From 718e9a3c7cac01860f3e3fe6174fcc1bd33fb4eb Mon Sep 17 00:00:00 2001 From: Michal Cmarada Date: Mon, 19 Nov 2018 14:59:14 +0100 Subject: HC2VPP-291: ACL model bump - bump ACL yang models - fix ACL module implementation and validation - fix ACL Unit tests - update postman collection Change-Id: Iaab64e6d92d17babc3ccef7921b41070c3716516 Signed-off-by: Michal Cmarada --- .../hc2vpp/acl/write/InterfaceAclCustomizer.java | 155 +++++++++++++++++---- 1 file changed, 125 insertions(+), 30 deletions(-) (limited to 'acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java') diff --git a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java index a6ca35af3..622a84d93 100644 --- a/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java +++ b/acl/acl-impl/src/main/java/io/fd/hc2vpp/acl/write/InterfaceAclCustomizer.java @@ -16,82 +16,177 @@ package io.fd.hc2vpp.acl.write; +import static io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest.deleteExisting; import static java.util.stream.Collectors.toList; import io.fd.hc2vpp.acl.util.AclContextManager; import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer; -import io.fd.hc2vpp.acl.util.iface.acl.AclInterfaceAssignmentRequest; +import io.fd.hc2vpp.acl.write.request.AclInterfaceAssignmentRequest; +import io.fd.hc2vpp.acl.write.request.MacIpInterfaceAssignmentRequest; import io.fd.hc2vpp.common.translate.util.NamingContext; +import io.fd.honeycomb.translate.MappingContext; import io.fd.honeycomb.translate.spi.write.WriterCustomizer; import io.fd.honeycomb.translate.write.WriteContext; import io.fd.honeycomb.translate.write.WriteFailedException; import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade; import java.util.Collections; import java.util.List; +import java.util.stream.Collectors; import javax.annotation.Nonnull; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.Acl; -import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.vpp.acls.base.attributes.VppAcls; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points.Interface; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.AclSets; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev181001.acls.attachment.points._interface.acl.acl.sets.AclSet; import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; /** * Handles acl assignments(only standard ones, mac-ip have dedicated customizer) */ -public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer { +public class InterfaceAclCustomizer extends FutureJVppAclCustomizer implements WriterCustomizer { private final NamingContext interfaceContext; private final AclContextManager standardAclContext; + private final AclContextManager macIpAclContext; public InterfaceAclCustomizer(@Nonnull final FutureJVppAclFacade jVppAclFacade, @Nonnull final NamingContext interfaceContext, - @Nonnull final AclContextManager standardAclContext) { + @Nonnull final AclContextManager standardAclContext, + @Nonnull final AclContextManager macIpAclContext) { super(jVppAclFacade); this.interfaceContext = interfaceContext; this.standardAclContext = standardAclContext; + this.macIpAclContext = macIpAclContext; + } + + private static List getAclNames(final AclSets acls) { + if (acls == null || acls.getAclSet() == null) { + return Collections.emptyList(); + } else { + return acls.getAclSet().stream().map(AclSet::getName).collect(toList()); + } } @Override - public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataAfter, + public void writeCurrentAttributes(@Nonnull final InstanceIdentifier id, + @Nonnull final Interface dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { - AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) - .standardAclContext(standardAclContext) - .interfaceContext(interfaceContext) - .identifier(id) - .inputAclNames(getAclNames(dataAfter.getIngress())) - .outputAclNames(getAclNames(dataAfter.getEgress())) - .executeAsCreate(getjVppAclFacade()); + AclSets egress = dataAfter.getEgress() != null ? dataAfter.getEgress().getAclSets() : null; + AclSets ingress = dataAfter.getIngress() != null ? dataAfter.getIngress().getAclSets() : null; + List macIngress = parseMacRules(getAclNames(ingress), writeContext.getMappingContext()); + List standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext()); + List standardEgress = parseStandardRules(getAclNames(egress), writeContext.getMappingContext()); + + // Process standard ACLs + if (!standardIngress.isEmpty() || !standardEgress.isEmpty()) { + AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) + .standardAclContext(standardAclContext) + .interfaceContext(interfaceContext) + .identifier(id) + .inputAclNames(standardIngress) + .outputAclNames(standardEgress) + .executeAsCreate(getjVppAclFacade()); + } + // Process mac ACLs + if (!macIngress.isEmpty()) { + addMacAcls(id, writeContext, macIngress); + } } @Override - public void updateCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, - @Nonnull final Acl dataAfter, @Nonnull final WriteContext writeContext) + public void updateCurrentAttributes(@Nonnull final InstanceIdentifier id, + @Nonnull final Interface dataBefore, + @Nonnull final Interface dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { + AclSets egress = dataAfter.getEgress() != null ? dataAfter.getEgress().getAclSets() : null; + AclSets ingress = dataAfter.getIngress() != null ? dataAfter.getIngress().getAclSets() : null; + List standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext()); + List standardEgress = parseStandardRules(getAclNames(egress), writeContext.getMappingContext()); + + // update standard ACLs AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) .standardAclContext(standardAclContext) .interfaceContext(interfaceContext) .identifier(id) - .inputAclNames(getAclNames(dataAfter.getIngress())) - .outputAclNames(getAclNames(dataAfter.getEgress())) + .inputAclNames(standardIngress) + .outputAclNames(standardEgress) .executeAsUpdate(getjVppAclFacade(), dataBefore, dataAfter); + + // Process mac ACLs + AclSets ingressBefore = dataBefore.getIngress() != null ? dataBefore.getIngress().getAclSets() : null; + List macIngressAfter = parseMacRules(getAclNames(ingress), writeContext.getMappingContext()); + List macIngressBefore = parseMacRules(getAclNames(ingressBefore), writeContext.getMappingContext()); + List added = + macIngressAfter.stream().filter(acl -> !macIngressBefore.contains(acl)).collect(Collectors.toList()); + List removed = + macIngressBefore.stream().filter(acl -> !macIngressAfter.contains(acl)).collect(Collectors.toList()); + + if (!removed.isEmpty()) { + deleteMacACLs(id, writeContext, removed); + } + + if (!added.isEmpty()) { + addMacAcls(id, writeContext, added); + } } @Override - public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, @Nonnull final Acl dataBefore, - @Nonnull final WriteContext writeContext) throws WriteFailedException { - AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) - .standardAclContext(standardAclContext) - .interfaceContext(interfaceContext) - .identifier(id) - .executeAsDelete(getjVppAclFacade()); + public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier id, + @Nonnull final Interface dataBefore, @Nonnull final WriteContext writeContext) + throws WriteFailedException { + AclSets ingress = dataBefore.getIngress() != null ? dataBefore.getIngress().getAclSets() : null; + List standardIngress = parseStandardRules(getAclNames(ingress), writeContext.getMappingContext()); + List macIngress = parseMacRules(getAclNames(ingress), writeContext.getMappingContext()); + + //Process standard ACLs + if (!standardIngress.isEmpty()) { + AclInterfaceAssignmentRequest.create(writeContext.getMappingContext()) + .standardAclContext(standardAclContext) + .interfaceContext(interfaceContext) + .identifier(id) + .executeAsDelete(getjVppAclFacade()); + } + + // Process mac ACLs + if (!macIngress.isEmpty()) { + deleteMacACLs(id, writeContext, macIngress); + } } - private static List getAclNames(final VppAclsBaseAttributes acls) { - if (acls == null || acls.getVppAcls() == null) { - return Collections.emptyList(); - } else { - return acls.getVppAcls().stream().map(VppAcls::getName).collect(toList()); + private List parseMacRules(final List ingress, final MappingContext mappingContext) { + return ingress.stream() + .filter(aclName -> macIpAclContext.containsAcl(aclName, mappingContext)).collect(Collectors.toList()); + } + + private List parseStandardRules(final List ingress, final MappingContext mappingContext) { + return ingress.stream() + .filter(aclName -> standardAclContext.containsAcl(aclName, mappingContext)) + .collect(Collectors.toList()); + } + + + private void addMacAcls(@Nonnull final InstanceIdentifier id, + @Nonnull final WriteContext writeContext, final List added) + throws WriteFailedException { + for (String macAcl : added) { + MacIpInterfaceAssignmentRequest.addNew(writeContext.getMappingContext()) + .identifier(id) + .aclName(macAcl) + .macIpAclContext(macIpAclContext) + .interfaceContext(interfaceContext) + .execute(getjVppAclFacade()); } } + private void deleteMacACLs(@Nonnull final InstanceIdentifier id, + @Nonnull final WriteContext writeContext, final List macAcls) + throws WriteFailedException { + for (String macAcl : macAcls) { + deleteExisting(writeContext.getMappingContext()) + .identifier(id) + .aclName(macAcl) + .macIpAclContext(macIpAclContext) + .interfaceContext(interfaceContext) + .execute(getjVppAclFacade()); + } + } } -- cgit 1.2.3-korg