl(readData); } @Nonnull @@ -149,10 +146,9 @@ public class AclCustomizer extends FutureJVppAclCustomizer @Nonnull final ReadContext ctx) throws ReadFailedException { final AclKey key = id.firstKeyOf(Acl.class); builder.withKey(key); - final Class aclType = key.getAclType(); - final String name = key.getAclName(); + final String name = key.getName(); - if (aclType.equals(VppAcl.class)) { + if (standardAclContext.containsAcl(name, ctx.getMappingContext())) { final int index = standardAclContext.getAclIndex(name, ctx.getMappingContext()); final Optional dump = vppAclDumpManager.getDump(id, ctx.getModificationCache(), index); @@ -162,12 +158,12 @@ public class AclCustomizer extends FutureJVppAclCustomizer if (detail.isPresent()) { final AclDetails aclDetails = detail.get(); setTag(builder, aclDetails.tag); - builder.setAccessListEntries(new AccessListEntriesBuilder() + builder.setAces(new AcesBuilder() .setAce(toStandardAces(name, aclDetails.r, standardAclContext, ctx.getMappingContext())) .build()); } } - } else if (aclType.equals(VppMacipAcl.class)) { + } else if (macipAclContext.containsAcl(name, ctx.getMappingContext())) { final int index = macipAclContext.getAclIndex(name, ctx.getMappingContext()); final Optional dump = macipAclDumpManager.getDump(id, ctx.getModificationCache(), index); @@ -178,13 +174,13 @@ public class AclCustomizer extends FutureJVppAclCustomizer final MacipAclDetails macipAclDetails = detail.get(); setTag(builder, macipAclDetails.tag); if (detail.isPresent()) { - builder.setAccessListEntries(new AccessListEntriesBuilder() + builder.setAces(new AcesBuilder() .setAce(toMacIpAces(name, macipAclDetails.r, macipAclContext, ctx.getMappingContext())) .build()); } } } else { - throw new IllegalArgumentException("Unsupported acl type: " + aclType); + throw new IllegalArgumentException("Unsupported acl: " + id); } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressAclCustomizer.java new file mode 100644 index 000000000..59990d5ea --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressAclCustomizer.java @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package io.fd.hc2vpp.acl.read; + +import com.google.common.base.Optional; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.ModificationCache; +import io.fd.honeycomb.translate.read.ReadContext; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.honeycomb.translate.spi.read.Initialized; +import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.List; +import java.util.stream.Collectors; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.concepts.Builder; +import org.opendaylight.yangtools.yang.binding.DataObject; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class EgressAclCustomizer extends AbstractAclCustomizer + implements InitializingListReaderCustomizer, JvppReplyConsumer { + + public EgressAclCustomizer(final FutureJVppAclFacade futureAclFacade, final NamingContext interfaceContext, + final AclContextManager standardAclContext) { + super(futureAclFacade, interfaceContext, standardAclContext); + } + + @Nonnull + @Override + public Initialized init(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final AclSet aclSet, + @Nonnull final ReadContext readContext) { + return Initialized.create(instanceIdentifier, aclSet); + } + + @Nonnull + @Override + public List getAllIds(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final ReadContext readContext) throws ReadFailedException { + final String parentInterfaceName = instanceIdentifier.firstKeyOf(Interface.class).getInterfaceId(); + final int parentInterfaceIndex = + interfaceContext.getIndex(parentInterfaceName, readContext.getMappingContext()); + + //TODO stdDumpReply keys need to be filtered as egress only + final Optional stdDumpReply = + aclReferenceDumpManager + .getDump(instanceIdentifier, readContext.getModificationCache(), parentInterfaceIndex); + + return getStandardAclSetKeys(readContext, stdDumpReply, false).collect(Collectors.toList()); + } + + @Override + public void merge(@Nonnull final Builder builder, @Nonnull final List list) { + ((AclSetsBuilder) builder).setAclSet(list); + } + + @Nonnull + @Override + public AclSetBuilder getBuilder(@Nonnull final InstanceIdentifier instanceIdentifier) { + return new AclSetBuilder(); + } + + @Override + public void readCurrentAttributes(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final AclSetBuilder aclSetBuilder, + @Nonnull final ReadContext readContext) + throws ReadFailedException { + final AclSetKey vppAclsKey = instanceIdentifier.firstKeyOf(AclSet.class); + final String aclName = vppAclsKey.getName(); + final MappingContext mappingContext = readContext.getMappingContext(); + ModificationCache modificationCache = readContext.getModificationCache(); + + if (standardAclContext.containsAcl(aclName, mappingContext)) { + parseStandardAclSet(instanceIdentifier, aclSetBuilder, aclName, mappingContext, modificationCache); + } + + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizer.java deleted file mode 100644 index 8e5d0dfce..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizer.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.util.RWUtils; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import java.util.Arrays; -import java.util.List; -import java.util.stream.IntStream; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yangtools.concepts.Builder; -import org.opendaylight.yangtools.yang.binding.DataObject; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public final class EgressVppAclCustomizer extends AbstractVppAclCustomizer { - - public EgressVppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, - @Nonnull final NamingContext interfaceContext, - @Nonnull final AclContextManager standardAclContext) { - super(jVppAclFacade, interfaceContext, standardAclContext); - } - - @Override - protected IntStream filterAcls(@Nonnull final AclInterfaceListDetails aclDetails) { - return Arrays.stream(aclDetails.acls).skip(aclDetails.nInput); - } - - @Override - public void merge(@Nonnull final Builder builder, @Nonnull final List readData) { - EgressBuilder.class.cast(builder).setVppAcls(readData); - } - - @Override - protected InstanceIdentifier getCfgId( - final InstanceIdentifier id) { - return getAclCfgId(RWUtils.cutId(id, Acl.class)).child(Egress.class) - .child(VppAcls.class, id.firstKeyOf(VppAcls.class)); - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressAclCustomizer.java new file mode 100644 index 000000000..467c4e5db --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressAclCustomizer.java @@ -0,0 +1,226 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package io.fd.hc2vpp.acl.read; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.base.Optional; +import com.google.common.collect.ImmutableSet; +import com.google.common.collect.Streams; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.ModificationCache; +import io.fd.honeycomb.translate.read.ReadContext; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.honeycomb.translate.spi.read.Initialized; +import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer; +import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager; +import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor; +import io.fd.honeycomb.translate.util.read.cache.TypeAwareIdentifierCacheKeyFactory; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGet; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetails; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDump; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.Arrays; +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.concepts.Builder; +import org.opendaylight.yangtools.yang.binding.DataObject; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class IngressAclCustomizer extends AbstractAclCustomizer + implements InitializingListReaderCustomizer, JvppReplyConsumer { + @VisibleForTesting + protected static final int ACL_NOT_ASSIGNED = -1; + private static final Logger LOG = LoggerFactory.getLogger(IngressAclCustomizer.class); + + private final AclContextManager macIpAclContext; + + private final DumpCacheManager macIpAclDumpManager; + private final DumpCacheManager interfaceMacIpAclDumpManager; + private final DumpCacheManager macAclReferenceDumpManager; + + public IngressAclCustomizer(final FutureJVppAclFacade futureAclFacade, final NamingContext interfaceContext, + final AclContextManager standardAclContext, final AclContextManager macIpAClContext) { + super(futureAclFacade, interfaceContext, standardAclContext); + this.macIpAclContext = macIpAClContext; + + macAclReferenceDumpManager = + new DumpCacheManager.DumpCacheManagerBuilder() + .withExecutor(createMacIpAclReferenceDumpExecutor()) + // Key needs to contain interface ID to distinguish dumps between interfaces + .withCacheKeyFactory( + new TypeAwareIdentifierCacheKeyFactory(MacipAclInterfaceListDetailsReplyDump.class, + ImmutableSet.of(Interface.class))) + .build(); + + // for dumping of Mac-ip details + macIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder() + .withExecutor(createMacIpDumpExecutor()) + .acceptOnly(MacipAclDetailsReplyDump.class) + .build(); + + // for dumping of reference on interface + interfaceMacIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder() + .withExecutor(createInterfaceMacIpDumpExecutor()) + .acceptOnly(MacipAclInterfaceGetReply.class) + .build(); + } + + @Nonnull + @Override + public Initialized init(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final AclSet aclSet, + @Nonnull final ReadContext readContext) { + return Initialized.create(instanceIdentifier, aclSet); + } + + @Nonnull + @Override + public List getAllIds(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final ReadContext readContext) throws ReadFailedException { + final String parentInterfaceName = instanceIdentifier.firstKeyOf(Interface.class).getInterfaceId(); + final int parentInterfaceIndex = + interfaceContext.getIndex(parentInterfaceName, readContext.getMappingContext()); + + //TODO stdDumpReply keys need to be filtered as ingress only + final Optional stdDumpReply = + aclReferenceDumpManager + .getDump(instanceIdentifier, readContext.getModificationCache(), parentInterfaceIndex); + final Optional macipDumpReply = + macAclReferenceDumpManager + .getDump(instanceIdentifier, readContext.getModificationCache(), parentInterfaceIndex); + + Stream macIpAclSetKeys = getMacIpAclSetKeys(readContext, macipDumpReply); + Stream standardAclSetKeys = getStandardAclSetKeys(readContext, stdDumpReply, true); + + return Streams.concat(standardAclSetKeys, macIpAclSetKeys).distinct().collect(Collectors.toList()); + } + + @Override + public void merge(@Nonnull final Builder builder, @Nonnull final List list) { + ((AclSetsBuilder) builder).setAclSet(list); + } + + @Nonnull + @Override + public AclSetBuilder getBuilder(@Nonnull final InstanceIdentifier instanceIdentifier) { + return new AclSetBuilder(); + } + + @Override + public void readCurrentAttributes(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final AclSetBuilder aclSetBuilder, + @Nonnull final ReadContext readContext) throws ReadFailedException { + final AclSetKey vppAclsKey = instanceIdentifier.firstKeyOf(AclSet.class); + final String interfaceName = instanceIdentifier.firstKeyOf(Interface.class).getInterfaceId(); + final String aclName = vppAclsKey.getName(); + final MappingContext mappingContext = readContext.getMappingContext(); + ModificationCache modificationCache = readContext.getModificationCache(); + + if (standardAclContext.containsAcl(aclName, mappingContext)) { + parseStandardAclSet(instanceIdentifier, aclSetBuilder, aclName, mappingContext, modificationCache); + } else if (macIpAclContext.containsAcl(aclName, mappingContext)) { + parseMacIpAclSet(instanceIdentifier, aclSetBuilder, interfaceName, mappingContext, modificationCache); + } + } + + public void parseMacIpAclSet(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final AclSetBuilder aclSetBuilder, + final String interfaceName, final MappingContext mappingContext, + final ModificationCache modificationCache) + throws ReadFailedException { + final Optional interfacesMacIpDumpReply = + interfaceMacIpAclDumpManager.getDump(instanceIdentifier, modificationCache); + final int interfaceIndex = interfaceContext.getIndex(interfaceName, mappingContext); + MacipAclInterfaceGetReply reply = interfacesMacIpDumpReply.get(); + if (reply.acls == null || reply.acls.length == 0) { + LOG.debug("No MacACls found for interface. Iid: {}", instanceIdentifier); + return; + } + final int aclIndex = reply.acls[interfaceIndex]; + if (aclIndex != ACL_NOT_ASSIGNED) { + final Optional macIpDumpReply = + macIpAclDumpManager.getDump(instanceIdentifier, modificationCache, aclIndex); + + if (macIpDumpReply.isPresent() && !macIpDumpReply.get().macipAclDetails.isEmpty()) { + aclSetBuilder.setName(macIpAclContext.getAclName(aclIndex, mappingContext)); + } else { + // this is invalid state(Interface in VPP will act as "deny-all" for security reasons), but generally + // it should not happen + throw new ReadFailedException(instanceIdentifier, + new IllegalStateException(String.format("ACE with index %s not found in VPP", aclIndex))); + } + } + } + + private EntityDumpExecutor createMacIpAclReferenceDumpExecutor() { + return (identifier, params) -> { + MacipAclInterfaceListDump dumpRequest = new MacipAclInterfaceListDump(); + dumpRequest.swIfIndex = params; + return getReplyForRead(getjVppAclFacade().macipAclInterfaceListDump(dumpRequest).toCompletableFuture(), + identifier); + }; + } + + private EntityDumpExecutor createMacIpDumpExecutor() { + return (identifier, params) -> { + MacipAclDump request = new MacipAclDump(); + request.aclIndex = params; + + return getReplyForRead(getjVppAclFacade().macipAclDump(request).toCompletableFuture(), identifier); + }; + } + + private EntityDumpExecutor createInterfaceMacIpDumpExecutor() { + return (identifier, params) -> getReplyForRead( + getjVppAclFacade().macipAclInterfaceGet(new MacipAclInterfaceGet()).toCompletableFuture(), + identifier); + } + + + private Stream getMacIpAclSetKeys(@Nonnull final ReadContext readContext, + final Optional dumpReply) { + if (dumpReply.isPresent() && !dumpReply.get().macipAclInterfaceListDetails.isEmpty()) { + // if dumpReply is present, then aclInterfaceListDetails contains single element (actually it should not be + // dump message in vpp) + final MacipAclInterfaceListDetails aclDetails = dumpReply.get().macipAclInterfaceListDetails.get(0); + + return Arrays.stream(aclDetails.acls).limit(aclDetails.count) + .mapToObj(aclIndex -> macIpAclContext.getAclName(aclIndex, readContext.getMappingContext())) + .map(AclSetKey::new); + } else { + return Stream.empty(); + } + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizer.java deleted file mode 100644 index 598066282..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizer.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.util.RWUtils; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import java.util.Arrays; -import java.util.List; -import java.util.stream.IntStream; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yangtools.concepts.Builder; -import org.opendaylight.yangtools.yang.binding.DataObject; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public final class IngressVppAclCustomizer extends AbstractVppAclCustomizer { - - public IngressVppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, - @Nonnull final NamingContext interfaceContext, - @Nonnull final AclContextManager standardAclContext) { - super(jVppAclFacade, interfaceContext, standardAclContext); - } - - @Override - protected IntStream filterAcls(@Nonnull final AclInterfaceListDetails aclDetails) { - return Arrays.stream(aclDetails.acls).limit(aclDetails.nInput); - } - - @Override - public void merge(@Nonnull final Builder builder, @Nonnull final List readData) { - IngressBuilder.class.cast(builder).setVppAcls(readData); - } - - @Override - protected InstanceIdentifier getCfgId( - final InstanceIdentifier id) { - return getAclCfgId(RWUtils.cutId(id, Acl.class)).child(Ingress.class) - .child(VppAcls.class, id.firstKeyOf(VppAcls.class)); - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/InterfaceAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/InterfaceAclCustomizer.java new file mode 100644 index 000000000..64720de5d --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/InterfaceAclCustomizer.java @@ -0,0 +1,136 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package io.fd.hc2vpp.acl.read; + +import com.google.common.base.Optional; +import com.google.common.collect.Streams; +import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.read.ReadContext; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.honeycomb.translate.spi.read.Initialized; +import io.fd.honeycomb.translate.spi.read.InitializingListReaderCustomizer; +import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDump; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPointsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey; +import org.opendaylight.yangtools.concepts.Builder; +import org.opendaylight.yangtools.yang.binding.DataObject; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements + InitializingListReaderCustomizer, JvppReplyConsumer { + private final NamingContext interfaceContext; + + private final DumpCacheManager macipAclInterfaceListDumpManager; + private final DumpCacheManager aclInterfaceListDumpManager; + + public InterfaceAclCustomizer(final FutureJVppAclFacade futureAclFacade, final NamingContext interfaceContext) { + super(futureAclFacade); + this.interfaceContext = interfaceContext; + + //list all standard ACL interfaces + AclInterfaceListDump aclInterfaceListDump = new AclInterfaceListDump(); + aclInterfaceListDump.swIfIndex = -1; + aclInterfaceListDumpManager = + new DumpCacheManager.DumpCacheManagerBuilder() + .withExecutor((identifier, params) -> getReplyForRead( + getjVppAclFacade().aclInterfaceListDump(aclInterfaceListDump).toCompletableFuture(), + identifier)) + .acceptOnly(AclInterfaceListDetailsReplyDump.class) + .build(); + + //list all macIp ACL interfaces + MacipAclInterfaceListDump macipAclInterfaceListDump = new MacipAclInterfaceListDump(); + macipAclInterfaceListDump.swIfIndex = 0; + macipAclInterfaceListDumpManager = + new DumpCacheManager.DumpCacheManagerBuilder() + .withExecutor((identifier, params) -> getReplyForRead( + getjVppAclFacade().macipAclInterfaceListDump(macipAclInterfaceListDump) + .toCompletableFuture(), + identifier)) + .acceptOnly(MacipAclInterfaceListDetailsReplyDump.class) + .build(); + } + + @Nonnull + @Override + public Initialized init(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final Interface anInterface, + @Nonnull final ReadContext readContext) { + return Initialized.create(instanceIdentifier, anInterface); + } + + @Nonnull + @Override + public List getAllIds(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final ReadContext readContext) throws ReadFailedException { + final Optional stdIfcDumpReply = + aclInterfaceListDumpManager.getDump(instanceIdentifier, readContext.getModificationCache()); + + final Optional macIpIfcDumpReply = + macipAclInterfaceListDumpManager.getDump(instanceIdentifier, readContext.getModificationCache()); + + Stream stdAclIfcKeys = stdIfcDumpReply.asSet().stream() + .map(dump -> dump.aclInterfaceListDetails) + .flatMap(Collection::stream) + .filter(aclInterfaceListDetails -> aclInterfaceListDetails.acls.length != 0) + .map(details -> getInterfaceKey(readContext, details.swIfIndex)); + + Stream macIpAclIfcKeys = macIpIfcDumpReply.asSet().stream() + .map(dump -> dump.macipAclInterfaceListDetails) + .flatMap(Collection::stream) + .map(details -> getInterfaceKey(readContext, details.swIfIndex)); + return Streams.concat(stdAclIfcKeys, macIpAclIfcKeys).distinct().collect(Collectors.toList()); + } + + private InterfaceKey getInterfaceKey(@Nonnull final ReadContext readContext, final int swIfIndex) { + return new InterfaceKey(interfaceContext.getName(swIfIndex, readContext.getMappingContext())); + } + + @Override + public void merge(@Nonnull final Builder builder, @Nonnull final List list) { + ((AttachmentPointsBuilder) builder).setInterface(list); + } + + @Nonnull + @Override + public InterfaceBuilder getBuilder(@Nonnull final InstanceIdentifier instanceIdentifier) { + return new InterfaceBuilder(); + } + + @Override + public void readCurrentAttributes(@Nonnull final InstanceIdentifier instanceIdentifier, + @Nonnull final InterfaceBuilder interfaceBuilder, + @Nonnull final ReadContext readContext) + throws ReadFailedException { + interfaceBuilder.withKey(instanceIdentifier.firstKeyOf(Interface.class)); + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java deleted file mode 100644 index 0ae05826c..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizer.java +++ /dev/null @@ -1,160 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import static io.fd.hc2vpp.acl.read.AbstractVppAclCustomizer.getAclCfgId; - -import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Optional; -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; -import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; -import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.MappingContext; -import io.fd.honeycomb.translate.ModificationCache; -import io.fd.honeycomb.translate.read.ReadContext; -import io.fd.honeycomb.translate.read.ReadFailedException; -import io.fd.honeycomb.translate.spi.read.Initialized; -import io.fd.honeycomb.translate.spi.read.InitializingReaderCustomizer; -import io.fd.honeycomb.translate.util.RWUtils; -import io.fd.honeycomb.translate.util.read.cache.DumpCacheManager; -import io.fd.honeycomb.translate.util.read.cache.EntityDumpExecutor; -import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump; -import io.fd.vpp.jvpp.acl.dto.MacipAclDump; -import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGet; -import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder; -import org.opendaylight.yangtools.concepts.Builder; -import org.opendaylight.yangtools.yang.binding.DataObject; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class VppMacIpAclCustomizer extends FutureJVppAclCustomizer - implements InitializingReaderCustomizer, JvppReplyConsumer, ByteDataTranslator { - - private static final Logger LOG = LoggerFactory.getLogger(VppMacIpAclCustomizer.class); - @VisibleForTesting - protected static final int ACL_NOT_ASSIGNED = -1; - - private final DumpCacheManager macIpAclDumpManager; - private final DumpCacheManager interfaceMacIpAclDumpManager; - private final NamingContext interfaceContext; - private final AclContextManager macIpAclContext; - - public VppMacIpAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, - @Nonnull final NamingContext interfaceContext, - @Nonnull final AclContextManager macIpAclContext) { - super(jVppAclFacade); - - // for dumping of Mac-ip details - macIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder() - .withExecutor(createMacIpDumpExecutor()) - .acceptOnly(MacipAclDetailsReplyDump.class) - .build(); - - // for dumping of reference on interface - interfaceMacIpAclDumpManager = new DumpCacheManager.DumpCacheManagerBuilder() - .withExecutor(createInterfaceMacIpDumpExecutor()) - .acceptOnly(MacipAclInterfaceGetReply.class) - .build(); - this.interfaceContext = interfaceContext; - this.macIpAclContext = macIpAclContext; - } - - private static InstanceIdentifier getCfgId( - final InstanceIdentifier id) { - return getAclCfgId(RWUtils.cutId(id, Acl.class)).child(Ingress.class).child(VppMacipAcl.class); - } - - private EntityDumpExecutor createMacIpDumpExecutor() { - return (identifier, params) -> { - MacipAclDump request = new MacipAclDump(); - request.aclIndex = params; - - return getReplyForRead(getjVppAclFacade().macipAclDump(request).toCompletableFuture(), identifier); - }; - } - - private EntityDumpExecutor createInterfaceMacIpDumpExecutor() { - return (identifier, params) -> getReplyForRead( - getjVppAclFacade().macipAclInterfaceGet(new MacipAclInterfaceGet()).toCompletableFuture(), - identifier); - } - - @Nonnull - @Override - public VppMacipAclBuilder getBuilder(@Nonnull final InstanceIdentifier id) { - return new VppMacipAclBuilder(); - } - - @Override - public void readCurrentAttributes(@Nonnull final InstanceIdentifier id, - @Nonnull final VppMacipAclBuilder builder, - @Nonnull final ReadContext ctx) throws ReadFailedException { - final String interfaceName = id.firstKeyOf(Interface.class).getName(); - final MappingContext mappingContext = ctx.getMappingContext(); - final int interfaceIndex = interfaceContext.getIndex(interfaceName, mappingContext); - final ModificationCache modificationCache = ctx.getModificationCache(); - final Optional interfacesMacIpDumpReply = - interfaceMacIpAclDumpManager.getDump(id, modificationCache); - - if (interfacesMacIpDumpReply.isPresent() && interfaceIndex < interfacesMacIpDumpReply.get().count) { - final int aclIndex = interfacesMacIpDumpReply.get().acls[interfaceIndex]; - if (aclIndex != ACL_NOT_ASSIGNED) { - final Optional macIpDumpReply = - macIpAclDumpManager.getDump(id, modificationCache, aclIndex); - - if (macIpDumpReply.isPresent() && !macIpDumpReply.get().macipAclDetails.isEmpty()) { - builder.setName(macIpAclContext.getAclName(aclIndex, mappingContext)); - builder.setType( - org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl.class); - return; - } else { - // this is invalid state(Interface in VPP will act as "deny-all" for security reasons), but generally - // it should not happen - throw new ReadFailedException(id, - new IllegalStateException(String.format("ACE with index %s not found in VPP", aclIndex))); - } - } - } - // this is valid state, so just logging - LOG.debug("No Mac-ip ACL specified for Interface name={},index={}", interfaceName, interfaceIndex); - } - - @Override - public void merge(@Nonnull final Builder parentBuilder, - @Nonnull final VppMacipAcl readValue) { - IngressBuilder.class.cast(parentBuilder).setVppMacipAcl(readValue); - } - - @Nonnull - @Override - public Initialized init(@Nonnull final InstanceIdentifier id, - @Nonnull final VppMacipAcl readValue, - @Nonnull final ReadContext ctx) { - return Initialized.create(getCfgId(id), readValue); - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/AclReaderFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/AclReaderFactory.java index 34352e8f3..6a743ca80 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/AclReaderFactory.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/AclReaderFactory.java @@ -16,27 +16,23 @@ package io.fd.hc2vpp.acl.read.factory; -import static io.fd.hc2vpp.acl.read.factory.InterfaceAclReaderFactory.ACL_EGRESS_IID; -import static io.fd.hc2vpp.acl.read.factory.InterfaceAclReaderFactory.ACL_INGRESS_IID; +import static io.fd.hc2vpp.acl.AclIIds.vppAclChildren; import com.google.common.collect.ImmutableSet; import com.google.inject.Inject; import com.google.inject.name.Named; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.AclModule; import io.fd.hc2vpp.acl.read.AclCustomizer; import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.acl.util.factory.AclFactory; import io.fd.honeycomb.translate.impl.read.GenericInitListReader; import io.fd.honeycomb.translate.read.ReaderFactory; import io.fd.honeycomb.translate.read.registry.ModifiableReaderRegistryBuilder; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclsBuilder; -public class AclReaderFactory implements ReaderFactory, AclFactory { +public class AclReaderFactory implements ReaderFactory { @Inject private FutureJVppAclFacade futureAclFacade; @@ -49,16 +45,13 @@ public class AclReaderFactory implements ReaderFactory, AclFactory { @Named(AclModule.MAC_IP_ACL_CONTEXT_NAME) private AclContextManager macIpAClContext; - private static final InstanceIdentifier ACLS_ID = InstanceIdentifier.create(AccessLists.class); - private static final InstanceIdentifier ACL_ID = ACLS_ID.child(Acl.class); - @Override public void init(@Nonnull final ModifiableReaderRegistryBuilder registry) { - registry.addStructuralReader(ACLS_ID, AccessListsBuilder.class); + registry.addStructuralReader(AclIIds.ACLS, AclsBuilder.class); - registry.subtreeAddBefore(vppAclChildren(InstanceIdentifier.create(Acl.class)), - new GenericInitListReader<>(ACL_ID, + registry.subtreeAddBefore(vppAclChildren(AclIIds.ACL), + new GenericInitListReader<>(AclIIds.ACLS_ACL, new AclCustomizer(futureAclFacade, standardAclContext, macIpAClContext)), - ImmutableSet.of(ACL_INGRESS_IID, ACL_EGRESS_IID)); + ImmutableSet.of(AclIIds.ACLS_AP_INT_ING, AclIIds.ACLS_AP_INT_EGR)); } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/InterfaceAclReaderFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/InterfaceAclReaderFactory.java index 173223648..1c4f0d982 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/InterfaceAclReaderFactory.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/read/factory/InterfaceAclReaderFactory.java @@ -18,31 +18,22 @@ package io.fd.hc2vpp.acl.read.factory; import com.google.inject.Inject; import com.google.inject.name.Named; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.AclModule; -import io.fd.hc2vpp.acl.read.EgressVppAclCustomizer; -import io.fd.hc2vpp.acl.read.IngressVppAclCustomizer; -import io.fd.hc2vpp.acl.read.VppMacIpAclCustomizer; +import io.fd.hc2vpp.acl.read.InterfaceAclCustomizer; +import io.fd.hc2vpp.acl.read.EgressAclCustomizer; +import io.fd.hc2vpp.acl.read.IngressAclCustomizer; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.common.translate.util.NamingContext; import io.fd.honeycomb.translate.impl.read.GenericInitListReader; -import io.fd.honeycomb.translate.impl.read.GenericInitReader; import io.fd.honeycomb.translate.read.ReaderFactory; import io.fd.honeycomb.translate.read.registry.ModifiableReaderRegistryBuilder; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentationBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.AclBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPointsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.EgressBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.IngressBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; public class InterfaceAclReaderFactory implements ReaderFactory { @@ -61,27 +52,23 @@ public class InterfaceAclReaderFactory implements ReaderFactory { @Named("interface-context") private NamingContext interfaceContext; - private static final InstanceIdentifier - IFC_ID = InstanceIdentifier.create(InterfacesState.class).child(Interface.class); - private static final InstanceIdentifier VPP_ACL_AUG_IID = - IFC_ID.augmentation(VppAclInterfaceStateAugmentation.class); - static final InstanceIdentifier ACL_IID = VPP_ACL_AUG_IID.child(Acl.class); - static final InstanceIdentifier ACL_INGRESS_IID = ACL_IID.child(Ingress.class); - static final InstanceIdentifier ACL_EGRESS_IID = ACL_IID.child(Egress.class); - @Override public void init(@Nonnull final ModifiableReaderRegistryBuilder registry) { - registry.addStructuralReader(VPP_ACL_AUG_IID, VppAclInterfaceStateAugmentationBuilder.class); - registry.addStructuralReader(ACL_IID, AclBuilder.class); + registry.addStructuralReader(AclIIds.ACLS_AP, AttachmentPointsBuilder.class); + + registry.addAfter(new GenericInitListReader<>(AclIIds.ACLS_AP_INT, + new InterfaceAclCustomizer(futureAclFacade, interfaceContext)), + AclIIds.IFC_STATE); - registry.addStructuralReader(ACL_INGRESS_IID, IngressBuilder.class); - registry.addAfter(new GenericInitListReader<>(ACL_INGRESS_IID.child(VppAcls.class), - new IngressVppAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), IFC_ID); - registry.addAfter(new GenericInitReader<>(ACL_INGRESS_IID.child(VppMacipAcl.class), - new VppMacIpAclCustomizer(futureAclFacade, interfaceContext, macIpAClContext)), IFC_ID); + registry.addStructuralReader(AclIIds.ACLS_AP_INT_ING, IngressBuilder.class); + registry.addStructuralReader(AclIIds.ACLS_AP_INT_EGR, EgressBuilder.class); + registry.addStructuralReader(AclIIds.ACLS_AP_INT_ING_ACLS, AclSetsBuilder.class); + registry.addStructuralReader(AclIIds.ACLS_AP_INT_EGR_ACLS, AclSetsBuilder.class); - registry.addStructuralReader(ACL_EGRESS_IID, EgressBuilder.class); - registry.addAfter(new GenericInitListReader<>(ACL_EGRESS_IID.child(VppAcls.class), - new EgressVppAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), IFC_ID); + registry.addAfter(new GenericInitListReader<>(AclIIds.ACLS_AP_INT_ING_ACLS_ACL, + new IngressAclCustomizer(futureAclFacade, interfaceContext, standardAclContext, macIpAClContext)), + AclIIds.ACLS_AP_INT); + registry.addAfter(new GenericInitListReader<>(AclIIds.ACLS_AP_INT_EGR_ACLS_ACL, + new EgressAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), AclIIds.ACLS_AP_INT); } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManager.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManager.java index 377d4e1dc..1b590cb7b 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManager.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManager.java @@ -19,7 +19,7 @@ package io.fd.hc2vpp.acl.util; import io.fd.honeycomb.translate.MappingContext; import java.util.List; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; /** * Manages metadata for acl plugin diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManagerImpl.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManagerImpl.java index aa25c3eb1..a96680897 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManagerImpl.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/AclContextManagerImpl.java @@ -29,18 +29,18 @@ import java.util.List; import java.util.stream.Collector; import javax.annotation.Nonnull; import javax.annotation.concurrent.ThreadSafe; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.VppAclContextAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.VppAclMappings; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContext; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContextKey; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMapping; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingKey; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMapping; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingKey; import org.opendaylight.yang.gen.v1.urn.honeycomb.params.xml.ns.yang.naming.context.rev160513.Contexts; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.VppAclContextAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.VppAclMappings; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContext; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.VppAclContextKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMapping; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.AclMappingKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMapping; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.context.rev170104.vpp.acl.context.attributes.vpp.acl.mappings.vpp.acl.context.acl.mapping.AceMappingKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier; @@ -77,7 +77,7 @@ public final class AclContextManagerImpl implements AclContextManager { final List mappings = new ArrayList<>(aces.size()); int aceIndex = 0; for (final Ace ace : aces) { - mappings.add(new AceMappingBuilder().setName(ace.getRuleName()).setIndex(aceIndex++).build()); + mappings.add(new AceMappingBuilder().setName(ace.getName()).setIndex(aceIndex++).build()); } aclMapping.setAceMapping(mappings); ctx.put(mappingIid, aclMapping.build()); diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java index db5efb4d6..8e774104a 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/AceConverter.java @@ -16,6 +16,7 @@ package io.fd.hc2vpp.acl.util.ace; +import com.google.common.base.Preconditions; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.acl.util.ace.extractor.MacIpAceDataExtractor; import io.fd.hc2vpp.acl.util.ace.extractor.StandardAceDataExtractor; @@ -27,16 +28,16 @@ import java.util.ArrayList; import java.util.List; import java.util.stream.Collectors; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAceBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAceBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.MatchesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.EthBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.Eth; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.SourceNetwork; /** * Convert between Ace's and vpp rules. @@ -45,23 +46,55 @@ public interface AceConverter extends MacIpAceDataExtractor, StandardAceDataExtr default MacipAclRule[] toMacIpAclRules(@Nonnull final List aces) { return aces.stream() + .filter(ace -> ace.getMatches() != null && ace.getMatches().getL2() != null) + .filter(ace -> ace.getMatches().getL2().getImplementedInterface() + .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth.class)) .map(ace -> { - final VppMacipAce macIpAce = fromMacIpAce(ace); - MacipAclRule rule = new MacipAclRule(); + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth + l2 = + (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth) ace + .getMatches().getL2(); + + Eth eth = Preconditions + .checkNotNull(l2.getEth(), "Cannot parse eth for MacIpAcl ACE rule: {}", ace); - rule.srcMac = sourceMacAsBytes(macIpAce); - rule.srcMacMask = sourceMacMaskAsBytes(macIpAce); + rule.srcMac = sourceMacAsBytes(eth.getSourceMacAddress()); + rule.srcMacMask = sourceMacMaskAsBytes(eth.getSourceMacAddressMask()); rule.isPermit = macIpAction(ace); - if (macIpIsIpv6(macIpAce)) { - rule.isIpv6 = 1; - rule.srcIpAddr = ipv6Address(macIpAce); - rule.srcIpPrefixLen = ipv6AddressPrefix(macIpAce); + L3 l3 = ace.getMatches().getL3(); + + if (l3 != null && l3.getImplementedInterface() + .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4.class)) { + Ipv4 ipv4 = + ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4) l3) + .getIpv4(); + if (ipv4 != null && ipv4.getSourceNetwork() != null) { + // IPv4 is set for MacIpAcl + SourceNetwork sourceNetwork = ipv4.getSourceNetwork(); + rule.isIpv6 = 0; + rule.srcIpAddr = ipv4Address(sourceNetwork); + rule.srcIpPrefixLen = ipv4AddressPrefix(sourceNetwork); + } + } else if (l3 != null && l3.getImplementedInterface() + .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6.class)) { + Ipv6 ipv6 = + ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6) l3) + .getIpv6(); + if (ipv6 != null && ipv6.getSourceNetwork() != null) { + // IPv6 is set for MacIpAcl + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork + sourceNetwork = ipv6.getSourceNetwork(); + rule.isIpv6 = 1; + rule.srcIpAddr = ipv6Address(sourceNetwork); + rule.srcIpPrefixLen = ipv6AddressPrefix(sourceNetwork); + } } else { + // No IP is set for MacIpAcl rule.isIpv6 = 0; - rule.srcIpAddr = ipv4Address(macIpAce); - rule.srcIpPrefixLen = ipv4AddressPrefix(macIpAce); + rule.srcIpAddr = new byte[4]; + rule.srcIpPrefixLen = 0; } return rule; @@ -72,26 +105,25 @@ public interface AceConverter extends MacIpAceDataExtractor, StandardAceDataExtr default AclRule[] toStandardAclRules(@Nonnull final List aces) { return aces.stream() + .filter(ace -> ace.getMatches() != null) .map(ace -> { - final VppAce standardAce = fromStandardAce(ace); - // pre-bind rule with protocol based attributes (if present) - AclRule rule = createPreBindRule(standardAce); + AclRule rule = createPreBindRule(ace); rule.isPermit = standardAction(ace); - if (standardIsIpv6(standardAce, ace.getMatches())) { + if (standardIsIpv6(ace.getMatches())) { rule.isIpv6 = 1; - rule.srcIpAddr = ipv6SourceAddress(standardAce); - rule.srcIpPrefixLen = ipv6SourceAddressPrefix(standardAce); - rule.dstIpAddr = ipv6DestinationAddress(standardAce); - rule.dstIpPrefixLen = ipv6DestinationAddressPrefix(standardAce); + rule.srcIpAddr = ipv6SourceAddress(ace.getMatches()); + rule.srcIpPrefixLen = ipv6SourceAddressPrefix(ace.getMatches()); + rule.dstIpAddr = ipv6DestinationAddress(ace.getMatches()); + rule.dstIpPrefixLen = ipv6DestinationAddressPrefix(ace.getMatches()); } else { rule.isIpv6 = 0; - rule.srcIpAddr = ipv4SourceAddress(standardAce); - rule.srcIpPrefixLen = ipv4SourceAddressPrefix(standardAce); - rule.dstIpAddr = ipv4DestinationAddress(standardAce); - rule.dstIpPrefixLen = ipv4DestinationAddressPrefix(standardAce); + rule.srcIpAddr = ipv4SourceAddress(ace.getMatches()); + rule.srcIpPrefixLen = ipv4SourceAddressPrefix(ace.getMatches()); + rule.dstIpAddr = ipv4DestinationAddress(ace.getMatches()); + rule.dstIpPrefixLen = ipv4DestinationAddressPrefix(ace.getMatches()); } return rule; @@ -107,18 +139,20 @@ public interface AceConverter extends MacIpAceDataExtractor, StandardAceDataExtr int i = 0; for (final MacipAclRule rule : rules) { final AceBuilder ace = new AceBuilder(); - final VppMacipAceBuilder aceType = new VppMacipAceBuilder(); - final VppMacipAceNodesBuilder nodes = new VppMacipAceNodesBuilder(); - nodes.setAceIpVersion(ipVersion(rule)); - nodes.setSourceMacAddress(sourceMac(rule)); - nodes.setSourceMacAddressMask(sourceMacMask(rule)); - aceType.setVppMacipAceNodes(nodes.build()); - - ace.setMatches(new MatchesBuilder().setAceType(aceType.build()).build()); + ace.setMatches( + new MatchesBuilder() + .setL3(parseMacIpAceL3(rule)) + .setL2(new EthBuilder() + .setEth(new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.EthBuilder() + .setSourceMacAddress(sourceMac(rule)) + .setSourceMacAddressMask(sourceMacMask(rule)) + .build()) + .build()) + .build()); ace.setActions(actions(rule.isPermit)); final String aceName = macipAclContext.getAceName(aclName, i++, mappingContext); - ace.setRuleName(aceName); + ace.setName(aceName); ace.withKey(new AceKey(aceName)); aces.add(ace.build()); @@ -133,17 +167,14 @@ public interface AceConverter extends MacIpAceDataExtractor, StandardAceDataExtr int i = 0; for (final AclRule rule : rules) { final AceBuilder ace = new AceBuilder(); - final VppAceBuilder aceType = new VppAceBuilder(); - final VppAceNodesBuilder nodes = new VppAceNodesBuilder(); - nodes.setAceIpVersion(ipVersion(rule)); - nodes.setIpProtocol(parseProtocol(rule)); - aceType.setVppAceNodes(nodes.build()); - - ace.setMatches(new MatchesBuilder().setAceType(aceType.build()).build()); + ace.setMatches(new MatchesBuilder() + .setL3(parseStandardAceL3(rule)) + .setL4(parseProtocol(rule)) + .build()); ace.setActions(actions(rule.isPermit)); final String aceName = standardAclContext.getAceName(aclName, i++, mappingContext); - ace.setRuleName(aceName); + ace.setName(aceName); ace.withKey(new AceKey(aceName)); aces.add(ace.build()); } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractor.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractor.java index ddb41ee3c..0c7d761a0 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractor.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractor.java @@ -21,84 +21,67 @@ import io.fd.hc2vpp.common.translate.util.MacTranslator; import io.fd.vpp.jvpp.acl.types.MacipAclRule; import java.util.Optional; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Actions; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4Builder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6Builder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.SourceNetwork; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.yang.types.rev130715.MacAddress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAceEthHeaderFields; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAceIpv4HeaderFields; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAceIpv6HeaderFields; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.AceIpVersion; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv4Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6Builder; public interface MacIpAceDataExtractor extends AddressExtractor, MacTranslator { - default VppMacipAce fromMacIpAce(@Nonnull final Ace ace) { - return Optional.ofNullable(ace.getMatches()) - .map(Matches::getAceType) - .map(VppMacipAce.class::cast) - .orElseThrow( - () -> new IllegalArgumentException(String.format("Unable to create VppMacipAce from %s", ace))); - } - - default boolean macIpIsIpv6(@Nonnull final VppMacipAce ace) { - return Optional.ofNullable(ace.getVppMacipAceNodes()) - .map(VppMacipAceNodes::getAceIpVersion) - .map(aceIpVersion -> aceIpVersion instanceof AceIpv6) - .orElse(false); - } - - default byte[] sourceMacAsBytes(@Nonnull final VppMacipAce ace) { - return macToByteArray(Optional.ofNullable(ace.getVppMacipAceNodes()) - .map(VppMacipAceEthHeaderFields::getSourceMacAddress) + default byte[] sourceMacAsBytes(final MacAddress mac) { + return macToByteArray(Optional.ofNullable(mac) .map(MacAddress::getValue) .orElse(Impl.DEFAULT_MAC)); } - default byte[] sourceMacMaskAsBytes(@Nonnull final VppMacipAce ace) { - return macToByteArray(Optional.ofNullable(ace.getVppMacipAceNodes()) - .map(VppMacipAceEthHeaderFields::getSourceMacAddressMask) + default byte[] sourceMacMaskAsBytes(final MacAddress mac) { + return macToByteArray(Optional.ofNullable(mac) .map(MacAddress::getValue) .orElse(Impl.DEFAULT_MAC_MASK)); } - default byte[] ipv4Address(@Nonnull final VppMacipAce ace) { - return extractIp4Address(extractV4NetworkAddressOrNull(ace)); + default byte[] ipv4Address(@Nonnull final SourceNetwork network) { + return extractIp4Address(extractV4NetworkAddressOrNull(network)); } - default byte ipv4AddressPrefix(@Nonnull final VppMacipAce ace) { - return extractIp4AddressPrefix(extractV4NetworkAddressOrNull(ace)); + default byte ipv4AddressPrefix(@Nonnull final SourceNetwork network) { + return extractIp4AddressPrefix(extractV4NetworkAddressOrNull(network)); } - static Ipv4Prefix extractV4NetworkAddressOrNull(final @Nonnull VppMacipAce ace) { - return Optional.ofNullable(ace.getVppMacipAceNodes()) - .map(VppMacipAceNodes::getAceIpVersion) - .map(VppMacipAceIpv4HeaderFields.class::cast) - .map(VppMacipAceIpv4HeaderFields::getSourceIpv4Network) + static Ipv4Prefix extractV4NetworkAddressOrNull(final @Nonnull SourceNetwork network) { + return Optional.of(network).filter(net -> net instanceof SourceIpv4Network) + .map(SourceIpv4Network.class::cast) + .map(SourceIpv4Network::getSourceIpv4Network) .orElse(null); } - default byte[] ipv6Address(@Nonnull final VppMacipAce ace) { - return extractIp6Address(extractV6NetworkAddressOrNull(ace)); + default byte[] ipv6Address( + @Nonnull final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork network) { + return extractIp6Address(extractV6NetworkAddressOrNull(network)); } - default byte ipv6AddressPrefix(@Nonnull final VppMacipAce ace) { - return extractIp6AddressPrefix(extractV6NetworkAddressOrNull(ace)); + default byte ipv6AddressPrefix( + @Nonnull final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork network) { + return extractIp6AddressPrefix(extractV6NetworkAddressOrNull(network)); } - default Ipv6Prefix extractV6NetworkAddressOrNull(@Nonnull final VppMacipAce ace) { - return Optional.ofNullable(ace.getVppMacipAceNodes()) - .map(VppMacipAceNodes::getAceIpVersion) - .map(VppMacipAceIpv6HeaderFields.class::cast) - .map(VppMacipAceIpv6HeaderFields::getSourceIpv6Network) + default Ipv6Prefix extractV6NetworkAddressOrNull( + @Nonnull final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.SourceNetwork network) { + return Optional.of(network).filter(net -> net instanceof SourceIpv6Network) + .map(SourceIpv6Network.class::cast) + .map(SourceIpv6Network::getSourceIpv6Network) .orElse(null); } @@ -107,41 +90,54 @@ public interface MacIpAceDataExtractor extends AddressExtractor, MacTranslator { */ default byte macIpAction(@Nonnull final Ace ace) { // action choice itself has default, but nothing stops us from not defining actions container itself - final PacketHandling action = Optional.ofNullable(ace.getActions()).orElseThrow( - () -> new IllegalArgumentException(String.format("Unable to extract Action from %s", ace))) - .getPacketHandling(); - if (action instanceof Permit) { - return 1; - } else if (action instanceof Deny) { - return 0; + Actions actions = Optional.ofNullable(ace.getActions()).orElseThrow( + () -> new IllegalArgumentException(String.format("Unable to extract Action from %s", ace))); + if (actions.getForwarding() != null) { + if (ace.getActions().getForwarding().equals(Accept.class)) { + return 1; + } else { + return 0; + } } else { throw new IllegalArgumentException( - String.format("Unsupported packet-handling action %s for ACE %s", action, ace)); + String.format("Unsupported packet-handling action %s for ACE %s", actions, ace)); } } - default AceIpVersion ipVersion(@Nonnull final MacipAclRule rule) { + default L3 parseMacIpAceL3(@Nonnull final MacipAclRule rule) { if (rule.isIpv6 == 0) { - return ip4Ace(rule); + return ip4L3(rule); } else { - return ip6Ace(rule); + return ip6L3(rule); } } - default AceIpVersion ip4Ace(@Nonnull final MacipAclRule rule) { - final AceIpv4Builder ipVersion = new AceIpv4Builder(); + default Ipv4 ip4L3(@Nonnull final MacipAclRule rule) { + final Ipv4Builder ipv4Builder = new Ipv4Builder(); + if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) { - ipVersion.setSourceIpv4Network(toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen)); + ipv4Builder.setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setSourceNetwork(new SourceIpv4NetworkBuilder() + .setSourceIpv4Network( + toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen)) + .build()) + .build()); } - return ipVersion.build(); + return ipv4Builder.build(); } - default AceIpVersion ip6Ace(@Nonnull final MacipAclRule rule) { - final AceIpv6Builder ipVersion = new AceIpv6Builder(); + default Ipv6 ip6L3(@Nonnull final MacipAclRule rule) { + final Ipv6Builder ipv6Builder = new Ipv6Builder(); if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) { - ipVersion.setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen)); + ipv6Builder.setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setSourceNetwork(new SourceIpv6NetworkBuilder() + .setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen)) + .build()) + .build()); } - return ipVersion.build(); + return ipv6Builder.build(); } default MacAddress sourceMac(@Nonnull final MacipAclRule rule) { diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java index 8f463aef5..9f454fd38 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractor.java @@ -24,147 +24,148 @@ import java.util.Map; import java.util.Optional; import javax.annotation.Nonnull; import javax.annotation.Nullable; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.PacketHandling; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AcceptAndReflect; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.ForwardingAction; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Reject; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Actions; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.ActionsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Matches; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4Builder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6Builder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv4HeaderFields; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.AclIpv6HeaderFields; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.AclIpProtocolHeaderFields; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.Stateful; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.StatefulBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.AceIpVersion; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclIpv4HeaderFields; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclIpv6HeaderFields; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder; public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBindRuleProducer, IpProtocolReader { /** * Allowed packet-processing actions for Acl's */ - Map, Integer> ACTION_VALUE_PAIRS = ImmutableMap.of(Deny.class, 0, Permit.class, 1, - Stateful.class, 2); - - default VppAce fromStandardAce(@Nonnull final Ace ace) { - return Optional.ofNullable(ace.getMatches()) - .map(Matches::getAceType) - .map(VppAce.class::cast) - .orElseThrow(() -> new IllegalArgumentException(String.format("Unable to create VppAce from %s", ace))); - } - - default boolean standardIsIpv6(@Nonnull final VppAce ace, @Nullable final Matches matches) { - final Optional aceIpVersion = Optional.ofNullable(matches) - .map(Matches::getAceType) - .map(VppAce.class::cast) - .map(VppAce::getVppAceNodes) - .map(VppAceNodes::getAceIpVersion); - - // tries to detect version by ace-ip-version - if(aceIpVersion.isPresent()){ - return aceIpVersion - .map(version -> version instanceof AceIpv6) - .orElse(false); - } + Map, Integer> ACTION_VALUE_PAIRS = + ImmutableMap.of(Drop.class, 0, Reject.class, 0, Accept.class, 1, AcceptAndReflect.class, 2); - // otherwise goes by ip-protocol - return Optional.ofNullable(ace.getVppAceNodes()) - .map(AclIpProtocolHeaderFields::getIpProtocol) - .map(ipProtocol -> ipProtocol instanceof IcmpV6) - .orElse(false); + default boolean standardIsIpv6(@Nullable final Matches matches) { + return Optional.ofNullable(matches) + .map(Matches::getL3) + .filter(l3 -> l3.getImplementedInterface().equals(Ipv6.class)) + .map(Ipv6.class::cast) + .map(Ipv6::getIpv6) + .isPresent(); } - default byte[] ipv4SourceAddress(@Nonnull final VppAce ace) { - return extractIp4Address( - extractV4SourceAddressOrNull(ace)); + default byte[] ipv4SourceAddress(@Nonnull final Matches matches) { + return extractIp4Address(extractV4SourceAddressOrNull(matches)); } - default byte ipv4SourceAddressPrefix(@Nonnull final VppAce ace) { - return extractIp4AddressPrefix( - extractV4SourceAddressOrNull(ace)); + default byte ipv4SourceAddressPrefix(@Nonnull final Matches matches) { + return extractIp4AddressPrefix(extractV4SourceAddressOrNull(matches)); } - static Ipv4Prefix extractV4SourceAddressOrNull(@Nonnull final VppAce ace) { - return Optional.ofNullable(ace.getVppAceNodes()) - .map(VppAceNodes::getAceIpVersion) - .map(AclIpv4HeaderFields.class::cast) - .map(AclIpv4HeaderFields::getSourceIpv4Network) + static Ipv4Prefix extractV4SourceAddressOrNull(@Nonnull final Matches matches) { + return getIpv4Optional(matches) + .map(AclIpv4HeaderFields::getSourceNetwork) + .filter(network -> network instanceof SourceIpv4Network) + .map(SourceIpv4Network.class::cast) + .map(SourceIpv4Network::getSourceIpv4Network) .orElse(null); } - default byte[] ipv4DestinationAddress(@Nonnull final VppAce ace) { - return extractIp4Address(extractV4DestinationAddressOrNull(ace)); + default byte[] ipv4DestinationAddress(@Nonnull final Matches matches) { + return extractIp4Address(extractV4DestinationAddressOrNull(matches)); } - default byte ipv4DestinationAddressPrefix(@Nonnull final VppAce ace) { - return extractIp4AddressPrefix(extractV4DestinationAddressOrNull(ace)); + default byte ipv4DestinationAddressPrefix(@Nonnull final Matches matches) { + return extractIp4AddressPrefix(extractV4DestinationAddressOrNull(matches)); } - static Ipv4Prefix extractV4DestinationAddressOrNull(@Nonnull final VppAce ace) { - return Optional.ofNullable(ace.getVppAceNodes()) - .map(VppAceNodes::getAceIpVersion) - .map(AclIpv4HeaderFields.class::cast) - .map(AclIpv4HeaderFields::getDestinationIpv4Network) + static Ipv4Prefix extractV4DestinationAddressOrNull(@Nonnull final Matches matches) { + return getIpv4Optional(matches) + .map(AclIpv4HeaderFields::getDestinationNetwork) + .filter(destinationNetwork -> destinationNetwork instanceof DestinationIpv4Network) + .map(DestinationIpv4Network.class::cast) + .map(DestinationIpv4Network::getDestinationIpv4Network) .orElse(null); } - default byte[] ipv6SourceAddress(@Nonnull final VppAce ace) { - return extractIp6Address(extractV6SourceAddressOrNull(ace)); + static Optional getIpv4Optional( + @Nonnull final Matches matches) { + return Optional.ofNullable(matches.getL3()) + .filter(l3 -> l3.getImplementedInterface().equals(Ipv4.class)) + .map(Ipv4.class::cast) + .map(Ipv4::getIpv4); + } + + default byte[] ipv6SourceAddress(@Nonnull final Matches matches) { + return extractIp6Address(extractV6SourceAddressOrNull(matches)); } - default byte ipv6SourceAddressPrefix(@Nonnull final VppAce ace) { - return extractIp6AddressPrefix(extractV6SourceAddressOrNull(ace)); + default byte ipv6SourceAddressPrefix(@Nonnull final Matches matches) { + return extractIp6AddressPrefix(extractV6SourceAddressOrNull(matches)); } - static Ipv6Prefix extractV6SourceAddressOrNull(@Nonnull final VppAce ace) { - return Optional.ofNullable(ace.getVppAceNodes()) - .map(VppAceNodes::getAceIpVersion) - .map(AclIpv6HeaderFields.class::cast) - .map(AclIpv6HeaderFields::getSourceIpv6Network) + static Ipv6Prefix extractV6SourceAddressOrNull(@Nonnull final Matches matches) { + return getIpv6Optional(matches) + .map(AclIpv6HeaderFields::getSourceNetwork) + .filter(sourceNetwork -> sourceNetwork instanceof SourceIpv6Network) + .map(SourceIpv6Network.class::cast) + .map(SourceIpv6Network::getSourceIpv6Network) .orElse(null); } - default byte[] ipv6DestinationAddress(@Nonnull final VppAce ace) { - return extractIp6Address(extractV6DestinationAddressOrNull(ace)); + default byte[] ipv6DestinationAddress(@Nonnull final Matches matches) { + return extractIp6Address(extractV6DestinationAddressOrNull(matches)); } - default byte ipv6DestinationAddressPrefix(@Nonnull final VppAce ace) { - return extractIp6AddressPrefix(extractV6DestinationAddressOrNull(ace)); + default byte ipv6DestinationAddressPrefix(@Nonnull final Matches matches) { + return extractIp6AddressPrefix(extractV6DestinationAddressOrNull(matches)); } - static Ipv6Prefix extractV6DestinationAddressOrNull(@Nonnull final VppAce ace) { - return Optional.ofNullable(ace.getVppAceNodes()) - .map(VppAceNodes::getAceIpVersion) - .map(AclIpv6HeaderFields.class::cast) - .map(AclIpv6HeaderFields::getDestinationIpv6Network) + static Ipv6Prefix extractV6DestinationAddressOrNull(@Nonnull final Matches matches) { + return getIpv6Optional(matches) + .map(AclIpv6HeaderFields::getDestinationNetwork) + .filter(destinationNetwork -> destinationNetwork instanceof DestinationIpv6Network) + .map(DestinationIpv6Network.class::cast) + .map(DestinationIpv6Network::getDestinationIpv6Network) .orElse(null); } + static Optional getIpv6Optional( + @Nonnull final Matches matches) { + return Optional.ofNullable(matches.getL3()) + .filter(l3 -> l3.getImplementedInterface().equals(Ipv6.class)) + .map(Ipv6.class::cast) + .map(Ipv6::getIpv6); + } + default byte standardAction(@Nonnull final Ace ace) { - // default == deny - final PacketHandling action = Optional.ofNullable(ace.getActions()) + Class forwarding = Optional.ofNullable(ace.getActions()) .orElseThrow(() -> new IllegalArgumentException(String.format("Unable to extract Action from %s", ace))) - .getPacketHandling(); + .getForwarding(); return ACTION_VALUE_PAIRS.get(ACTION_VALUE_PAIRS.keySet().stream() - .filter(aClass -> aClass.isInstance(action)) + .filter(aClass -> aClass.equals(forwarding)) .findAny() .orElseThrow(() -> new IllegalArgumentException( - String.format("Unsupported packet-handling action %s for ACE %s", action, - ace.getRuleName())))).byteValue(); + String.format("Unsupported packet-handling action %s for ACE %s", forwarding, + ace.getName())))).byteValue(); } - default AceIpVersion ipVersion(@Nonnull final AclRule rule) { + default L3 parseStandardAceL3(@Nonnull final AclRule rule) { if (rule.isIpv6 == 0) { return ip4Ace(rule); } else { @@ -172,40 +173,55 @@ public interface StandardAceDataExtractor extends AddressExtractor, ProtoPreBind } } - default AceIpVersion ip4Ace(@Nonnull final AclRule rule) { - final AceIpv4Builder ipVersion = new AceIpv4Builder(); + default org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4 ip4Ace( + @Nonnull final AclRule rule) { + Ipv4Builder ipv4Builder = new Ipv4Builder(); + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder + ip4Builder = + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder(); if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) { - ipVersion.setSourceIpv4Network(toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen)); + ip4Builder.setSourceNetwork(new SourceIpv4NetworkBuilder() + .setSourceIpv4Network(toIpv4Prefix(truncateIp4Array(rule.srcIpAddr), rule.srcIpPrefixLen)) + .build()); } if (rule.dstIpAddr != null && rule.dstIpAddr.length != 0) { - ipVersion.setDestinationIpv4Network(toIpv4Prefix(truncateIp4Array(rule.dstIpAddr), rule.dstIpPrefixLen)); + ip4Builder.setDestinationNetwork(new DestinationIpv4NetworkBuilder() + .setDestinationIpv4Network(toIpv4Prefix(truncateIp4Array(rule.dstIpAddr), rule.dstIpPrefixLen)) + .build()); } - return ipVersion.build(); + return ipv4Builder.setIpv4(ip4Builder.build()).build(); } - default AceIpVersion ip6Ace(@Nonnull final AclRule rule) { - final AceIpv6Builder ipVersion = new AceIpv6Builder(); + default org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6 ip6Ace( + @Nonnull final AclRule rule) { + Ipv6Builder ipv6Builder = new Ipv6Builder(); + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder + ip6Builder = + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder(); + if (rule.srcIpAddr != null && rule.srcIpAddr.length != 0) { - ipVersion.setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen)); + ip6Builder.setSourceNetwork(new SourceIpv6NetworkBuilder() + .setSourceIpv6Network(toIpv6Prefix(rule.srcIpAddr, rule.srcIpPrefixLen)) + .build()); } if (rule.dstIpAddr != null && rule.dstIpAddr.length != 0) { - ipVersion.setDestinationIpv6Network(toIpv6Prefix(rule.dstIpAddr, rule.dstIpPrefixLen)); + ip6Builder.setDestinationNetwork(new DestinationIpv6NetworkBuilder() + .setDestinationIpv6Network(toIpv6Prefix(rule.dstIpAddr, rule.dstIpPrefixLen)) + .build()); } - return ipVersion.build(); + return ipv6Builder.setIpv6(ip6Builder.build()).build(); } default Actions actions(final byte isPermit) { final ActionsBuilder actions = new ActionsBuilder(); switch (isPermit) { case 0: - actions.setPacketHandling(new DenyBuilder().setDeny(true).build()); + actions.setForwarding(Drop.class); break; case 1: - actions.setPacketHandling(new PermitBuilder().setPermit(true).build()); - break; - case 2: - actions.setPacketHandling(new StatefulBuilder().setPermitAndReflect(true).build()); + actions.setForwarding(Accept.class); break; + default: throw new IllegalArgumentException("Unsupported action: " + isPermit); } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclDataExtractor.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclDataExtractor.java index 5f75ae306..977dd4062 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclDataExtractor.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclDataExtractor.java @@ -16,16 +16,19 @@ package io.fd.hc2vpp.acl.util.acl; +import com.google.common.base.Preconditions; +import io.fd.hc2vpp.acl.write.AclValidator; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.Optional; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAcl; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAclAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppMacipAcl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclBase; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Ipv4AclType; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; /** * Extracts data from Acls. @@ -34,31 +37,25 @@ import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl. public interface AclDataExtractor { /** - * Checks if provided {@link Acl} has aces of type {@link VppAce} + * Checks if provided {@link Acl} has aces of type {@link Ipv4AclType} or {@link VppAcl} */ default boolean isStandardAcl(@Nonnull final Acl acl) { - return acl.getAccessListEntries().getAce().stream() - .map(Ace::getMatches) - .map(Matches::getAceType) - .filter(aceType -> aceType instanceof VppAce) - .findAny() - .isPresent(); + Class type = + Preconditions.checkNotNull(acl.getType(), "Type is not set for ACL:{}", acl); + return type.equals(VppAcl.class); } /** - * Checks if provided {@link Acl} has aces of type {@link VppMacipAce} + * Checks if provided {@link Acl} has aces of type {@link VppMacipAcl} */ default boolean isMacIpAcl(@Nonnull final Acl acl) { - return acl.getAccessListEntries().getAce().stream() - .map(Ace::getMatches) - .map(Matches::getAceType) - .filter(aceType -> aceType instanceof VppMacipAce) - .findAny() - .isPresent(); + Class type = + Preconditions.checkNotNull(acl.getType(), "Type is not set for ACL:{}", acl); + return type.equals(VppMacipAcl.class); } default List getAces(@Nonnull final Acl acl) { - return Optional.ofNullable(acl.getAccessListEntries()).orElseThrow(() -> + return Optional.ofNullable(acl.getAces()).orElseThrow(() -> new IllegalArgumentException(String.format("Unable to extract aces from %s", acl))).getAce(); } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclWriter.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclWriter.java deleted file mode 100644 index 32e20ebac..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/acl/AclWriter.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.util.acl; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.acl.util.ace.AceConverter; -import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; -import io.fd.honeycomb.translate.MappingContext; -import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.acl.dto.AclAddReplace; -import io.fd.vpp.jvpp.acl.dto.AclAddReplaceReply; -import io.fd.vpp.jvpp.acl.dto.AclDel; -import io.fd.vpp.jvpp.acl.dto.MacipAclAdd; -import io.fd.vpp.jvpp.acl.dto.MacipAclAddReply; -import io.fd.vpp.jvpp.acl.dto.MacipAclDel; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import java.util.List; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -/** - * Write standard and mac-ip acls - */ -public interface AclWriter extends AclDataExtractor, AceConverter, JvppReplyConsumer { - - int ACL_INDEX_CREATE_NEW = -1; - - default void addStandardAcl(@Nonnull final FutureJVppAclFacade futureFacade, - @Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, - @Nonnull final AclContextManager standardAclContext, - @Nonnull final MappingContext mappingContext) throws WriteFailedException { - - final AclAddReplace request = new AclAddReplace(); - - request.tag = getAclTag(acl); - request.aclIndex = ACL_INDEX_CREATE_NEW; - - final List aces = getAces(acl); - request.r = toStandardAclRules(aces); - request.count = request.r.length; - - final AclAddReplaceReply reply = - getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id); - - // maps new acl to returned index - standardAclContext.addAcl(reply.aclIndex, acl.getAclName(), aces, mappingContext); - } - - // according to vpp team, this was tested extensively, and should work - default void updateStandardAcl(@Nonnull final FutureJVppAclFacade futureFacade, - @Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, - @Nonnull final AclContextManager standardAclContext, - @Nonnull final MappingContext mappingContext) throws WriteFailedException { - - final AclAddReplace request = new AclAddReplace(); - - request.tag = getAclTag(acl); - // by setting existing index, request is resolved as update - request.aclIndex = standardAclContext.getAclIndex(acl.getAclName(), mappingContext); - - final List aces = getAces(acl); - request.r = toStandardAclRules(aces); - request.count = request.r.length; - - final AclAddReplaceReply reply = getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id); - - // overwrites existing acl metadata (aces might have been changed): - standardAclContext.addAcl(reply.aclIndex, acl.getAclName(), aces, mappingContext); - } - - default void deleteStandardAcl(@Nonnull final FutureJVppAclFacade futureFacade, - @Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, - @Nonnull final AclContextManager standardAclContext, - @Nonnull final MappingContext mappingContext) throws WriteFailedException { - - final AclDel request = new AclDel(); - final String aclName = acl.getAclName(); - request.aclIndex = standardAclContext.getAclIndex(aclName, mappingContext); - - getReplyForDelete(futureFacade.aclDel(request).toCompletableFuture(), id); - - // removes mapping after successful delete - standardAclContext.removeAcl(aclName, mappingContext); - } - - default void addMacIpAcl(@Nonnull final FutureJVppAclFacade futureFacade, - @Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, - @Nonnull final AclContextManager macIpAclContext, - @Nonnull final MappingContext mappingContext) throws WriteFailedException { - final MacipAclAdd request = new MacipAclAdd(); - - request.tag = getAclTag(acl); - - final List aces = getAces(acl); - request.r = toMacIpAclRules(aces); - request.count = request.r.length; - - final MacipAclAddReply reply = getReplyForWrite(futureFacade.macipAclAdd(request).toCompletableFuture(), id); - - // map mac-ip acl to returned index - macIpAclContext.addAcl(reply.aclIndex, acl.getAclName(), aces, mappingContext); - } - - default void deleteMacIpAcl(@Nonnull final FutureJVppAclFacade futureFacade, - @Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, - @Nonnull final AclContextManager macIpAclContext, - @Nonnull final MappingContext mappingContext) throws WriteFailedException { - final MacipAclDel request = new MacipAclDel(); - final String aclName = acl.getAclName(); - request.aclIndex = macIpAclContext.getAclIndex(aclName, mappingContext); - - getReplyForDelete(futureFacade.macipAclDel(request).toCompletableFuture(), id); - - macIpAclContext.removeAcl(aclName, mappingContext); - } - - -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/factory/AclFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/factory/AclFactory.java deleted file mode 100644 index 474a52844..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/factory/AclFactory.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Copyright (c) 2017 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.util.factory; - -import com.google.common.collect.ImmutableSet; -import java.util.Set; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntries; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Actions; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAclAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpCodeRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpTypeRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6Nodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.other.OtherNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodes; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public interface AclFactory { - - default Set> vppAclChildren(final InstanceIdentifier parentId) { - final InstanceIdentifier matchesIid = - parentId.child(AccessListEntries.class).child(Ace.class).child(Matches.class); - return ImmutableSet.of( - parentId.augmentation(VppAclAugmentation.class), - parentId.child(AccessListEntries.class), - parentId.child(AccessListEntries.class).child(Ace.class), - parentId.child(AccessListEntries.class).child(Ace.class).child(Matches.class), - parentId.child(AccessListEntries.class).child(Ace.class).child(Actions.class), - matchesIid, - matchesIid.child(VppMacipAceNodes.class), - matchesIid.child(VppAceNodes.class), - matchesIid.child(VppAceNodes.class).child(IcmpNodes.class), - matchesIid.child(VppAceNodes.class).child(IcmpNodes.class).child(IcmpCodeRange.class), - matchesIid.child(VppAceNodes.class).child(IcmpNodes.class).child(IcmpTypeRange.class), - matchesIid.child(VppAceNodes.class).child(IcmpV6Nodes.class), - matchesIid.child(VppAceNodes.class).child(IcmpV6Nodes.class).child(IcmpCodeRange.class), - matchesIid.child(VppAceNodes.class).child(IcmpV6Nodes.class).child(IcmpTypeRange.class), - matchesIid.child(VppAceNodes.class).child(UdpNodes.class), - matchesIid.child(VppAceNodes.class).child(UdpNodes.class).child(SourcePortRange.class), - matchesIid.child(VppAceNodes.class).child(UdpNodes.class).child(DestinationPortRange.class), - matchesIid.child(VppAceNodes.class).child(TcpNodes.class), - matchesIid.child(VppAceNodes.class).child(TcpNodes.class).child(SourcePortRange.class), - matchesIid.child(VppAceNodes.class).child(TcpNodes.class).child(DestinationPortRange.class), - matchesIid.child(VppAceNodes.class).child(OtherNodes.class) - - ); - } - -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequest.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequest.java deleted file mode 100644 index bf1f1497e..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequest.java +++ /dev/null @@ -1,170 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -package io.fd.hc2vpp.acl.util.iface.acl; - -import static com.google.common.base.Preconditions.checkNotNull; - -import com.google.common.collect.ImmutableList; -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; -import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.MappingContext; -import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclList; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import java.util.Collections; -import java.util.List; -import java.util.stream.Stream; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Multi-assignment single-request taking advantage from acl_interface_set_acl_list api - */ -public class AclInterfaceAssignmentRequest implements JvppReplyConsumer, ByteDataTranslator { - - private static final Logger LOG = LoggerFactory.getLogger(AclInterfaceAssignmentRequest.class); - - private final MappingContext mappingContext; - private InstanceIdentifier identifier; - private List inputAclNames = Collections.emptyList(); - private List outputAclNames = Collections.emptyList(); - private AclContextManager standardAclContext; - private NamingContext interfaceContext; - - - private AclInterfaceAssignmentRequest(final MappingContext mappingContext) { - this.mappingContext = checkNotNull(mappingContext, "Mapping context cannot be null"); - } - - public static AclInterfaceAssignmentRequest create(@Nonnull final MappingContext mappingContext) { - return new AclInterfaceAssignmentRequest(mappingContext); - } - - public AclInterfaceAssignmentRequest identifier( - @Nonnull final InstanceIdentifier identifier) { - this.identifier = identifier; - return this; - } - - public AclInterfaceAssignmentRequest inputAclNames(@Nonnull final List inputAclNames) { - checkNotNull(inputAclNames, "Input ACL names cannot be null"); - this.inputAclNames = ImmutableList.copyOf(inputAclNames); - return this; - } - - public AclInterfaceAssignmentRequest outputAclNames(@Nonnull final List outputAclNames) { - checkNotNull(outputAclNames, "Output ACL names cannot be null"); - this.outputAclNames = ImmutableList.copyOf(outputAclNames); - return this; - } - - public AclInterfaceAssignmentRequest standardAclContext(@Nonnull final AclContextManager standardAclContext) { - this.standardAclContext = standardAclContext; - return this; - } - - public AclInterfaceAssignmentRequest interfaceContext(@Nonnull final NamingContext interfaceContext) { - this.interfaceContext = interfaceContext; - return this; - } - - private void checkValidRequest() { - checkNotNull(identifier, "Identifier cannot be null"); - checkNotNull(standardAclContext, "ACL context cannot be null"); - checkNotNull(interfaceContext, "Interface context cannot be null"); - } - - public void executeAsCreate(@Nonnull final FutureJVppAclFacade api) throws WriteFailedException { - checkValidRequest(); - final String interfaceName = identifier.firstKeyOf(Interface.class).getName(); - - // locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request - synchronized (mappingContext) { - LOG.debug( - "Executing acl interface assignment write request for interface={}, input ACL's={},output ACL's={}", - interfaceName, inputAclNames, outputAclNames); - - getReplyForWrite(api.aclInterfaceSetAclList(createRequest(interfaceName)).toCompletableFuture(), - identifier); - LOG.debug( - "Acl interface assignment write request for interface={}, input ACL's={},output ACL's={} successfully passed", - interfaceName, inputAclNames, outputAclNames); - } - } - - public void executeAsUpdate(@Nonnull final FutureJVppAclFacade api, final Acl before, final Acl after) - throws WriteFailedException { - checkValidRequest(); - final String interfaceName = identifier.firstKeyOf(Interface.class).getName(); - - // locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request - synchronized (mappingContext) { - LOG.debug( - "Executing acl interface assignment update request for interface={}, input ACL's={},output ACL's={}", - interfaceName, inputAclNames, outputAclNames); - - getReplyForUpdate(api.aclInterfaceSetAclList(createRequest(interfaceName)).toCompletableFuture(), - identifier, before, after); - LOG.debug( - "Acl interface assignment update request for interface={}, input ACL's={},output ACL's={} successfully passed", - interfaceName, inputAclNames, outputAclNames); - } - } - - public void executeAsDelete(@Nonnull final FutureJVppAclFacade api) throws WriteFailedException { - checkValidRequest(); - final String interfaceName = identifier.firstKeyOf(Interface.class).getName(); - - // locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request - synchronized (mappingContext) { - LOG.debug( - "Executing acl interface assignment delete request for interface={}, input ACL's={},output ACL's={}", - interfaceName, inputAclNames, outputAclNames); - - // remove all ACLs, just in case they were set by AclInterfaceAssignmentRequest user - inputAclNames = Collections.emptyList(); - outputAclNames = Collections.emptyList(); - - getReplyForDelete(api.aclInterfaceSetAclList(createRequest(interfaceName)).toCompletableFuture(), - identifier); - LOG.debug( - "Acl interface assignment delete request for interface={}, input ACL's={},output ACL's={} successfully passed", - interfaceName, inputAclNames, outputAclNames); - } - } - - // synchronized on higher layer - private AclInterfaceSetAclList createRequest(final String interfaceName) { - - AclInterfaceSetAclList request = new AclInterfaceSetAclList(); - request.swIfIndex = interfaceContext.getIndex(interfaceName, mappingContext); - // FIXME (HC2VPP-201): possible overflow - request.nInput = (byte) inputAclNames.size(); - request.count = (byte) (inputAclNames.size() + outputAclNames.size()); - request.acls = Stream.concat(inputAclNames.stream(), outputAclNames.stream()) - .mapToInt(aclName -> standardAclContext.getAclIndex(aclName, mappingContext)) - .toArray(); - return request; - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequest.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequest.java deleted file mode 100644 index 882cfd631..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequest.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -package io.fd.hc2vpp.acl.util.iface.macip; - -import static com.google.common.base.Preconditions.checkNotNull; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; -import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.MappingContext; -import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDel; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class MacIpInterfaceAssignmentRequest implements ByteDataTranslator, JvppReplyConsumer { - - private static final Logger LOG = LoggerFactory.getLogger(MacIpInterfaceAssignmentRequest.class); - - private final boolean isNew; - private final MappingContext mappingContext; - private InstanceIdentifier identifier; - private String aclName; - private AclContextManager macIpAclContext; - private NamingContext interfaceContext; - - - private MacIpInterfaceAssignmentRequest(final boolean isNew, final MappingContext mappingContext) { - this.isNew = isNew; - this.mappingContext = checkNotNull(mappingContext, "Mapping context cannot be null"); - } - - public static MacIpInterfaceAssignmentRequest addNew(@Nonnull final MappingContext mappingContext) { - return new MacIpInterfaceAssignmentRequest(true, mappingContext); - } - - public static MacIpInterfaceAssignmentRequest deleteExisting(@Nonnull final MappingContext mappingContext) { - return new MacIpInterfaceAssignmentRequest(false, mappingContext); - } - - public MacIpInterfaceAssignmentRequest identifier(@Nonnull final InstanceIdentifier identifier) { - this.identifier = identifier; - return this; - } - - public MacIpInterfaceAssignmentRequest aclName(@Nonnull final String aclName) { - this.aclName = aclName; - return this; - } - - public MacIpInterfaceAssignmentRequest macIpAclContext(@Nonnull final AclContextManager macIpAclContext) { - this.macIpAclContext = macIpAclContext; - return this; - } - - public MacIpInterfaceAssignmentRequest interfaceContext(@Nonnull final NamingContext interfaceContext) { - this.interfaceContext = interfaceContext; - return this; - } - - private void checkValidRequest() { - checkNotNull(identifier, "Identifier cannot be null"); - checkNotNull(aclName, "ACL name cannot be null"); - checkNotNull(macIpAclContext, "ACL context cannot be null"); - checkNotNull(interfaceContext, "Interface context cannot be null"); - } - - public void execute(@Nonnull final FutureJVppAclFacade api) - throws WriteFailedException { - - // locking on mapping context, to prevent modifying of mappings (for both contexts) during execution of request - synchronized (mappingContext) { - checkValidRequest(); - - final String interfaceName = identifier.firstKeyOf(Interface.class).getName(); - - MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel(); - request.isAdd = booleanToByte(isNew); - request.aclIndex = macIpAclContext.getAclIndex(aclName, mappingContext); - request.swIfIndex = - interfaceContext.getIndex(interfaceName, mappingContext); - - LOG.debug("Executing mac-ip interface assignment request for isNew={},aclName={},interfaceName={}", isNew, - aclName, interfaceName); - getReplyForWrite(api.macipAclInterfaceAddDel(request).toCompletableFuture(), identifier); - LOG.debug( - "Mac-ip interface assignment request for isNew={},aclName={},interfaceName={} successfully passed", - isNew, aclName, interfaceName); - } - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java index 9c8b99b45..3207ecd4b 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/IpProtocolReader.java @@ -21,40 +21,42 @@ import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.ICMP_INDEX import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.TCP_INDEX; import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.UDP_INDEX; +import com.google.common.annotations.VisibleForTesting; import io.fd.vpp.jvpp.acl.types.AclRule; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentationBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentationBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpCodeRange; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpCodeRangeBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpTypeRange; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acl.icmp.header.fields.IcmpTypeRangeBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.icmp.icmp.VppIcmpAceBuilder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.acls.acl.aces.ace.matches.l4.tcp.tcp.VppTcpAceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.IcmpBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.TcpBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.UdpBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.DestinationPortBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.SourcePortBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.source.port.RangeOrOperatorBuilder; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRangeBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRangeBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpCodeRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpCodeRangeBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpTypeRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.icmp.header.fields.IcmpTypeRangeBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.IpProtocol; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Icmp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.OtherBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Tcp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.TcpBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Udp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.UdpBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6NodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.other.OtherNodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclTcpHeaderFields; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.PortRangeOrOperator; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.Range; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.RangeBuilder; /** * Utility for parsing IpProtocol DO based on data returned by vpp as {@link AclRule}. */ public interface IpProtocolReader { - default IpProtocol parseProtocol(final AclRule rule) { + default L4 parseProtocol(final AclRule rule) { switch (rule.proto) { + case ICMPV6_INDEX: case ICMP_INDEX: { return Impl.parseIcmp(rule); } @@ -66,14 +68,8 @@ public interface IpProtocolReader { case UDP_INDEX: { return Impl.parseUdp(rule); } - - case ICMPV6_INDEX: { - return Impl.parseIcmp6(rule); - } - default: { - return Impl.parse(rule); - } } + return null; } class Impl { @@ -91,51 +87,107 @@ public interface IpProtocolReader { } private static Icmp parseIcmp(final AclRule rule) { - final IcmpNodesBuilder nodes = new IcmpNodesBuilder(); - nodes.setIcmpCodeRange(parseIcmpCodeRange(rule)); - nodes.setIcmpTypeRange(parseIcmpTypeRange(rule)); - return new IcmpBuilder().setIcmpNodes(nodes.build()).build(); + return new IcmpBuilder().setIcmp( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.icmp.IcmpBuilder() + .addAugmentation(VppIcmpAceAugmentation.class, + new VppIcmpAceAugmentationBuilder() + .setVppIcmpAce(new VppIcmpAceBuilder() + .setIcmpCodeRange(parseIcmpCodeRange(rule)) + .setIcmpTypeRange(parseIcmpTypeRange(rule)) + .build()) + .build()) + .build()) + .build(); } - private static DestinationPortRange parseDstPortRange(final AclRule rule) { - return new DestinationPortRangeBuilder() - .setLowerPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeFirst))) - .setUpperPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeLast))).build(); + private static PortRangeOrOperator parseDstPortRange(final AclRule rule) { + return new RangeBuilder() + .setLowerPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeFirst))) + .setUpperPort(new PortNumber(Short.toUnsignedInt(rule.dstportOrIcmpcodeLast))).build(); } - private static SourcePortRange parseSrcPortRange(final AclRule rule) { - return new SourcePortRangeBuilder() + private static Range parseSrcPortRange(final AclRule rule) { + return new RangeBuilder() .setLowerPort(new PortNumber(Short.toUnsignedInt(rule.srcportOrIcmptypeFirst))) .setUpperPort(new PortNumber(Short.toUnsignedInt(rule.srcportOrIcmptypeLast))).build(); } private static Tcp parseTcp(final AclRule rule) { - final TcpNodesBuilder nodes = new TcpNodesBuilder(); - nodes.setDestinationPortRange(parseDstPortRange(rule)); - nodes.setSourcePortRange(parseSrcPortRange(rule)); - nodes.setTcpFlagsMask((short) Byte.toUnsignedInt(rule.tcpFlagsMask)); - nodes.setTcpFlagsValue((short) Byte.toUnsignedInt(rule.tcpFlagsValue)); - return new TcpBuilder().setTcpNodes(nodes.build()).build(); + return new TcpBuilder().setTcp( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.TcpBuilder() + .setFlags(parseTcpFlags((short) Byte.toUnsignedInt(rule.tcpFlagsValue))) + .addAugmentation(VppTcpAceAugmentation.class, new VppTcpAceAugmentationBuilder() + .setVppTcpAce(new VppTcpAceBuilder() + .setFlagsMask( + parseTcpFlagsMask((short) Byte.toUnsignedInt(rule.tcpFlagsMask))) + .build()) + .build()) + .setSourcePort(new SourcePortBuilder() + .setSourcePort(new RangeOrOperatorBuilder() + .setPortRangeOrOperator(parseSrcPortRange(rule)) + .build()) + .build()) + .setDestinationPort(new DestinationPortBuilder() + .setDestinationPort( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperatorBuilder() + .setPortRangeOrOperator(parseDstPortRange(rule)) + .build()) + .build()) + .build()) + .build(); } - private static Udp parseUdp(final AclRule rule) { - final UdpNodesBuilder nodes = new UdpNodesBuilder(); - nodes.setDestinationPortRange(parseDstPortRange(rule)); - nodes.setSourcePortRange(parseSrcPortRange(rule)); - return new UdpBuilder().setUdpNodes(nodes.build()).build(); + @VisibleForTesting + private static org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AclTcpHeaderFields.FlagsMask parseTcpFlagsMask( + final short tcpFlagsMask) { + // Flags from bit on position 1 to 8 + final Boolean cwr = (tcpFlagsMask & 0b00000001) == 1; + final Boolean ece = (tcpFlagsMask & 0b00000010) >> 1 == 1; + final Boolean urg = (tcpFlagsMask & 0b00000100) >> 2 == 1; + final Boolean ack = (tcpFlagsMask & 0b00001000) >> 3 == 1; + final Boolean psh = (tcpFlagsMask & 0b00010000) >> 4 == 1; + final Boolean rst = (tcpFlagsMask & 0b00100000) >> 5 == 1; + final Boolean syn = (tcpFlagsMask & 0b01000000) >> 6 == 1; + final Boolean fin = (tcpFlagsMask & 0b10000000) >> 7 == 1; + + return new org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AclTcpHeaderFields.FlagsMask( + ack, cwr, ece, fin, psh, rst, syn, urg); } - private static IcmpV6 parseIcmp6(final AclRule rule) { - final IcmpV6NodesBuilder nodes = new IcmpV6NodesBuilder(); - nodes.setIcmpCodeRange(parseIcmpCodeRange(rule)); - nodes.setIcmpTypeRange(parseIcmpTypeRange(rule)); - return new IcmpV6Builder().setIcmpV6Nodes(nodes.build()).build(); + @VisibleForTesting + private static AclTcpHeaderFields.Flags parseTcpFlags(final short tcpFlagsValue) { + // Flags from bit on position 1 to 8 + final Boolean cwr = (tcpFlagsValue & 0b00000001) == 1; + final Boolean ece = (tcpFlagsValue & 0b00000010) >> 1 == 1; + final Boolean urg = (tcpFlagsValue & 0b00000100) >> 2 == 1; + final Boolean ack = (tcpFlagsValue & 0b00001000) >> 3 == 1; + final Boolean psh = (tcpFlagsValue & 0b00010000) >> 4 == 1; + final Boolean rst = (tcpFlagsValue & 0b00100000) >> 5 == 1; + final Boolean syn = (tcpFlagsValue & 0b01000000) >> 6 == 1; + final Boolean fin = (tcpFlagsValue & 0b10000000) >> 7 == 1; + + return new AclTcpHeaderFields.Flags(ack, cwr, ece, fin, psh, rst, syn, urg); } - private static Other parse(final AclRule rule) { - final OtherNodesBuilder nodes = new OtherNodesBuilder(); - nodes.setProtocol((short) Short.toUnsignedInt(rule.proto)); - return new OtherBuilder().setOtherNodes(nodes.build()).build(); + private static Udp parseUdp(final AclRule rule) { + return new UdpBuilder().setUdp( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.UdpBuilder() + .setSourcePort( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.SourcePortBuilder() + .setSourcePort( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperatorBuilder() + .setPortRangeOrOperator(parseSrcPortRange(rule)) + .build()) + .build()) + .setDestinationPort( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.DestinationPortBuilder() + .setDestinationPort( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperatorBuilder() + .setPortRangeOrOperator(parseDstPortRange(rule)) + .build()) + .build()) + .build()) + .build(); } } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java index 582da0357..3ca18d6e6 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/util/protocol/ProtoPreBindRuleProducer.java @@ -16,31 +16,27 @@ package io.fd.hc2vpp.acl.util.protocol; -import static com.google.common.base.Preconditions.checkArgument; -import static io.fd.hc2vpp.acl.util.protocol.ProtoPreBindRuleProducer.ProtocolPair.pair; - -import com.google.common.collect.ImmutableSet; +import com.google.common.base.Preconditions; import io.fd.vpp.jvpp.acl.types.AclRule; -import java.util.Optional; -import java.util.Set; import javax.annotation.Nonnull; import javax.annotation.Nullable; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.ValueRange; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppTcpAceAugmentation; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.icmp.Icmp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.Tcp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.DestinationPort; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.SourcePort; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.source.port.RangeOrOperator; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.Udp; import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.PortNumber; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.DestinationPortRange; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.acl.transport.header.fields.SourcePortRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.ValueRange; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.IpProtocol; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Icmp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Tcp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Udp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.IcmpNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.icmp.v6.IcmpV6Nodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.tcp.TcpNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.udp.UdpNodes; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.AclTcpHeaderFields; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.PortRangeOrOperator; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.Range; +import org.opendaylight.yangtools.yang.binding.DataContainer; /** * Creates ACL rules pre-bind with protocol-related fields.
@@ -53,89 +49,41 @@ public interface ProtoPreBindRuleProducer { int TCP_INDEX = 6; int UDP_INDEX = 17; int ICMPV6_INDEX = 58; - short MAX_PORT_NUMBER = (short)65535; - - Set PROTOCOL_PAIRS = ImmutableSet.of(pair(Icmp.class, ICMP_INDEX), pair(Tcp.class, TCP_INDEX), - pair(Udp.class, UDP_INDEX), pair(IcmpV6.class, ICMPV6_INDEX)); - - class ProtocolPair { - private final Class protocolClass; - private final int index; + short MAX_PORT_NUMBER = (short) 65535; - private ProtocolPair(final Class protocolClass, final int index) { - this.protocolClass = protocolClass; - this.index = index; - } - - static ProtocolPair pair(@Nonnull final Class protocolClass, @Nonnull final int index) { - return new ProtocolPair(protocolClass, index); - } + static AclRule bindIcmpVppFields(AclRule rule, Icmp icmp) { + VppIcmpAceAugmentation vppIcmp = icmp.augmentation(VppIcmpAceAugmentation.class); + Preconditions.checkNotNull(vppIcmp.getVppIcmpAce(), "Cannot determine VPP ICMP attributes!"); + final ValueRange typesRange = vppIcmp.getVppIcmpAce().getIcmpTypeRange(); + final ValueRange codesRange = vppIcmp.getVppIcmpAce().getIcmpCodeRange(); - boolean match(@Nonnull final Class protocolClass) { - return this.protocolClass.isAssignableFrom(protocolClass); + if (typesRange != null) { + rule.srcportOrIcmptypeFirst = Preconditions.checkNotNull(typesRange.getFirst()); + rule.srcportOrIcmptypeLast = Preconditions.checkNotNull(typesRange.getLast()); } - int getIndex() { - return this.index; + if (codesRange != null) { + rule.dstportOrIcmpcodeFirst = Preconditions.checkNotNull(codesRange.getFirst()); + rule.dstportOrIcmpcodeLast = Preconditions.checkNotNull(codesRange.getLast()); } - } - - static byte protocol(final IpProtocol ipProtocol) { - final Optional optPair = PROTOCOL_PAIRS.stream() - .filter(protocolPair -> protocolPair.match(ipProtocol.getClass())) - .findAny(); - - if (!optPair.isPresent()) { - if (Other.class.isAssignableFrom(ipProtocol.getClass())) { - return Other.class.cast(ipProtocol).getOtherNodes().getProtocol().byteValue(); - } - - throw new IllegalArgumentException(String.format("Unsupported Protocol Type %s", ipProtocol.getClass())); - } - return (byte) optPair.get().getIndex(); - } - - static AclRule bindIcmpNodes(AclRule rule, VppAce ace) { - final VppAceNodes vppAceNodes = ace.getVppAceNodes(); - checkArgument(vppAceNodes.getIpProtocol() instanceof Icmp); - final IcmpNodes icmp = Icmp.class.cast(vppAceNodes.getIpProtocol()).getIcmpNodes(); - final ValueRange typesRange = icmp.getIcmpTypeRange(); - final ValueRange codesRange = icmp.getIcmpCodeRange(); - - rule.srcportOrIcmptypeFirst = typesRange.getFirst(); - rule.srcportOrIcmptypeLast = typesRange.getLast(); - rule.dstportOrIcmpcodeFirst = codesRange.getFirst(); - rule.dstportOrIcmpcodeLast = codesRange.getLast(); return rule; } - static AclRule bindIcmpv6Nodes(AclRule rule, VppAce ace) { - final VppAceNodes vppAceNodes = ace.getVppAceNodes(); - checkArgument(vppAceNodes.getIpProtocol() instanceof IcmpV6); - final IcmpV6Nodes icmpV6 = IcmpV6.class.cast(vppAceNodes.getIpProtocol()).getIcmpV6Nodes(); - final ValueRange typesRange = icmpV6.getIcmpTypeRange(); - final ValueRange codesRange = icmpV6.getIcmpCodeRange(); - - rule.srcportOrIcmptypeFirst = typesRange.getFirst(); - rule.srcportOrIcmptypeLast = typesRange.getLast(); - rule.dstportOrIcmpcodeFirst = codesRange.getFirst(); - rule.dstportOrIcmpcodeLast = codesRange.getLast(); - - return rule; - } - - static void bindSourcePortRange(@Nonnull final AclRule rule, @Nullable final SourcePortRange sourcePortRange) { + static void bindSourcePortRange(@Nonnull final AclRule rule, @Nullable final PortRangeOrOperator sourcePortRange) { // allow all ports by default: rule.srcportOrIcmptypeFirst = 0; rule.srcportOrIcmptypeLast = MAX_PORT_NUMBER; - if(sourcePortRange != null) { + if (sourcePortRange != null) { // lower port is mandatory - rule.srcportOrIcmptypeFirst = portNumber(sourcePortRange.getLowerPort()); + Preconditions.checkArgument(sourcePortRange instanceof Range); + Range portRange = (Range) sourcePortRange; + Preconditions.checkNotNull(portRange.getLowerPort(), "Lower port is mandatory!"); + rule.srcportOrIcmptypeFirst = portNumber(portRange.getLowerPort()); - if (sourcePortRange.getUpperPort() != null) { - rule.srcportOrIcmptypeLast = portNumber(sourcePortRange.getUpperPort()); + if (portRange.getUpperPort() != null) { + rule.srcportOrIcmptypeLast = portNumber(portRange.getUpperPort()); } else { // if upper port is missing, set lower port value as end of checked range: rule.srcportOrIcmptypeLast = rule.srcportOrIcmptypeFirst; @@ -143,17 +91,21 @@ public interface ProtoPreBindRuleProducer { } } - static void bindDestinationPortRange(@Nonnull final AclRule rule, @Nullable final DestinationPortRange destinationPortRange) { + static void bindDestinationPortRange(@Nonnull final AclRule rule, + @Nullable final PortRangeOrOperator destinationPortRange) { // allow all ports by default: rule.dstportOrIcmpcodeFirst = 0; rule.dstportOrIcmpcodeLast = MAX_PORT_NUMBER; - if(destinationPortRange != null) { + if (destinationPortRange != null) { // lower port is mandatory - rule.dstportOrIcmpcodeFirst = portNumber(destinationPortRange.getLowerPort()); + Preconditions.checkArgument(destinationPortRange instanceof Range); + Range portRange = (Range) destinationPortRange; + Preconditions.checkNotNull(portRange.getLowerPort(), "Lower port is mandatory!"); + rule.dstportOrIcmpcodeFirst = portNumber(portRange.getLowerPort()); - if (destinationPortRange.getUpperPort() != null) { - rule.dstportOrIcmpcodeLast = portNumber(destinationPortRange.getUpperPort()); + if (portRange.getUpperPort() != null) { + rule.dstportOrIcmpcodeLast = portNumber(portRange.getUpperPort()); } else { // if upper port is missing, set lower port value as end of checked range: rule.dstportOrIcmpcodeLast = rule.dstportOrIcmpcodeFirst; @@ -161,30 +113,78 @@ public interface ProtoPreBindRuleProducer { } } - static AclRule bindTcpNodes(AclRule rule, VppAce ace) { - final VppAceNodes vppAceNodes = ace.getVppAceNodes(); - checkArgument(vppAceNodes.getIpProtocol() instanceof Tcp); + static AclRule bindTcpAttributes(AclRule rule, Tcp tcp) { + SourcePort srcPort = Preconditions.checkNotNull(tcp.getSourcePort()).getSourcePort(); + if (srcPort instanceof RangeOrOperator) { + bindSourcePortRange(rule, ((RangeOrOperator) srcPort).getPortRangeOrOperator()); + } - final TcpNodes tcp = Tcp.class.cast(vppAceNodes.getIpProtocol()).getTcpNodes(); - bindSourcePortRange(rule, tcp.getSourcePortRange()); - bindDestinationPortRange(rule, tcp.getDestinationPortRange()); + DestinationPort dstPort = Preconditions.checkNotNull(tcp.getDestinationPort()).getDestinationPort(); + if (dstPort instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) { + bindDestinationPortRange(rule, + ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) dstPort) + .getPortRangeOrOperator()); + } + AclTcpHeaderFields.Flags flags = tcp.getFlags(); - if(tcp.getTcpFlagsMask() != null) { - rule.tcpFlagsMask = tcp.getTcpFlagsMask().byteValue(); + if (flags != null) { + rule.tcpFlagsValue = parseTcpFlagsValue(flags); } - if(tcp.getTcpFlagsValue() != null) { - rule.tcpFlagsValue = tcp.getTcpFlagsValue().byteValue(); + + VppTcpAceAugmentation vppTcpAceAugmentation = tcp.augmentation(VppTcpAceAugmentation.class); + if (vppTcpAceAugmentation != null && vppTcpAceAugmentation.getVppTcpAce() != null && + vppTcpAceAugmentation.getVppTcpAce().getFlagsMask() != null) { + rule.tcpFlagsMask = parseTcpFlagsMask(vppTcpAceAugmentation.getVppTcpAce().getFlagsMask()); } + return rule; } - static AclRule bindUdpNodes(AclRule rule, VppAce ace) { - final VppAceNodes vppAceNodes = ace.getVppAceNodes(); - checkArgument(vppAceNodes.getIpProtocol() instanceof Udp); + static byte parseTcpFlagsValue(AclTcpHeaderFields.Flags flags) { + int fin = flags.isFin() ? 1 : 0; + int syn = flags.isSyn() ? 1 : 0; + int rst = flags.isRst() ? 1 : 0; + int psh = flags.isPsh() ? 1 : 0; + int ack = flags.isAck() ? 1 : 0; + int urg = flags.isUrg() ? 1 : 0; + int ece = flags.isEce() ? 1 : 0; + int cwr = flags.isCwr() ? 1 : 0; + String strFlags = String.format("%d%d%d%d%d%d%d%d", fin, syn, rst, psh, ack, urg, ece, cwr); + return Byte.parseByte(strFlags, 2); + } + + static byte parseTcpFlagsMask( + org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AclTcpHeaderFields.FlagsMask flags) { + int fin = flags.isFin() ? 1 : 0; + int syn = flags.isSyn() ? 1 : 0; + int rst = flags.isRst() ? 1 : 0; + int psh = flags.isPsh() ? 1 : 0; + int ack = flags.isAck() ? 1 : 0; + int urg = flags.isUrg() ? 1 : 0; + int ece = flags.isEce() ? 1 : 0; + int cwr = flags.isCwr() ? 1 : 0; + String strFlags = String.format("%d%d%d%d%d%d%d%d", fin, syn, rst, psh, ack, urg, ece, cwr); + return Byte.parseByte(strFlags, 2); + } + + static AclRule bindUdpAttributes(AclRule rule, Udp udp) { + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.SourcePort + srcPort = Preconditions.checkNotNull(udp.getSourcePort()).getSourcePort(); + + if (srcPort instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) { + bindSourcePortRange(rule, + ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) srcPort) + .getPortRangeOrOperator()); + } + + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.DestinationPort + dstPort = Preconditions.checkNotNull(udp.getDestinationPort()).getDestinationPort(); - final UdpNodes udp = Udp.class.cast(vppAceNodes.getIpProtocol()).getUdpNodes(); - bindSourcePortRange(rule, udp.getSourcePortRange()); - bindDestinationPortRange(rule, udp.getDestinationPortRange()); + if (dstPort instanceof org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) { + bindDestinationPortRange(rule, + ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) dstPort) + .getPortRangeOrOperator()); + } return rule; } @@ -208,39 +208,56 @@ public interface ProtoPreBindRuleProducer { * @param vppAce rule to be processed * @return AclRule with protocol filled protocol fields */ - default AclRule createPreBindRule(@Nonnull final VppAce vppAce) { + default AclRule createPreBindRule(@Nonnull final Ace vppAce) { AclRule rule = new AclRule(); - - final IpProtocol ipProtocol = vppAce.getVppAceNodes().getIpProtocol(); - if (ipProtocol == null) { + L4 l4 = Preconditions.checkNotNull(vppAce.getMatches(), "Matches are not defined for ACE: {}!", vppAce).getL4(); + if (l4 == null) { // returns AclRule with rule.proto set to 0 (protocol fields will be ignored by vpp) return rule; } - rule.proto = protocol(ipProtocol); - - switch (rule.proto) { - case ICMP_INDEX: { - return bindIcmpNodes(rule, vppAce); - } - - case TCP_INDEX: { - return bindTcpNodes(rule, vppAce); - } - - case UDP_INDEX: { - return bindUdpNodes(rule, vppAce); - } + if (l4.getImplementedInterface() + .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp.class)) { + return getIcmpAclRule(vppAce, rule, + (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp) l4); + } else if (l4.getImplementedInterface() + .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp.class)) { + return getTcpAclRule(rule, + (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp) l4); + } else if (l4.getImplementedInterface() + .equals(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp.class)) { + return getUdpAclRule(rule, + (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp) l4); + } else { + return bindDefaultNodes(rule); + } + } - case ICMPV6_INDEX: { - return bindIcmpv6Nodes(rule, vppAce); - } - default: { - return bindDefaultNodes(rule); - } + default AclRule getIcmpAclRule(@Nonnull final Ace vppAce, final AclRule rule, + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp l4) { + if (vppAce.getMatches().getL3() == null) { + rule.proto = ICMP_INDEX; + } else { + Class ipVersion = vppAce.getMatches().getL3().getImplementedInterface(); + rule.proto = (byte) (ipVersion.equals(Ipv6.class) ? ICMPV6_INDEX : ICMP_INDEX); } + Icmp icmp = l4.getIcmp(); + return icmp != null ? bindIcmpVppFields(rule, icmp) : bindDefaultNodes(rule); } + default AclRule getUdpAclRule(final AclRule rule, + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp l4) { + rule.proto = UDP_INDEX; + Udp udp = l4.getUdp(); + return udp != null ? bindUdpAttributes(rule, udp) : bindDefaultNodes(rule); + } + + default AclRule getTcpAclRule(final AclRule rule, + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp l4) { + rule.proto = TCP_INDEX; + Tcp tcp = l4.getTcp(); + return tcp != null ? bindTcpAttributes(rule, tcp) : bindDefaultNodes(rule); + } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclCustomizer.java new file mode 100644 index 000000000..1161c09ef --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclCustomizer.java @@ -0,0 +1,99 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; +import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; +import io.fd.hc2vpp.acl.write.request.AclAddReplaceRequest; +import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; +import io.fd.honeycomb.translate.write.WriteContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class AclCustomizer extends FutureJVppAclCustomizer + implements ListWriterCustomizer, AclDataExtractor { + + private final AclContextManager standardAclContext; + private final AclContextManager macIpAclContext; + + public AclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, + @Nonnull final AclContextManager standardAclContext, + @Nonnull final AclContextManager macIpAclContext) { + super(jVppAclFacade); + this.standardAclContext = standardAclContext; + this.macIpAclContext = macIpAclContext; + } + + @Override + public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataAfter, + @Nonnull final WriteContext writeContext) throws WriteFailedException { + AclAddReplaceRequest request = new AclAddReplaceRequest(getjVppAclFacade(), writeContext.getMappingContext()); + if (isStandardAcl(dataAfter)) { + request.addStandardAcl(id, dataAfter, standardAclContext); + } else if (isMacIpAcl(dataAfter)) { + request.addMacIpAcl(id, dataAfter, macIpAclContext); + } else { + // double check, first one done by validation + throw new WriteFailedException.CreateFailedException(id, dataAfter, + new IllegalArgumentException("Unsupported acl option")); + } + } + + @Override + public void updateCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, + @Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext) + throws WriteFailedException { + AclAddReplaceRequest request = new AclAddReplaceRequest(getjVppAclFacade(), writeContext.getMappingContext()); + + if (isStandardAcl(dataAfter)) { + request.updateStandardAcl(id, dataAfter, standardAclContext); + } else if (isMacIpAcl(dataAfter)) { + synchronized (macIpAclContext) { + // there is no direct support for update of mac-ip acl, but only one is allowed per interface + // so it is atomic from vpp standpoint. Enclosed in synchronized block to prevent issues with + // multiple threads managing naming context + request.deleteMacIpAcl(id, dataBefore, macIpAclContext); + request.addMacIpAcl(id, dataAfter, macIpAclContext); + } + } else { + // double check, first one done by validation + throw new WriteFailedException.CreateFailedException(id, dataAfter, + new IllegalArgumentException("Unsupported acl option")); + } + } + + @Override + public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, + @Nonnull final WriteContext writeContext) throws WriteFailedException { + AclAddReplaceRequest request = new AclAddReplaceRequest(getjVppAclFacade(), writeContext.getMappingContext()); + + if (isStandardAcl(dataBefore)) { + request.deleteStandardAcl(id, dataBefore, standardAclContext); + } else if (isMacIpAcl(dataBefore)) { + request.deleteMacIpAcl(id, dataBefore, macIpAclContext); + } else { + // double check, first one done by validation + throw new WriteFailedException.DeleteFailedException(id, + new IllegalArgumentException("Unsupported acl option")); + } + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclValidator.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclValidator.java new file mode 100644 index 000000000..b7aaebcff --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/AclValidator.java @@ -0,0 +1,233 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkState; + +import com.google.common.annotations.VisibleForTesting; +import com.google.common.base.Optional; +import com.google.common.base.Preconditions; +import com.google.common.collect.ImmutableSet; +import io.fd.hc2vpp.acl.AclIIds; +import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; +import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException; +import io.fd.honeycomb.translate.write.DataValidationFailedException.DeleteValidationFailedException; +import io.fd.honeycomb.translate.write.DataValidationFailedException.UpdateValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAcl; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppMacipAcl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclBase; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPoints; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.Aces; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.Matches; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.Eth; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public final class AclValidator implements Validator, AclDataExtractor { + + private static final Set> SUPPORTED_ACL_TYPES = + ImmutableSet.of(VppAcl.class, VppMacipAcl.class); + + @Override + public void validateWrite(final InstanceIdentifier id, final Acl dataAfter, final WriteContext ctx) + throws CreateValidationFailedException { + try { + validateAcl(dataAfter); + } catch (RuntimeException e) { + throw new CreateValidationFailedException(id, dataAfter, e); + } + } + + @Override + public void validateUpdate(final InstanceIdentifier id, final Acl dataBefore, final Acl dataAfter, + final WriteContext ctx) throws UpdateValidationFailedException { + try { + validateAcl(dataAfter); + } catch (RuntimeException e) { + throw new UpdateValidationFailedException(id, dataBefore, dataAfter, e); + } + } + + @Override + public void validateDelete(final InstanceIdentifier id, final Acl dataBefore, final WriteContext ctx) + throws DeleteValidationFailedException { + try { + validateAcl(dataBefore); + final List references = checkAclReferenced(ctx, dataBefore); + // references must be check, to not leave dead references in configuration + checkState(references.isEmpty(), + "%s cannot be removed, it is referenced in following interfaces %s", dataBefore, references); + } catch (RuntimeException e) { + throw new DeleteValidationFailedException(id, e); + } + } + + private static void validateAcl(@Nonnull final Acl acl) { + hasAceList(acl); + isSupportedAclType(acl); + hasConsistentAceTypeForAclType(acl); + } + + private static void hasAceList(final Acl acl) { + final Aces accessListEntries = acl.getAces(); + checkArgument(accessListEntries != null, "The access-list-entries container is not defined."); + final List ace = accessListEntries.getAce(); + checkArgument(ace != null, "The ace list is not defined."); + checkArgument(!ace.isEmpty(), "The ace list is empty."); + } + + private static void isSupportedAclType(final Acl acl) { + checkArgument(SUPPORTED_ACL_TYPES.contains(acl.getType()), + "Unsupported Acl type %s detected for acl %s, allowed types are %s", acl.getType(), + acl.getName(), SUPPORTED_ACL_TYPES); + } + + private static void hasConsistentAceTypeForAclType(final Acl acl) { + Class type = acl.getType(); + Preconditions.checkNotNull(type, "Cannot resolve Acl type for validation of Acl: {}", acl); + Preconditions.checkNotNull(acl.getAces(), "ACEs are missing for validation of Acl: {}", acl); + Preconditions.checkNotNull(acl.getAces().getAce(), "List of ACEs is null for validation of Acl: {}", acl); + if (type.equals(VppAcl.class)) { + Set unsupportedVppAcls = + acl.getAces().getAce().stream().filter(ace -> !isVppAce(ace)).collect(Collectors.toSet()); + checkArgument(unsupportedVppAcls.isEmpty(), "Detected unsupported ace types [%s] for ACL %s", + unsupportedVppAcls, acl.getName()); + } + + if (type.equals(VppMacipAcl.class)) { + Set unsupportedVppMacipAclAcls = + acl.getAces().getAce().stream().filter(ace -> !isVppMacipAclAce(ace)).collect(Collectors.toSet()); + checkArgument(unsupportedVppMacipAclAcls.isEmpty(), "Detected unsupported ace types [%s] for ACL %s", + unsupportedVppMacipAclAcls, acl.getName()); + } + } + + private static boolean isVppMacipAclAce(final Ace ace) { + Matches matches = Preconditions + .checkNotNull(ace.getMatches(), "Cannot validate VppMacipAcl type for Ace: {}, matches are not defined", + ace); + if (matches.getL2() == null || !(matches.getL2() instanceof Eth)) { + return false; + } + + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l2.eth.Eth + eth = ((Eth) matches.getL2()).getEth(); + if (eth == null) { + return false; + } + + return true; + } + + private static boolean isVppAce(final Ace ace) { + Matches matches = Preconditions + .checkNotNull(ace.getMatches(), "Cannot validate VppMacipAcl type for Ace: {}, matches are not defined", + ace); + L3 l3 = matches.getL3(); + if (l3 == null || (!(l3 instanceof Ipv4)) && (!(l3 instanceof Ipv6))) { + return false; + } + + if (l3 instanceof Ipv4) { + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4 + ipv4 = ((Ipv4) l3).getIpv4(); + if (ipv4 == null || ipv4.getSourceNetwork() == null || + !(ipv4.getSourceNetwork() instanceof SourceIpv4Network)) { + return false; + } + } + + if (l3 instanceof Ipv6) { + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6 + ipv6 = ((Ipv6) l3).getIpv6(); + if (ipv6 == null || ipv6.getSourceNetwork() == null || + !(ipv6.getSourceNetwork() instanceof SourceIpv6Network)) { + return false; + } + } + + return true; + } + + @VisibleForTesting + static List checkAclReferenced(@Nonnull final WriteContext writeContext, @Nonnull final Acl acl) { + Preconditions.checkNotNull(acl.getType(), "Cannot validate acl: {}, type is not set.", acl); + if (!acl.getType().equals(VppAcl.class) && !acl.getType().equals(VppMacipAcl.class)) { + throw new IllegalArgumentException(String.format("Acl type %s not supported", acl.getType())); + } + + Optional attachmentPointsOpt = writeContext.readAfter(AclIIds.ACLS_AP); + if (!attachmentPointsOpt.isPresent() || attachmentPointsOpt.get().getInterface() == null) { + return Collections.emptyList(); + } + + final List interfaces = attachmentPointsOpt.get().getInterface(); + if (interfaces == null) { + return Collections.emptyList(); + } + final String aclName = acl.getName(); + + HashMap sets = getIngressAclSets(interfaces); + sets.putAll(getEgressAclSets(interfaces)); + List referencedIfcs = new ArrayList<>(); + sets.forEach((ifc, aclSets) -> { + if (aclSets.getAclSet() != null) { + if (aclSets.getAclSet().stream() + .map(AclSet::getName) + .filter(Objects::nonNull) + .anyMatch(name -> name.equalsIgnoreCase(aclName))) { + referencedIfcs.add(ifc); + } + } + }); + return referencedIfcs.stream().distinct().collect(Collectors.toList()); + } + + private static HashMap getEgressAclSets(final List interfaces) { + HashMap map = new HashMap<>(); + interfaces.stream().filter(anInterface -> anInterface.getEgress() != null) + .forEach(anInterface -> map.put(anInterface.getInterfaceId(), anInterface.getEgress().getAclSets())); + return map; + } + + private static HashMap getIngressAclSets(final List interfaces) { + HashMap map = new HashMap<>(); + interfaces.stream().filter(anInterface -> anInterface.getIngress() != null) + .forEach(anInterface -> map.put(anInterface.getInterfaceId(), anInterface.getIngress().getAclSets())); + return map; + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java index a6ca35af3..622a84d93 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java @@ -16,82 +16,177 @@ package io.fd.hc2vpp.acl.write; +import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.deleteExisting; import static java.util.stream.Collectors.toList; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; -import io.fd.hc2vpp.acl.util.iface.acl.AclInterfaceAssignmentRequest; +import io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest; +import io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest; import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; import io.fd.honeycomb.translate.spi.write.WriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; import java.util.Collections; import java.util.List; +import java.util.stream.Collectors; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; /** * Handles acl assignments(only standard ones, mac-ip have dedicated customizer) */ -public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer { +public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer { private final NamingContext interfaceContext; private final AclContextManager standardAclContext; + private final AclContextManager macIpAclContext; public InterfaceAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, @Nonnull final NamingContext interfaceContext, - @Nonnull final AclContextManager standardAclContext) { + @Nonnull final AclContextManager standardAclContext, + @Nonnull final AclContextManager macIpAclContext) { super(jVppAclFacade); this.interfaceContext = interfaceContext; this.standardAclContext = standardAclContext; + this.macIpAclContext = macIpAclContext; + } + + private static List getAclNames(final AclSets acls) { + if (acls == null || acls.getAclSet() == null) { + return Collections.emptyList(); + } else { + return acls.getAclSet().stream().map(AclSet::getName).collect(toList()); + } } @Override - public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataAfter, + public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, + @Nonnull final Interface dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { - AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) - .standardAclContext(standardAclContext) - .interfaceContext(interfaceContext) - .identifier(id) - .inputAclNames(getAclNames(dataAfter.getIngress())) - .outputAclNames(getAclNames(dataAfter.getEgress())) - .executeAsCreate(getjVppAclFacade()); + AclSets egress = dataAfter.getEgress() != null ? dataAfter.getEgress().getAclSets() : null; + AclSets ingress = dataAfter.getIngress() != null ? dataAfter.getIngress().getAclSets() : null; + List macIngress = parseMacRules(getAclNames(ingress), writeContext.getMappingContext()); + List standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext()); + List standardEgress = parseStandardRules(getAclNames(egress), writeContext.getMappingContext()); + + // Process standard ACLs + if (!standardIngress.isEmpty() || !standardEgress.isEmpty()) { + AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) + .standardAclContext(standardAclContext) + .interfaceContext(interfaceContext) + .identifier(id) + .inputAclNames(standardIngress) + .outputAclNames(standardEgress) + .executeAsCreate(getjVppAclFacade()); + } + // Process mac ACLs + if (!macIngress.isEmpty()) { + addMacAcls(id, writeContext, macIngress); + } } @Override - public void updateCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, - @Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext) + public void updateCurrentAttributes(@Nonnull final InstanceIdentifier id, + @Nonnull final Interface dataBefore, + @Nonnull final Interface dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { + AclSets egress = dataAfter.getEgress() != null ? dataAfter.getEgress().getAclSets() : null; + AclSets ingress = dataAfter.getIngress() != null ? dataAfter.getIngress().getAclSets() : null; + List standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext()); + List standardEgress = parseStandardRules(getAclNames(egress), writeContext.getMappingContext()); + + // update standard ACLs AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) .standardAclContext(standardAclContext) .interfaceContext(interfaceContext) .identifier(id) - .inputAclNames(getAclNames(dataAfter.getIngress())) - .outputAclNames(getAclNames(dataAfter.getEgress())) + .inputAclNames(standardIngress) + .outputAclNames(standardEgress) .executeAsUpdate(getjVppAclFacade(), dataBefore, dataAfter); + + // Process mac ACLs + AclSets ingressBefore = dataBefore.getIngress() != null ? dataBefore.getIngress().getAclSets() : null; + List macIngressAfter = parseMacRules(getAclNames(ingress), writeContext.getMappingContext()); + List macIngressBefore = parseMacRules(getAclNames(ingressBefore), writeContext.getMappingContext()); + List added = + macIngressAfter.stream().filter(acl -> !macIngressBefore.contains(acl)).collect(Collectors.toList()); + List removed = + macIngressBefore.stream().filter(acl -> !macIngressAfter.contains(acl)).collect(Collectors.toList()); + + if (!removed.isEmpty()) { + deleteMacACLs(id, writeContext, removed); + } + + if (!added.isEmpty()) { + addMacAcls(id, writeContext, added); + } } @Override - public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, - @Nonnull final WriteContext writeContext) throws WriteFailedException { - AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) - .standardAclContext(standardAclContext) - .interfaceContext(interfaceContext) - .identifier(id) - .executeAsDelete(getjVppAclFacade()); + public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, + @Nonnull final Interface dataBefore, @Nonnull final WriteContext writeContext) + throws WriteFailedException { + AclSets ingress = dataBefore.getIngress() != null ? dataBefore.getIngress().getAclSets() : null; + List standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext()); + List macIngress = parseMacRules(getAclNames(ingress), writeContext.getMappingContext()); + + //Process standard ACLs + if (!standardIngress.isEmpty()) { + AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) + .standardAclContext(standardAclContext) + .interfaceContext(interfaceContext) + .identifier(id) + .executeAsDelete(getjVppAclFacade()); + } + + // Process mac ACLs + if (!macIngress.isEmpty()) { + deleteMacACLs(id, writeContext, macIngress); + } } - private static List getAclNames(final VppAclsBaseAttributes acls) { - if (acls == null || acls.getVppAcls() == null) { - return Collections.emptyList(); - } else { - return acls.getVppAcls().stream().map(VppAcls::getName).collect(toList()); + private List parseMacRules(final List ingress, final MappingContext mappingContext) { + return ingress.stream() + .filter(aclName -> macIpAclContext.containsAcl(aclName, mappingContext)).collect(Collectors.toList()); + } + + private List parseStandardRules(final List ingress, final MappingContext mappingContext) { + return ingress.stream() + .filter(aclName -> standardAclContext.containsAcl(aclName, mappingContext)) + .collect(Collectors.toList()); + } + + + private void addMacAcls(@Nonnull final InstanceIdentifier id, + @Nonnull final WriteContext writeContext, final List added) + throws WriteFailedException { + for (String macAcl : added) { + MacIpInterfaceAssignmentRequest.addNew(writeContext.getMappingContext()) + .identifier(id) + .aclName(macAcl) + .macIpAclContext(macIpAclContext) + .interfaceContext(interfaceContext) + .execute(getjVppAclFacade()); } } + private void deleteMacACLs(@Nonnull final InstanceIdentifier id, + @Nonnull final WriteContext writeContext, final List macAcls) + throws WriteFailedException { + for (String macAcl : macAcls) { + deleteExisting(writeContext.getMappingContext()) + .identifier(id) + .aclName(macAcl) + .macIpAclContext(macIpAclContext) + .interfaceContext(interfaceContext) + .execute(getjVppAclFacade()); + } + } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclMacIpCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclMacIpCustomizer.java deleted file mode 100644 index fc0acd223..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclMacIpCustomizer.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.write; - -import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.addNew; -import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.deleteExisting; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.spi.write.WriterCustomizer; -import io.fd.honeycomb.translate.write.WriteContext; -import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class InterfaceAclMacIpCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer { - - private final AclContextManager macIpAclContext; - private final NamingContext interfaceContext; - - public InterfaceAclMacIpCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, - @Nonnull final AclContextManager macIpAclContext, - @Nonnull final NamingContext interfaceContext) { - super(jVppAclFacade); - this.macIpAclContext = macIpAclContext; - this.interfaceContext = interfaceContext; - } - - @Override - public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, - @Nonnull final VppMacipAcl dataAfter, - @Nonnull final WriteContext writeContext) throws WriteFailedException { - addNew(writeContext.getMappingContext()) - .identifier(id) - .aclName(dataAfter.getName()) - .macIpAclContext(macIpAclContext) - .interfaceContext(interfaceContext) - .execute(getjVppAclFacade()); - } - - @Override - public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, - @Nonnull final VppMacipAcl dataBefore, - @Nonnull final WriteContext writeContext) throws WriteFailedException { - deleteExisting(writeContext.getMappingContext()) - .identifier(id) - .aclName(dataBefore.getName()) - .macIpAclContext(macIpAclContext) - .interfaceContext(interfaceContext) - .execute(getjVppAclFacade()); - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java deleted file mode 100644 index 00cd8a56c..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclCustomizer.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.write; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; -import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; -import io.fd.hc2vpp.acl.util.acl.AclWriter; -import io.fd.honeycomb.translate.MappingContext; -import io.fd.honeycomb.translate.spi.write.ListWriterCustomizer; -import io.fd.honeycomb.translate.write.WriteContext; -import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class VppAclCustomizer extends FutureJVppAclCustomizer - implements ListWriterCustomizer, AclDataExtractor, AclWriter { - - private final AclContextManager standardAclContext; - private final AclContextManager macIpAclContext; - - public VppAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, - @Nonnull final AclContextManager standardAclContext, - @Nonnull final AclContextManager macIpAclContext) { - super(jVppAclFacade); - this.standardAclContext = standardAclContext; - this.macIpAclContext = macIpAclContext; - } - - @Override - public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataAfter, - @Nonnull final WriteContext writeContext) throws WriteFailedException { - final MappingContext mappingContext = writeContext.getMappingContext(); - - if (isStandardAcl(dataAfter)) { - addStandardAcl(getjVppAclFacade(), id, dataAfter, standardAclContext, mappingContext); - } else if (isMacIpAcl(dataAfter)) { - addMacIpAcl(getjVppAclFacade(), id, dataAfter, macIpAclContext, mappingContext); - } else { - // double check, first one done by validation - throw new WriteFailedException.CreateFailedException(id, dataAfter, - new IllegalArgumentException("Unsupported acl option")); - } - } - - @Override - public void updateCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, - @Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext) - throws WriteFailedException { - final MappingContext mappingContext = writeContext.getMappingContext(); - - if (isStandardAcl(dataAfter)) { - updateStandardAcl(getjVppAclFacade(), id, dataAfter, standardAclContext, mappingContext); - } else if (isMacIpAcl(dataAfter)) { - synchronized (macIpAclContext) { - // there is no direct support for update of mac-ip acl, but only one is allowed per interface - // so it is atomic from vpp standpoint. Enclosed in synchronized block to prevent issues with - // multiple threads managing naming context - deleteMacIpAcl(getjVppAclFacade(), id, dataBefore, macIpAclContext, mappingContext); - addMacIpAcl(getjVppAclFacade(), id, dataAfter, macIpAclContext, mappingContext); - } - } else { - // double check, first one done by validation - throw new WriteFailedException.CreateFailedException(id, dataAfter, - new IllegalArgumentException("Unsupported acl option")); - } - } - - @Override - public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, - @Nonnull final WriteContext writeContext) throws WriteFailedException { - final MappingContext mappingContext = writeContext.getMappingContext(); - - if (isStandardAcl(dataBefore)) { - deleteStandardAcl(getjVppAclFacade(), id, dataBefore, standardAclContext, mappingContext); - } else if (isMacIpAcl(dataBefore)) { - deleteMacIpAcl(getjVppAclFacade(), id, dataBefore, macIpAclContext, mappingContext); - } else { - // double check, first one done by validation - throw new WriteFailedException.DeleteFailedException(id, - new IllegalArgumentException("Unsupported acl option")); - } - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclValidator.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclValidator.java deleted file mode 100644 index 942d3bcb3..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/VppAclValidator.java +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright (c) 2018 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.write; - -import static com.google.common.base.Preconditions.checkArgument; -import static com.google.common.base.Preconditions.checkNotNull; -import static com.google.common.base.Preconditions.checkState; -import static java.lang.String.format; -import static java.util.Collections.emptyList; -import static java.util.Optional.ofNullable; - -import com.google.common.annotations.VisibleForTesting; -import com.google.common.base.Optional; -import com.google.common.collect.ImmutableMap; -import com.google.common.collect.ImmutableSet; -import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; -import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException; -import io.fd.honeycomb.translate.write.DataValidationFailedException.DeleteValidationFailedException; -import io.fd.honeycomb.translate.write.DataValidationFailedException.UpdateValidationFailedException; -import io.fd.honeycomb.translate.write.Validator; -import io.fd.honeycomb.translate.write.WriteContext; -import java.util.Collections; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.stream.Collectors; -import javax.annotation.Nonnull; -import javax.annotation.Nullable; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.AccessListEntries; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.Matches; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.matches.AceType; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.InterfaceAclAttributes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppMacipAclsBaseAttributes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public final class VppAclValidator implements Validator, AclDataExtractor { - - private static final Set> SUPPORTED_ACL_TYPES = - ImmutableSet.of(VppAcl.class, VppMacipAcl.class); - private static final Map, Class> ACL_ACE_PAIRS = - ImmutableMap.of(VppAcl.class, VppAce.class, VppMacipAcl.class, VppMacipAce.class); - - @Override - public void validateWrite(final InstanceIdentifier id, final Acl dataAfter, final WriteContext ctx) - throws CreateValidationFailedException { - try { - validateAcl(dataAfter); - } catch (RuntimeException e) { - throw new CreateValidationFailedException(id, dataAfter, e); - } - } - - @Override - public void validateUpdate(final InstanceIdentifier id, final Acl dataBefore, final Acl dataAfter, - final WriteContext ctx) throws UpdateValidationFailedException { - try { - validateAcl(dataAfter); - } catch (RuntimeException e) { - throw new UpdateValidationFailedException(id, dataBefore, dataAfter, e); - } - } - - @Override - public void validateDelete(final InstanceIdentifier id, final Acl dataBefore, final WriteContext ctx) - throws DeleteValidationFailedException { - try { - validateAcl(dataBefore); - final List references = checkAclReferenced(ctx, dataBefore); - // references must be check, to not leave dead references in configuration - checkState(references.isEmpty(), - "%s cannot be removed, it is referenced in following interfaces %s", dataBefore, references); - } catch (RuntimeException e) { - throw new DeleteValidationFailedException(id, e); - } - } - - private static void validateAcl(@Nonnull final Acl acl) { - hasAceList(acl); - isSupportedAclType(acl); - hasConsistentAceTypeForAclType(acl); - } - - private static void hasAceList(final Acl acl) { - final AccessListEntries accessListEntries = acl.getAccessListEntries(); - checkArgument(accessListEntries != null, "The access-list-entries container is not defined."); - final List ace = accessListEntries.getAce(); - checkArgument(ace != null, "The ace list is not defined."); - checkArgument(!ace.isEmpty(), "The ace list is empty."); - } - - private static void isSupportedAclType(final Acl acl) { - checkArgument(SUPPORTED_ACL_TYPES.contains(acl.getAclType()), - "Unsupported Acl type %s detected for acl %s, allowed types are %s", acl.getAclType(), - acl.getAclName(), SUPPORTED_ACL_TYPES); - } - - private static void hasConsistentAceTypeForAclType(final Acl acl) { - checkTypesSame(acl.getAccessListEntries().getAce(), acl.getAclName(), - checkNotNull(ACL_ACE_PAIRS.get(acl.getAclType()), "Unsupported ACL type %s for ACL %s", - acl.getAclType(), acl.getAclName())); - } - - private static void checkTypesSame(final List aces, final String aclName, - final Class aceType) { - final Set unsupportedAceTypes = aces.stream() - .map(Ace::getMatches) - .map(Matches::getAceType) - .filter(aceType::equals) - .collect(Collectors.toSet()); - checkArgument(unsupportedAceTypes.isEmpty(), "Detected unsupported ace types [%s] for ACL %s, expected %s", - unsupportedAceTypes, aclName, aceType); - } - - @VisibleForTesting - static List checkAclReferenced(@Nonnull final WriteContext writeContext, - @Nonnull final Acl acl) { - final Optional readAfter = writeContext.readAfter(InstanceIdentifier.create(Interfaces.class)); - if (!readAfter.isPresent() || readAfter.get().getInterface() == null) { - return Collections.emptyList(); - } - - final List interfaces = readAfter.get().getInterface(); - final Class aclType = acl.getAclType(); - final String aclName = acl.getAclName(); - - if (aclType.equals(VppAcl.class)) { - return interfaces.stream() - .filter(iface -> ofNullable(iface.augmentation(VppAclInterfaceAugmentation.class)) - .map(InterfaceAclAttributes::getAcl) - .filter(references -> - checkVppAcls(references.getIngress(), aclName) || - checkVppAcls(references.getEgress(), aclName)).isPresent() - ).collect(Collectors.toList()); - } else if (aclType.equals(VppMacipAcl.class)) { - return interfaces.stream() - .filter(iface -> ofNullable(iface.augmentation(VppAclInterfaceAugmentation.class)) - .map(InterfaceAclAttributes::getAcl) - .map(aclAttr -> aclAttr.getIngress()) - .map(VppMacipAclsBaseAttributes::getVppMacipAcl) - .filter(vppMacipAcl -> vppMacipAcl.getName().equals(aclName)) - .isPresent()) - .collect(Collectors.toList()); - } else { - throw new IllegalArgumentException(format("Acl type %s not supported", aclType)); - } - } - - private static boolean checkVppAcls(@Nullable final VppAclsBaseAttributes attrs, @Nonnull final String name) { - return ofNullable(attrs).map(VppAclsBaseAttributes::getVppAcls) - .orElse(emptyList()) - .stream().anyMatch(acl -> acl.getName().equals(name)); - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AbstractAclWriterFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AbstractAclWriterFactory.java index 37a8de2d1..8944e5977 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AbstractAclWriterFactory.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AbstractAclWriterFactory.java @@ -26,10 +26,10 @@ import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; /** * Created by jsrnicek on 12.12.2016. */ -class AbstractAclWriterFactory { +abstract class AbstractAclWriterFactory { @Inject - protected FutureJVppAclFacade futureAclFacade; + FutureJVppAclFacade futureAclFacade; @Inject @Named(AclModule.STANDARD_ACL_CONTEXT_NAME) @@ -37,7 +37,7 @@ class AbstractAclWriterFactory { @Inject @Named(AclModule.MAC_IP_ACL_CONTEXT_NAME) - protected AclContextManager macIpAClContext; + protected AclContextManager macIpAclContext; @Inject @Named("interface-context") diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AclWriterFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AclWriterFactory.java new file mode 100644 index 000000000..faab3023d --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/AclWriterFactory.java @@ -0,0 +1,39 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write.factory; + +import io.fd.hc2vpp.acl.AclIIds; +import io.fd.hc2vpp.acl.write.AclCustomizer; +import io.fd.hc2vpp.acl.write.AclValidator; +import io.fd.honeycomb.translate.impl.write.GenericListWriter; +import io.fd.honeycomb.translate.write.WriterFactory; +import io.fd.honeycomb.translate.write.registry.ModifiableWriterRegistryBuilder; +import javax.annotation.Nonnull; + +public class AclWriterFactory extends AbstractAclWriterFactory implements WriterFactory { + + @Override + public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) { + + registry.subtreeAddBefore(AclIIds.vppAclChildren(AclIIds.ACL), + new GenericListWriter<>(AclIIds.ACLS_ACL, + new AclCustomizer(futureAclFacade, standardAclContext, macIpAclContext), + new AclValidator() + ), + AclIIds.aclHandledChildren(AclIIds.IFC_ACL)); + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/InterfaceAclWriterFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/InterfaceAclWriterFactory.java index 12be40a14..c5144b362 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/InterfaceAclWriterFactory.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/InterfaceAclWriterFactory.java @@ -17,46 +17,27 @@ package io.fd.hc2vpp.acl.write.factory; import com.google.common.collect.ImmutableSet; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.write.InterfaceAclCustomizer; -import io.fd.hc2vpp.acl.write.InterfaceAclMacIpCustomizer; import io.fd.honeycomb.translate.impl.write.GenericWriter; import io.fd.honeycomb.translate.write.WriterFactory; import io.fd.honeycomb.translate.write.registry.ModifiableWriterRegistryBuilder; import java.util.Set; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class InterfaceAclWriterFactory extends AbstractAclWriterFactory implements WriterFactory { - static final InstanceIdentifier ACL_IID = - InstanceIdentifier.create(Interfaces.class).child(Interface.class) - .augmentation(VppAclInterfaceAugmentation.class).child(Acl.class); - private static final InstanceIdentifier IFC_ID = - InstanceIdentifier.create(Interfaces.class).child(Interface.class); - - @Override public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) { - registry.subtreeAddAfter(aclHandledChildren(InstanceIdentifier.create(Acl.class)), - new GenericWriter<>(ACL_IID, - new InterfaceAclCustomizer(futureAclFacade, interfaceContext, standardAclContext)), IFC_ID); - - registry.addAfter(new GenericWriter<>(ACL_IID.child(Ingress.class).child(VppMacipAcl.class), - new InterfaceAclMacIpCustomizer(futureAclFacade, macIpAClContext, interfaceContext)), IFC_ID); + registry.subtreeAddAfter(AclIIds.aclHandledChildren(AclIIds.IFC_ACL), + new GenericWriter<>(AclIIds.ACLS_AP_INT, + new InterfaceAclCustomizer(futureAclFacade, interfaceContext, standardAclContext, + macIpAclContext)), + aclRequiredIids()); } - static Set> aclHandledChildren(final InstanceIdentifier parentId) { - return ImmutableSet.of(parentId.child(Ingress.class), - parentId.child(Ingress.class).child(VppAcls.class), - parentId.child(Egress.class), - parentId.child(Egress.class).child(VppAcls.class)); + static Set> aclRequiredIids() { + return ImmutableSet.of(AclIIds.IFC, AclIIds.IFC_ACL, AclIIds.ACLS_ACL); } } diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/VppAclWriterFactory.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/VppAclWriterFactory.java deleted file mode 100644 index 883cf4f1f..000000000 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/factory/VppAclWriterFactory.java +++ /dev/null @@ -1,46 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.write.factory; - -import static io.fd.hc2vpp.acl.write.factory.InterfaceAclWriterFactory.ACL_IID; -import static io.fd.hc2vpp.acl.write.factory.InterfaceAclWriterFactory.aclHandledChildren; - -import io.fd.hc2vpp.acl.util.factory.AclFactory; -import io.fd.hc2vpp.acl.write.VppAclCustomizer; -import io.fd.hc2vpp.acl.write.VppAclValidator; -import io.fd.honeycomb.translate.impl.write.GenericListWriter; -import io.fd.honeycomb.translate.write.WriterFactory; -import io.fd.honeycomb.translate.write.registry.ModifiableWriterRegistryBuilder; -import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class VppAclWriterFactory extends AbstractAclWriterFactory implements WriterFactory, AclFactory { - - @Override - public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) { - final InstanceIdentifier rootNode = InstanceIdentifier.create(AccessLists.class); - - registry.subtreeAddBefore(vppAclChildren(InstanceIdentifier.create(Acl.class)), - new GenericListWriter<>(rootNode.child(Acl.class), - new VppAclCustomizer(futureAclFacade, standardAclContext, macIpAClContext), - new VppAclValidator() - ), - aclHandledChildren(ACL_IID)); - } -} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclAddReplaceRequest.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclAddReplaceRequest.java new file mode 100644 index 000000000..29a7c7489 --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclAddReplaceRequest.java @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write.request; + +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.acl.util.ace.AceConverter; +import io.fd.hc2vpp.acl.util.acl.AclDataExtractor; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.dto.AclAddReplace; +import io.fd.vpp.jvpp.acl.dto.AclAddReplaceReply; +import io.fd.vpp.jvpp.acl.dto.AclDel; +import io.fd.vpp.jvpp.acl.dto.MacipAclAdd; +import io.fd.vpp.jvpp.acl.dto.MacipAclAddReply; +import io.fd.vpp.jvpp.acl.dto.MacipAclDel; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.List; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class AclAddReplaceRequest implements AclDataExtractor, AceConverter, JvppReplyConsumer { + + int ACL_INDEX_CREATE_NEW = -1; + private final FutureJVppAclFacade futureFacade; + private final MappingContext mappingContext; + + public AclAddReplaceRequest(@Nonnull final FutureJVppAclFacade futureFacade, + @Nonnull final MappingContext mappingContext) { + this.futureFacade = futureFacade; + this.mappingContext = mappingContext; + } + + + public void addStandardAcl(@Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, + @Nonnull final AclContextManager standardAclContext) throws WriteFailedException { + + final AclAddReplace request = new AclAddReplace(); + + request.tag = getAclTag(acl); + request.aclIndex = ACL_INDEX_CREATE_NEW; + + final List aces = getAces(acl); + request.r = toStandardAclRules(aces); + request.count = request.r.length; + + final AclAddReplaceReply reply = + getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id); + + // maps new acl to returned index + standardAclContext.addAcl(reply.aclIndex, acl.getName(), aces, mappingContext); + } + + // according to vpp team, this was tested extensively, and should work + public void updateStandardAcl(@Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, + @Nonnull final AclContextManager standardAclContext) throws WriteFailedException { + + final AclAddReplace request = new AclAddReplace(); + + request.tag = getAclTag(acl); + // by setting existing index, request is resolved as update + request.aclIndex = standardAclContext.getAclIndex(acl.getName(), mappingContext); + + final List aces = getAces(acl); + request.r = toStandardAclRules(aces); + request.count = request.r.length; + + final AclAddReplaceReply reply = + getReplyForWrite(futureFacade.aclAddReplace(request).toCompletableFuture(), id); + + // overwrites existing acl metadata (aces might have been changed): + standardAclContext.addAcl(reply.aclIndex, acl.getName(), aces, mappingContext); + } + + public void deleteStandardAcl(@Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, + @Nonnull final AclContextManager standardAclContext) throws WriteFailedException { + + final AclDel request = new AclDel(); + final String aclName = acl.getName(); + request.aclIndex = standardAclContext.getAclIndex(aclName, mappingContext); + + getReplyForDelete(futureFacade.aclDel(request).toCompletableFuture(), id); + + // removes mapping after successful delete + standardAclContext.removeAcl(aclName, mappingContext); + } + + public void addMacIpAcl(@Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, + @Nonnull final AclContextManager macIpAclContext) throws WriteFailedException { + final MacipAclAdd request = new MacipAclAdd(); + + request.tag = getAclTag(acl); + + final List aces = getAces(acl); + request.r = toMacIpAclRules(aces); + request.count = request.r.length; + + final MacipAclAddReply reply = getReplyForWrite(futureFacade.macipAclAdd(request).toCompletableFuture(), id); + + // map mac-ip acl to returned index + macIpAclContext.addAcl(reply.aclIndex, acl.getName(), aces, mappingContext); + } + + public void deleteMacIpAcl(@Nonnull final InstanceIdentifier id, @Nonnull final Acl acl, + @Nonnull final AclContextManager macIpAclContext) throws WriteFailedException { + final MacipAclDel request = new MacipAclDel(); + final String aclName = acl.getName(); + request.aclIndex = macIpAclContext.getAclIndex(aclName, mappingContext); + + getReplyForDelete(futureFacade.macipAclDel(request).toCompletableFuture(), id); + + macIpAclContext.removeAcl(aclName, mappingContext); + } + + +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclInterfaceAssignmentRequest.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclInterfaceAssignmentRequest.java new file mode 100644 index 000000000..2d7777e35 --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/AclInterfaceAssignmentRequest.java @@ -0,0 +1,172 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package io.fd.hc2vpp.acl.write.request; + +import static com.google.common.base.Preconditions.checkNotNull; + +import com.google.common.collect.ImmutableList; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclList; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.Collections; +import java.util.List; +import java.util.stream.Stream; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Multi-assignment single-request taking advantage from acl_interface_set_acl_list api + */ +public class AclInterfaceAssignmentRequest implements JvppReplyConsumer, ByteDataTranslator { + + private static final Logger LOG = LoggerFactory.getLogger(AclInterfaceAssignmentRequest.class); + + private final MappingContext mappingContext; + private InstanceIdentifier + identifier; + private List inputAclNames = Collections.emptyList(); + private List outputAclNames = Collections.emptyList(); + private AclContextManager standardAclContext; + private NamingContext interfaceContext; + + + private AclInterfaceAssignmentRequest(final MappingContext mappingContext) { + this.mappingContext = checkNotNull(mappingContext, "Mapping context cannot be null"); + } + + public static AclInterfaceAssignmentRequest create(@Nonnull final MappingContext mappingContext) { + return new AclInterfaceAssignmentRequest(mappingContext); + } + + public AclInterfaceAssignmentRequest identifier( + @Nonnull final InstanceIdentifier identifier) { + this.identifier = identifier; + return this; + } + + public AclInterfaceAssignmentRequest inputAclNames(@Nonnull final List inputAclNames) { + checkNotNull(inputAclNames, "Input ACL names cannot be null"); + this.inputAclNames = ImmutableList.copyOf(inputAclNames); + return this; + } + + public AclInterfaceAssignmentRequest outputAclNames(@Nonnull final List outputAclNames) { + checkNotNull(outputAclNames, "Output ACL names cannot be null"); + this.outputAclNames = ImmutableList.copyOf(outputAclNames); + return this; + } + + public AclInterfaceAssignmentRequest standardAclContext(@Nonnull final AclContextManager standardAclContext) { + this.standardAclContext = standardAclContext; + return this; + } + + public AclInterfaceAssignmentRequest interfaceContext(@Nonnull final NamingContext interfaceContext) { + this.interfaceContext = interfaceContext; + return this; + } + + private void checkValidRequest() { + checkNotNull(identifier, "Identifier cannot be null"); + checkNotNull(standardAclContext, "ACL context cannot be null"); + checkNotNull(interfaceContext, "Interface context cannot be null"); + } + + public void executeAsCreate(@Nonnull final FutureJVppAclFacade api) throws WriteFailedException { + checkValidRequest(); + final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId(); + + // locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request + synchronized (mappingContext) { + LOG.debug( + "Executing acl interface assignment write request for interface={}, input ACL's={},output ACL's={}", + interfaceName, inputAclNames, outputAclNames); + + getReplyForWrite(api.aclInterfaceSetAclList(createRequest(interfaceName)).toCompletableFuture(), + identifier); + LOG.debug( + "Acl interface assignment write request for interface={}, input ACL's={},output ACL's={} successfully passed", + interfaceName, inputAclNames, outputAclNames); + } + } + + public void executeAsUpdate(@Nonnull final FutureJVppAclFacade api, + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface before, + final org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface after) + throws WriteFailedException { + checkValidRequest(); + final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId(); + + // locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request + synchronized (mappingContext) { + LOG.debug( + "Executing acl interface assignment update request for interface={}, input ACL's={},output ACL's={}", + interfaceName, inputAclNames, outputAclNames); + + getReplyForUpdate(api.aclInterfaceSetAclList(createRequest(interfaceName)).toCompletableFuture(), + identifier, before, after); + LOG.debug( + "Acl interface assignment update request for interface={}, input ACL's={},output ACL's={} successfully passed", + interfaceName, inputAclNames, outputAclNames); + } + } + + public void executeAsDelete(@Nonnull final FutureJVppAclFacade api) throws WriteFailedException { + checkValidRequest(); + final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId(); + + // locking on mapping context, to prevent modifying of mappings (for both contexts) during binding/execution of request + synchronized (mappingContext) { + LOG.debug( + "Executing acl interface assignment delete request for interface={}, input ACL's={},output ACL's={}", + interfaceName, inputAclNames, outputAclNames); + + // remove all ACLs, just in case they were set by AclInterfaceAssignmentRequest user + inputAclNames = Collections.emptyList(); + outputAclNames = Collections.emptyList(); + + getReplyForDelete(api.aclInterfaceSetAclList(createRequest(interfaceName)).toCompletableFuture(), + identifier); + LOG.debug( + "Acl interface assignment delete request for interface={}, input ACL's={},output ACL's={} successfully passed", + interfaceName, inputAclNames, outputAclNames); + } + } + + // synchronized on higher layer + private AclInterfaceSetAclList createRequest(final String interfaceName) { + + AclInterfaceSetAclList request = new AclInterfaceSetAclList(); + request.swIfIndex = interfaceContext.getIndex(interfaceName, mappingContext); + // FIXME (HC2VPP-201): possible overflow + request.nInput = (byte) inputAclNames.size(); + request.count = (byte) (inputAclNames.size() + outputAclNames.size()); + request.acls = Stream.concat(inputAclNames.stream(), outputAclNames.stream()) + .mapToInt(aclName -> standardAclContext.getAclIndex(aclName, mappingContext)) + .toArray(); + return request; + } +} diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/MacIpInterfaceAssignmentRequest.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/MacIpInterfaceAssignmentRequest.java new file mode 100644 index 000000000..b7849991b --- /dev/null +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/request/MacIpInterfaceAssignmentRequest.java @@ -0,0 +1,113 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package io.fd.hc2vpp.acl.write.request; + +import static com.google.common.base.Preconditions.checkNotNull; + +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; +import io.fd.hc2vpp.common.translate.util.JvppReplyConsumer; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDel; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class MacIpInterfaceAssignmentRequest implements ByteDataTranslator, JvppReplyConsumer { + + private static final Logger LOG = LoggerFactory.getLogger(MacIpInterfaceAssignmentRequest.class); + + private final boolean isNew; + private final MappingContext mappingContext; + private InstanceIdentifier + identifier; + private String aclName; + private AclContextManager macIpAclContext; + private NamingContext interfaceContext; + + + private MacIpInterfaceAssignmentRequest(final boolean isNew, final MappingContext mappingContext) { + this.isNew = isNew; + this.mappingContext = checkNotNull(mappingContext, "Mapping context cannot be null"); + } + + public static MacIpInterfaceAssignmentRequest addNew(@Nonnull final MappingContext mappingContext) { + return new MacIpInterfaceAssignmentRequest(true, mappingContext); + } + + public static MacIpInterfaceAssignmentRequest deleteExisting(@Nonnull final MappingContext mappingContext) { + return new MacIpInterfaceAssignmentRequest(false, mappingContext); + } + + public MacIpInterfaceAssignmentRequest identifier( + @Nonnull final InstanceIdentifier identifier) { + this.identifier = identifier; + return this; + } + + public MacIpInterfaceAssignmentRequest aclName(@Nonnull final String aclName) { + this.aclName = aclName; + return this; + } + + public MacIpInterfaceAssignmentRequest macIpAclContext(@Nonnull final AclContextManager macIpAclContext) { + this.macIpAclContext = macIpAclContext; + return this; + } + + public MacIpInterfaceAssignmentRequest interfaceContext(@Nonnull final NamingContext interfaceContext) { + this.interfaceContext = interfaceContext; + return this; + } + + private void checkValidRequest() { + checkNotNull(identifier, "Identifier cannot be null"); + checkNotNull(aclName, "ACL name cannot be null"); + checkNotNull(macIpAclContext, "ACL context cannot be null"); + checkNotNull(interfaceContext, "Interface context cannot be null"); + } + + public void execute(@Nonnull final FutureJVppAclFacade api) + throws WriteFailedException { + + // locking on mapping context, to prevent modifying of mappings (for both contexts) during execution of request + synchronized (mappingContext) { + checkValidRequest(); + + final String interfaceName = identifier.firstKeyOf(Interface.class).getInterfaceId(); + + MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel(); + request.isAdd = booleanToByte(isNew); + request.aclIndex = macIpAclContext.getAclIndex(aclName, mappingContext); + request.swIfIndex = + interfaceContext.getIndex(interfaceName, mappingContext); + + LOG.debug("Executing mac-ip interface assignment request for isNew={},aclName={},interfaceName={}", isNew, + aclName, interfaceName); + getReplyForWrite(api.macipAclInterfaceAddDel(request).toCompletableFuture(), identifier); + LOG.debug( + "Mac-ip interface assignment request for isNew={},aclName={},interfaceName={} successfully passed", + isNew, aclName, interfaceName); + } + } +} diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/AclTestSchemaContext.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/AclTestSchemaContext.java index 6eb6862bf..6e10be47a 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/AclTestSchemaContext.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/AclTestSchemaContext.java @@ -33,13 +33,11 @@ public interface AclTestSchemaContext { .getInstance(), org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.$YangModuleInfoImpl .getInstance(), - org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev160708.$YangModuleInfoImpl + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.$YangModuleInfoImpl .getInstance(), - org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.$YangModuleInfoImpl + org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.$YangModuleInfoImpl .getInstance(), - org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.$YangModuleInfoImpl - .getInstance(), - org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.$YangModuleInfoImpl + org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.$YangModuleInfoImpl .getInstance())); return context; } diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizerTest.java new file mode 100644 index 000000000..beda3ccff --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractAclCustomizerTest.java @@ -0,0 +1,215 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.read; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import io.fd.hc2vpp.acl.AclIIds; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.test.read.InitializingListReaderCustomizerTest; +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.honeycomb.translate.spi.read.Initialized; +import io.fd.vpp.jvpp.acl.dto.AclDetails; +import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetails; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.ArrayList; +import java.util.Collections; +import javax.annotation.Nonnull; +import org.junit.Test; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.concepts.Builder; +import org.opendaylight.yangtools.yang.binding.DataObject; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier; + +public abstract class AbstractAclCustomizerTest + extends InitializingListReaderCustomizerTest { + + protected static final String IF_NAME = "eth1"; + protected static final int IF_ID = 1; + protected static final int ACL_ID = 1; + protected static final int ACL_MAC_ID = 2; + private static final String ACL_NAME = "acl-name"; + private static final String ACL_MAC_NAME = "acl-mac-name"; + + protected static final String IF_NAME_NO_ACL = "eth2"; + protected static final int IF_ID_NO_ACL = 2; + + protected static final String IFC_CTX_NAME = "interface-context"; + protected static final String ACL_CTX_NAME = "standard-acl-context"; + + @Mock + protected FutureJVppAclFacade aclApi; + + protected NamingContext interfaceContext = new NamingContext("iface", IFC_CTX_NAME); + + @Mock + protected AclContextManager standardAclContext; + + @Mock + protected AclContextManager macIpAclContext; + + protected AbstractAclCustomizerTest(final Class> parentBuilderClass) { + super(AclSet.class, parentBuilderClass); + } + + protected static KeyedInstanceIdentifier getAclId(final String ifName) { + return AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(ifName)); + } + + @Override + protected void setUp() throws Exception { + defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME); + defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME); + when(macIpAclContext.getAclName(ACL_MAC_ID, mappingContext)).thenReturn(ACL_MAC_NAME); + when(standardAclContext.getAclName(ACL_ID, mappingContext)).thenReturn(ACL_NAME); + when(macIpAclContext.containsAcl(ACL_MAC_NAME, mappingContext)).thenReturn(true); + when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true); + final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(0); + when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply)); + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0); + when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); + } + + @Test + public void testGetAllIdsNoAclConfigured() throws ReadFailedException { + assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); + } + + @Test + public void testRead() throws ReadFailedException { + final String aclName = "acl-name"; + defineMapping(mappingContext, aclName, 1, ACL_CTX_NAME); + + final AclDetailsReplyDump reply = new AclDetailsReplyDump(); + reply.aclDetails = new ArrayList<>(); + final AclDetails detail = new AclDetails(); + detail.tag = new byte[0]; + reply.aclDetails.add(detail); + when(aclApi.aclDump(any())).thenReturn(future(reply)); + + final AclSetBuilder builder = mock(AclSetBuilder.class); + getCustomizer().readCurrentAttributes(getIid(IF_NAME, new AclSetKey(aclName)), builder, ctx); + verify(builder).setName(aclName); + } + + @Test + public void testReadAllTwoIfacesInOneTx() throws ReadFailedException { + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 2, "acl1", "acl2", "acl3"); + final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(0); + final MacipAclInterfaceListDetailsReplyDump macReply2 = macAaclInterfaceDump(1); + final MacipAclInterfaceGetReply interfaceGet = macipAclInterfaceGetReply(); + + + when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply)); + when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply)); + when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(interfaceGet)); + + when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID_NO_ACL))) + .thenReturn(future(aclInterfaceDump((byte) 0))); + + // read all for interface with defined ACLs: + assertFalse(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); + // read all for interface without ACLs defined: + assertEquals(0, getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).size()); + } + + protected MacipAclInterfaceGetReply macipAclInterfaceGetReply(final String... aclNames) { + final MacipAclInterfaceGetReply reply = new MacipAclInterfaceGetReply(); + reply.acls = new int[aclNames.length]; + for (int i = 0; i < aclNames.length; ++i) { + defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME); + reply.acls[i] = i; + } + reply.count = (byte) aclNames.length; + return reply; + } + + @Test + public void testInit() { + final String aclName = "acl-name"; + defineMapping(mappingContext, aclName, 1, ACL_CTX_NAME); + + final AclSet readValue = new AclSetBuilder().build(); + final Initialized cfgValue = + getCustomizer().init(getIid(IF_NAME, new AclSetKey(aclName)), readValue, ctx); + assertEquals(readValue, cfgValue.getData()); + assertNotNull(cfgValue.getId().firstKeyOf(Interface.class)); + assertEquals(cfgValue.getId().getTargetType(), AclSet.class); + } + + protected AclInterfaceListDump aclInterfaceRequest(final int swIfIndex) { + final AclInterfaceListDump request = new AclInterfaceListDump(); + request.swIfIndex = swIfIndex; + return request; + } + + protected AclInterfaceListDetailsReplyDump aclInterfaceDump(final byte nInput, final String... aclNames) { + final AclInterfaceListDetailsReplyDump reply = new AclInterfaceListDetailsReplyDump(); + final AclInterfaceListDetails details = new AclInterfaceListDetails(); + details.acls = new int[aclNames.length]; + for (int i = 0; i < aclNames.length; ++i) { + defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME); + details.acls[i] = i; + } + details.count = (byte) aclNames.length; + details.nInput = nInput; + reply.aclInterfaceListDetails.add(details); + return reply; + } + + protected MacipAclInterfaceListDetailsReplyDump macAaclInterfaceDump(int swIfIndex, final String... aclNames) { + final MacipAclInterfaceListDetailsReplyDump assignedAcls = new MacipAclInterfaceListDetailsReplyDump(); + + MacipAclInterfaceListDetails details = new MacipAclInterfaceListDetails(); + details.swIfIndex = swIfIndex; + details.count = (byte) aclNames.length; + details.acls = new int[aclNames.length]; + for (int i = 0; i < aclNames.length; ++i) { + defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME); + details.acls[i] = i; + } + + assignedAcls.macipAclInterfaceListDetails.add(details); + assignedAcls.macipAclInterfaceListDetails = Collections.singletonList(details); + + return assignedAcls; + } + + protected abstract InstanceIdentifier getWildcardedIid(@Nonnull final String ifName); + + protected abstract InstanceIdentifier getIid(@Nonnull final String ifName, @Nonnull final AclSetKey key); +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizerTest.java deleted file mode 100644 index 074b25b29..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AbstractVppAclCustomizerTest.java +++ /dev/null @@ -1,168 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.test.read.InitializingListReaderCustomizerTest; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.read.ReadFailedException; -import io.fd.honeycomb.translate.spi.read.Initialized; -import io.fd.vpp.jvpp.acl.dto.AclDetails; -import io.fd.vpp.jvpp.acl.dto.AclDetailsReplyDump; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetails; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDump; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import java.util.ArrayList; -import javax.annotation.Nonnull; -import org.junit.Test; -import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesState; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.Interface; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.state.InterfaceKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yangtools.concepts.Builder; -import org.opendaylight.yangtools.yang.binding.DataObject; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public abstract class AbstractVppAclCustomizerTest - extends InitializingListReaderCustomizerTest { - - protected static final String IF_NAME = "eth1"; - protected static final int IF_ID = 1; - - protected static final String IF_NAME_NO_ACL = "eth2"; - protected static final int IF_ID_NO_ACL = 2; - - protected static final String IFC_CTX_NAME = "interface-context"; - protected static final String ACL_CTX_NAME = "standard-acl-context"; - - @Mock - protected FutureJVppAclFacade aclApi; - - protected NamingContext interfaceContext = new NamingContext("iface", IFC_CTX_NAME); - - @Mock - protected AclContextManager standardAclContext; - - protected AbstractVppAclCustomizerTest(final Class> parentBuilderClass) { - super(VppAcls.class, parentBuilderClass); - } - - protected static InstanceIdentifier getAclId(final String ifName) { - return InstanceIdentifier.create(InterfacesState.class).child(Interface.class, new InterfaceKey(ifName)) - .augmentation(VppAclInterfaceStateAugmentation.class).child(Acl.class); - } - - @Override - protected void setUp() throws Exception { - defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME); - defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME); - } - - @Test - public void testGetAllIdsNoAclConfigured() throws ReadFailedException { - final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0); - when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); - assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); - } - - @Test - public void testRead() throws ReadFailedException { - final String aclName = "acl-name"; - final Class aclType = VppAcl.class; - defineMapping(mappingContext, aclName, 1, ACL_CTX_NAME); - - final AclDetailsReplyDump reply = new AclDetailsReplyDump(); - reply.aclDetails = new ArrayList<>(); - final AclDetails detail = new AclDetails(); - detail.tag = new byte[0]; - reply.aclDetails.add(detail); - when(aclApi.aclDump(any())).thenReturn(future(reply)); - - final VppAclsBuilder builder = mock(VppAclsBuilder.class); - getCustomizer().readCurrentAttributes(getIid(IF_NAME, new VppAclsKey(aclName, aclType)), builder, ctx); - verify(builder).setName(aclName); - verify(builder).setType(aclType); - } - - @Test - public void testReadAllTwoIfacesInOneTx() throws ReadFailedException { - final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 2, "acl1", "acl2", "acl3"); - when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply)); - - when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID_NO_ACL))) - .thenReturn(future(aclInterfaceDump((byte) 0))); - - // read all for interface with defined ACLs: - assertFalse(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); - // read all for interface without ACLs defined: - assertEquals(0, getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).size()); - } - - @Test - public void testInit() { - final String aclName = "acl-name"; - final Class aclType = VppAcl.class; - defineMapping(mappingContext, aclName, 1, ACL_CTX_NAME); - - final VppAcls readValue = new VppAclsBuilder().build(); - final Initialized cfgValue = - getCustomizer().init(getIid(IF_NAME, new VppAclsKey(aclName, aclType)), readValue, ctx); - assertEquals(readValue, cfgValue.getData()); - assertNotNull(cfgValue.getId().firstKeyOf( - org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface.class)); - assertEquals(cfgValue.getId().getTargetType(), VppAcls.class); - } - - protected AclInterfaceListDump aclInterfaceRequest(final int swIfIndex) { - final AclInterfaceListDump request = new AclInterfaceListDump(); - request.swIfIndex = swIfIndex; - return request; - } - - protected AclInterfaceListDetailsReplyDump aclInterfaceDump(final byte nInput, final String... aclNames) { - final AclInterfaceListDetailsReplyDump reply = new AclInterfaceListDetailsReplyDump(); - final AclInterfaceListDetails details = new AclInterfaceListDetails(); - details.acls = new int[aclNames.length]; - for (int i = 0; i < aclNames.length; ++i) { - defineMapping(mappingContext, aclNames[i], i, ACL_CTX_NAME); - details.acls[i] = i; - } - details.nInput = nInput; - reply.aclInterfaceListDetails.add(details); - return reply; - } - - protected abstract InstanceIdentifier getWildcardedIid(@Nonnull final String ifName); - - protected abstract InstanceIdentifier getIid(@Nonnull final String ifName, @Nonnull final VppAclsKey key); -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java index 1b4403b2d..7501815a6 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/AclCustomizerTest.java @@ -35,18 +35,15 @@ import java.util.ArrayList; import java.util.List; import org.junit.Test; import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessListsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.Ace; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.AclsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier; @@ -58,7 +55,7 @@ public class AclCustomizerTest extends InitializingListReaderCustomizerTest ACL_IID = - InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey( - ACL_NAME, VppAcl.class)); + InstanceIdentifier.create(Acls.class).child(Acl.class, new AclKey(ACL_NAME)); private KeyedInstanceIdentifier MACIP_ACL_IID = - InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey(MACIP_ACL_NAME, VppMacipAcl.class)); + InstanceIdentifier.create(Acls.class).child(Acl.class, new AclKey(MACIP_ACL_NAME)); public AclCustomizerTest() { - super(Acl.class, AccessListsBuilder.class); + super(Acl.class, AclsBuilder.class); } @Override @@ -103,15 +99,18 @@ public class AclCustomizerTest extends InitializingListReaderCustomizerTest allIds = getCustomizer().getAllIds(InstanceIdentifier.create(AccessLists.class).child(Acl.class), ctx); + final List allIds = + getCustomizer().getAllIds(InstanceIdentifier.create(Acls.class).child(Acl.class), ctx); assertEquals(2, allIds.size()); assertEquals(ACL_IID.getKey(), allIds.get(0)); assertEquals(MACIP_ACL_IID.getKey(), allIds.get(1)); @@ -122,14 +121,13 @@ public class AclCustomizerTest extends InitializingListReaderCustomizerTest aces = builder.getAccessListEntries().getAce(); + final List aces = builder.getAces().getAce(); assertEquals(1, aces.size()); final Ace ace = aces.get(0); - assertEquals(ACE_NAME, ace.key().getRuleName()); - assertTrue(ace.getActions().getPacketHandling() instanceof Deny); - final VppAceNodes nodes = ((VppAce) (ace.getMatches().getAceType())).getVppAceNodes(); - assertEquals(PROTOCOL, ((Other) nodes.getIpProtocol()).getOtherNodes().getProtocol().shortValue()); - + assertEquals(ACE_NAME, ace.key().getName()); + assertTrue(ace.getActions().getForwarding().equals(Drop.class)); + final L4 l4 = ((ace.getMatches())).getL4(); + assertEquals(Icmp.class, l4.getImplementedInterface()); } @Test @@ -137,10 +135,10 @@ public class AclCustomizerTest extends InitializingListReaderCustomizerTest aces = builder.getAccessListEntries().getAce(); + final List aces = builder.getAces().getAce(); assertEquals(1, aces.size()); final Ace ace = aces.get(0); - assertEquals(MACIP_ACE_NAME, ace.key().getRuleName()); - assertTrue(ace.getActions().getPacketHandling() instanceof Deny); + assertEquals(MACIP_ACE_NAME, ace.key().getName()); + assertTrue(ace.getActions().getForwarding().equals(Drop.class)); } } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressAclCustomizerTest.java new file mode 100644 index 000000000..18f1978ef --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressAclCustomizerTest.java @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.read; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import javax.annotation.Nonnull; +import org.junit.Test; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Egress; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.opendaylight.yangtools.yang.binding.KeyedInstanceIdentifier; + +public class EgressAclCustomizerTest extends AbstractAclCustomizerTest { + + public EgressAclCustomizerTest() { + super(AclSetsBuilder.class); + } + + @Override + protected EgressAclCustomizer initCustomizer() { + return new EgressAclCustomizer(aclApi, interfaceContext, standardAclContext); + } + + @Test + public void testGetAllIdsNoOutputAclConfigured() throws ReadFailedException { + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 1, "acl1"); + when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); + assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); + } + + @Test + public void testGetAllIds() throws ReadFailedException { + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 2, "acl1", "acl2", "acl3"); + when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); + assertEquals(1, getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).size()); + } + + @Override + protected InstanceIdentifier getWildcardedIid(@Nonnull final String ifName) { + return getAclId(ifName).child(Egress.class).child(AclSets.class).child(AclSet.class); + } + + protected KeyedInstanceIdentifier getIid(@Nonnull final String ifName, + @Nonnull final AclSetKey key) { + return getAclId(ifName).child(Egress.class).child(AclSets.class).child(AclSet.class, key); + } +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizerTest.java deleted file mode 100644 index 967b8200a..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/EgressVppAclCustomizerTest.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.when; - -import io.fd.honeycomb.translate.read.ReadFailedException; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; -import javax.annotation.Nonnull; -import org.junit.Test; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.EgressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class EgressVppAclCustomizerTest extends AbstractVppAclCustomizerTest { - - public EgressVppAclCustomizerTest() { - super(EgressBuilder.class); - } - - @Override - protected EgressVppAclCustomizer initCustomizer() { - return new EgressVppAclCustomizer(aclApi, interfaceContext, standardAclContext); - } - - @Test - public void testGetAllIdsNoOutputAclConfigured() throws ReadFailedException { - final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 1, "acl1"); - when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); - assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); - } - - @Test - public void testGetAllIds() throws ReadFailedException { - final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 2, "acl1", "acl2", "acl3"); - when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); - assertEquals(1, getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).size()); - } - - @Override - protected InstanceIdentifier getWildcardedIid(@Nonnull final String ifName) { - return getAclId(ifName).child(Egress.class).child(VppAcls.class); - } - - @Override - protected InstanceIdentifier getIid(@Nonnull final String ifName, @Nonnull final VppAclsKey key) { - return getAclId(ifName).child(Egress.class).child(VppAcls.class, key); - } -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressAclCustomizerTest.java new file mode 100644 index 000000000..666f6d8c9 --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressAclCustomizerTest.java @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.read; + +import static io.fd.vpp.jvpp.Assertions.assertEquals; +import static junit.framework.TestCase.assertTrue; +import static org.mockito.Mockito.when; + +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import javax.annotation.Nonnull; +import org.junit.Test; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Ingress; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class IngressAclCustomizerTest extends AbstractAclCustomizerTest { + + public IngressAclCustomizerTest() { + super(AclSetsBuilder.class); + } + + @Override + protected IngressAclCustomizer initCustomizer() { + return new IngressAclCustomizer(aclApi, interfaceContext, standardAclContext, macIpAclContext); + } + + + @Test + public void testGetAllIdsNoInputAclConfigured() throws ReadFailedException { + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0, "acl1"); + when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply)); + assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); + } + + @Test + public void testGetAllIds() throws ReadFailedException { + final byte nInput = 2; + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump(nInput, "acl1", "acl2", "acl3"); + when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply)); + assertEquals(nInput, getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).size()); + } + + @Override + protected InstanceIdentifier getWildcardedIid(@Nonnull final String ifName) { + return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class); + } + + @Override + protected InstanceIdentifier getIid(@Nonnull final String ifName, @Nonnull final AclSetKey key) { + return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class, key); + } +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizerTest.java deleted file mode 100644 index 42a798e88..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/IngressVppAclCustomizerTest.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.when; - -import io.fd.honeycomb.translate.read.ReadFailedException; -import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; -import javax.annotation.Nonnull; -import org.junit.Test; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsKey; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class IngressVppAclCustomizerTest extends AbstractVppAclCustomizerTest { - - public IngressVppAclCustomizerTest() { - super(IngressBuilder.class); - } - - @Override - protected IngressVppAclCustomizer initCustomizer() { - return new IngressVppAclCustomizer(aclApi, interfaceContext, standardAclContext); - } - - @Test - public void testGetAllIdsNoInputAclConfigured() throws ReadFailedException { - final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0, "acl1"); - when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply)); - assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); - } - - @Test - public void testGetAllIds() throws ReadFailedException { - final byte nInput = 2; - final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump(nInput, "acl1", "acl2", "acl3"); - when(aclApi.aclInterfaceListDump(aclInterfaceRequest(IF_ID))).thenReturn(future(reply)); - assertEquals(nInput, getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).size()); - } - - @Override - protected InstanceIdentifier getWildcardedIid(@Nonnull final String ifName) { - return getAclId(ifName).child(Ingress.class).child(VppAcls.class); - } - - @Override - protected InstanceIdentifier getIid(@Nonnull final String ifName, @Nonnull final VppAclsKey key) { - return getAclId(ifName).child(Ingress.class).child(VppAcls.class, key); - } -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/MacIpAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/MacIpAclCustomizerTest.java new file mode 100644 index 000000000..6678ab53a --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/MacIpAclCustomizerTest.java @@ -0,0 +1,183 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.read; + +import static io.fd.hc2vpp.acl.read.IngressAclCustomizer.ACL_NOT_ASSIGNED; +import static junit.framework.TestCase.assertEquals; +import static junit.framework.TestCase.assertNotNull; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.verifyZeroInteractions; +import static org.mockito.Mockito.when; + +import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.read.ReadFailedException; +import io.fd.honeycomb.translate.spi.read.Initialized; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclDetails; +import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclDump; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply; +import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceListDetailsReplyDump; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import javax.annotation.Nonnull; +import org.junit.Assert; +import org.junit.Test; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.Ingress; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetKey; +import org.opendaylight.yangtools.yang.binding.DataObject; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +public class MacIpAclCustomizerTest extends AbstractAclCustomizerTest { + + protected static final String IF_NAME_NO_ACL = "eth2"; + protected static final int IF_ID_NO_ACL = 1; + protected static final String IFC_CTX_NAME = "interface-context"; + private static final String IF_NAME = "eth1"; + private static final int IF_ID = 1; + private static final String ACL_NAME = "acl-name"; + private static final int ACL_ID = 1; + @Mock + protected FutureJVppAclFacade aclApi; + protected NamingContext interfaceContext = new NamingContext("iface", IFC_CTX_NAME); + + public MacIpAclCustomizerTest() { + super(AclSetsBuilder.class); + } + + @Override + protected IngressAclCustomizer initCustomizer() { + return new IngressAclCustomizer(aclApi, interfaceContext, standardAclContext, macIpAclContext); + } + + @Override + protected void setUp() { + defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME); + defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME); + when(macIpAclContext.getAclName(ACL_ID, mappingContext)).thenReturn(ACL_NAME); + when(macIpAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true); + when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(false); + final AclInterfaceListDetailsReplyDump reply = aclInterfaceDump((byte) 0); + when(aclApi.aclInterfaceListDump(any())).thenReturn(future(reply)); + final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(1, "acl-name"); + when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply)); + } + + + @Test + public void testRead() throws ReadFailedException { + final AclSetBuilder builder = mock(AclSetBuilder.class); + + final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); + assignedAcls.count = 2; + assignedAcls.acls = new int[]{ACL_NOT_ASSIGNED, ACL_ID}; + when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); + + final MacipAclDump request = new MacipAclDump(); + request.aclIndex = ACL_ID; + final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump(); + final MacipAclDetails details = new MacipAclDetails(); + details.aclIndex = ACL_ID; + reply.macipAclDetails.add(details); + when(aclApi.macipAclDump(request)).thenReturn(future(reply)); + + getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL, new AclSetKey(ACL_NAME)), builder, ctx); + verify(builder).setName(ACL_NAME); + } + + @Test + public void testReadNotAssigned() throws ReadFailedException { + final AclSetBuilder builder = mock(AclSetBuilder.class); + + final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); + // pretending we have 3 interfaces, IF_NAME does not have MacipAcl assigned + assignedAcls.count = 3; + assignedAcls.acls = new int[]{ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED}; + when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); + + final MacipAclDump request = new MacipAclDump(); + request.aclIndex = ACL_ID; + final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump(); + final MacipAclDetails details = new MacipAclDetails(); + details.aclIndex = ACL_ID; + reply.macipAclDetails.add(details); + when(aclApi.macipAclDump(request)).thenReturn(future(reply)); + + getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL, new AclSetKey(ACL_NAME)), builder, ctx); + verifyZeroInteractions(builder); + } + + @Test + public void testReadNoAcls() throws ReadFailedException { + final AclSetBuilder builder = mock(AclSetBuilder.class); + final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); + assignedAcls.count = 0; + assignedAcls.acls = new int[0]; + when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); + getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL, new AclSetKey(ACL_NAME)), builder, ctx); + verifyZeroInteractions(builder); + } + + @Test + public void testGetAllIdsNoAclConfigured() throws ReadFailedException { + final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(1); + when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply)); + assertTrue(getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).isEmpty()); + } + + @Test + public void testReadAllTwoIfacesInOneTx() throws ReadFailedException { + final MacipAclInterfaceListDetailsReplyDump macReply = macAaclInterfaceDump(1); + final MacipAclInterfaceGetReply interfaceGet = macipAclInterfaceGetReply(); + // read all for interface with defined ACLs: + assertFalse(getCustomizer().getAllIds(getWildcardedIid(IF_NAME), ctx).isEmpty()); + // read all for interface without ACLs defined: + when(aclApi.macipAclInterfaceListDump(any())).thenReturn(future(macReply)); + when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(interfaceGet)); + Assert.assertEquals(0, getCustomizer().getAllIds(getWildcardedIid(IF_NAME_NO_ACL), ctx).size()); + } + + @Test + public void testInit() { + final AclSet readValue = new AclSetBuilder().build(); + final Initialized + cfgValue = getCustomizer().init(getWildcardedIid(IF_NAME), readValue, ctx); + assertEquals(cfgValue.getData(), readValue); + assertNotNull(cfgValue.getId().firstKeyOf(Interface.class)); + assertEquals(cfgValue.getId().getTargetType(), AclSet.class); + + } + + @Override + protected InstanceIdentifier getWildcardedIid(@Nonnull final String ifName) { + return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class); + } + + @Override + protected InstanceIdentifier getIid(@Nonnull final String ifName, @Nonnull final AclSetKey key) { + return getAclId(ifName).child(Ingress.class).child(AclSets.class).child(AclSet.class, key); + } +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java deleted file mode 100644 index 23ce85640..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/read/VppMacIpAclCustomizerTest.java +++ /dev/null @@ -1,150 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.read; - -import static io.fd.hc2vpp.acl.read.VppMacIpAclCustomizer.ACL_NOT_ASSIGNED; -import static io.fd.hc2vpp.acl.read.AbstractVppAclCustomizerTest.getAclId; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.verifyZeroInteractions; -import static org.mockito.Mockito.when; - -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.test.read.InitializingReaderCustomizerTest; -import io.fd.hc2vpp.common.translate.util.NamingContext; -import io.fd.honeycomb.translate.read.ReadFailedException; -import io.fd.honeycomb.translate.spi.read.Initialized; -import io.fd.vpp.jvpp.acl.dto.MacipAclDetails; -import io.fd.vpp.jvpp.acl.dto.MacipAclDetailsReplyDump; -import io.fd.vpp.jvpp.acl.dto.MacipAclDump; -import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceGetReply; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import javax.annotation.Nonnull; -import org.junit.Test; -import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder; -import org.opendaylight.yangtools.yang.binding.DataObject; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -public class VppMacIpAclCustomizerTest extends InitializingReaderCustomizerTest { - - protected static final String IF_NAME_NO_ACL = "eth2"; - protected static final int IF_ID_NO_ACL = 2; - protected static final String IFC_CTX_NAME = "interface-context"; - private static final String IF_NAME = "eth1"; - private static final int IF_ID = 1; - private static final String ACL_NAME = "acl-name"; - private static final int ACL_ID = 1; - private static final Class ACL_TYPE = - org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl.class; - @Mock - protected FutureJVppAclFacade aclApi; - protected NamingContext interfaceContext = new NamingContext("iface", IFC_CTX_NAME); - @Mock - protected AclContextManager macIpAclContext; - - public VppMacIpAclCustomizerTest() { - super(VppMacipAcl.class, IngressBuilder.class); - } - - @Override - protected VppMacIpAclCustomizer initCustomizer() { - return new VppMacIpAclCustomizer(aclApi, interfaceContext, macIpAclContext); - } - - @Override - protected void setUp() { - defineMapping(mappingContext, IF_NAME, IF_ID, IFC_CTX_NAME); - defineMapping(mappingContext, IF_NAME_NO_ACL, IF_ID_NO_ACL, IFC_CTX_NAME); - when(macIpAclContext.getAclName(ACL_ID, mappingContext)).thenReturn(ACL_NAME); - } - - @Test - public void testRead() throws ReadFailedException { - final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class); - - final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); - assignedAcls.count = 2; - assignedAcls.acls = new int[] {ACL_NOT_ASSIGNED, ACL_ID}; - when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); - - final MacipAclDump request = new MacipAclDump(); - request.aclIndex = ACL_ID; - final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump(); - final MacipAclDetails details = new MacipAclDetails(); - details.aclIndex = ACL_ID; - reply.macipAclDetails.add(details); - when(aclApi.macipAclDump(request)).thenReturn(future(reply)); - - getCustomizer().readCurrentAttributes(getIid(IF_NAME), builder, ctx); - verify(builder).setName(ACL_NAME); - verify(builder).setType(ACL_TYPE); - } - - @Test - public void testReadNotAssigned() throws ReadFailedException { - final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class); - - final MacipAclInterfaceGetReply assignedAcls = new MacipAclInterfaceGetReply(); - // pretending we have 3 interfaces, IF_NAME does not have MacipAcl assigned - assignedAcls.count = 3; - assignedAcls.acls = new int[] {ACL_NOT_ASSIGNED, ACL_NOT_ASSIGNED, ACL_ID}; - when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(assignedAcls)); - - final MacipAclDump request = new MacipAclDump(); - request.aclIndex = ACL_ID; - final MacipAclDetailsReplyDump reply = new MacipAclDetailsReplyDump(); - final MacipAclDetails details = new MacipAclDetails(); - details.aclIndex = ACL_ID; - reply.macipAclDetails.add(details); - when(aclApi.macipAclDump(request)).thenReturn(future(reply)); - - getCustomizer().readCurrentAttributes(getIid(IF_NAME), builder, ctx); - verifyZeroInteractions(builder); - } - - @Test - public void testReadNoAcls() throws ReadFailedException { - final VppMacipAclBuilder builder = mock(VppMacipAclBuilder.class); - when(aclApi.macipAclInterfaceGet(any())).thenReturn(future(new MacipAclInterfaceGetReply())); - getCustomizer().readCurrentAttributes(getIid(IF_NAME_NO_ACL), builder, ctx); - verifyZeroInteractions(builder); - } - - @Test - public void testInit() { - final VppMacipAcl readValue = new VppMacipAclBuilder().build(); - final Initialized cfgValue = getCustomizer().init(getIid(IF_NAME), readValue, ctx); - assertEquals(cfgValue.getData(), readValue); - assertNotNull(cfgValue.getId().firstKeyOf(Interface.class)); - assertEquals(cfgValue.getId().getTargetType(), VppMacipAcl.class); - - } - - protected InstanceIdentifier getIid(@Nonnull final String ifName) { - return getAclId(ifName).child(Ingress.class).child(VppMacipAcl.class); - } - -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractorTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractorTest.java index ea01cedb6..5375ee429 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractorTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/MacIpAceDataExtractorTest.java @@ -17,7 +17,6 @@ package io.fd.hc2vpp.acl.util.ace.extractor; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; @@ -25,114 +24,56 @@ import io.fd.hc2vpp.common.test.util.CommonTests; import io.fd.vpp.jvpp.acl.types.MacipAclRule; import java.util.Arrays; import org.junit.Test; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.PermitBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppMacipAceBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.VppMacipAceNodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.AceIpVersion; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv4; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv4Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.macip.ace.vpp.macip.ace.nodes.ace.ip.version.AceIpv6Builder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.ActionsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder; public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implements MacIpAceDataExtractor, CommonTests { - @Test - public void testFromMacIpAce() { - verifyExceptionalCase(() -> fromMacIpAce(new AceBuilder().build()), IllegalArgumentException.class); - verifyExceptionalCase(() -> fromMacIpAce(new AceBuilder().setMatches(new MatchesBuilder().build()).build()), - IllegalArgumentException.class); - - final VppMacipAce macipAce = new VppMacipAceBuilder().build(); - assertEquals(macipAce, fromMacIpAce(new AceBuilder().setMatches(new MatchesBuilder() - .setAceType(macipAce).build()).build())); - } - - @Test - public void testMacIpIsIpv6() { - assertFalse(macIpIsIpv6(new VppMacipAceBuilder().build())); - assertFalse(macIpIsIpv6( - new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build())); - assertFalse(macIpIsIpv6(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())); - assertTrue(macIpIsIpv6(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())); - } - @Test public void testSourceMacAsBytes() { - assertTrue(Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, sourceMacAsBytes(new VppMacipAceBuilder().build()))); - assertTrue( - Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, sourceMacAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(MAC_ADDRESS_BYTES, - sourceMacAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setSourceMacAddress(MAC_ADDRESS).build()) - .build()))); + assertTrue(Arrays.equals(MAC_ADDRESS_BYTES, sourceMacAsBytes(MAC_ADDRESS))); } @Test public void sourceMacMaskAsBytes() { - assertTrue(Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, sourceMacMaskAsBytes(new VppMacipAceBuilder().build()))); - assertTrue(Arrays.equals(DEFAULT_MAC_ADDRESS_BYTES, - sourceMacMaskAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(MAC_ADDRESS_BYTES, - sourceMacMaskAsBytes(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setSourceMacAddressMask(MAC_ADDRESS).build()) - .build()))); + assertTrue(Arrays.equals(MAC_ADDRESS_BYTES, sourceMacMaskAsBytes(MAC_ADDRESS))); } @Test public void testIpv4Address() { - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(new VppMacipAceBuilder().build()))); - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address( - new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()))); - assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4Address(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder() - .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4Address(new SourceIpv4NetworkBuilder().build()))); + assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, + ipv4Address(new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build()))); } @Test public void testIpv4AddressPrefix() { - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(new VppMacipAceBuilder().build())); - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix( - new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build())); - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())); - assertEquals(IPV4_PREFIX_VALUE, ipv4AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv4Builder() - .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4AddressPrefix(new SourceIpv4NetworkBuilder().build())); + assertEquals(IPV4_PREFIX_VALUE, + ipv4AddressPrefix(new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build())); } @Test public void testIpv6Address() { - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(new VppMacipAceBuilder().build()))); - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address( - new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()))); - assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6Address(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder() - .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6Address(new SourceIpv6NetworkBuilder().build()))); + assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, + ipv6Address(new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build()))); } @Test public void testIpv6AddressPrefix() { - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(new VppMacipAceBuilder().build())); - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix( - new VppMacipAceBuilder().setVppMacipAceNodes(new VppMacipAceNodesBuilder().build()).build())); - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())); - assertEquals(IPV6_PREFIX_VALUE, ipv6AddressPrefix(new VppMacipAceBuilder().setVppMacipAceNodes( - new VppMacipAceNodesBuilder().setAceIpVersion(new AceIpv6Builder() - .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6AddressPrefix(new SourceIpv6NetworkBuilder().build())); + assertEquals(IPV6_PREFIX_VALUE, + ipv6AddressPrefix(new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build())); } @Test @@ -141,11 +82,10 @@ public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implemen verifyExceptionalCase(() -> macIpAction(new AceBuilder().setActions(new ActionsBuilder().build()).build()), IllegalArgumentException.class); // this one must pass even if deny is not fully set, because of default value definition - assertEquals((byte) 0, macIpAction(new AceBuilder().setActions(new ActionsBuilder().setPacketHandling( - new DenyBuilder().build()).build()).build())); - - assertEquals((byte) 1, macIpAction(new AceBuilder().setActions(new ActionsBuilder().setPacketHandling( - new PermitBuilder().setPermit(true).build()).build()).build())); + assertEquals((byte) 0, macIpAction( + new AceBuilder().setActions(new ActionsBuilder().setForwarding(Drop.class).build()).build())); + assertEquals((byte) 1, macIpAction( + new AceBuilder().setActions(new ActionsBuilder().setForwarding(Accept.class).build()).build())); } @Test @@ -156,9 +96,10 @@ public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implemen rule.srcIpAddr = IPV4_PREFIX_BYTES; rule.srcIpPrefixLen = IPV4_PREFIX_VALUE; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv4); - assertEquals(IPV4_PREFIX, AceIpv4.class.cast(result).getSourceIpv4Network()); + final L3 result = parseMacIpAceL3(rule); + assertEquals(Ipv4.class, result.getImplementedInterface()); + assertEquals(IPV4_PREFIX, + ((SourceIpv4Network) ((Ipv4) result).getIpv4().getSourceNetwork()).getSourceIpv4Network()); } @Test @@ -167,9 +108,9 @@ public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implemen rule.isIpv6 = 0; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv4); - assertNull(AceIpv4.class.cast(result).getSourceIpv4Network()); + final L3 result = parseMacIpAceL3(rule); + assertEquals(Ipv4.class, result.getImplementedInterface()); + assertNull(((Ipv4) result).getIpv4()); } @Test @@ -180,9 +121,10 @@ public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implemen rule.srcIpAddr = IPV6_PREFIX_BYTES; rule.srcIpPrefixLen = IPV6_PREFIX_VALUE; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv6); - assertEquals(IPV6_PREFIX, AceIpv6.class.cast(result).getSourceIpv6Network()); + final L3 result = parseMacIpAceL3(rule); + assertEquals(Ipv6.class, result.getImplementedInterface()); + assertEquals(IPV6_PREFIX, ((SourceIpv6Network) ((Ipv6) result).getIpv6().getSourceNetwork()) + .getSourceIpv6Network()); } @Test @@ -191,9 +133,9 @@ public class MacIpAceDataExtractorTest extends AceDataExtractorTestCase implemen rule.isIpv6 = 1; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv6); - assertNull(AceIpv6.class.cast(result).getSourceIpv6Network()); + final L3 result = parseMacIpAceL3(rule); + assertEquals(Ipv6.class, result.getImplementedInterface()); + assertNull(((Ipv6) result).getIpv6()); } @Test diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java index f22d6600a..627dba6b0 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/ace/extractor/StandardAceDataExtractorTest.java @@ -25,159 +25,212 @@ import io.fd.hc2vpp.common.test.util.CommonTests; import io.fd.vpp.jvpp.acl.types.AclRule; import java.util.Arrays; import org.junit.Test; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.AceBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.ActionsBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.MatchesBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Deny; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.DenyBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.acl.access.list.entries.ace.actions.packet.handling.Permit; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.Stateful; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.actions.packet.handling.StatefulBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAceBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.VppAceNodesBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.AceIpVersion; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv4Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.vpp.ace.vpp.ace.nodes.ace.ip.version.AceIpv6Builder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6Builder; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.AcceptAndReflect; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Accept; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Drop; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.AceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.ActionsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.MatchesBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.L3; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv4Builder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.Ipv6Builder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.destination.network.DestinationIpv4NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv4.header.fields.source.network.SourceIpv4NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.destination.network.DestinationIpv6NetworkBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6Network; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.acl.ipv6.header.fields.source.network.SourceIpv6NetworkBuilder; public class StandardAceDataExtractorTest extends AceDataExtractorTestCase implements StandardAceDataExtractor, CommonTests { - @Test - public void testFromStandardAce() { - verifyExceptionalCase(() -> fromStandardAce(new AceBuilder().build()), IllegalArgumentException.class); - verifyExceptionalCase(() -> fromStandardAce(new AceBuilder().setMatches(new MatchesBuilder().build()).build()), - IllegalArgumentException.class); - - final VppAce ace = new VppAceBuilder().build(); - assertEquals(ace, fromStandardAce(new AceBuilder().setMatches(new MatchesBuilder() - .setAceType(ace).build()).build())); - } - @Test public void testStandardIsIpv6WithoutMatch() { - assertFalse(standardIsIpv6(new VppAceBuilder().build(), null)); - assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build(), null)); - assertFalse(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder() - .setIpProtocol(new IcmpBuilder().build()).build()).build(), null)); - assertTrue(standardIsIpv6(new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder() - .setIpProtocol(new IcmpV6Builder().build()).build()).build(), null)); - } - - @Test - public void testStandardIsIpv6WithMatch() { - final VppAce ipv6Ace = new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder() - .setIpProtocol(new IcmpV6Builder().build()).build()).build(); - - assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().build())); - assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder().build()).build())); - assertTrue(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder() - .setVppAceNodes(new VppAceNodesBuilder().build()) - .build()).build())); - assertFalse(standardIsIpv6(ipv6Ace, new MatchesBuilder().setAceType(new VppAceBuilder() - .setVppAceNodes(new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()) - .build()).build())); + assertFalse(standardIsIpv6(null)); + assertFalse(standardIsIpv6(new MatchesBuilder().build())); + assertFalse(standardIsIpv6(new MatchesBuilder().setL3(new Ipv6Builder().build()).build())); + assertTrue(standardIsIpv6(new MatchesBuilder().setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .build()).build()).build())); } @Test public void testIpv4SourceAddress() { - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new VppAceBuilder().build()))); - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()))); - assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4SourceAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder() - .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new MatchesBuilder().build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, + ipv4SourceAddress(new MatchesBuilder().setL3(new Ipv4Builder().build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new MatchesBuilder() + .setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4SourceAddress(new MatchesBuilder() + .setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setSourceNetwork(new SourceIpv4NetworkBuilder().build()).build()).build()).build()))); + assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4SourceAddress(new MatchesBuilder() + .setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setSourceNetwork( + new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build()) + .build()).build()).build()))); } @Test public void testIpv4SourceAddressPrefix() { - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new VppAceBuilder().build())); - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())); - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())); - assertEquals(IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder() - .setSourceIpv4Network(IPV4_PREFIX).build()).build()).build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder().build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, + ipv4SourceAddressPrefix(new MatchesBuilder().setL3(new Ipv4Builder().build()).build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder() + .setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .build()).build()).build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder() + .setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setSourceNetwork(new SourceIpv4NetworkBuilder().build()).build()).build()).build())); + assertEquals(IPV4_PREFIX_VALUE, ipv4SourceAddressPrefix(new MatchesBuilder() + .setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setSourceNetwork( + new SourceIpv4NetworkBuilder().setSourceIpv4Network(IPV4_PREFIX).build()) + .build()).build()).build())); } @Test public void testIpv4DestinationAddress() { - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(new VppAceBuilder().build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(new MatchesBuilder().build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress( + new MatchesBuilder().setL3(new Ipv4Builder().build()).build()))); assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build()))); - assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4DestinationAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder() - .setDestinationIpv4Network(IPV4_PREFIX).build()).build()).build()))); + new MatchesBuilder().setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV4_ADDRESS_BYTES, ipv4DestinationAddress( + new MatchesBuilder().setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setDestinationNetwork(new DestinationIpv4NetworkBuilder() + .build()).build()).build()).build()))); + assertTrue(Arrays.equals(IPV4_PREFIX_BYTES, ipv4DestinationAddress( + new MatchesBuilder().setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setDestinationNetwork( + new DestinationIpv4NetworkBuilder().setDestinationIpv4Network(IPV4_PREFIX) + .build()).build()).build()).build()))); } @Test public void testIpv4DestinationAddressPrefix() { - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new VppAceBuilder().build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new MatchesBuilder().build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix( + new MatchesBuilder().setL3(new Ipv4Builder().build()).build())); assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())); - assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder().build()).build()).build())); - assertEquals(IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv4Builder() - .setDestinationIpv4Network(IPV4_PREFIX).build()).build()).build())); + new MatchesBuilder().setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .build()).build()).build())); + assertEquals(DEFAULT_IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix( + new MatchesBuilder().setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setDestinationNetwork(new DestinationIpv4NetworkBuilder() + .build()).build()).build()).build())); + assertEquals(IPV4_PREFIX_VALUE, ipv4DestinationAddressPrefix( + new MatchesBuilder().setL3(new Ipv4Builder().setIpv4( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv4.Ipv4Builder() + .setDestinationNetwork( + new DestinationIpv4NetworkBuilder().setDestinationIpv4Network(IPV4_PREFIX) + .build()).build()).build()).build())); } @Test public void testIpv6SourceAddress() { - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new VppAceBuilder().build()))); - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()))); - assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6SourceAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder() - .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new MatchesBuilder().build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, + ipv6SourceAddress(new MatchesBuilder().setL3(new Ipv6Builder().build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6SourceAddress(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setSourceNetwork(new SourceIpv6NetworkBuilder().build()).build()).build()).build()))); + assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6SourceAddress(new MatchesBuilder().setL3(new Ipv6Builder() + .setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setSourceNetwork( + new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build()) + .build()).build()).build()))); } @Test public void ipv6SourceAddressPrefix() { - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new VppAceBuilder().build())); - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())); - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())); - assertEquals(IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder() - .setSourceIpv6Network(IPV6_PREFIX).build()).build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder().build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, + ipv6SourceAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder().build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .build()).build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setSourceNetwork(new SourceIpv6NetworkBuilder().build()).build()).build()).build())); + assertEquals(IPV6_PREFIX_VALUE, ipv6SourceAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder() + .setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setSourceNetwork( + new SourceIpv6NetworkBuilder().setSourceIpv6Network(IPV6_PREFIX).build()) + .build()).build()).build())); } @Test public void ipv6DestinationAddress() { - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new VppAceBuilder().build()))); - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build()))); - assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build()))); - assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6DestinationAddress(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder() - .setDestinationIpv6Network(IPV6_PREFIX).build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new MatchesBuilder().build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, + ipv6DestinationAddress(new MatchesBuilder().setL3(new Ipv6Builder().build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .build()).build()).build()))); + assertTrue(Arrays.equals(DEFAULT_IPV6_ADDRESS_BYTES, ipv6DestinationAddress(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setDestinationNetwork(new DestinationIpv6NetworkBuilder().build()).build()).build()) + .build()))); + assertTrue(Arrays.equals(IPV6_PREFIX_BYTES, ipv6DestinationAddress(new MatchesBuilder().setL3(new Ipv6Builder() + .setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setDestinationNetwork( + new DestinationIpv6NetworkBuilder().setDestinationIpv6Network(IPV6_PREFIX) + .build()) + .build()).build()).build()))); } @Test public void ipv6DestinationAddressPrefix() { - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new VppAceBuilder().build())); - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix( - new VppAceBuilder().setVppAceNodes(new VppAceNodesBuilder().build()).build())); - assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder().build()).build()).build())); - assertEquals(IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new VppAceBuilder().setVppAceNodes( - new VppAceNodesBuilder().setAceIpVersion(new AceIpv6Builder() - .setDestinationIpv6Network(IPV6_PREFIX).build()).build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder().build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, + ipv6DestinationAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder().build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .build()).build()).build())); + assertEquals(DEFAULT_IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder() + .setL3(new Ipv6Builder().setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setDestinationNetwork(new DestinationIpv6NetworkBuilder().build()).build()).build()) + .build())); + assertEquals(IPV6_PREFIX_VALUE, ipv6DestinationAddressPrefix(new MatchesBuilder().setL3(new Ipv6Builder() + .setIpv6( + new org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l3.ipv6.Ipv6Builder() + .setDestinationNetwork( + new DestinationIpv6NetworkBuilder().setDestinationIpv6Network(IPV6_PREFIX) + .build()) + .build()).build()).build())); } @Test @@ -188,12 +241,10 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple // this one should pass because of default value assertEquals(0, standardAction( - new AceBuilder().setActions(new ActionsBuilder().setPacketHandling(new DenyBuilder().build()).build()) - .build())); + new AceBuilder().setActions(new ActionsBuilder().setForwarding(Drop.class).build()).build())); assertEquals(2, standardAction(new AceBuilder().setActions( - new ActionsBuilder().setPacketHandling(new StatefulBuilder().setPermitAndReflect(true).build()).build()) - .build())); + new ActionsBuilder().setForwarding(AcceptAndReflect.class).build()).build())); } @Test @@ -206,10 +257,13 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple rule.dstIpAddr = IPV4_2_PREFIX_BYTES; rule.dstIpPrefixLen = IPV4_2_PREFIX_VALUE; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv4); - assertEquals(IPV4_PREFIX, AceIpv4.class.cast(result).getSourceIpv4Network()); - assertEquals(IPV4_2_PREFIX, AceIpv4.class.cast(result).getDestinationIpv4Network()); + final L3 result = parseStandardAceL3(rule); + assertEquals(result.getImplementedInterface(), Ipv4.class); + assertEquals(IPV4_PREFIX, + ((SourceIpv4Network) ((Ipv4) result).getIpv4().getSourceNetwork()).getSourceIpv4Network()); + assertEquals(IPV4_2_PREFIX, + ((DestinationIpv4Network) ((Ipv4) result).getIpv4().getDestinationNetwork()) + .getDestinationIpv4Network()); } @Test @@ -218,10 +272,10 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple rule.isIpv6 = 0; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv4); - assertNull(AceIpv4.class.cast(result).getSourceIpv4Network()); - assertNull(AceIpv4.class.cast(result).getDestinationIpv4Network()); + final L3 result = parseStandardAceL3(rule); + assertEquals(result.getImplementedInterface(), Ipv4.class); + assertNull(((Ipv4) result).getIpv4().getSourceNetwork()); + assertNull(((Ipv4) result).getIpv4().getDestinationNetwork()); } @Test @@ -234,10 +288,13 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple rule.dstIpAddr = IPV6_2_PREFIX_BYTES; rule.dstIpPrefixLen = IPV6_2_PREFIX_VALUE; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv6); - assertEquals(IPV6_PREFIX, AceIpv6.class.cast(result).getSourceIpv6Network()); - assertEquals(IPV6_2_PREFIX, AceIpv6.class.cast(result).getDestinationIpv6Network()); + final L3 result = parseStandardAceL3(rule); + assertEquals(result.getImplementedInterface(), Ipv6.class); + assertEquals(IPV6_PREFIX, + ((SourceIpv6Network) ((Ipv6) result).getIpv6().getSourceNetwork()).getSourceIpv6Network()); + assertEquals(IPV6_2_PREFIX, + ((DestinationIpv6Network) ((Ipv6) result).getIpv6().getDestinationNetwork()) + .getDestinationIpv6Network()); } @Test @@ -246,19 +303,17 @@ public class StandardAceDataExtractorTest extends AceDataExtractorTestCase imple rule.isIpv6 = 1; - final AceIpVersion result = ipVersion(rule); - assertTrue(result instanceof AceIpv6); - assertNull(AceIpv6.class.cast(result).getSourceIpv6Network()); - assertNull(AceIpv6.class.cast(result).getDestinationIpv6Network()); + final L3 result = parseStandardAceL3(rule); + assertEquals(result.getImplementedInterface(), Ipv6.class); + assertNull((((Ipv6) result).getIpv6().getSourceNetwork())); + assertNull((((Ipv6) result).getIpv6().getDestinationNetwork())); } @Test public void testActions() { verifyExceptionalCase(() -> actions((byte) -1), IllegalArgumentException.class); - assertTrue(actions((byte) 0).getPacketHandling() instanceof Deny); - assertTrue(actions((byte) 1).getPacketHandling() instanceof Permit); - assertTrue(actions((byte) 2).getPacketHandling() instanceof Stateful); + assertTrue(actions((byte) 0).getForwarding().equals(Drop.class)); + assertTrue(actions((byte) 1).getForwarding().equals(Accept.class)); } - } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequestTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequestTest.java index fb5d61458..1b7cf8c32 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequestTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/acl/AclInterfaceAssignmentRequestTest.java @@ -16,19 +16,20 @@ package io.fd.hc2vpp.acl.util.iface.acl; -import static io.fd.hc2vpp.acl.util.iface.acl.AclInterfaceAssignmentRequest.create; +import static io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest.create; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; import com.google.common.collect.ImmutableList; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest; import io.fd.hc2vpp.common.test.util.FutureProducer; import io.fd.hc2vpp.common.test.util.NamingContextHelper; import io.fd.hc2vpp.common.translate.util.NamingContext; @@ -43,11 +44,8 @@ import org.junit.Test; import org.mockito.ArgumentCaptor; import org.mockito.Captor; import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class AclInterfaceAssignmentRequestTest implements NamingContextHelper, FutureProducer { @@ -76,7 +74,7 @@ public class AclInterfaceAssignmentRequestTest implements NamingContextHelper, F @Mock private MappingContext mappingContext; - private InstanceIdentifier validIdentifier; + private InstanceIdentifier validIdentifier; private NamingContext interfaceContext; @Mock @@ -86,10 +84,8 @@ public class AclInterfaceAssignmentRequestTest implements NamingContextHelper, F public void setUp() { initMocks(this); - validIdentifier = InstanceIdentifier.create(Interfaces.class). - child(Interface.class, new InterfaceKey(INTERFACE_NAME)) - .augmentation(VppAclInterfaceAugmentation.class) - .child(Acl.class); + validIdentifier = AclIIds.ACLS_AP + .child(Interface.class, new InterfaceKey(INTERFACE_NAME)); interfaceContext = new NamingContext("iface", "interface-context"); diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequestTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequestTest.java index a7049b77f..145eec38e 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequestTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/iface/macip/MacIpInterfaceAssignmentRequestTest.java @@ -16,8 +16,8 @@ package io.fd.hc2vpp.acl.util.iface.macip; -import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.addNew; -import static io.fd.hc2vpp.acl.util.iface.macip.MacIpInterfaceAssignmentRequest.deleteExisting; +import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.addNew; +import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.deleteExisting; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; @@ -27,7 +27,9 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import static org.mockito.MockitoAnnotations.initMocks; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest; import io.fd.hc2vpp.common.test.util.FutureProducer; import io.fd.hc2vpp.common.test.util.NamingContextHelper; import io.fd.hc2vpp.common.translate.util.NamingContext; @@ -41,13 +43,8 @@ import org.junit.Test; import org.mockito.ArgumentCaptor; import org.mockito.Captor; import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class MacIpInterfaceAssignmentRequestTest implements NamingContextHelper,FutureProducer { @@ -66,7 +63,7 @@ public class MacIpInterfaceAssignmentRequestTest implements NamingContextHelper, @Mock private MappingContext mappingContext; - private InstanceIdentifier validIdentifier; + private InstanceIdentifier validIdentifier; private NamingContext interfaceContext; @Mock private AclContextManager macIpAclContext; @@ -75,12 +72,7 @@ public class MacIpInterfaceAssignmentRequestTest implements NamingContextHelper, public void setUp() throws Exception { initMocks(this); - validIdentifier = InstanceIdentifier.create(Interfaces.class). - child(Interface.class, new InterfaceKey(INTERFACE_NAME)) - .augmentation(VppAclInterfaceAugmentation.class) - .child(Acl.class) - .child(Ingress.class) - .child(VppMacipAcl.class); + validIdentifier = AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(INTERFACE_NAME)); interfaceContext = new NamingContext("iface", "interface-context"); diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java index 08fe6f38b..170080b66 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/util/protocol/ProtocolParsingTest.java @@ -24,41 +24,44 @@ import io.fd.honeycomb.test.tools.annotations.InjectTestData; import io.fd.vpp.jvpp.acl.types.AclRule; import org.junit.Test; import org.junit.runner.RunWith; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.access.lists.acl.access.list.entries.ace.matches.ace.type.VppAce; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Icmp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.IcmpV6; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Other; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Tcp; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.acl.ip.protocol.header.fields.ip.protocol.Udp; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppIcmpAceAugmentation; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.Ace; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Icmp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Tcp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.Udp; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.source.port.source.port.RangeOrOperator; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.packet.fields.rev181001.port.range.or.operator.port.range.or.operator.Range; @RunWith(HoneycombTestRunner.class) public class ProtocolParsingTest implements ProtoPreBindRuleProducer, IpProtocolReader, AclTestSchemaContext { private static final byte IGNORE_PROTOCOL = 0; - //TODO - remove after resolving how to address identity from different model in textual yang instance identifier - private VppAce extractAce(AccessLists accessLists) { - return VppAce.class - .cast(accessLists.getAcl().get(0).getAccessListEntries().getAce().get(0).getMatches().getAceType()); + private Ace extractAce(Acls acls) { + return acls.getAcl().get(0).getAces().getAce().get(0); } @Test - public void testIcmpRule(@InjectTestData(resourcePath = "/rules/icmp-rule.json") AccessLists acls) { + public void testIcmpRule(@InjectTestData(resourcePath = "/rules/icmp-rule.json") Acls acls) { final AclRule icmpRule = createPreBindRule(extractAce(acls)); assertEquals(1, icmpRule.proto); assertEquals(0, icmpRule.tcpFlagsMask); assertEquals(0, icmpRule.tcpFlagsValue); - final Icmp protocol = (Icmp)parseProtocol(icmpRule); - assertEquals(5, protocol.getIcmpNodes().getIcmpTypeRange().getFirst().shortValue()); - assertEquals(8, protocol.getIcmpNodes().getIcmpTypeRange().getLast().shortValue()); - assertEquals(1, protocol.getIcmpNodes().getIcmpCodeRange().getFirst().shortValue()); - assertEquals(3, protocol.getIcmpNodes().getIcmpCodeRange().getLast().shortValue()); + final Icmp protocol = (Icmp) parseProtocol(icmpRule); + assertEquals(5, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange() + .getFirst().shortValue()); + assertEquals(8, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange() + .getLast().shortValue()); + assertEquals(1, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange() + .getFirst().shortValue()); + assertEquals(3, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange() + .getLast().shortValue()); } @Test - public void testIcmpv6Rule(@InjectTestData(resourcePath = "/rules/icmp-v6-rule.json") AccessLists acls) { + public void testIcmpv6Rule(@InjectTestData(resourcePath = "/rules/icmp-v6-rule.json") Acls acls) { final AclRule icmpv6Rule = createPreBindRule(extractAce(acls)); assertEquals(58, icmpv6Rule.proto); @@ -69,43 +72,67 @@ public class ProtocolParsingTest implements ProtoPreBindRuleProducer, IpProtocol assertEquals(0, icmpv6Rule.tcpFlagsMask); assertEquals(0, icmpv6Rule.tcpFlagsValue); - final IcmpV6 protocol = (IcmpV6)parseProtocol(icmpv6Rule); - assertEquals(5, protocol.getIcmpV6Nodes().getIcmpTypeRange().getFirst().shortValue()); - assertEquals(8, protocol.getIcmpV6Nodes().getIcmpTypeRange().getLast().shortValue()); - assertEquals(1, protocol.getIcmpV6Nodes().getIcmpCodeRange().getFirst().shortValue()); - assertEquals(3, protocol.getIcmpV6Nodes().getIcmpCodeRange().getLast().shortValue()); + final Icmp protocol = (Icmp) parseProtocol(icmpv6Rule); + assertEquals(5, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange() + .getFirst().shortValue()); + assertEquals(8, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpTypeRange() + .getLast().shortValue()); + assertEquals(1, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange() + .getFirst().shortValue()); + assertEquals(3, protocol.getIcmp().augmentation(VppIcmpAceAugmentation.class).getVppIcmpAce().getIcmpCodeRange() + .getLast().shortValue()); } @Test - public void testTcpRule(@InjectTestData(resourcePath = "/rules/tcp-rule.json") AccessLists acls) { + public void testTcpRule(@InjectTestData(resourcePath = "/rules/tcp-rule.json") Acls acls) { final AclRule tcpRule = createPreBindRule(extractAce(acls)); assertEquals(6, tcpRule.proto); assertEquals(1, tcpRule.tcpFlagsMask); assertEquals(7, tcpRule.tcpFlagsValue); - final Tcp protocol = (Tcp)parseProtocol(tcpRule); - assertEquals(1, protocol.getTcpNodes().getSourcePortRange().getLowerPort().getValue().intValue()); - assertEquals(5487, protocol.getTcpNodes().getSourcePortRange().getUpperPort().getValue().intValue()); - assertEquals(87, protocol.getTcpNodes().getDestinationPortRange().getLowerPort().getValue().intValue()); - assertEquals(6745, protocol.getTcpNodes().getDestinationPortRange().getUpperPort().getValue().intValue()); + final Tcp protocol = (Tcp) parseProtocol(tcpRule); + assertEquals(1, + ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator()) + .getLowerPort().getValue().intValue()); + assertEquals(5487, + ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator()) + .getUpperPort().getValue().intValue()); + assertEquals(87, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol + .getTcp().getDestinationPort().getDestinationPort()) + .getPortRangeOrOperator()).getLowerPort().getValue().intValue()); + assertEquals(6745, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol + .getTcp().getDestinationPort().getDestinationPort()) + .getPortRangeOrOperator()).getUpperPort().getValue().intValue()); } @Test - public void testTcpRuleNoFlags(@InjectTestData(resourcePath = "/rules/tcp-rule-no-flags.json") AccessLists acls) { + public void testTcpRuleNoFlags(@InjectTestData(resourcePath = "/rules/tcp-rule-no-flags.json") Acls acls) { final AclRule tcpRule = createPreBindRule(extractAce(acls)); assertEquals(6, tcpRule.proto); assertEquals(123, tcpRule.srcportOrIcmptypeFirst); assertEquals(123, tcpRule.srcportOrIcmptypeLast); - assertEquals((short)65000, tcpRule.dstportOrIcmpcodeFirst); - assertEquals((short)65000, tcpRule.dstportOrIcmpcodeLast); + assertEquals((short) 65000, tcpRule.dstportOrIcmpcodeFirst); + assertEquals((short) 65000, tcpRule.dstportOrIcmpcodeLast); assertEquals(0, tcpRule.tcpFlagsMask); assertEquals(0, tcpRule.tcpFlagsValue); - final Tcp protocol = (Tcp)parseProtocol(tcpRule); - assertEquals(123, protocol.getTcpNodes().getSourcePortRange().getLowerPort().getValue().intValue()); - assertEquals(123, protocol.getTcpNodes().getSourcePortRange().getUpperPort().getValue().intValue()); - assertEquals(65000, protocol.getTcpNodes().getDestinationPortRange().getLowerPort().getValue().intValue()); - assertEquals(65000, protocol.getTcpNodes().getDestinationPortRange().getUpperPort().getValue().intValue()); + final Tcp protocol = (Tcp) parseProtocol(tcpRule); + assertEquals(123, + ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator()) + .getLowerPort().getValue().intValue()); + assertEquals(123, + ((Range) ((RangeOrOperator) protocol.getTcp().getSourcePort().getSourcePort()).getPortRangeOrOperator()) + .getUpperPort().getValue().intValue()); + assertEquals(65000, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol + .getTcp().getDestinationPort().getDestinationPort()) + .getPortRangeOrOperator()).getLowerPort().getValue().intValue()); + assertEquals(65000, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.tcp.tcp.destination.port.destination.port.RangeOrOperator) protocol + .getTcp().getDestinationPort().getDestinationPort()) + .getPortRangeOrOperator()).getUpperPort().getValue().intValue()); } @Test @@ -125,40 +152,36 @@ public class ProtocolParsingTest implements ProtoPreBindRuleProducer, IpProtocol } @Test - public void testUdpRule(@InjectTestData(resourcePath = "/rules/udp-rule.json") AccessLists acls) { + public void testUdpRule(@InjectTestData(resourcePath = "/rules/udp-rule.json") Acls acls) { final AclRule udpRule = createPreBindRule(extractAce(acls)); assertEquals(17, udpRule.proto); assertEquals(0, udpRule.tcpFlagsMask); assertEquals(0, udpRule.tcpFlagsValue); - final Udp protocol = (Udp)parseProtocol(udpRule); - assertEquals(1, protocol.getUdpNodes().getSourcePortRange().getLowerPort().getValue().intValue()); - assertEquals(5487, protocol.getUdpNodes().getSourcePortRange().getUpperPort().getValue().intValue()); - assertEquals(87, protocol.getUdpNodes().getDestinationPortRange().getLowerPort().getValue().intValue()); - assertEquals(6745, protocol.getUdpNodes().getDestinationPortRange().getUpperPort().getValue().intValue()); + final Udp protocol = (Udp) parseProtocol(udpRule); + assertEquals(1, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) protocol + .getUdp().getSourcePort().getSourcePort()).getPortRangeOrOperator()) + .getLowerPort().getValue().intValue()); + assertEquals(5487, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.source.port.source.port.RangeOrOperator) protocol + .getUdp().getSourcePort().getSourcePort()).getPortRangeOrOperator()) + .getUpperPort().getValue().intValue()); + assertEquals(87, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) protocol + .getUdp().getDestinationPort().getDestinationPort()) + .getPortRangeOrOperator()).getLowerPort().getValue().intValue()); + assertEquals(6745, + ((Range) ((org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.acl.aces.ace.matches.l4.udp.udp.destination.port.destination.port.RangeOrOperator) protocol + .getUdp().getDestinationPort().getDestinationPort()) + .getPortRangeOrOperator()).getUpperPort().getValue().intValue()); } - @Test - public void testOtherRule(@InjectTestData(resourcePath = "/rules/other-rule.json") AccessLists acls) { - final AclRule rule = createPreBindRule(extractAce(acls)); - final int protocolNumber = 64; - assertEquals(protocolNumber, rule.proto); - assertEquals(0, rule.srcportOrIcmptypeFirst); - assertEquals((short) 65535, rule.srcportOrIcmptypeLast); - assertEquals(0, rule.dstportOrIcmpcodeFirst); - assertEquals((short) 65535, rule.dstportOrIcmpcodeLast); - assertEquals(0, rule.tcpFlagsMask); - assertEquals(0, rule.tcpFlagsValue); - - final Other protocol = (Other)parseProtocol(rule); - assertEquals(protocolNumber, protocol.getOtherNodes().getProtocol().shortValue()); - } @Test - public void tesProtocolNotSpecified(@InjectTestData(resourcePath = "/rules/no-protocol-rule.json") AccessLists acls) { + public void tesProtocolNotSpecified(@InjectTestData(resourcePath = "/rules/no-protocol-rule.json") Acls acls) { final AclRule noProtocolRule = createPreBindRule(extractAce(acls)); assertEquals(IGNORE_PROTOCOL, noProtocolRule.proto); } - } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclCustomizerTest.java new file mode 100644 index 000000000..ae7023059 --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclCustomizerTest.java @@ -0,0 +1,373 @@ +/* + * Copyright (c) 2016 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import com.google.common.base.Optional; +import io.fd.hc2vpp.acl.AclIIds; +import io.fd.hc2vpp.acl.AclTestSchemaContext; +import io.fd.hc2vpp.acl.util.AclContextManager; +import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; +import io.fd.honeycomb.test.tools.HoneycombTestRunner; +import io.fd.honeycomb.test.tools.annotations.InjectTestData; +import io.fd.honeycomb.translate.write.WriteFailedException; +import io.fd.vpp.jvpp.acl.dto.AclAddReplace; +import io.fd.vpp.jvpp.acl.dto.AclAddReplaceReply; +import io.fd.vpp.jvpp.acl.dto.AclDel; +import io.fd.vpp.jvpp.acl.dto.AclDelReply; +import io.fd.vpp.jvpp.acl.dto.MacipAclAdd; +import io.fd.vpp.jvpp.acl.dto.MacipAclAddReply; +import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import io.fd.vpp.jvpp.acl.types.AclRule; +import io.fd.vpp.jvpp.acl.types.MacipAclRule; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; +import org.mockito.Captor; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +@RunWith(HoneycombTestRunner.class) +public class AclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext { + + @Mock + private FutureJVppAclFacade aclApi; + + @Captor + private ArgumentCaptor aclAddReplaceRequestCaptor; + + @Captor + private ArgumentCaptor macipAclAddReplaceRequestCaptor; + + @Captor + private ArgumentCaptor aclDelRequestCaptor; + + private InstanceIdentifier validId; + private InstanceIdentifier validMacipId; + private AclCustomizer aclCustomizer; + + @Mock + private AclContextManager standardAclContext; + @Mock + private AclContextManager macIpAclContext; + + + @Override + protected void setUpTest() throws Exception { + validId = AclIIds.ACLS.child(Acl.class, new AclKey("standard-acl")); + validMacipId = AclIIds.ACLS.child(Acl.class, new AclKey("macip-acl")); + aclCustomizer = new AclCustomizer(aclApi, standardAclContext, macIpAclContext); + + when(aclApi.aclAddReplace(any())).thenReturn(future(new AclAddReplaceReply())); + when(aclApi.aclDel(any())).thenReturn(future(new AclDelReply())); + when(aclApi.macipAclAdd(any())).thenReturn(future(new MacipAclAddReply())); + } + + @Test + public void writeCurrentAttributesMacip(@InjectTestData(resourcePath = "/acl/macip/macip-acl.json") + Acls macipAcl) throws WriteFailedException { + + aclCustomizer.writeCurrentAttributes(validMacipId, macipAcl.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).macipAclAdd(macipAclAddReplaceRequestCaptor.capture()); + + final MacipAclAdd request = macipAclAddReplaceRequestCaptor.getValue(); + + assertEquals(1, request.count); + assertEquals("macip-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); + + final MacipAclRule rule = request.r[0]; + + assertEquals(0, rule.isIpv6); + assertEquals(1, rule.isPermit); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, rule.srcIpAddr)); + assertEquals(32, rule.srcIpPrefixLen); + assertTrue(Arrays.equals(new byte[]{(byte)0xaa, (byte)0xaa, (byte)0xaa, (byte)0xaa, (byte)0xaa, (byte)0xaa}, rule.srcMac)); + assertTrue(Arrays.equals(new byte[]{(byte)0xff, 0, 0, 0, 0, 0}, rule.srcMacMask)); + } + + @Test + public void writeCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") + Acls standardAcls) throws Exception { + aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyIcmpIpv4Request(-1); + } + + @Test + public void updateCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") + Acls standardAcls) throws Exception { + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + final Acl data = standardAcls.getAcl().get(0); + + aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyIcmpIpv4Request(aclIndex); + } + + + @Test + public void writeCurrentAttributesIcmpIpv6(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") + Acls standardAcls) throws Exception { + aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyIcmpv6Request(-1); + } + + @Test + public void updateCurrentAttributesIcmpIpv6( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") + Acls standardAcls) throws Exception { + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + final Acl data = standardAcls.getAcl().get(0); + aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyIcmpv6Request(aclIndex); + } + + + @Test + public void writeCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") + Acls standardAcls) throws Exception { + aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyTcpRequest(-1); + } + + @Test + public void updateCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") + Acls standardAcls) throws Exception { + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + final Acl data = standardAcls.getAcl().get(0); + aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyTcpRequest(aclIndex); + } + + @Test + public void updateCurrentAttributesTcpSrcOnly( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp-src-only.json") + Acls standardAcls) throws Exception { + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + final Acl data = standardAcls.getAcl().get(0); + aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); + final AclRule tcpRule = request.r[0]; + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, tcpRule.srcIpAddr)); + assertEquals(32, tcpRule.srcIpPrefixLen); + assertTrue(Arrays.equals(new byte[]{0, 0, 0, 0}, tcpRule.dstIpAddr)); + assertEquals(0, tcpRule.dstIpPrefixLen); + } + + + @Test + public void writeCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") + Acls standardAcls) throws Exception { + aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + + verifyUdpRequest(-1); + } + + @Test + public void updateCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") + Acls standardAcls) throws Exception { + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + final Acl data = standardAcls.getAcl().get(0); + aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); + + verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); + verifyUdpRequest(aclIndex); + } + + + @Test + public void deleteCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") + Acls standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); + assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); + } + + @Test + public void deleteCurrentAttributesIcmpIpv6( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") + Acls standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); + assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); + } + + @Test + public void deleteCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") + Acls standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); + assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); + } + + @Test + public void deleteCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") + Acls standardAcls) throws Exception { + when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); + final int aclIndex = 4; + when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); + aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); + + verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); + assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); + } + + private void verifyUdpRequest(final int aclIndex) { + final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); + assertEquals(aclIndex, request.aclIndex); + assertEquals(1, request.count); + assertEquals("udp-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); + + final AclRule udpRule = request.r[0]; + + assertEquals(0, udpRule.isIpv6); + assertEquals(1, udpRule.isPermit); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, udpRule.srcIpAddr)); + assertEquals(32, udpRule.srcIpPrefixLen); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 1}, udpRule.dstIpAddr)); + assertEquals(24, udpRule.dstIpPrefixLen); + + assertEquals(17, udpRule.proto); + assertEquals(1, udpRule.srcportOrIcmptypeFirst); + assertEquals(5487, udpRule.srcportOrIcmptypeLast); + assertEquals(87, udpRule.dstportOrIcmpcodeFirst); + assertEquals(6745, udpRule.dstportOrIcmpcodeLast); + assertEquals(0, udpRule.tcpFlagsMask); + assertEquals(0, udpRule.tcpFlagsValue); + } + + private void verifyTcpRequest(final int aclIndex) { + final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); + assertEquals(aclIndex, request.aclIndex); + assertEquals(1, request.count); + assertEquals("tcp-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); + + final AclRule tcpRule = request.r[0]; + + assertEquals(0, tcpRule.isIpv6); + assertEquals(1, tcpRule.isPermit); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, tcpRule.srcIpAddr)); + assertEquals(32, tcpRule.srcIpPrefixLen); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 1}, tcpRule.dstIpAddr)); + assertEquals(24, tcpRule.dstIpPrefixLen); + + assertEquals(6, tcpRule.proto); + assertEquals(1, tcpRule.srcportOrIcmptypeFirst); + assertEquals(5487, tcpRule.srcportOrIcmptypeLast); + assertEquals(87, tcpRule.dstportOrIcmpcodeFirst); + assertEquals(6745, tcpRule.dstportOrIcmpcodeLast); + assertEquals(1, tcpRule.tcpFlagsMask); + assertEquals(7, tcpRule.tcpFlagsValue); + } + + private void verifyIcmpv6Request(final int aclIndex) { + final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); + assertEquals(aclIndex, request.aclIndex); + assertEquals(1, request.count); + assertEquals("icmp-v6-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); + + + final AclRule icmpv6Rule = request.r[0]; + + assertEquals(1, icmpv6Rule.isIpv6); + assertEquals(1, icmpv6Rule.isPermit); + assertTrue( + Arrays.equals(new byte[]{32, 1, 13, -72, 10, 11, 18, -16, 0, 0, 0, 0, 0, 0, 0, 2}, + icmpv6Rule.srcIpAddr)); + assertEquals(48, icmpv6Rule.srcIpPrefixLen); + assertTrue( + Arrays.equals(new byte[]{32, 1, 13, -72, 10, 11, 18, -16, 0, 0, 0, 0, 0, 0, 0, 1}, + icmpv6Rule.dstIpAddr)); + assertEquals(64, icmpv6Rule.dstIpPrefixLen); + + assertEquals(58, icmpv6Rule.proto); + assertEquals(5, icmpv6Rule.srcportOrIcmptypeFirst); + assertEquals(8, icmpv6Rule.srcportOrIcmptypeLast); + assertEquals(1, icmpv6Rule.dstportOrIcmpcodeFirst); + assertEquals(3, icmpv6Rule.dstportOrIcmpcodeLast); + assertEquals(0, icmpv6Rule.tcpFlagsMask); + assertEquals(0, icmpv6Rule.tcpFlagsValue); + } + + private void verifyIcmpIpv4Request(final int aclIndex) { + final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); + assertEquals(aclIndex, request.aclIndex); + assertEquals(1, request.count); + assertEquals("icmp-v4-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); + + final AclRule icmpRule = request.r[0]; + + assertEquals(0, icmpRule.isIpv6); + assertEquals(1, icmpRule.isPermit); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, icmpRule.srcIpAddr)); + assertEquals(32, icmpRule.srcIpPrefixLen); + assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 1}, icmpRule.dstIpAddr)); + assertEquals(24, icmpRule.dstIpPrefixLen); + + assertEquals(1, icmpRule.proto); + assertEquals(5, icmpRule.srcportOrIcmptypeFirst); + assertEquals(8, icmpRule.srcportOrIcmptypeLast); + assertEquals(1, icmpRule.dstportOrIcmpcodeFirst); + assertEquals(3, icmpRule.dstportOrIcmpcodeLast); + assertEquals(0, icmpRule.tcpFlagsMask); + assertEquals(0, icmpRule.tcpFlagsValue); + } +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclValidatorTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclValidatorTest.java new file mode 100644 index 000000000..6f4d8556f --- /dev/null +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/AclValidatorTest.java @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.acl.write; + +import static io.fd.hc2vpp.acl.write.AclValidator.checkAclReferenced; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.hasSize; +import static org.mockito.Mockito.when; +import static org.mockito.MockitoAnnotations.initMocks; + +import com.google.common.base.Optional; +import io.fd.hc2vpp.acl.AclIIds; +import io.fd.hc2vpp.acl.AclTestSchemaContext; +import io.fd.honeycomb.test.tools.HoneycombTestRunner; +import io.fd.honeycomb.test.tools.annotations.InjectTestData; +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.WriteContext; +import java.util.HashSet; +import java.util.List; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppAcl; +import org.opendaylight.yang.gen.v1.http.fd.io.hc2vpp.yang.vpp.acl.rev181022.VppMacipAcl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.Acls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.Acl; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AclKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPoints; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.AttachmentPointsBuilder; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +@RunWith(HoneycombTestRunner.class) +public class AclValidatorTest implements AclTestSchemaContext { + + private static final InstanceIdentifier ID = AclIIds.ACLS + .child(Acl.class, new AclKey("standard-acl")); + + @InjectTestData(id = "/ietf-access-control-list:acls/ietf-access-control-list:attachment-points", resourcePath = "/interface-acl/acl-references.json") + private AttachmentPoints attachmentPoints; + + @Mock + private WriteContext writeContext; + + private AclValidator validator; + + @Before + public void init(){ + initMocks(this); + when(writeContext.readAfter(AclIIds.ACLS_AP)).thenReturn(Optional.of(attachmentPoints)); + validator = new AclValidator(); + } + + @Test + public void testValidateWrite( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") Acls acls) + throws DataValidationFailedException.CreateValidationFailedException { + validator.validateWrite(ID, acls.getAcl().get(0), writeContext); + } + + @Test(expected = DataValidationFailedException.CreateValidationFailedException.class) + public void testValidateWriteEmptyAcl() + throws DataValidationFailedException.CreateValidationFailedException { + validator.validateWrite(ID, new AclBuilder().build(), writeContext); + } + + @Test + public void testValidateUpdate( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") Acls acls) + throws DataValidationFailedException.UpdateValidationFailedException { + final Acl data = acls.getAcl().get(0); + validator.validateUpdate(ID, data, data, writeContext); + } + + @Test(expected = DataValidationFailedException.UpdateValidationFailedException.class) + public void testValidateUpdateUnsupportedType( + @InjectTestData(resourcePath = "/acl/ipv4/ipv4-acl.json") Acls acls) + throws DataValidationFailedException.UpdateValidationFailedException { + final Acl data = acls.getAcl().get(0); + validator.validateUpdate(ID, data, data, writeContext); + } + + @Test + public void testValidateDelete( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") Acls acls) + throws DataValidationFailedException.DeleteValidationFailedException { + validator.validateDelete(ID, acls.getAcl().get(0), writeContext); + } + + @Test(expected = DataValidationFailedException.DeleteValidationFailedException.class) + public void testValidateDeleteReferenced( + @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") + Acls standardAcls, + @InjectTestData(id = "/ietf-access-control-list:acls/ietf-access-control-list:attachment-points", + resourcePath = "/acl/standard/interface-ref-acl-udp.json") + AttachmentPoints references) throws Exception { + when(writeContext.readAfter(AclIIds.ACLS_AP)).thenReturn( + Optional.of(new AttachmentPointsBuilder().setInterface(references.getInterface()).build())); + validator.validateDelete(ID, standardAcls.getAcl().get(0), writeContext); + } + + @Test + public void testReferencedVppAclFirst() { + final List referenced = checkAclReferenced(writeContext, new AclBuilder() + .setName("acl1").setType(VppAcl.class).build()); + assertThat(referenced, hasSize(3)); + assertThat(new HashSet<>(referenced), containsInAnyOrder("eth0", "eth1", "eth2")); + } + + @Test + public void testReferencedVppAclSecond() { + final List referenced = checkAclReferenced(writeContext, new AclBuilder() + .setName("acl2").setType(VppAcl.class).build()); + assertThat(referenced, hasSize(1)); + assertThat(new HashSet<>(referenced), containsInAnyOrder("eth1")); + } + + @Test + public void testReferencedMacipAcl() { + final List referenced = checkAclReferenced(writeContext, new AclBuilder() + .setName("acl4").setType(VppMacipAcl.class).build()); + assertThat(referenced, hasSize(1)); + assertThat(new HashSet<>(referenced), containsInAnyOrder("eth2")); + } +} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java index 5dc139acc..b6c26ceeb 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizerTest.java @@ -17,10 +17,10 @@ package io.fd.hc2vpp.acl.write; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.AclTestSchemaContext; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; @@ -31,15 +31,12 @@ import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; import java.util.Collections; import org.junit.Test; import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.AclBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.IngressBuilder; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAclsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.IngressBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class InterfaceAclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext { @@ -47,61 +44,70 @@ public class InterfaceAclCustomizerTest extends WriterCustomizerTest implements private static final String IFC_CTX_NAME = "ifc-test-instance"; private static final String IFACE_NAME = "eth0"; private static final int IFACE_ID = 123; + private static final int ACL_ID = 111; @Mock private FutureJVppAclFacade aclApi; @Mock private AclContextManager standardAclContext; + @Mock + private AclContextManager macipAclContext; private InterfaceAclCustomizer customizer; - private NamingContext interfaceContext; - private InstanceIdentifier ACL_ID = InstanceIdentifier.create(Interfaces.class) - .child(Interface.class, new InterfaceKey(IFACE_NAME)).augmentation(VppAclInterfaceAugmentation.class).child(Acl.class); + private InstanceIdentifier IFC_IID = + AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(IFACE_NAME)); + private Interface ifcAcl; + private static final String ACL_NAME = "standard_acl"; + @Override - protected void setUpTest() throws Exception { + protected void setUpTest() { defineMapping(mappingContext, IFACE_NAME, IFACE_ID, IFC_CTX_NAME); - interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME); - customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext); + final NamingContext interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME); + customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext, macipAclContext); + ifcAcl = new InterfaceBuilder() + .setIngress(new IngressBuilder() + .setAclSets(new AclSetsBuilder() + .setAclSet(Collections.singletonList(new AclSetBuilder() + .setName(ACL_NAME) + .build())) + .build()) + .build()) + .build(); + when(standardAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_ID); + when(standardAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true); when(aclApi.aclInterfaceSetAclList(any())).thenReturn(future(new AclInterfaceSetAclListReply())); } @Test public void testWrite() throws Exception { - final Acl acl = new AclBuilder().build(); - customizer.writeCurrentAttributes(ACL_ID, acl, writeContext); + customizer.writeCurrentAttributes(IFC_IID, ifcAcl, writeContext); final AclInterfaceSetAclList list = new AclInterfaceSetAclList(); list.swIfIndex = IFACE_ID; - list.acls = new int[]{}; + list.acls = new int[]{ACL_ID}; + list.count = 1; + list.nInput = 1; verify(aclApi).aclInterfaceSetAclList(list); } @Test public void testUpdate() throws Exception { - final Acl acl = new AclBuilder().build(); - customizer.updateCurrentAttributes(ACL_ID, acl, acl, writeContext); + final Interface updIfcAcl = new InterfaceBuilder().build(); + customizer.updateCurrentAttributes(IFC_IID, updIfcAcl, ifcAcl, writeContext); final AclInterfaceSetAclList list = new AclInterfaceSetAclList(); list.swIfIndex = IFACE_ID; - list.acls = new int[]{}; + list.acls = new int[]{ACL_ID}; + list.count = 1; + list.nInput = 1; verify(aclApi).aclInterfaceSetAclList(list); } @Test public void testDelete() throws Exception { - final VppAcls - element = mock(VppAcls.class); - final Acl acl = new AclBuilder() - .setIngress(new IngressBuilder() - .setVppAcls(Collections.singletonList(new VppAclsBuilder() - .setName("asd") - .build())) - .build()) - .build(); - customizer.deleteCurrentAttributes(ACL_ID, acl, writeContext); + customizer.deleteCurrentAttributes(IFC_IID, ifcAcl, writeContext); final AclInterfaceSetAclList list = new AclInterfaceSetAclList(); list.swIfIndex = IFACE_ID; list.acls = new int[]{}; verify(aclApi).aclInterfaceSetAclList(list); } - } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java index b5fa649ca..af3deaca2 100644 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java +++ b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/InterfaceAclMacipCustomizerTest.java @@ -20,23 +20,24 @@ import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; +import io.fd.hc2vpp.acl.AclIIds; import io.fd.hc2vpp.acl.AclTestSchemaContext; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.vpp.jvpp.acl.dto.AclInterfaceSetAclListReply; import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDel; import io.fd.vpp.jvpp.acl.dto.MacipAclInterfaceAddDelReply; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; +import java.util.Collections; import org.junit.Test; import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.InterfaceKey; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.macip.acls.base.attributes.VppMacipAclBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.InterfaceKey; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.IngressBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSetsBuilder; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSetBuilder; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; public class InterfaceAclMacipCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext { @@ -51,27 +52,31 @@ public class InterfaceAclMacipCustomizerTest extends WriterCustomizerTest implem private FutureJVppAclFacade aclApi; @Mock private AclContextManager macipAclContext; + @Mock + private AclContextManager standardAclContext; - private InterfaceAclMacIpCustomizer customizer; + private InterfaceAclCustomizer customizer; private NamingContext interfaceContext; - private InstanceIdentifier ACL_IID = InstanceIdentifier.create(Interfaces.class) - .child(Interface.class, new InterfaceKey(IFACE_NAME)).augmentation(VppAclInterfaceAugmentation.class) - .child(Acl.class).child(Ingress.class).child(VppMacipAcl.class); - private VppMacipAcl acl; + private InstanceIdentifier IFC_IID = + AclIIds.ACLS_AP.child(Interface.class, new InterfaceKey(IFACE_NAME)); + private Interface ifcAcl; @Override protected void setUpTest() throws Exception { defineMapping(mappingContext, IFACE_NAME, IFACE_ID, IFC_CTX_NAME); interfaceContext = new NamingContext("generatedIfaceName", IFC_CTX_NAME); - customizer = new InterfaceAclMacIpCustomizer(aclApi, macipAclContext, interfaceContext); - acl = new VppMacipAclBuilder().setName(ACL_NAME).build(); + customizer = new InterfaceAclCustomizer(aclApi, interfaceContext, standardAclContext, macipAclContext); + ifcAcl = new InterfaceBuilder().setIngress(new IngressBuilder().setAclSets(new AclSetsBuilder().setAclSet( + Collections.singletonList(new AclSetBuilder().setName(ACL_NAME).build())).build()).build()).build(); when(macipAclContext.getAclIndex(ACL_NAME, mappingContext)).thenReturn(ACL_ID); + when(macipAclContext.containsAcl(ACL_NAME, mappingContext)).thenReturn(true); when(aclApi.macipAclInterfaceAddDel(any())).thenReturn(future(new MacipAclInterfaceAddDelReply())); + when(aclApi.aclInterfaceSetAclList(any())).thenReturn(future(new AclInterfaceSetAclListReply())); } @Test public void testWrite() throws Exception { - customizer.writeCurrentAttributes(ACL_IID, acl, writeContext); + customizer.writeCurrentAttributes(IFC_IID, ifcAcl, writeContext); final MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel(); request.swIfIndex = IFACE_ID; request.isAdd = 1; @@ -79,19 +84,19 @@ public class InterfaceAclMacipCustomizerTest extends WriterCustomizerTest implem verify(aclApi).macipAclInterfaceAddDel(request); } - @Test(expected = UnsupportedOperationException.class) + @Test public void testUpdate() throws Exception { - customizer.updateCurrentAttributes(ACL_IID, acl, acl, writeContext); + customizer.updateCurrentAttributes(IFC_IID, ifcAcl, ifcAcl, writeContext); + verify(aclApi).aclInterfaceSetAclList(any()); } @Test public void testDelete() throws Exception { - customizer.deleteCurrentAttributes(ACL_IID, acl, writeContext); + customizer.deleteCurrentAttributes(IFC_IID, ifcAcl, writeContext); final MacipAclInterfaceAddDel request = new MacipAclInterfaceAddDel(); request.swIfIndex = IFACE_ID; request.isAdd = 0; request.aclIndex = ACL_ID; verify(aclApi).macipAclInterfaceAddDel(request); } - } \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java deleted file mode 100644 index a3fa6db0e..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclCustomizerTest.java +++ /dev/null @@ -1,374 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.write; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -import com.google.common.base.Optional; -import io.fd.hc2vpp.acl.AclTestSchemaContext; -import io.fd.hc2vpp.acl.util.AclContextManager; -import io.fd.hc2vpp.common.test.write.WriterCustomizerTest; -import io.fd.honeycomb.test.tools.HoneycombTestRunner; -import io.fd.honeycomb.test.tools.annotations.InjectTestData; -import io.fd.honeycomb.translate.write.WriteFailedException; -import io.fd.vpp.jvpp.acl.dto.AclAddReplace; -import io.fd.vpp.jvpp.acl.dto.AclAddReplaceReply; -import io.fd.vpp.jvpp.acl.dto.AclDel; -import io.fd.vpp.jvpp.acl.dto.AclDelReply; -import io.fd.vpp.jvpp.acl.dto.MacipAclAdd; -import io.fd.vpp.jvpp.acl.dto.MacipAclAddReply; -import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; -import io.fd.vpp.jvpp.acl.types.AclRule; -import io.fd.vpp.jvpp.acl.types.MacipAclRule; -import java.nio.charset.StandardCharsets; -import java.util.Arrays; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.ArgumentCaptor; -import org.mockito.Captor; -import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -@RunWith(HoneycombTestRunner.class) -public class VppAclCustomizerTest extends WriterCustomizerTest implements AclTestSchemaContext { - - @Mock - private FutureJVppAclFacade aclApi; - - @Captor - private ArgumentCaptor aclAddReplaceRequestCaptor; - - @Captor - private ArgumentCaptor macipAclAddReplaceRequestCaptor; - - @Captor - private ArgumentCaptor aclDelRequestCaptor; - - private InstanceIdentifier validId; - private InstanceIdentifier validMacipId; - private VppAclCustomizer aclCustomizer; - - @Mock - private AclContextManager standardAclContext; - @Mock - private AclContextManager macIpAclContext; - - - @Override - protected void setUpTest() throws Exception { - validId = - InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey("standard-acl", VppAcl.class)); - validMacipId = - InstanceIdentifier.create(AccessLists.class).child(Acl.class, new AclKey("macip-acl", VppAcl.class)); - aclCustomizer = new VppAclCustomizer(aclApi, standardAclContext, macIpAclContext); - - when(aclApi.aclAddReplace(any())).thenReturn(future(new AclAddReplaceReply())); - when(aclApi.aclDel(any())).thenReturn(future(new AclDelReply())); - when(aclApi.macipAclAdd(any())).thenReturn(future(new MacipAclAddReply())); - } - - @Test - public void writeCurrentAttributesMacip(@InjectTestData(resourcePath = "/acl/macip/macip-acl.json") - AccessLists macipAcl) throws WriteFailedException { - - aclCustomizer.writeCurrentAttributes(validMacipId, macipAcl.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).macipAclAdd(macipAclAddReplaceRequestCaptor.capture()); - - final MacipAclAdd request = macipAclAddReplaceRequestCaptor.getValue(); - - assertEquals(1, request.count); - assertEquals("macip-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); - - final MacipAclRule rule = request.r[0]; - - assertEquals(0, rule.isIpv6); - assertEquals(1, rule.isPermit); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, rule.srcIpAddr)); - assertEquals(32, rule.srcIpPrefixLen); - assertTrue(Arrays.equals(new byte[]{(byte)0xaa, (byte)0xaa, (byte)0xaa, (byte)0xaa, (byte)0xaa, (byte)0xaa}, rule.srcMac)); - assertTrue(Arrays.equals(new byte[]{(byte)0xff, 0, 0, 0, 0, 0}, rule.srcMacMask)); - } - - @Test - public void writeCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") - AccessLists standardAcls) throws Exception { - aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyIcmpIpv4Request(-1); - } - - @Test - public void updateCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") - AccessLists standardAcls) throws Exception { - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - final Acl data = standardAcls.getAcl().get(0); - - aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyIcmpIpv4Request(aclIndex); - } - - - @Test - public void writeCurrentAttributesIcmpIpv6(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") - AccessLists standardAcls) throws Exception { - aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyIcmpv6Request(-1); - } - - @Test - public void updateCurrentAttributesIcmpIpv6( - @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") - AccessLists standardAcls) throws Exception { - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - final Acl data = standardAcls.getAcl().get(0); - aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyIcmpv6Request(aclIndex); - } - - - @Test - public void writeCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") - AccessLists standardAcls) throws Exception { - aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyTcpRequest(-1); - } - - @Test - public void updateCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") - AccessLists standardAcls) throws Exception { - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - final Acl data = standardAcls.getAcl().get(0); - aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyTcpRequest(aclIndex); - } - - @Test - public void updateCurrentAttributesTcpSrcOnly(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp-src-only.json") - AccessLists standardAcls) throws Exception { - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - final Acl data = standardAcls.getAcl().get(0); - aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); - final AclRule tcpRule = request.r[0]; - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, tcpRule.srcIpAddr)); - assertEquals(32, tcpRule.srcIpPrefixLen); - assertTrue(Arrays.equals(new byte[]{0, 0, 0, 0}, tcpRule.dstIpAddr)); - assertEquals(0, tcpRule.dstIpPrefixLen); - } - - - @Test - public void writeCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") - AccessLists standardAcls) throws Exception { - aclCustomizer.writeCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - - verifyUdpRequest(-1); - } - - @Test - public void updateCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") - AccessLists standardAcls) throws Exception { - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - final Acl data = standardAcls.getAcl().get(0); - aclCustomizer.updateCurrentAttributes(validId, data, data, writeContext); - - verify(aclApi, times(1)).aclAddReplace(aclAddReplaceRequestCaptor.capture()); - verifyUdpRequest(aclIndex); - } - - - @Test - public void deleteCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") - AccessLists standardAcls) throws Exception { - when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); - assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); - } - - @Test - public void deleteCurrentAttributesIcmpIpv6( - @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json") - AccessLists standardAcls) throws Exception { - when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); - assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); - } - - @Test - public void deleteCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json") - AccessLists standardAcls) throws Exception { - when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); - assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); - } - - @Test - public void deleteCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") - AccessLists standardAcls) throws Exception { - when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent()); - final int aclIndex = 4; - when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex); - aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext); - - verify(aclApi, times(1)).aclDel(aclDelRequestCaptor.capture()); - assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex); - } - - private void verifyUdpRequest(final int aclIndex) { - final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); - assertEquals(aclIndex, request.aclIndex); - assertEquals(1, request.count); - assertEquals("udp-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); - - final AclRule udpRule = request.r[0]; - - assertEquals(0, udpRule.isIpv6); - assertEquals(1, udpRule.isPermit); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, udpRule.srcIpAddr)); - assertEquals(32, udpRule.srcIpPrefixLen); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 1}, udpRule.dstIpAddr)); - assertEquals(24, udpRule.dstIpPrefixLen); - - assertEquals(17, udpRule.proto); - assertEquals(1, udpRule.srcportOrIcmptypeFirst); - assertEquals(5487, udpRule.srcportOrIcmptypeLast); - assertEquals(87, udpRule.dstportOrIcmpcodeFirst); - assertEquals(6745, udpRule.dstportOrIcmpcodeLast); - assertEquals(0, udpRule.tcpFlagsMask); - assertEquals(0, udpRule.tcpFlagsValue); - } - - private void verifyTcpRequest(final int aclIndex) { - final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); - assertEquals(aclIndex, request.aclIndex); - assertEquals(1, request.count); - assertEquals("tcp-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); - - final AclRule tcpRule = request.r[0]; - - assertEquals(0, tcpRule.isIpv6); - assertEquals(1, tcpRule.isPermit); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, tcpRule.srcIpAddr)); - assertEquals(32, tcpRule.srcIpPrefixLen); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 1}, tcpRule.dstIpAddr)); - assertEquals(24, tcpRule.dstIpPrefixLen); - - assertEquals(6, tcpRule.proto); - assertEquals(1, tcpRule.srcportOrIcmptypeFirst); - assertEquals(5487, tcpRule.srcportOrIcmptypeLast); - assertEquals(87, tcpRule.dstportOrIcmpcodeFirst); - assertEquals(6745, tcpRule.dstportOrIcmpcodeLast); - assertEquals(1, tcpRule.tcpFlagsMask); - assertEquals(7, tcpRule.tcpFlagsValue); - } - - private void verifyIcmpv6Request(final int aclIndex) { - final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); - assertEquals(aclIndex, request.aclIndex); - assertEquals(1, request.count); - assertEquals("icmp-v6-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); - - - final AclRule icmpv6Rule = request.r[0]; - - assertEquals(1, icmpv6Rule.isIpv6); - assertEquals(1, icmpv6Rule.isPermit); - assertTrue( - Arrays.equals(new byte[]{32, 1, 13, -72, 10, 11, 18, -16, 0, 0, 0, 0, 0, 0, 0, 2}, - icmpv6Rule.srcIpAddr)); - assertEquals(48, icmpv6Rule.srcIpPrefixLen); - assertTrue( - Arrays.equals(new byte[]{32, 1, 13, -72, 10, 11, 18, -16, 0, 0, 0, 0, 0, 0, 0, 1}, - icmpv6Rule.dstIpAddr)); - assertEquals(64, icmpv6Rule.dstIpPrefixLen); - - assertEquals(58, icmpv6Rule.proto); - assertEquals(5, icmpv6Rule.srcportOrIcmptypeFirst); - assertEquals(8, icmpv6Rule.srcportOrIcmptypeLast); - assertEquals(1, icmpv6Rule.dstportOrIcmpcodeFirst); - assertEquals(3, icmpv6Rule.dstportOrIcmpcodeLast); - assertEquals(0, icmpv6Rule.tcpFlagsMask); - assertEquals(0, icmpv6Rule.tcpFlagsValue); - } - - private void verifyIcmpIpv4Request(final int aclIndex) { - final AclAddReplace request = aclAddReplaceRequestCaptor.getValue(); - assertEquals(aclIndex, request.aclIndex); - assertEquals(1, request.count); - assertEquals("icmp-v4-tag-value", new String(request.tag, StandardCharsets.US_ASCII)); - - final AclRule icmpRule = request.r[0]; - - assertEquals(0, icmpRule.isIpv6); - assertEquals(1, icmpRule.isPermit); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 2}, icmpRule.srcIpAddr)); - assertEquals(32, icmpRule.srcIpPrefixLen); - assertTrue(Arrays.equals(new byte[]{-64, -88, 2, 1}, icmpRule.dstIpAddr)); - assertEquals(24, icmpRule.dstIpPrefixLen); - - assertEquals(1, icmpRule.proto); - assertEquals(5, icmpRule.srcportOrIcmptypeFirst); - assertEquals(8, icmpRule.srcportOrIcmptypeLast); - assertEquals(1, icmpRule.dstportOrIcmpcodeFirst); - assertEquals(3, icmpRule.dstportOrIcmpcodeLast); - assertEquals(0, icmpRule.tcpFlagsMask); - assertEquals(0, icmpRule.tcpFlagsValue); - } -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclValidatorTest.java b/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclValidatorTest.java deleted file mode 100644 index 287e53f80..000000000 --- a/acl/acl-impl/src/test/java/io/fd/hc2vpp/acl/write/VppAclValidatorTest.java +++ /dev/null @@ -1,143 +0,0 @@ -/* - * Copyright (c) 2018 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package io.fd.hc2vpp.acl.write; - -import static io.fd.hc2vpp.acl.write.VppAclValidator.checkAclReferenced; -import static java.util.stream.Collectors.toSet; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.containsInAnyOrder; -import static org.hamcrest.Matchers.hasSize; -import static org.mockito.Mockito.when; -import static org.mockito.MockitoAnnotations.initMocks; - -import com.google.common.base.Optional; -import io.fd.hc2vpp.acl.AclTestSchemaContext; -import io.fd.honeycomb.test.tools.HoneycombTestRunner; -import io.fd.honeycomb.test.tools.annotations.InjectTestData; -import io.fd.honeycomb.translate.write.DataValidationFailedException; -import io.fd.honeycomb.translate.write.WriteContext; -import java.util.List; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Mock; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesBuilder; -import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppAcl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev170615.VppMacipAcl; -import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; - -@RunWith(HoneycombTestRunner.class) -public class VppAclValidatorTest implements AclTestSchemaContext { - - private static final InstanceIdentifier ID = InstanceIdentifier.create(AccessLists.class) - .child(Acl.class, new AclKey("standard-acl", VppAcl.class)); - - @InjectTestData(id = "/ietf-interfaces:interfaces", resourcePath = "/interface-acl/acl-references.json") - private Interfaces interfaces; - - @Mock - private WriteContext writeContext; - - private VppAclValidator validator; - - @Before - public void init(){ - initMocks(this); - when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.of(interfaces)); - validator = new VppAclValidator(); - } - - @Test - public void testValidateWrite( - @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists acls) - throws DataValidationFailedException.CreateValidationFailedException { - validator.validateWrite(ID, acls.getAcl().get(0), writeContext); - } - - @Test(expected = DataValidationFailedException.CreateValidationFailedException.class) - public void testValidateWriteEmptyAcl() - throws DataValidationFailedException.CreateValidationFailedException { - validator.validateWrite(ID, new AclBuilder().build(), writeContext); - } - - @Test - public void testValidateUpdate( - @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists acls) - throws DataValidationFailedException.UpdateValidationFailedException { - final Acl data = acls.getAcl().get(0); - validator.validateUpdate(ID, data, data, writeContext); - } - - @Test(expected = DataValidationFailedException.UpdateValidationFailedException.class) - public void testValidateUpdateUnsupportedType( - @InjectTestData(resourcePath = "/acl/ipv4/ipv4-acl.json") AccessLists acls) - throws DataValidationFailedException.UpdateValidationFailedException { - final Acl data = acls.getAcl().get(0); - validator.validateUpdate(ID, data, data, writeContext); - } - - @Test - public void testValidateDelete( - @InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json") AccessLists acls) - throws DataValidationFailedException.DeleteValidationFailedException { - validator.validateDelete(ID, acls.getAcl().get(0), writeContext); - } - - @Test(expected = DataValidationFailedException.DeleteValidationFailedException.class) - public void testValidateDeleteReferenced( - @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json") - AccessLists standardAcls, - @InjectTestData(resourcePath = "/acl/standard/interface-ref-acl-udp.json") - Interfaces references) throws Exception { - when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn( - Optional.of(new InterfacesBuilder().setInterface(references.getInterface()).build())); - validator.validateDelete(ID, standardAcls.getAcl().get(0), writeContext); - } - - @Test - public void testReferencedVppAclFirst() { - final List referenced = checkAclReferenced(writeContext, new AclBuilder() - .setAclName("acl1").setAclType(VppAcl.class).build()); - assertThat(referenced, hasSize(3)); - assertThat(referenced.stream().map(Interface::getName).collect(toSet()), - containsInAnyOrder("eth0", "eth1", "eth2")); - } - - @Test - public void testReferencedVppAclSecond() { - final List referenced = checkAclReferenced(writeContext, new AclBuilder() - .setAclName("acl2").setAclType(VppAcl.class).build()); - assertThat(referenced, hasSize(1)); - assertThat(referenced.stream().map(Interface::getName).collect(toSet()), - containsInAnyOrder("eth1")); - } - - @Test - public void testReferencedMacipAcl() { - final List referenced = checkAclReferenced(writeContext, new AclBuilder() - .setAclName("acl4").setAclType(VppMacipAcl.class).build()); - assertThat(referenced, hasSize(1)); - assertThat(referenced.stream().map(Interface::getName).collect(toSet()), - containsInAnyOrder("eth2")); - } -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json b/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json index 04a08ff44..9946bc4f7 100644 --- a/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json +++ b/acl/acl-impl/src/test/resources/acl/ipv4/ipv4-acl.json @@ -1,13 +1,13 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "ipv4-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "ipv4-acl-type", + "aces": { "ace": [ { - "rule-name": "rule1" + "name": "rule1" } ] } diff --git a/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json b/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json index 21ac2597c..bcde22d6b 100644 --- a/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json +++ b/acl/acl-impl/src/test/resources/acl/macip/macip-acl.json @@ -1,23 +1,25 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "macip-acl", - "acl-type": "vpp-acl:vpp-macip-acl", + "name": "macip-acl", + "type": "vpp-acl:vpp-macip-acl", "tag": "macip-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "macip-rule", + "name": "macip-rule", "matches": { - "vpp-macip-ace-nodes": { - "source-ipv4-network": "192.168.2.2/32", + "eth": { "source-mac-address": "aa:aa:aa:aa:aa:aa", "source-mac-address-mask": "ff:00:00:00:00:00" + }, + "ipv4": { + "source-ipv4-network": "192.168.2.2/32" } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json index ae987a798..060551b9b 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/interface-ref-acl-udp.json @@ -1,21 +1,21 @@ { - "interfaces":{ - "interface": [{ - "name": "eth2", - "acl": { + "attachment-points": { + "interface": [ + { + "interface-id": "eth2", "ingress": { - "vpp-acls": [ - { - "type": "vpp-acl:vpp-acl", - "name": "standard-acl" - } - ], - "vpp-macip-acl": { - "name": "acl4", - "type": "vpp-acl:vpp-macip-acl" + "acl-sets": { + "acl-set": [ + { + "name": "standard-acl" + }, + { + "name": "acl4" + } + ] } } } - }] + ] } } \ No newline at end of file diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json index 9c6530fa9..5973741ed 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp-v6.json @@ -1,24 +1,26 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "icmp-v6-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "imcp-v6-rule", + "name": "imcp-v6-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64", + "ipv6": { "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/48", - "icmp-v6-nodes": { - "icmp-type-range": { + "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } @@ -26,7 +28,7 @@ } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json index 73a9a6543..cc534f4b4 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-icmp.json @@ -1,24 +1,26 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "icmp-v4-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/24", + "ipv4": { "source-ipv4-network": "192.168.2.2/32", - "icmp-nodes": { - "icmp-type-range": { + "destination-ipv4-network": "192.168.2.1/24" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } @@ -26,7 +28,7 @@ } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json index 13e757907..9d9b396ba 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp-src-only.json @@ -1,32 +1,34 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "tcp-rule", + "name": "tcp-rule", "matches": { - "vpp-ace-nodes": { - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - }, - "tcp-flags-mask": "1", - "tcp-flags-value": "7" + "ipv4": { + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" + }, + "flags": "cwr ece urg", + "vpp-acl:vpp-tcp-ace": { + "vpp-acl:flags-mask": "cwr" } } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json index 6b5dbafc7..35ad4b1da 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-tcp.json @@ -1,34 +1,36 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "tcp-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "tcp-rule", + "name": "tcp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/24", - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - }, - "tcp-flags-mask": "1", - "tcp-flags-value": "7" + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" + }, + "flags": "cwr ece urg", + "vpp-acl:vpp-tcp-ace": { + "vpp-acl:flags-mask": "cwr" } } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json index e49a93cfa..10edb349e 100644 --- a/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json +++ b/acl/acl-impl/src/test/resources/acl/standard/standard-acl-udp.json @@ -1,32 +1,32 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", "tag": "udp-tag-value", - "access-list-entries": { + "aces": { "ace": [ { - "rule-name": "udp-rule", + "name": "udp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/24", - "source-ipv4-network": "192.168.2.2/32", - "udp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - } + "source-ipv4-network": "192.168.2.2/32" + }, + "udp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" } } }, "actions": { - "permit": [null] + "forwarding": "ietf-access-control-list:accept" } } ] diff --git a/acl/acl-impl/src/test/resources/interface-acl/acl-references.json b/acl/acl-impl/src/test/resources/interface-acl/acl-references.json index 63c9e20c9..00a86965d 100644 --- a/acl/acl-impl/src/test/resources/interface-acl/acl-references.json +++ b/acl/acl-impl/src/test/resources/interface-acl/acl-references.json @@ -1,13 +1,12 @@ { - "interfaces": { + "attachment-points": { "interface": [ { - "name": "eth0", - "acl": { - "ingress": { - "vpp-acls": [ + "interface-id": "eth0", + "ingress": { + "acl-sets": { + "acl-set": [ { - "type": "vpp-acl:vpp-acl", "name": "acl1" } ] @@ -15,20 +14,14 @@ } }, { - "name": "eth1", - "acl": { - "egress": { - "vpp-acls": [ + "interface-id": "eth1", + "ingress": { + "acl-sets": { + "acl-set": [ { - "type": "vpp-acl:vpp-acl", "name": "acl1" - } - ] - }, - "ingress": { - "vpp-acls": [ + }, { - "type": "vpp-acl:vpp-acl", "name": "acl2" } ] @@ -36,19 +29,17 @@ } }, { - "name": "eth2", - "acl": { - "ingress": { - "vpp-acls": [ + "interface-id": "eth2", + "ingress": { + "acl-sets": { + "acl-set": [ { - "type": "vpp-acl:vpp-acl", "name": "acl1" + }, + { + "name": "acl4" } - ], - "vpp-macip-acl": { - "name": "acl4", - "type": "vpp-acl:vpp-macip-acl" - } + ] } } } diff --git a/acl/acl-impl/src/test/resources/rules/icmp-rule.json b/acl/acl-impl/src/test/resources/rules/icmp-rule.json index 330a448fc..dbee65ea3 100644 --- a/acl/acl-impl/src/test/resources/rules/icmp-rule.json +++ b/acl/acl-impl/src/test/resources/rules/icmp-rule.json @@ -1,23 +1,25 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/32", + "ipv4": { "source-ipv4-network": "192.168.2.2/32", - "icmp-nodes": { - "icmp-type-range": { + "destination-ipv4-network": "192.168.2.1/32" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } diff --git a/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json b/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json index 9ea82a19a..3cb989858 100644 --- a/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json +++ b/acl/acl-impl/src/test/resources/rules/icmp-v6-rule.json @@ -1,23 +1,25 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-v6-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64", - "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/64", - "icmp-v6-nodes": { - "icmp-type-range": { + "ipv6": { + "source-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0002/48", + "destination-ipv6-network": "2001:0db8:0a0b:12f0:0000:0000:0000:0001/64" + }, + "icmp": { + "vpp-acl:vpp-icmp-ace": { + "vpp-acl:icmp-type-range": { "first": "5", "last": "8" }, - "icmp-code-range": { + "vpp-acl:icmp-code-range": { "first": "1", "last": "3" } diff --git a/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json b/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json index a022bf08d..dad0f05bb 100644 --- a/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json +++ b/acl/acl-impl/src/test/resources/rules/no-protocol-rule.json @@ -1,17 +1,17 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "no-protocol-rule", + "name": "no-protocol-rule", "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32" + "ipv4": { + "source-ipv4-network": "192.168.2.2/32", + "destination-ipv4-network": "192.168.2.1/32" } } } diff --git a/acl/acl-impl/src/test/resources/rules/other-rule.json b/acl/acl-impl/src/test/resources/rules/other-rule.json deleted file mode 100644 index 0e60dccf7..000000000 --- a/acl/acl-impl/src/test/resources/rules/other-rule.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "access-lists": { - "acl": [ - { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { - "ace": [ - { - "rule-name": "imcp-rule", - "matches": { - "vpp-ace-nodes": { - "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "other-nodes": { - "protocol": "64" - } - } - } - } - ] - } - } - ] - } -} \ No newline at end of file diff --git a/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json b/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json index 31cc854df..2130f4a32 100644 --- a/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json +++ b/acl/acl-impl/src/test/resources/rules/tcp-rule-no-flags.json @@ -1,24 +1,24 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "tcp-no-flags-rule", + "name": "tcp-no-flags-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "123" - }, - "destination-port-range": { - "lower-port": "65000" - } + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "123" + }, + "destination-port": { + "lower-port": "65000" } } } diff --git a/acl/acl-impl/src/test/resources/rules/tcp-rule.json b/acl/acl-impl/src/test/resources/rules/tcp-rule.json index de3697eef..95fa836d4 100644 --- a/acl/acl-impl/src/test/resources/rules/tcp-rule.json +++ b/acl/acl-impl/src/test/resources/rules/tcp-rule.json @@ -1,28 +1,30 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "tcp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "tcp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - }, - "tcp-flags-mask": "1", - "tcp-flags-value": "7" + "source-ipv4-network": "192.168.2.2/32" + }, + "tcp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" + }, + "flags": "cwr ece urg", + "vpp-acl:vpp-tcp-ace": { + "vpp-acl:flags-mask": "cwr" } } } diff --git a/acl/acl-impl/src/test/resources/rules/udp-rule.json b/acl/acl-impl/src/test/resources/rules/udp-rule.json index 4bc05d4b2..8ee8b82d6 100644 --- a/acl/acl-impl/src/test/resources/rules/udp-rule.json +++ b/acl/acl-impl/src/test/resources/rules/udp-rule.json @@ -1,26 +1,26 @@ { - "access-lists": { + "acls": { "acl": [ { - "acl-name": "standard-acl", - "acl-type": "vpp-acl:vpp-acl", - "access-list-entries": { + "name": "standard-acl", + "type": "vpp-acl:vpp-acl", + "aces": { "ace": [ { - "rule-name": "imcp-rule", + "name": "imcp-rule", "matches": { - "vpp-ace-nodes": { + "ipv4": { "destination-ipv4-network": "192.168.2.1/32", - "source-ipv4-network": "192.168.2.2/32", - "udp-nodes": { - "source-port-range": { - "lower-port": "1", - "upper-port": "5487" - }, - "destination-port-range": { - "lower-port": "87", - "upper-port": "6745" - } + "source-ipv4-network": "192.168.2.2/32" + }, + "udp": { + "source-port": { + "lower-port": "1", + "upper-port": "5487" + }, + "destination-port": { + "lower-port": "87", + "upper-port": "6745" } } } diff --git a/acl/acl_postman_collection.json b/acl/acl_postman_collection.json old mode 100644 new mode 100755 index e96520fa1..5812715cd --- a/acl/acl_postman_collection.json +++ b/acl/acl_postman_collection.json @@ -1,13 +1,12 @@ { "info": { - "_postman_id": "7d511277-9b9c-8a1c-2ad7-58618b778f72", + "_postman_id": "0c1948da-d645-4b5c-90f4-9b3074a5040f", "name": "Hc2vpp RESTCONF calls for acl plugin", "description": "Provides examples of RESTCONF calls for vpp's acl plugin, exposed\nin hc2vpp.", "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" }, "item": [ { - "_postman_id": "76a3c744-d3c9-4326-9e53-6896c0220ea6", "name": "Write mac_ip list", "request": { "method": "PUT", @@ -23,10 +22,10 @@ ], "body": { "mode": "raw", - "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"macip-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-macip-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"macip-rule\",\r\n \"matches\": {\r\n \"vpp-macip-ace-nodes\": {\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"source-mac-address\": \"aa:aa:aa:aa:aa:aa\",\r\n \"source-mac-address-mask\": \"ff:00:00:00:00:00\"\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + "raw": "{\n \"acl\":\n {\n \"name\":\"macip-acl\",\n \"type\":\"vpp-acl:vpp-macip-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"macip-rule\",\n \"matches\":{\n \n \"eth\":{\n \"source-mac-address\":\"aa:aa:aa:aa:aa:aa\",\n \"source-mac-address-mask\":\"ff:00:00:00:00:00\"\n\n },\n\n \"ipv4\":{\n\n \"source-ipv4-network\":\"192.168.2.2/32\"\n\n\n }\n },\n \n \"actions\":{\n \"forwarding\": \"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-macip-acl/macip-acl", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/macip-acl", "protocol": "http", "host": [ "localhost" @@ -35,9 +34,8 @@ "path": [ "restconf", "config", - "ietf-access-control-list:access-lists", + "ietf-access-control-list:acls", "acl", - "vpp-acl:vpp-macip-acl", "macip-acl" ] } @@ -45,8 +43,7 @@ "response": [] }, { - "_postman_id": "69d626eb-ef32-4b62-beef-8f91da807382", - "name": "Write icmp acl list", + "name": "Write tcp acl list", "request": { "method": "PUT", "header": [ @@ -61,10 +58,10 @@ ], "body": { "mode": "raw", - "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"icmp-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"imcp-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv4-network\": \"192.168.2.1/24\",\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"icmp-nodes\": {\r\n \"icmp-type-range\": {\r\n \"first\": \"5\",\r\n \"last\": \"8\"\r\n },\r\n \"icmp-code-range\": {\r\n \"first\": \"1\",\r\n \"last\": \"3\"\r\n }\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + "raw": "{\n \"acl\":\n {\n \"name\":\"tcp-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"tcp-rule\",\n \"matches\":{\n \"ipv4\":{\n \"destination-ipv4-network\":\"192.168.2.1/24\",\n \"source-ipv4-network\":\"192.168.2.2/32\"\n },\n \"tcp\":{\n \"source-port\":{\n \"lower-port\":\"1\",\n \"upper-port\":\"5487\"\n },\n \"destination-port\":{\n \"lower-port\":\"87\",\n \"upper-port\":\"6745\"\n },\n \"flags\":\"cwr ece urg\",\n \"vpp-acl:vpp-tcp-ace\":{\n \"vpp-acl:flags-mask\":\"cwr\"\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/icmp-acl", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/tcp-acl", "protocol": "http", "host": [ "localhost" @@ -73,18 +70,16 @@ "path": [ "restconf", "config", - "ietf-access-control-list:access-lists", + "ietf-access-control-list:acls", "acl", - "vpp-acl:vpp-acl", - "icmp-acl" + "tcp-acl" ] } }, "response": [] }, { - "_postman_id": "39f40bc8-b30b-40e2-ae2d-b357a824f611", - "name": "Write tcp acl list", + "name": "Write udp acl list", "request": { "method": "PUT", "header": [ @@ -99,10 +94,10 @@ ], "body": { "mode": "raw", - "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"tcp-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"tcp-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv4-network\": \"192.168.2.1/24\",\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"tcp-nodes\": {\r\n \"source-port-range\": {\r\n \"lower-port\": \"1\",\r\n \"upper-port\": \"5487\"\r\n },\r\n \"destination-port-range\": {\r\n \"lower-port\": \"87\",\r\n \"upper-port\": \"6745\"\r\n },\r\n \"tcp-flags-mask\": \"1\",\r\n \"tcp-flags-value\": \"7\"\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + "raw": "{\r\n \"acl\":\r\n {\r\n \"name\":\"udp-acl\",\r\n \"type\":\"vpp-acl:vpp-acl\",\r\n \"aces\":{\r\n \"ace\":[\r\n {\r\n \"name\":\"udp-rule\",\r\n \"matches\":{\r\n \"ipv4\":{\r\n \"destination-ipv4-network\":\"192.168.2.1/24\",\r\n \"source-ipv4-network\":\"192.168.2.2/32\"\r\n },\r\n \"udp\":{\r\n \"source-port\":{\r\n \"lower-port\":\"1\",\r\n \"upper-port\":\"5487\"\r\n },\r\n \"destination-port\":{\r\n \"lower-port\":\"87\",\r\n \"upper-port\":\"6745\"\r\n }\r\n }\r\n },\r\n \"actions\":{\r\n \"forwarding\":\"ietf-access-control-list:accept\"\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n}" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/tcp-acl", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/udp-acl", "protocol": "http", "host": [ "localhost" @@ -111,17 +106,51 @@ "path": [ "restconf", "config", - "ietf-access-control-list:access-lists", + "ietf-access-control-list:acls", "acl", - "vpp-acl:vpp-acl", - "tcp-acl" + "udp-acl" + ] + } + }, + "response": [] + }, + { + "name": "Write icmp acl list", + "request": { + "method": "PUT", + "header": [ + { + "key": "Authorization", + "value": "Basic YWRtaW46YWRtaW4=" + }, + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"acl\":\n {\n \"name\":\"icmp-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"imcp-rule\",\n \"matches\":{\n \"ipv4\":{\n \"source-ipv4-network\":\"192.168.2.2/32\",\n \"destination-ipv4-network\":\"192.168.2.1/24\"\n },\n \"icmp\":{\n \"vpp-acl:vpp-icmp-ace\":{\n \"vpp-acl:icmp-type-range\":{\n \"first\":\"5\",\n \"last\":\"8\"\n },\n \"vpp-acl:icmp-code-range\":{\n \"first\":\"1\",\n \"last\":\"3\"\n }\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" + }, + "url": { + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/icmp-acl", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8183", + "path": [ + "restconf", + "config", + "ietf-access-control-list:acls", + "acl", + "icmp-acl" ] } }, "response": [] }, { - "_postman_id": "0b24a6ea-b894-427b-91af-74ae075e3dff", "name": "Write icmp-v6 acl list", "request": { "method": "PUT", @@ -137,10 +166,10 @@ ], "body": { "mode": "raw", - "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"icmp-v6-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"imcp-v6-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv6-network\": \"2001:0db8:0a0b:12f0:0000:0000:0000:0001/64\",\r\n \"source-ipv6-network\": \"2001:0db8:0a0b:12f0:0000:0000:0000:0002/48\",\r\n \"icmp-v6-nodes\": {\r\n \"icmp-type-range\": {\r\n \"first\": \"5\",\r\n \"last\": \"8\"\r\n },\r\n \"icmp-code-range\": {\r\n \"first\": \"1\",\r\n \"last\": \"3\"\r\n }\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + "raw": "{\n \"acl\":\n {\n \"name\":\"icmp-v6-acl\",\n \"type\":\"vpp-acl:vpp-acl\",\n \"aces\":{\n \"ace\":[\n {\n \"name\":\"imcp-v6-rule\",\n \"matches\":{\n \"ipv6\":{\n \"source-ipv6-network\":\"2001:0db8:0a0b:12f0:0000:0000:0000:0002/48\",\n \"destination-ipv6-network\":\"2001:0db8:0a0b:12f0:0000:0000:0000:0001/64\"\n },\n \"icmp\":{\n \"vpp-acl:vpp-icmp-ace\":{\n \"vpp-acl:icmp-type-range\":{\n \"first\":\"5\",\n \"last\":\"8\"\n },\n \"vpp-acl:icmp-code-range\":{\n \"first\":\"1\",\n \"last\":\"3\"\n }\n }\n }\n },\n \"actions\":{\n \"forwarding\":\"ietf-access-control-list:accept\"\n }\n }\n ]\n }\n }\n}" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/icmp-v6-acl", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/acl/icmp-v6-acl", "protocol": "http", "host": [ "localhost" @@ -149,9 +178,8 @@ "path": [ "restconf", "config", - "ietf-access-control-list:access-lists", + "ietf-access-control-list:acls", "acl", - "vpp-acl:vpp-acl", "icmp-v6-acl" ] } @@ -159,10 +187,82 @@ "response": [] }, { - "_postman_id": "4614b547-11f8-42d8-be28-fcac6af5f6f4", - "name": "Write udp acl list", + "name": "Read interface ACLs (operational)", "request": { - "method": "PUT", + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Basic YWRtaW46YWRtaW4=" + }, + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "" + }, + "url": { + "raw": "http://localhost:8183/restconf/operational/ietf-access-control-list:acls/attachment-points/", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8183", + "path": [ + "restconf", + "operational", + "ietf-access-control-list:acls", + "attachment-points", + "" + ] + } + }, + "response": [] + }, + { + "name": "Read interface ACLs (config)", + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Basic YWRtaW46YWRtaW4=" + }, + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "" + }, + "url": { + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8183", + "path": [ + "restconf", + "config", + "ietf-access-control-list:acls", + "attachment-points", + "interface", + "local0" + ] + } + }, + "response": [] + }, + { + "name": "Read ACLs (cfg)", + "request": { + "method": "GET", "header": [ { "key": "Authorization", @@ -175,10 +275,10 @@ ], "body": { "mode": "raw", - "raw": "{\r\n \"acl\": [\r\n {\r\n \"acl-name\": \"udp-acl\",\r\n \"acl-type\": \"vpp-acl:vpp-acl\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"udp-rule\",\r\n \"matches\": {\r\n \"vpp-ace-nodes\": {\r\n \"destination-ipv4-network\": \"192.168.2.1/24\",\r\n \"source-ipv4-network\": \"192.168.2.2/32\",\r\n \"udp-nodes\": {\r\n \"source-port-range\": {\r\n \"lower-port\": \"1\",\r\n \"upper-port\": \"5487\"\r\n },\r\n \"destination-port-range\": {\r\n \"lower-port\": \"87\",\r\n \"upper-port\": \"6745\"\r\n }\r\n }\r\n }\r\n },\r\n \"actions\": {\r\n \"permit\": [null]\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + "raw": "" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/acl/vpp-acl:vpp-acl/udp-acl", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/", "protocol": "http", "host": [ "localhost" @@ -187,17 +287,49 @@ "path": [ "restconf", "config", - "ietf-access-control-list:access-lists", - "acl", - "vpp-acl:vpp-acl", - "udp-acl" + "ietf-access-control-list:acls", + "" + ] + } + }, + "response": [] + }, + { + "name": "Read ACLs (oper)", + "request": { + "method": "GET", + "header": [ + { + "key": "Authorization", + "value": "Basic YWRtaW46YWRtaW4=" + }, + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "" + }, + "url": { + "raw": "http://localhost:8183/restconf/operational/ietf-access-control-list:acls/", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8183", + "path": [ + "restconf", + "operational", + "ietf-access-control-list:acls", + "" ] } }, "response": [] }, { - "_postman_id": "c33624c1-ff25-4227-bf86-4fbdb5d143c5", "name": "Assign ACLs as ingress to local0", "request": { "method": "PUT", @@ -213,10 +345,10 @@ ], "body": { "mode": "raw", - "raw": "{\n \"ingress\": {\n \"vpp-acls\": [\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"tcp-acl\"\n },\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"udp-acl\"\n }\n ]\n }\n}" + "raw": "{\n\t\"acl-sets\" : {\n\t\t\"acl-set\" : [\n\t\t\t{\n\t\t\t\t\"name\" : \"tcp-acl\"\t\n\t\t\t},\n\t\t\t{\n\t\t\t\t\"name\" : \"udp-acl\"\t\n\t\t\t}\n\t\t\t]\n\t}\n}\n" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-interfaces:interfaces/interface/local0/interface-acl:acl/ingress", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/", "protocol": "http", "host": [ "localhost" @@ -225,10 +357,50 @@ "path": [ "restconf", "config", - "ietf-interfaces:interfaces", + "ietf-access-control-list:acls", + "attachment-points", "interface", "local0", - "interface-acl:acl", + "ingress", + "acl-sets", + "" + ] + } + }, + "response": [] + }, + { + "name": "Delete ACLs as ingress from local0", + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Basic YWRtaW46YWRtaW4=" + }, + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "" + }, + "url": { + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8183", + "path": [ + "restconf", + "config", + "ietf-access-control-list:acls", + "attachment-points", + "interface", + "local0", "ingress" ] } @@ -236,7 +408,6 @@ "response": [] }, { - "_postman_id": "bdf2b03d-d373-4511-95fd-6be666390db3", "name": "Assign macip ACL to local0", "request": { "method": "PUT", @@ -252,10 +423,10 @@ ], "body": { "mode": "raw", - "raw": "{\n\t\"vpp-macip-acl\": {\n\t\t\"type\" : \"vpp-acl:vpp-macip-acl\",\n\t\t\"name\" : \"macip-acl\"\n }\n}" + "raw": "{\n\t\"acl-set\": {\n\t\t\"name\" : \"macip-acl\"\n\t}\n}" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-interfaces:interfaces/interface/local0/interface-acl:acl/ingress/vpp-macip-acl", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/acl-set/macip-acl", "protocol": "http", "host": [ "localhost" @@ -264,20 +435,62 @@ "path": [ "restconf", "config", - "ietf-interfaces:interfaces", + "ietf-access-control-list:acls", + "attachment-points", "interface", "local0", - "interface-acl:acl", "ingress", - "vpp-macip-acl" + "acl-sets", + "acl-set", + "macip-acl" ] } }, "response": [] }, { - "_postman_id": "388656cf-05de-4649-82fe-41b132501936", - "name": "Read ACLs (cfg)", + "name": "delete macip ACL from local0", + "request": { + "method": "DELETE", + "header": [ + { + "key": "Authorization", + "value": "Basic YWRtaW46YWRtaW4=" + }, + { + "key": "Content-Type", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "" + }, + "url": { + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/ingress/acl-sets/acl-set/macip-acl", + "protocol": "http", + "host": [ + "localhost" + ], + "port": "8183", + "path": [ + "restconf", + "config", + "ietf-access-control-list:acls", + "attachment-points", + "interface", + "local0", + "ingress", + "acl-sets", + "acl-set", + "macip-acl" + ] + } + }, + "response": [] + }, + { + "name": "Read ACLs assigned to local0 (cfg)", "request": { "method": "GET", "header": [ @@ -292,10 +505,10 @@ ], "body": { "mode": "raw", - "raw": "{\r\n \r\n \"interface\": [\r\n {\r\n \"name\": \"testInterface\",\r\n \"description\": \"for testing purposes\",\r\n \"type\": \"iana-if-type:ethernetCsmacd\",\r\n \"enabled\": \"true\",\r\n \"link-up-down-trap-enable\": \"enabled\",\r\n \"ietf-ip:ipv4\": {\r\n \"enabled\": \"true\",\r\n \"mtu\": \"1500\",\r\n \"address\": [\r\n {\r\n \"ip\": \"1.2.3.0\",\r\n \"netmask\": \"255.255.255.0\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n \r\n}" + "raw": "" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:access-lists/", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0", "protocol": "http", "host": [ "localhost" @@ -304,18 +517,19 @@ "path": [ "restconf", "config", - "ietf-access-control-list:access-lists", - "" + "ietf-access-control-list:acls", + "attachment-points", + "interface", + "local0" ] } }, "response": [] }, { - "_postman_id": "4d76b60a-61fd-4213-862e-08a69eb73b9d", - "name": "Read ingress ACLs assigned to local0", + "name": "Assign ACLs as egress to local0", "request": { - "method": "GET", + "method": "PUT", "header": [ { "key": "Authorization", @@ -328,10 +542,10 @@ ], "body": { "mode": "raw", - "raw": "{\n \"ingress\": {\n \"vpp-acls\": [\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"tcp-acl\"\n },\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"udp-acl\"\n }\n ]\n }\n}" + "raw": "{\n\t\"egress\" : {\n\t\t\"acl-sets\" : {\n\t\t\t\"acl-set\" : [\n\t\t\t\t{\n\t\t\t\t\t\"name\" : \"tcp-acl\"\t\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\t\"name\" : \"udp-acl\"\t\n\t\t\t\t}\n\t\t\t\t]\n\t\t}\n\t}\n}\n" }, "url": { - "raw": "http://localhost:8183/restconf/operational/ietf-interfaces:interfaces-state/interface/local0/interface-acl:acl/ingress", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/egress", "protocol": "http", "host": [ "localhost" @@ -339,22 +553,21 @@ "port": "8183", "path": [ "restconf", - "operational", - "ietf-interfaces:interfaces-state", + "config", + "ietf-access-control-list:acls", + "attachment-points", "interface", "local0", - "interface-acl:acl", - "ingress" + "egress" ] } }, "response": [] }, { - "_postman_id": "986a53c8-7a95-449b-93f4-8bb7ee5112b6", - "name": "Read ACLs assigned to local0 (cfg)", + "name": "Delete ACLs as egress from local0", "request": { - "method": "GET", + "method": "DELETE", "header": [ { "key": "Authorization", @@ -367,10 +580,10 @@ ], "body": { "mode": "raw", - "raw": "{\n \"ingress\": {\n \"vpp-acls\": [\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"tcp-acl\"\n },\n {\n \"type\" : \"vpp-acl:vpp-acl\",\n \"name\" : \"udp-acl\"\n }\n ]\n }\n}" + "raw": "" }, "url": { - "raw": "http://localhost:8183/restconf/config/ietf-interfaces:interfaces/interface/local0/interface-acl:acl/ingress", + "raw": "http://localhost:8183/restconf/config/ietf-access-control-list:acls/attachment-points/interface/local0/egress", "protocol": "http", "host": [ "localhost" @@ -379,11 +592,11 @@ "path": [ "restconf", "config", - "ietf-interfaces:interfaces", + "ietf-access-control-list:acls", + "attachment-points", "interface", "local0", - "interface-acl:acl", - "ingress" + "egress" ] } }, -- cgit 1.2.3-korg