package io.fd.hc2vpp.acl.write;
+import static com.google.common.base.Preconditions.checkState;
+import static io.fd.hc2vpp.acl.write.VppAclCustomizer.AclReferenceCheck.checkAclReferenced;
+import static java.lang.String.format;
+import static java.util.Collections.emptyList;
+import static java.util.Optional.ofNullable;
+
+import com.google.common.base.Optional;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.acl.util.FutureJVppAclCustomizer;
import io.fd.hc2vpp.acl.util.acl.AclDataExtractor;
import io.fd.honeycomb.translate.write.WriteContext;
import io.fd.honeycomb.translate.write.WriteFailedException;
import io.fd.vpp.jvpp.acl.future.FutureJVppAclFacade;
+import java.util.Collections;
+import java.util.List;
+import java.util.stream.Collectors;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AclBase;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.InterfaceAclAttributes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclsBaseAttributes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppMacipAclsBaseAttributes;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Egress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214._interface.acl.attributes.acl.Ingress;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
public class VppAclCustomizer extends FutureJVppAclCustomizer
@Override
public void deleteCurrentAttributes(@Nonnull final InstanceIdentifier<Acl> id, @Nonnull final Acl dataBefore,
@Nonnull final WriteContext writeContext) throws WriteFailedException {
- // According to VPP team, acl references should be removed before trying to remove ACL
- // For mac-ip, reference should be removed during removal of mac-ip, so no need to check in hc
validateAcl(dataBefore);
+ final List<Interface> references = checkAclReferenced(writeContext, dataBefore);
+ // references must be check, to not leave dead references in configuration
+ checkState(references.isEmpty(),
+ "%s cannot be removed, it is referenced in following interfaces %s", dataBefore,
+ references);
+
final MappingContext mappingContext = writeContext.getMappingContext();
if (isStandardAcl(dataBefore)) {
new IllegalArgumentException("Unsupported acl option"));
}
}
+
+ static final class AclReferenceCheck {
+
+ static List<Interface> checkAclReferenced(@Nonnull final WriteContext writeContext,
+ @Nonnull final Acl acl) {
+ final Optional<Interfaces> readAfter = writeContext.readAfter(InstanceIdentifier.create(Interfaces.class));
+ if (!readAfter.isPresent() || readAfter.get().getInterface() == null) {
+ return Collections.emptyList();
+ }
+
+ final List<Interface> interfaces = readAfter.get().getInterface();
+ final Class<? extends AclBase> aclType = acl.getAclType();
+ final String aclName = acl.getAclName();
+
+ if (aclType.equals(VppAcl.class)) {
+ return interfaces.stream()
+ .filter(iface -> ofNullable(iface.getAugmentation(VppAclInterfaceAugmentation.class))
+ .map(InterfaceAclAttributes::getAcl)
+ .filter(references ->
+ checkVppAcls(references.getIngress(), aclName) ||
+ checkVppAcls(references.getEgress(), aclName)).isPresent()
+ ).collect(Collectors.toList());
+ } else if (aclType.equals(VppMacipAcl.class)) {
+ return interfaces.stream()
+ .filter(iface -> ofNullable(iface.getAugmentation(VppAclInterfaceAugmentation.class))
+ .map(InterfaceAclAttributes::getAcl)
+ .map(aclAttr -> aclAttr.getIngress())
+ .map(VppMacipAclsBaseAttributes::getVppMacipAcl)
+ .filter(vppMacipAcl -> vppMacipAcl.getName().equals(aclName))
+ .isPresent())
+ .collect(Collectors.toList());
+ } else {
+ throw new IllegalArgumentException(format("Acl type %s not supported", aclType));
+ }
+ }
+
+ static boolean checkVppAcls(@Nullable final VppAclsBaseAttributes attrs, @Nonnull final String name) {
+ return ofNullable(attrs).map(VppAclsBaseAttributes::getVppAcls)
+ .orElse(emptyList())
+ .stream().anyMatch(acl -> acl.getName().equals(name));
+
+ }
+ }
}
--- /dev/null
+/*
+ * Copyright (c) 2017 Cisco and/or its affiliates.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.fd.hc2vpp.acl.write;
+
+import static io.fd.hc2vpp.acl.write.VppAclCustomizer.AclReferenceCheck.checkAclReferenced;
+import static java.util.stream.Collectors.toSet;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsInAnyOrder;
+import static org.hamcrest.Matchers.hasSize;
+import static org.mockito.Mockito.when;
+import static org.mockito.MockitoAnnotations.initMocks;
+
+import com.google.common.base.Optional;
+import io.fd.hc2vpp.acl.AclTestSchemaContext;
+import io.fd.honeycomb.test.tools.HoneycombTestRunner;
+import io.fd.honeycomb.test.tools.annotations.InjectTestData;
+import io.fd.honeycomb.translate.write.WriteContext;
+import java.util.List;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppMacipAcl;
+import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
+
+
+@RunWith(HoneycombTestRunner.class)
+public class AclReferenceCheckTest implements AclTestSchemaContext {
+
+ @InjectTestData(id = "/ietf-interfaces:interfaces", resourcePath = "/reference/acl-references.json")
+ private Interfaces interfaces;
+
+ @Mock
+ private WriteContext writeContext;
+
+ @Before
+ public void init(){
+ initMocks(this);
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.of(interfaces));
+ }
+
+ @Test
+ public void testReferencedVppAclFirst() {
+ final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setAclName("acl1").setAclType(VppAcl.class).build());
+ assertThat(referenced, hasSize(3));
+ assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
+ containsInAnyOrder("eth0", "eth1", "eth2"));
+ }
+
+ @Test
+ public void testReferencedVppAclSecond() {
+ final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setAclName("acl2").setAclType(VppAcl.class).build());
+ assertThat(referenced, hasSize(1));
+ assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
+ containsInAnyOrder("eth1"));
+ }
+
+ @Test
+ public void testReferencedMacipAcl() {
+ final List<Interface> referenced = checkAclReferenced(writeContext, new AclBuilder()
+ .setAclName("acl4").setAclType(VppMacipAcl.class).build());
+ assertThat(referenced, hasSize(1));
+ assertThat(referenced.stream().map(Interface::getName).collect(toSet()),
+ containsInAnyOrder("eth2"));
+ }
+}
\ No newline at end of file
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.never;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import com.google.common.base.Optional;
import io.fd.hc2vpp.acl.AclTestSchemaContext;
import io.fd.hc2vpp.acl.util.AclContextManager;
import io.fd.hc2vpp.common.test.write.WriterCustomizerTest;
import io.fd.vpp.jvpp.acl.types.MacipAclRule;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
+import java.util.Collections;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.AccessLists;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.Acl;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.access.control.list.rev160708.access.lists.AclKey;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.Interfaces;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.InterfacesBuilder;
+import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.interfaces.rev140508.interfaces.Interface;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceAugmentation;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang._interface.acl.rev161214.VppAclInterfaceStateAugmentation;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.vpp.acl.rev161214.VppAcl;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
@Test
public void deleteCurrentAttributesIcmpIpv4(@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
public void deleteCurrentAttributesIcmpIpv6(
@InjectTestData(resourcePath = "/acl/standard/standard-acl-icmp-v6.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
@Test
public void deleteCurrentAttributesTcp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-tcp.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
@Test
public void deleteCurrentAttributesUdp(@InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
AccessLists standardAcls) throws Exception {
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(Optional.absent());
final int aclIndex = 4;
when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
assertEquals(aclIndex, aclDelRequestCaptor.getValue().aclIndex);
}
+ @Test
+ public void deleteCurrentAttributesUdpReferenced(
+ @InjectTestData(resourcePath = "/acl/standard/standard-acl-udp.json")
+ AccessLists standardAcls,
+ @InjectTestData(resourcePath = "/acl/standard/interface-ref-acl-udp.json")
+ Interfaces references) throws Exception {
+ // TODO - HONEYCOMB-349 - change after resolving to specific node injection
+ when(writeContext.readAfter(InstanceIdentifier.create(Interfaces.class))).thenReturn(
+ Optional.of(new InterfacesBuilder().setInterface(references.getInterface()).build()));
+
+ final int aclIndex = 4;
+ when(standardAclContext.getAclIndex("standard-acl", mappingContext)).thenReturn(aclIndex);
+ try {
+ aclCustomizer.deleteCurrentAttributes(validId, standardAcls.getAcl().get(0), writeContext);
+ } catch (IllegalStateException e) {
+ verify(aclApi, never()).aclDel(any(AclDel.class));
+ return;
+ }
+ fail("IllegalStateException should have been thrown");
+ }
+
private void verifyUdpRequest(final int aclIndex) {
final AclAddReplace request = aclAddReplaceRequestCaptor.getValue();
assertEquals(aclIndex, request.aclIndex);
--- /dev/null
+{
+ "interfaces":{
+ "interface": [{
+ "name": "eth2",
+ "acl": {
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl:vpp-acl",
+ "name": "standard-acl"
+ }
+ ],
+ "vpp-macip-acl": {
+ "name": "acl4",
+ "type": "vpp-acl:vpp-macip-acl"
+ }
+ }
+ }
+ }]
+ }
+}
\ No newline at end of file
--- /dev/null
+{
+ "interfaces": {
+ "interface": [
+ {
+ "name": "eth0",
+ "acl": {
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl1"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "name": "eth1",
+ "acl": {
+ "egress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl1"
+ }
+ ]
+ },
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl2"
+ }
+ ]
+ }
+ }
+ },
+ {
+ "name": "eth2",
+ "acl": {
+ "ingress": {
+ "vpp-acls": [
+ {
+ "type": "vpp-acl",
+ "name": "acl1"
+ }
+ ],
+ "vpp-macip-acl": {
+ "name": "acl4",
+ "type": "vpp-macip-acl"
+ }
+ }
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
Code Review / hc2vpp.git / commitdiff