From bcbe3b71e1e9d12fab817ed001998eae397853cd Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Thu, 23 Aug 2018 10:33:47 +0200 Subject: HC2VPP-379: move NAT validation code out of customizers Use Validator interface introduced by HONEYCOMB-431: https://gerrit.fd.io/r/#/c/14022/ Change-Id: I9e4c8d59f299ed7da4a93bbdc70c81f2bea93606 Signed-off-by: Marek Gradzki --- .../hc2vpp/nat/write/ExternalIpPoolCustomizer.java | 2 - .../hc2vpp/nat/write/ExternalIpPoolValidator.java | 38 +++++++ .../hc2vpp/nat/write/MappingEntryCustomizer.java | 64 +++--------- .../fd/hc2vpp/nat/write/MappingEntryValidator.java | 111 +++++++++++++++++++++ .../hc2vpp/nat/write/Nat64PrefixesCustomizer.java | 9 -- .../hc2vpp/nat/write/Nat64PrefixesValidator.java | 41 ++++++++ .../fd/hc2vpp/nat/write/NatInstaceCustomizer.java | 7 -- .../fd/hc2vpp/nat/write/NatInstanceValidator.java | 38 +++++++ .../io/fd/hc2vpp/nat/write/NatWriterFactory.java | 21 ++-- .../io/fd/hc2vpp/nat/write/PolicyCustomizer.java | 11 -- .../io/fd/hc2vpp/nat/write/PolicyValidator.java | 52 ++++++++++ 11 files changed, 306 insertions(+), 88 deletions(-) create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstanceValidator.java create mode 100644 nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java (limited to 'nat/nat2vpp/src/main/java') diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java index d7403c004..0e60481d2 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolCustomizer.java @@ -54,8 +54,6 @@ final class ExternalIpPoolCustomizer implements ListWriterCustomizer id, @Nonnull final ExternalIpAddressPool dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { - checkArgument(id.firstKeyOf(Instance.class).getId() == 0, - "External IP pools are only assignable for nat instance(vrf-id) with ID 0"); LOG.trace("Adding address range:{}, as: {}", id, dataAfter); // TODO check overlaps ? VPP-478 maybe no necessary, depending on how VPP handles them configureAddressPool(id, dataAfter, true); diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java new file mode 100644 index 000000000..567c8e3b8 --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/ExternalIpPoolValidator.java @@ -0,0 +1,38 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.Instance; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.ExternalIpAddressPool; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class ExternalIpPoolValidator implements Validator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, + @Nonnull final ExternalIpAddressPool dataAfter, @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.CreateValidationFailedException { + if (id.firstKeyOf(Instance.class).getId() != 0) { + throw new DataValidationFailedException.CreateValidationFailedException(id, dataAfter, + new IllegalArgumentException( + "External IP pools are only assignable for nat instance(vrf-id) with ID 0")); + } + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java index 8d553b872..e51d610e1 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryCustomizer.java @@ -16,9 +16,6 @@ package io.fd.hc2vpp.nat.write; -import static com.google.common.base.Preconditions.checkArgument; -import static com.google.common.base.Preconditions.checkState; - import com.google.common.base.Optional; import io.fd.hc2vpp.common.translate.util.ByteDataTranslator; import io.fd.hc2vpp.common.translate.util.Ipv4Translator; @@ -61,10 +58,6 @@ final class MappingEntryCustomizer implements ListWriterCustomizer id, final PortNumber portNumber) { + private Integer getPortNumber(final PortNumber portNumber) { if (portNumber != null) { - if (portNumber.getStartPortNumber() != null && portNumber.getEndPortNumber() == null) { - return portNumber.getStartPortNumber().getValue().shortValue(); - } else { - throw new IllegalArgumentException( - String.format("Only single port number supported. Submitted: %s for entry: %s", portNumber, id)); - } + return portNumber.getStartPortNumber().getValue(); } return null; } diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java new file mode 100644 index 000000000..d0594039d --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/MappingEntryValidator.java @@ -0,0 +1,111 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkState; + +import com.google.common.annotations.VisibleForTesting; +import io.fd.hc2vpp.common.translate.util.Ipv4Translator; +import io.fd.hc2vpp.common.translate.util.Ipv6Translator; +import io.fd.honeycomb.translate.write.DataValidationFailedException.CreateValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.IpPrefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv4Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.inet.types.rev130715.Ipv6Prefix; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.PortNumber; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.mapping.table.MappingEntry; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class MappingEntryValidator implements Validator, Ipv4Translator, Ipv6Translator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, + @Nonnull final MappingEntry mappingEntry, + @Nonnull final WriteContext writeContext) + throws CreateValidationFailedException { + try { + validateMappingEntry(id, mappingEntry); + } catch (RuntimeException e) { + throw new CreateValidationFailedException(id, mappingEntry, e); + } + } + + private void validateMappingEntry(final InstanceIdentifier id, final MappingEntry mappingEntry) { + validateMappingEntryType(mappingEntry); + validateInternalSrcAddress(mappingEntry); + validateExternalSrcAddress(mappingEntry); + validateTransportProtocol(mappingEntry); + validatePortNumber(id, mappingEntry.getInternalSrcPort()); + validatePortNumber(id, mappingEntry.getExternalSrcPort()); + } + + @VisibleForTesting + void validateMappingEntryType(final MappingEntry mappingEntry) { + // Only static mapping are currently supported + checkArgument(mappingEntry.getType() + == org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.MappingEntry.Type.Static, + "Only static NAT entries are supported currently. Trying to write: %s entry", mappingEntry.getType()); + } + + @VisibleForTesting + void validateInternalSrcAddress(final MappingEntry mappingEntry) { + final IpPrefix internalSrcPrefix = mappingEntry.getInternalSrcAddress(); + final Ipv4Prefix internalV4SrcPrefix = internalSrcPrefix.getIpv4Prefix(); + final Ipv6Prefix internalV6SrcPrefix = internalSrcPrefix.getIpv6Prefix(); + if (internalV4SrcPrefix != null) { + checkArgument(extractPrefix(internalV4SrcPrefix) == 32, + "Only /32 prefix in internal-src-address is supported, but was %s", internalV4SrcPrefix); + } else { + checkState(internalV6SrcPrefix != null, + "internalSrcPrefix.getIpv6Prefix() should not return null if Ipv4 prefix is not given"); + checkArgument(extractPrefix(internalV6SrcPrefix) == (byte) 128, + "Only /128 prefix in internal-src-address is supported, but was %s", internalV6SrcPrefix); + } + } + + @VisibleForTesting + void validateExternalSrcAddress(final MappingEntry mappingEntry) { + final IpPrefix externalSrcAddress = mappingEntry.getExternalSrcAddress(); + checkArgument(externalSrcAddress != null, "The external-src-address leaf is missing"); + final Ipv4Prefix ipv4Prefix = externalSrcAddress.getIpv4Prefix(); + checkArgument(ipv4Prefix != null, "No Ipv4 present in external-src-address %s", externalSrcAddress); + checkArgument(extractPrefix(ipv4Prefix) == 32, + "Only /32 prefix in external-src-address is supported, but was %s", ipv4Prefix); + } + + @VisibleForTesting + static void validateTransportProtocol(final MappingEntry mappingEntry) { + final Short protocol = mappingEntry.getTransportProtocol(); + if (protocol == null) { + return; + } + checkArgument(protocol == 1 || protocol == 6 || protocol == 17 || protocol == 58, + "Unsupported protocol %s only ICMP(1), IPv6-ICMP(58), TCP(6) and UDP(17) are currently supported", + protocol); + } + + @VisibleForTesting + static void validatePortNumber(final InstanceIdentifier id, final PortNumber portNumber) { + if (portNumber == null) { + return; + } + checkArgument(portNumber.getStartPortNumber() != null && portNumber.getEndPortNumber() == null, + "Only single port number supported. Submitted: %s for entry: %s", portNumber, id); + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java index 8f1869f15..13a5845e3 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesCustomizer.java @@ -56,12 +56,6 @@ final class Nat64PrefixesCustomizer @Nonnull final WriteContext writeContext) throws WriteFailedException { final int natInstanceId = id.firstKeyOf(Instance.class).getId().intValue(); LOG.debug("Configuring nat64 prefix: {} for nat-instance(vrf): {}", dataAfter, natInstanceId); - - // VPP does not support configuring different nat64-prefixes depending on ipv4 destination prefix: - final List destinationIpv4PrefixList = dataAfter.getDestinationIpv4Prefix(); - checkArgument(destinationIpv4PrefixList == null || destinationIpv4PrefixList.isEmpty(), - "destination-ipv4-prefix is not supported by VPP"); - addDelPrefix(id, dataAfter, natInstanceId, true); LOG.debug("Nat64 prefix written successfully: {} for nat-instance(vrf): {}", dataAfter, natInstanceId); } @@ -83,10 +77,7 @@ final class Nat64PrefixesCustomizer final int vrfId, final boolean isAdd) throws WriteFailedException { - // The nat64-prefix is optional in ietf-nat, but we require it final Ipv6Prefix nat64Prefix = data.getNat64Prefix(); - checkArgument(nat64Prefix != null, "Missing nat64-prefix leaf value."); - final Nat64AddDelPrefix request = new Nat64AddDelPrefix(); request.prefix = ipv6AddressPrefixToArray(nat64Prefix); request.prefixLen = extractPrefix(nat64Prefix); diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java new file mode 100644 index 000000000..3b6dc9553 --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/Nat64PrefixesValidator.java @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static com.google.common.base.Preconditions.checkArgument; + +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import java.util.List; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.Nat64Prefixes; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.policy.nat64.prefixes.DestinationIpv4Prefix; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class Nat64PrefixesValidator implements Validator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, + @Nonnull final Nat64Prefixes dataAfter, + @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.CreateValidationFailedException { + // VPP does not support configuring different nat64-prefixes depending on ipv4 destination prefix: + final List destinationIpv4PrefixList = dataAfter.getDestinationIpv4Prefix(); + checkArgument(destinationIpv4PrefixList == null || destinationIpv4PrefixList.isEmpty(), + "destination-ipv4-prefix is not supported by VPP"); + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java index 90caa7c76..945a5fa58 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatInstaceCustomizer.java @@ -42,12 +42,5 @@ final class NatInstaceCustomizer implements ListWriterCustomizer { + @Override + public void validateDelete(@Nonnull final InstanceIdentifier id, @Nonnull final Instance dataBefore, + @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.DeleteValidationFailedException { + // For consistency with reader, forbid removing default NAT instance: + final Long vrfId = id.firstKeyOf(Instance.class).getId(); + if (vrfId == 0) { + throw new DataValidationFailedException.DeleteValidationFailedException(id, + new UnsupportedOperationException("Removing default NAT instance (vrf=0) is not supported.")); + } + } +} diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java index 267148907..5b0478ff9 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/NatWriterFactory.java @@ -58,14 +58,16 @@ public final class NatWriterFactory implements WriterFactory { public void init(@Nonnull final ModifiableWriterRegistryBuilder registry) { // +-- nat // +-- instances/instance - registry.add(new GenericListWriter<>(NAT_INSTANCE_ID, new NatInstaceCustomizer())); + registry.add(new GenericListWriter<>(NAT_INSTANCE_ID, new NatInstaceCustomizer(), new NatInstanceValidator())); // +-- mapping-table/mapping-entry registry.subtreeAdd(Sets.newHashSet(InstanceIdentifier.create(MappingEntry.class).child(ExternalSrcPort.class), - InstanceIdentifier.create(MappingEntry.class).child(InternalSrcPort.class)), - new GenericListWriter<>(MAPPING_ENTRY_ID, new MappingEntryCustomizer(jvppNat, mappingEntryContext))); + InstanceIdentifier.create(MappingEntry.class).child(InternalSrcPort.class)), + new GenericListWriter<>(MAPPING_ENTRY_ID, + new MappingEntryCustomizer(jvppNat, mappingEntryContext), + new MappingEntryValidator())); // +-- policy - registry.add(new GenericListWriter<>(POLICY_ID, new PolicyCustomizer())); + registry.add(new GenericListWriter<>(POLICY_ID, new PolicyCustomizer(), new PolicyValidator())); // +-- external-ip-address-pool registry.subtreeAddBefore( @@ -73,11 +75,16 @@ public final class NatWriterFactory implements WriterFactory { // requires to already have an IP range predefined ... in some cases Sets.newHashSet(InstanceIdentifier.create(ExternalIpAddressPool.class) .augmentation(ExternalIpAddressPoolAugmentation.class)), - new GenericListWriter<>(ADDRESS_POOL_ID, new ExternalIpPoolCustomizer(jvppNat)), MAPPING_ENTRY_ID); + new GenericListWriter<>(ADDRESS_POOL_ID, + new ExternalIpPoolCustomizer(jvppNat), + new ExternalIpPoolValidator()), + MAPPING_ENTRY_ID); // +-- nat64-prefixes registry.subtreeAdd( - Sets.newHashSet(InstanceIdentifier.create(Nat64Prefixes.class).child(DestinationIpv4Prefix.class)), - new GenericListWriter<>(NAT64_PREFIXES_ID, new Nat64PrefixesCustomizer(jvppNat))); + Sets.newHashSet(InstanceIdentifier.create(Nat64Prefixes.class).child(DestinationIpv4Prefix.class)), + new GenericListWriter<>(NAT64_PREFIXES_ID, + new Nat64PrefixesCustomizer(jvppNat), + new Nat64PrefixesValidator())); } } diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java index 09e404a53..782fa3bf7 100644 --- a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyCustomizer.java @@ -38,17 +38,6 @@ final class PolicyCustomizer implements ListWriterCustomizer @Nonnull final Policy dataAfter, @Nonnull final WriteContext writeContext) throws WriteFailedException { LOG.trace("Writing NAT policy: {}", id); - - // HC supports only single NAT policy per NAT instance (VRF) - // To ensure that (and for simplicity), we require policy id = 0. - final Long policyId = id.firstKeyOf(Policy.class).getId(); - checkArgument(policyId == 0, - "Only single policy per NAT instance (VRF) is supported (expected id=0, but %s given)", policyId); - - if (dataAfter.getNat64Prefixes() != null) { - final int prefixCount = dataAfter.getNat64Prefixes().size(); - checkArgument(prefixCount <= 1, "Only single nat64-prefix is supported, but %s given", prefixCount); - } } @Override diff --git a/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java new file mode 100644 index 000000000..8b13a0851 --- /dev/null +++ b/nat/nat2vpp/src/main/java/io/fd/hc2vpp/nat/write/PolicyValidator.java @@ -0,0 +1,52 @@ +/* + * Copyright (c) 2018 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package io.fd.hc2vpp.nat.write; + +import static com.google.common.base.Preconditions.checkArgument; + +import io.fd.honeycomb.translate.write.DataValidationFailedException; +import io.fd.honeycomb.translate.write.Validator; +import io.fd.honeycomb.translate.write.WriteContext; +import javax.annotation.Nonnull; +import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.nat.rev180628.nat.instances.instance.Policy; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; + +final class PolicyValidator implements Validator { + @Override + public void validateWrite(@Nonnull final InstanceIdentifier id, @Nonnull final Policy dataAfter, + @Nonnull final WriteContext writeContext) + throws DataValidationFailedException.CreateValidationFailedException { + try { + validatePolicy(id, dataAfter); + } catch (RuntimeException e) { + throw new DataValidationFailedException.CreateValidationFailedException(id, dataAfter, e); + } + } + + private void validatePolicy(final InstanceIdentifier id, final Policy policy) { + // HC supports only single NAT policy per NAT instance (VRF) + // To ensure that (and for simplicity), we require policy id = 0. + final Long policyId = id.firstKeyOf(Policy.class).getId(); + checkArgument(policyId == 0, + "Only single policy per NAT instance (VRF) is supported (expected id=0, but %s given)", policyId); + + if (policy.getNat64Prefixes() != null) { + final int prefixCount = policy.getNat64Prefixes().size(); + checkArgument(prefixCount <= 1, "Only single nat64-prefix is supported, but %s given", prefixCount); + } + } +} -- cgit 1.2.3-korg