Implement security group manager, codec and watcher with unit tests
Change-Id: Ib2201d140b9dcb2eff453f13447113bdba66babd
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java
index 0c97fb6..81fd064 100644
--- a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java
@@ -88,6 +88,7 @@
public static final int CLI_LABELS_LENGTH = 30;
public static final int CLI_CONTAINERS_LENGTH = 30;
public static final int CLI_FLAG_LENGTH = 10;
+ public static final int CLI_NUMBER_LENGTH = 10;
public static final int CLI_MARGIN_LENGTH = 2;
public static final int PRIORITY_STATEFUL_SNAT_RULE = 40500;
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java
index 251ec0d..35d367f 100644
--- a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java
@@ -335,7 +335,7 @@
}
@Override
- public KubevirtNetwork.Builder dnses(Set<IpAddress> dnses) {
+ public Builder dnses(Set<IpAddress> dnses) {
this.dnses = dnses;
return this;
}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroup.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroup.java
new file mode 100644
index 0000000..e5c81ed
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroup.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import com.google.common.base.MoreObjects;
+
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.Set;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+/**
+ * Default implementation class of kubevirt security group.
+ */
+public final class DefaultKubevirtSecurityGroup implements KubevirtSecurityGroup {
+
+ private static final String NOT_NULL_MSG = "Security Group % cannot be null";
+
+ private final String id;
+ private final String name;
+ private final String description;
+ private final Set<KubevirtSecurityGroupRule> rules;
+
+ /**
+ * A default constructor.
+ *
+ * @param id security group identifier
+ * @param name security group name
+ * @param description security group description
+ * @param rules security group rules
+ */
+ public DefaultKubevirtSecurityGroup(String id, String name, String description,
+ Set<KubevirtSecurityGroupRule> rules) {
+ this.id = id;
+ this.name = name;
+ this.description = description;
+ this.rules = rules;
+ }
+
+ @Override
+ public String id() {
+ return id;
+ }
+
+ @Override
+ public String name() {
+ return name;
+ }
+
+ @Override
+ public String description() {
+ return description;
+ }
+
+ @Override
+ public Set<KubevirtSecurityGroupRule> rules() {
+ return Objects.requireNonNullElseGet(rules, HashSet::new);
+ }
+
+ @Override
+ public KubevirtSecurityGroup updateRules(Set<KubevirtSecurityGroupRule> updatedRules) {
+ return new Builder()
+ .id(id)
+ .name(name)
+ .description(description)
+ .rules(updatedRules)
+ .build();
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ DefaultKubevirtSecurityGroup that = (DefaultKubevirtSecurityGroup) o;
+ return id.equals(that.id) && name.equals(that.name) &&
+ Objects.equals(description, that.description) &&
+ Objects.equals(rules, that.rules);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, name, description, rules);
+ }
+
+ @Override
+ public String toString() {
+ return MoreObjects.toStringHelper(this)
+ .add("id", id)
+ .add("name", name)
+ .add("description", description)
+ .add("rules", rules)
+ .toString();
+ }
+
+ /**
+ * Returns new builder instance.
+ *
+ * @return kubevirt security group builder
+ */
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static final class Builder implements KubevirtSecurityGroup.Builder {
+
+ private String id;
+ private String name;
+ private String description;
+ private Set<KubevirtSecurityGroupRule> rules;
+
+ @Override
+ public KubevirtSecurityGroup build() {
+ checkArgument(id != null, NOT_NULL_MSG, "id");
+ checkArgument(name != null, NOT_NULL_MSG, "name");
+
+ return new DefaultKubevirtSecurityGroup(id, name, description, rules);
+ }
+
+ @Override
+ public Builder id(String id) {
+ this.id = id;
+ return this;
+ }
+
+ @Override
+ public Builder name(String name) {
+ this.name = name;
+ return this;
+ }
+
+ @Override
+ public Builder description(String description) {
+ this.description = description;
+ return this;
+ }
+
+ @Override
+ public Builder rules(Set<KubevirtSecurityGroupRule> rules) {
+ this.rules = rules;
+ return this;
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRule.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRule.java
new file mode 100644
index 0000000..556d0bc
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRule.java
@@ -0,0 +1,242 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import com.google.common.base.MoreObjects;
+import org.onlab.packet.IpPrefix;
+
+import java.util.Objects;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+/**
+ * Default implementation class of kubevirt security group rule.
+ */
+public final class DefaultKubevirtSecurityGroupRule implements KubevirtSecurityGroupRule {
+
+ private static final String NOT_NULL_MSG = "Security Group Rule % cannot be null";
+
+ private final String id;
+ private final String securityGroupId;
+ private final String direction;
+ private final String etherType;
+ private final Integer portRangeMax;
+ private final Integer portRangeMin;
+ private final String protocol;
+ private final IpPrefix remoteIpPrefix;
+ private final String remoteGroupId;
+
+ /**
+ * A default constructor.
+ *
+ * @param id security group rule identifier
+ * @param securityGroupId security group identifier
+ * @param direction traffic direction
+ * @param etherType ethernet type
+ * @param portRangeMax maximum port range
+ * @param portRangeMin minimum port range
+ * @param protocol network protocol
+ * @param remoteIpPrefix remote IP prefix
+ * @param remoteGroupId remote group identifier
+ */
+ public DefaultKubevirtSecurityGroupRule(String id, String securityGroupId,
+ String direction, String etherType,
+ Integer portRangeMax, Integer portRangeMin,
+ String protocol, IpPrefix remoteIpPrefix,
+ String remoteGroupId) {
+ this.id = id;
+ this.securityGroupId = securityGroupId;
+ this.direction = direction;
+ this.etherType = etherType;
+ this.portRangeMax = portRangeMax;
+ this.portRangeMin = portRangeMin;
+ this.protocol = protocol;
+ this.remoteIpPrefix = remoteIpPrefix;
+ this.remoteGroupId = remoteGroupId;
+ }
+
+ @Override
+ public String id() {
+ return id;
+ }
+
+ @Override
+ public String securityGroupId() {
+ return securityGroupId;
+ }
+
+ @Override
+ public String direction() {
+ return direction;
+ }
+
+ @Override
+ public String etherType() {
+ return etherType;
+ }
+
+ @Override
+ public Integer portRangeMax() {
+ return portRangeMax;
+ }
+
+ @Override
+ public Integer portRangeMin() {
+ return portRangeMin;
+ }
+
+ @Override
+ public String protocol() {
+ return protocol;
+ }
+
+ @Override
+ public IpPrefix remoteIpPrefix() {
+ return remoteIpPrefix;
+ }
+
+ @Override
+ public String remoteGroupId() {
+ return remoteGroupId;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ DefaultKubevirtSecurityGroupRule that = (DefaultKubevirtSecurityGroupRule) o;
+ return id.equals(that.id) && securityGroupId.equals(that.securityGroupId) &&
+ direction.equals(that.direction) &&
+ Objects.equals(etherType, that.etherType) &&
+ Objects.equals(portRangeMax, that.portRangeMax) &&
+ Objects.equals(portRangeMin, that.portRangeMin) &&
+ Objects.equals(protocol, that.protocol) &&
+ Objects.equals(remoteIpPrefix, that.remoteIpPrefix) &&
+ Objects.equals(remoteGroupId, that.remoteGroupId);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, securityGroupId, direction, etherType, portRangeMax,
+ portRangeMin, protocol, remoteIpPrefix, remoteGroupId);
+ }
+
+ @Override
+ public String toString() {
+ return MoreObjects.toStringHelper(this)
+ .add("id", id)
+ .add("securityGroupId", securityGroupId)
+ .add("direction", direction)
+ .add("etherType", etherType)
+ .add("portRangeMax", portRangeMax)
+ .add("portRangeMin", portRangeMin)
+ .add("protocol", protocol)
+ .add("remoteIpPrefix", remoteIpPrefix)
+ .add("remoteGroupId", remoteGroupId)
+ .toString();
+ }
+
+ /**
+ * Returns new builder instance.
+ *
+ * @return kubevirt security group rule builder
+ */
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static final class Builder implements KubevirtSecurityGroupRule.Builder {
+
+ private String id;
+ private String securityGroupId;
+ private String direction;
+ private String etherType;
+ private Integer portRangeMax;
+ private Integer portRangeMin;
+ private String protocol;
+ private IpPrefix remoteIpPrefix;
+ private String remoteGroupId;
+
+ @Override
+ public KubevirtSecurityGroupRule build() {
+ checkArgument(id != null, NOT_NULL_MSG, "id");
+ checkArgument(securityGroupId != null, NOT_NULL_MSG, "securityGroupId");
+ checkArgument(direction != null, NOT_NULL_MSG, "direction");
+
+ return new DefaultKubevirtSecurityGroupRule(id, securityGroupId,
+ direction, etherType, portRangeMax, portRangeMin, protocol,
+ remoteIpPrefix, remoteGroupId);
+ }
+
+ @Override
+ public Builder id(String id) {
+ this.id = id;
+ return this;
+ }
+
+ @Override
+ public Builder securityGroupId(String securityGroupId) {
+ this.securityGroupId = securityGroupId;
+ return this;
+ }
+
+ @Override
+ public Builder direction(String direction) {
+ this.direction = direction;
+ return this;
+ }
+
+ @Override
+ public Builder etherType(String etherType) {
+ this.etherType = etherType;
+ return this;
+ }
+
+ @Override
+ public Builder portRangeMax(Integer portRangeMax) {
+ this.portRangeMax = portRangeMax;
+ return this;
+ }
+
+ @Override
+ public Builder portRangeMin(Integer portRangeMin) {
+ this.portRangeMin = portRangeMin;
+ return this;
+ }
+
+ @Override
+ public Builder protocol(String protocol) {
+ this.protocol = protocol;
+ return this;
+ }
+
+ @Override
+ public Builder remoteIpPrefix(IpPrefix remoteIpPrefix) {
+ this.remoteIpPrefix = remoteIpPrefix;
+ return this;
+ }
+
+ @Override
+ public Builder remoteGroupId(String remoteGroupId) {
+ this.remoteGroupId = remoteGroupId;
+ return this;
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroup.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroup.java
new file mode 100644
index 0000000..fc4bc5b
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroup.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import java.util.Set;
+
+/**
+ * Representation of security group.
+ */
+public interface KubevirtSecurityGroup {
+
+ /**
+ * Returns the security group identifier.
+ *
+ * @return security group identifier
+ */
+ String id();
+
+ /**
+ * Returns the security group name.
+ *
+ * @return security group name
+ */
+ String name();
+
+ /**
+ * Returns the description.
+ *
+ * @return description
+ */
+ String description();
+
+ /**
+ * Returns rules associated with this security group.
+ *
+ * @return security group rules
+ */
+ Set<KubevirtSecurityGroupRule> rules();
+
+ /**
+ * Returns new kubevirt security group instance with given rules.
+ *
+ * @param updatedRules set of updated security group rules
+ * @return updated kubevirt security group
+ */
+ KubevirtSecurityGroup updateRules(Set<KubevirtSecurityGroupRule> updatedRules);
+
+ /**
+ * A default builder interface.
+ */
+ interface Builder {
+ /**
+ * Builds an immutable security group instance.
+ *
+ * @return kubevirt security group
+ */
+ KubevirtSecurityGroup build();
+
+ /**
+ * Returns kubevirt security group builder with supplied identifier.
+ *
+ * @param id security group identifier
+ * @return security group builder
+ */
+ Builder id(String id);
+
+ /**
+ * Returns kubevirt security group builder with supplied name.
+ *
+ * @param name security group name
+ * @return security group builder
+ */
+ Builder name(String name);
+
+ /**
+ * Returns kubevirt security group builder with supplied description.
+ *
+ * @param description security group description
+ * @return security group builder
+ */
+ Builder description(String description);
+
+ /**
+ * Returns kubevirt security group builder with supplied security group rules.
+ *
+ * @param rules security group rules
+ * @return security group builder
+ */
+ Builder rules(Set<KubevirtSecurityGroupRule> rules);
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupAdminService.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupAdminService.java
new file mode 100644
index 0000000..c7c5896
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupAdminService.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+/**
+ * Service for administering the inventory of kubevirty security group.
+ */
+public interface KubevirtSecurityGroupAdminService extends KubevirtSecurityGroupService {
+
+ /**
+ * Creates a security group.
+ *
+ * @param sg security group
+ */
+ void createSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Updates the security group.
+ *
+ * @param sg security group
+ */
+ void updateSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Removes the security group.
+ *
+ * @param sgId security group ID
+ */
+ void removeSecurityGroup(String sgId);
+
+ /**
+ * Creates a security group rule.
+ *
+ * @param sgRule security group rule
+ */
+ void createSecurityGroupRule(KubevirtSecurityGroupRule sgRule);
+
+ /**
+ * Removes the security group rule.
+ *
+ * @param sgRuleId security group rule ID
+ */
+ void removeSecurityGroupRule(String sgRuleId);
+
+ /**
+ * Removes the existing security groups.
+ */
+ void clear();
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupEvent.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupEvent.java
new file mode 100644
index 0000000..1445591
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupEvent.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.event.AbstractEvent;
+
+/**
+ * Describes kubevirt security group event.
+ */
+public class KubevirtSecurityGroupEvent
+ extends AbstractEvent<KubevirtSecurityGroupEvent.Type, KubevirtSecurityGroup> {
+
+ private KubevirtSecurityGroupRule sgRule;
+
+ /**
+ * SecurityGroupEvent constructor.
+ *
+ * @param type SecurityGroupEvent type
+ * @param sg SecurityGroup object
+ */
+ public KubevirtSecurityGroupEvent(Type type, KubevirtSecurityGroup sg) {
+ super(type, sg);
+ }
+
+ /**
+ * SecurityGroupEvent constructor.
+ *
+ * @param type SecurityGroupEvent type
+ * @param sg SecurityGroup object
+ * @param sgRule SecurityGroupRule object
+ */
+ public KubevirtSecurityGroupEvent(Type type, KubevirtSecurityGroup sg,
+ KubevirtSecurityGroupRule sgRule) {
+ super(type, sg);
+ this.sgRule = sgRule;
+ }
+
+ /**
+ * Returns security group rule.
+ *
+ * @return SecurityGroupRule
+ */
+ public KubevirtSecurityGroupRule rule() {
+ return this.sgRule;
+ }
+
+ public enum Type {
+ /**
+ * Signifies that a new kubevirt security group is created.
+ */
+ KUBEVIRT_SECURITY_GROUP_CREATED,
+
+ /**
+ * Signifies that the kubevirt security group is removed.
+ */
+ KUBEVIRT_SECURITY_GROUP_REMOVED,
+
+ /**
+ * Signifies that a new kubevirt security group rule is created.
+ */
+ KUBEVIRT_SECURITY_GROUP_RULE_CREATED,
+
+ /**
+ * Signifies that the kubevirt security group rule is removed.
+ */
+ KUBEVIRT_SECURITY_GROUP_RULE_REMOVED,
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupListener.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupListener.java
new file mode 100644
index 0000000..9b325cd
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupListener.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.event.EventListener;
+
+/**
+ * Listener for kubevirt Security Group events.
+ */
+public interface KubevirtSecurityGroupListener extends EventListener<KubevirtSecurityGroupEvent> {
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupRule.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupRule.java
new file mode 100644
index 0000000..8010d97
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupRule.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onlab.packet.IpPrefix;
+
+/**
+ * Representation of security group rule.
+ */
+public interface KubevirtSecurityGroupRule {
+
+ /**
+ * Returns the security group rule identifier.
+ *
+ * @return security group rule identifier
+ */
+ String id();
+
+ /**
+ * Returns the security group identifier.
+ *
+ * @return security group identifier
+ */
+ String securityGroupId();
+
+ /**
+ * Returns the traffic direction.
+ *
+ * @return traffic direction
+ */
+ String direction();
+
+ /**
+ * Returns the ethernet type.
+ *
+ * @return ethernet type
+ */
+ String etherType();
+
+ /**
+ * Returns the maximum port range.
+ *
+ * @return maximum port range
+ */
+ Integer portRangeMax();
+
+ /**
+ * Returns the minimum port range.
+ *
+ * @return minimum port range
+ */
+ Integer portRangeMin();
+
+ /**
+ * Returns the network protocol.
+ *
+ * @return network protocol
+ */
+ String protocol();
+
+ /**
+ * Returns the remote IP prefix.
+ *
+ * @return remote IP prefix
+ */
+ IpPrefix remoteIpPrefix();
+
+ /**
+ * Returns the remote group identifier.
+ *
+ * @return remote group identifier
+ */
+ String remoteGroupId();
+
+ /**
+ * A default builder interface.
+ */
+ interface Builder {
+ /**
+ * Builds an immutable security group rule instance.
+ *
+ * @return kubevirt security group rule
+ */
+ KubevirtSecurityGroupRule build();
+
+ /**
+ * Returns kubevirt security group rule builder with supplied id.
+ *
+ * @param id security group rule id
+ * @return security group rule builder
+ */
+ Builder id(String id);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied security group id.
+ *
+ * @param securityGroupId security group id
+ * @return security group rule builder
+ */
+ Builder securityGroupId(String securityGroupId);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied direction.
+ *
+ * @param direction traffic direction
+ * @return security group rule builder
+ */
+ Builder direction(String direction);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied etherType.
+ *
+ * @param etherType network etherType
+ * @return security group rule builder
+ */
+ Builder etherType(String etherType);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied maximum port range.
+ *
+ * @param portRangeMax maximum port range
+ * @return security group rule builder
+ */
+ Builder portRangeMax(Integer portRangeMax);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied minimum port range.
+ *
+ * @param portRangeMin minimum port range
+ * @return security group rule builder
+ */
+ Builder portRangeMin(Integer portRangeMin);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied protocol.
+ *
+ * @param protocol network protocol
+ * @return security group rule builder
+ */
+ Builder protocol(String protocol);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied remote IP prefix.
+ *
+ * @param remoteIpPrefix remote IP prefix
+ * @return security group rule builder
+ */
+ Builder remoteIpPrefix(IpPrefix remoteIpPrefix);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied remote group id.
+ *
+ * @param remoteGroupId remote group id
+ * @return security group rule builder
+ */
+ Builder remoteGroupId(String remoteGroupId);
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupService.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupService.java
new file mode 100644
index 0000000..19ddf62
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupService.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.event.ListenerService;
+
+import java.util.Set;
+
+/**
+ * Service for interfacing kubevirt SecurityGroup events and SecurityGroup store.
+ */
+public interface KubevirtSecurityGroupService
+ extends ListenerService<KubevirtSecurityGroupEvent, KubevirtSecurityGroupListener> {
+
+ /**
+ * Returns all security groups.
+ *
+ * @return set of security group
+ */
+ Set<KubevirtSecurityGroup> securityGroups();
+
+ /**
+ * Returns the security group for the sgId.
+ *
+ * @param sgId security group Id
+ * @return security group
+ */
+ KubevirtSecurityGroup securityGroup(String sgId);
+
+ /**
+ * Returns the security group rule for the sgId.
+ *
+ * @param sgrId security group rule Id
+ * @return security group rule
+ */
+ KubevirtSecurityGroupRule securityGroupRule(String sgrId);
+
+ /**
+ * Returns whether security group is enabled or not.
+ *
+ * @return true security group is enabled, false otherwise
+ */
+ boolean isSecurityGroupEnabled();
+
+ /**
+ * Sets security group enable option.
+ *
+ * @param option security group enable option
+ */
+ void setSecurityGroupEnabled(boolean option);
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStore.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStore.java
new file mode 100644
index 0000000..ffa10cf
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStore.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.store.Store;
+
+import java.util.Set;
+
+/**
+ * Manages inventory of kubevirt security group states; not intended for direct use.
+ */
+public interface KubevirtSecurityGroupStore
+ extends Store<KubevirtSecurityGroupEvent, KubevirtSecurityGroupStoreDelegate> {
+
+ /**
+ * Creates a security group.
+ *
+ * @param sg security group
+ */
+ void createSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Updates the security group with the security group ID with the security group object.
+ *
+ * @param sg new SecurityGroup object
+ */
+ void updateSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Removes the security group with the security group ID.
+ *
+ * @param sgId security group Id
+ * @return SecurityGroup object removed
+ */
+ KubevirtSecurityGroup removeSecurityGroup(String sgId);
+
+ /**
+ * Returns the security group with the security group ID.
+ *
+ * @param sgId security group ID
+ * @return Security Group
+ */
+ KubevirtSecurityGroup securityGroup(String sgId);
+
+ /**
+ * Returns all security groups.
+ *
+ * @return set of security groups
+ */
+ Set<KubevirtSecurityGroup> securityGroups();
+
+ /**
+ * Clears the security group store.
+ */
+ void clear();
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStoreDelegate.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStoreDelegate.java
new file mode 100644
index 0000000..0560e7a
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStoreDelegate.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.store.StoreDelegate;
+
+/**
+ * Kubevirt security group store delegate abstraction.
+ */
+public interface KubevirtSecurityGroupStoreDelegate
+ extends StoreDelegate<KubevirtSecurityGroupEvent> {
+}
diff --git a/apps/kubevirt-networking/api/src/test/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRuleTest.java b/apps/kubevirt-networking/api/src/test/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRuleTest.java
new file mode 100644
index 0000000..60fc980
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/test/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRuleTest.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import com.google.common.testing.EqualsTester;
+import org.junit.Before;
+import org.junit.Test;
+import org.onlab.packet.IpPrefix;
+
+import static junit.framework.TestCase.assertEquals;
+import static org.onlab.junit.ImmutableClassChecker.assertThatClassIsImmutable;
+
+/**
+ * Unit tests for the default kubevirt security group rule class.
+ */
+public class DefaultKubevirtSecurityGroupRuleTest {
+ private static final String ID_1 = "id-1";
+ private static final String ID_2 = "id-2";
+ private static final String SECURITY_GROUP_ID_1 = "sg-id-1";
+ private static final String SECURITY_GROUP_ID_2 = "sg-id-2";
+ private static final String DIRECTION_1 = "ingress";
+ private static final String DIRECTION_2 = "egress";
+ private static final String ETHER_TYPE_1 = "IPv4";
+ private static final String ETHER_TYPE_2 = "IPv4";
+ private static final Integer PORT_RANGE_MAX_1 = 80;
+ private static final Integer PORT_RANGE_MAX_2 = 8080;
+ private static final Integer PORT_RANGE_MIN_1 = 80;
+ private static final Integer PORT_RANGE_MIN_2 = 8080;
+ private static final String PROTOCOL_1 = "tcp";
+ private static final String PROTOCOL_2 = "udp";
+ private static final IpPrefix REMOTE_IP_PREFIX_1 = IpPrefix.valueOf("10.10.10.0/24");
+ private static final IpPrefix REMOTE_IP_PREFIX_2 = IpPrefix.valueOf("20.20.20.0/24");
+ private static final String REMOTE_GROUP_ID_1 = "rid-1";
+ private static final String REMOTE_GROUP_ID_2 = "rid-2";
+
+ private KubevirtSecurityGroupRule rule1;
+ private KubevirtSecurityGroupRule sameAsRule1;
+ private KubevirtSecurityGroupRule rule2;
+
+ /**
+ * Tests class immutability.
+ */
+ @Test
+ public void testImmutability() {
+ assertThatClassIsImmutable(DefaultKubevirtSecurityGroupRule.class);
+ }
+
+ /**
+ * Initial setup for this unit test.
+ */
+ @Before
+ public void setUp() {
+ rule1 = DefaultKubevirtSecurityGroupRule.builder()
+ .id(ID_1)
+ .securityGroupId(SECURITY_GROUP_ID_1)
+ .direction(DIRECTION_1)
+ .etherType(ETHER_TYPE_1)
+ .portRangeMax(PORT_RANGE_MAX_1)
+ .portRangeMin(PORT_RANGE_MIN_1)
+ .protocol(PROTOCOL_1)
+ .remoteIpPrefix(REMOTE_IP_PREFIX_1)
+ .remoteGroupId(REMOTE_GROUP_ID_1)
+ .build();
+
+ sameAsRule1 = DefaultKubevirtSecurityGroupRule.builder()
+ .id(ID_1)
+ .securityGroupId(SECURITY_GROUP_ID_1)
+ .direction(DIRECTION_1)
+ .etherType(ETHER_TYPE_1)
+ .portRangeMax(PORT_RANGE_MAX_1)
+ .portRangeMin(PORT_RANGE_MIN_1)
+ .protocol(PROTOCOL_1)
+ .remoteIpPrefix(REMOTE_IP_PREFIX_1)
+ .remoteGroupId(REMOTE_GROUP_ID_1)
+ .build();
+
+ rule2 = DefaultKubevirtSecurityGroupRule.builder()
+ .id(ID_2)
+ .securityGroupId(SECURITY_GROUP_ID_2)
+ .direction(DIRECTION_2)
+ .etherType(ETHER_TYPE_2)
+ .portRangeMax(PORT_RANGE_MAX_2)
+ .portRangeMin(PORT_RANGE_MIN_2)
+ .protocol(PROTOCOL_2)
+ .remoteIpPrefix(REMOTE_IP_PREFIX_2)
+ .remoteGroupId(REMOTE_GROUP_ID_2)
+ .build();
+ }
+
+ /**
+ * Tests object equality.
+ */
+ @Test
+ public void testEquality() {
+ new EqualsTester().addEqualityGroup(rule1, sameAsRule1)
+ .addEqualityGroup(rule2)
+ .testEquals();
+ }
+
+ /**
+ * Test object construction.
+ */
+ @Test
+ public void testConstruction() {
+ KubevirtSecurityGroupRule rule = rule1;
+
+ assertEquals(ID_1, rule.id());
+ assertEquals(SECURITY_GROUP_ID_1, rule.securityGroupId());
+ assertEquals(DIRECTION_1, rule.direction());
+ assertEquals(ETHER_TYPE_1, rule.etherType());
+ assertEquals(PORT_RANGE_MAX_1, rule.portRangeMax());
+ assertEquals(PORT_RANGE_MIN_1, rule.portRangeMin());
+ assertEquals(PROTOCOL_1, rule.protocol());
+ assertEquals(REMOTE_IP_PREFIX_1, rule.remoteIpPrefix());
+ assertEquals(REMOTE_GROUP_ID_1, rule.remoteGroupId());
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/test/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupTest.java b/apps/kubevirt-networking/api/src/test/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupTest.java
new file mode 100644
index 0000000..785499c
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/test/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupTest.java
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import com.google.common.collect.ImmutableSet;
+import com.google.common.testing.EqualsTester;
+import org.junit.Before;
+import org.junit.Test;
+import org.onlab.packet.IpPrefix;
+
+import java.util.Set;
+
+import static junit.framework.TestCase.assertEquals;
+import static org.onlab.junit.ImmutableClassChecker.assertThatClassIsImmutable;
+
+/**
+ * Unit tests for the default kubevirt security group class.
+ */
+public class DefaultKubevirtSecurityGroupTest {
+ private static final String ID_1 = "id-1";
+ private static final String ID_2 = "id-1";
+ private static final String NAME_1 = "sg-1";
+ private static final String NAME_2 = "sg-2";
+ private static final String DESCRIPTION_1 = "sg-1";
+ private static final String DESCRIPTION_2 = "sg-2";
+
+ private static final String RULE_ID_1 = "rule-1";
+ private static final String RULE_ID_2 = "rule-2";
+ private static final String DIRECTION_1 = "ingress";
+ private static final String DIRECTION_2 = "egress";
+ private static final String ETHER_TYPE_1 = "IPv4";
+ private static final String ETHER_TYPE_2 = "IPv4";
+ private static final Integer PORT_RANGE_MAX_1 = 80;
+ private static final Integer PORT_RANGE_MAX_2 = 8080;
+ private static final Integer PORT_RANGE_MIN_1 = 80;
+ private static final Integer PORT_RANGE_MIN_2 = 8080;
+ private static final String PROTOCOL_1 = "tcp";
+ private static final String PROTOCOL_2 = "udp";
+ private static final IpPrefix REMOTE_IP_PREFIX_1 = IpPrefix.valueOf("10.10.10.0/24");
+ private static final IpPrefix REMOTE_IP_PREFIX_2 = IpPrefix.valueOf("20.20.20.0/24");
+ private static final String REMOTE_GROUP_ID_1 = "rid-1";
+ private static final String REMOTE_GROUP_ID_2 = "rid-2";
+
+ private static final Set<KubevirtSecurityGroupRule> RULES_1 = ImmutableSet.of(
+ createRule(
+ RULE_ID_1,
+ ID_1,
+ DIRECTION_1,
+ ETHER_TYPE_1,
+ PORT_RANGE_MAX_1,
+ PORT_RANGE_MIN_1,
+ PROTOCOL_1,
+ REMOTE_IP_PREFIX_1,
+ REMOTE_GROUP_ID_1
+ )
+ );
+ private static final Set<KubevirtSecurityGroupRule> RULES_2 = ImmutableSet.of(
+ createRule(
+ RULE_ID_2,
+ ID_2,
+ DIRECTION_2,
+ ETHER_TYPE_2,
+ PORT_RANGE_MAX_2,
+ PORT_RANGE_MIN_2,
+ PROTOCOL_2,
+ REMOTE_IP_PREFIX_2,
+ REMOTE_GROUP_ID_2
+ )
+ );
+
+ private KubevirtSecurityGroup sg1;
+ private KubevirtSecurityGroup sameAsSg1;
+ private KubevirtSecurityGroup sg2;
+
+ /**
+ * Tests class immutability.
+ */
+ @Test
+ public void testImmutability() {
+ assertThatClassIsImmutable(DefaultKubevirtSecurityGroup.class);
+ }
+
+ /**
+ * Initial setup for this unit test.
+ */
+ @Before
+ public void setUp() {
+ sg1 = DefaultKubevirtSecurityGroup.builder()
+ .id(ID_1)
+ .name(NAME_1)
+ .description(DESCRIPTION_1)
+ .rules(RULES_1)
+ .build();
+
+ sameAsSg1 = DefaultKubevirtSecurityGroup.builder()
+ .id(ID_1)
+ .name(NAME_1)
+ .description(DESCRIPTION_1)
+ .rules(RULES_1)
+ .build();
+
+ sg2 = DefaultKubevirtSecurityGroup.builder()
+ .id(ID_2)
+ .name(NAME_2)
+ .description(DESCRIPTION_2)
+ .rules(RULES_2)
+ .build();
+ }
+
+ /**
+ * Tests object equality.
+ */
+ @Test
+ public void testEquality() {
+ new EqualsTester().addEqualityGroup(sg1, sameAsSg1)
+ .addEqualityGroup(sg2)
+ .testEquals();
+ }
+
+ /**
+ * Test object construction.
+ */
+ @Test
+ public void testConstruction() {
+ KubevirtSecurityGroup sg = sg1;
+
+ assertEquals(ID_1, sg.id());
+ assertEquals(NAME_1, sg.name());
+ assertEquals(DESCRIPTION_1, sg.description());
+ assertEquals(RULES_1, sg.rules());
+ }
+
+ private static KubevirtSecurityGroupRule createRule(String id, String sgId,
+ String direction, String etherType,
+ Integer portRangeMax,
+ Integer portRangeMin,
+ String protocol,
+ IpPrefix remoteIpPrefix,
+ String remoteGroupId) {
+ return DefaultKubevirtSecurityGroupRule.builder()
+ .id(id)
+ .securityGroupId(sgId)
+ .direction(direction)
+ .etherType(etherType)
+ .portRangeMax(portRangeMax)
+ .portRangeMin(portRangeMin)
+ .protocol(protocol)
+ .remoteIpPrefix(remoteIpPrefix)
+ .remoteGroupId(remoteGroupId)
+ .build();
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtListSecurityGroupCommand.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtListSecurityGroupCommand.java
new file mode 100644
index 0000000..3f1b78b
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtListSecurityGroupCommand.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.cli;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.Lists;
+import org.apache.commons.lang.StringUtils;
+import org.apache.karaf.shell.api.action.Command;
+import org.apache.karaf.shell.api.action.lifecycle.Service;
+import org.onosproject.cli.AbstractShellCommand;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupService;
+
+import java.util.Comparator;
+import java.util.List;
+
+import static org.onosproject.kubevirtnetworking.api.Constants.CLI_ID_LENGTH;
+import static org.onosproject.kubevirtnetworking.api.Constants.CLI_MARGIN_LENGTH;
+import static org.onosproject.kubevirtnetworking.api.Constants.CLI_NAME_LENGTH;
+import static org.onosproject.kubevirtnetworking.api.Constants.CLI_NUMBER_LENGTH;
+import static org.onosproject.kubevirtnetworking.util.KubevirtNetworkingUtil.genFormatString;
+import static org.onosproject.kubevirtnetworking.util.KubevirtNetworkingUtil.prettyJson;
+
+/**
+ * Lists kubevirt security groups.
+ */
+@Service
+@Command(scope = "onos", name = "kubevirt-security-groups",
+ description = "Lists all kubevirt security groups")
+public class KubevirtListSecurityGroupCommand extends AbstractShellCommand {
+ @Override
+ protected void doExecute() throws Exception {
+ KubevirtSecurityGroupService service = get(KubevirtSecurityGroupService.class);
+ List<KubevirtSecurityGroup> sgs = Lists.newArrayList(service.securityGroups());
+ sgs.sort(Comparator.comparing(KubevirtSecurityGroup::name));
+
+ String format = genFormatString(ImmutableList.of(CLI_ID_LENGTH,
+ CLI_NAME_LENGTH, CLI_NUMBER_LENGTH));
+
+ if (outputJson()) {
+ print("%s", json(sgs));
+ } else {
+ print(format, "ID", "Name", "# of Rules");
+
+ for (KubevirtSecurityGroup sg : sgs) {
+ print(format, StringUtils.substring(sg.id(), 0,
+ CLI_ID_LENGTH - CLI_MARGIN_LENGTH),
+ StringUtils.substring(sg.name(), 0,
+ CLI_NAME_LENGTH - CLI_MARGIN_LENGTH),
+ StringUtils.substring(String.valueOf(sg.rules().size()), 0,
+ CLI_NUMBER_LENGTH - CLI_MARGIN_LENGTH)
+ );
+ }
+ }
+ }
+
+ private String json(List<KubevirtSecurityGroup> sgs) {
+ ObjectMapper mapper = new ObjectMapper();
+ ArrayNode result = mapper.createArrayNode();
+
+ for (KubevirtSecurityGroup sg : sgs) {
+ result.add(jsonForEntity(sg, KubevirtSecurityGroup.class));
+ }
+
+ return prettyJson(mapper, result.toString());
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtSecurityGroupCompleter.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtSecurityGroupCompleter.java
new file mode 100644
index 0000000..893605f
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtSecurityGroupCompleter.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.cli;
+
+import org.apache.karaf.shell.api.action.lifecycle.Service;
+import org.apache.karaf.shell.api.console.CommandLine;
+import org.apache.karaf.shell.api.console.Completer;
+import org.apache.karaf.shell.api.console.Session;
+import org.apache.karaf.shell.support.completers.StringsCompleter;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupService;
+
+import java.util.List;
+import java.util.Set;
+import java.util.SortedSet;
+import java.util.stream.Collectors;
+
+import static org.onosproject.cli.AbstractShellCommand.get;
+
+/**
+ * Kubevirt security group name completer.
+ */
+@Service
+public class KubevirtSecurityGroupCompleter implements Completer {
+ @Override
+ public int complete(Session session, CommandLine commandLine, List<String> candidates) {
+ StringsCompleter delegate = new StringsCompleter();
+ KubevirtSecurityGroupService service = get(KubevirtSecurityGroupService.class);
+
+ Set<String> sgNames = service.securityGroups().stream()
+ .map(KubevirtSecurityGroup::name).collect(Collectors.toSet());
+
+ SortedSet<String> strings = delegate.getStrings();
+
+ strings.addAll(sgNames);
+
+ return delegate.complete(session, commandLine, candidates);
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowPodCommand.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowPodCommand.java
index 514e651..c8bf0a9 100644
--- a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowPodCommand.java
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowPodCommand.java
@@ -85,6 +85,7 @@
print(" Pull Policy: %s", container.getImagePullPolicy());
print(" Commands: %s", container.getCommand());
print(" Args: %s", container.getArgs());
+ counter++;
}
}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowSecurityGroupCommand.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowSecurityGroupCommand.java
new file mode 100644
index 0000000..4ac752d
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/cli/KubevirtShowSecurityGroupCommand.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.cli;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.karaf.shell.api.action.Command;
+import org.apache.karaf.shell.api.action.Completion;
+import org.apache.karaf.shell.api.action.Option;
+import org.apache.karaf.shell.api.action.lifecycle.Service;
+import org.onosproject.cli.AbstractShellCommand;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupService;
+
+import java.util.List;
+
+import static org.onosproject.kubevirtnetworking.util.KubevirtNetworkingUtil.prettyJson;
+
+/**
+ * Show a detailed security group info.
+ */
+@Service
+@Command(scope = "onos", name = "kubevirt-security-group",
+ description = "Displays a security group details")
+public class KubevirtShowSecurityGroupCommand extends AbstractShellCommand {
+
+ @Option(name = "--name",
+ description = "Filter security group by specific name", multiValued = true)
+ @Completion(KubevirtSecurityGroupCompleter.class)
+ private List<String> names;
+
+ @Override
+ protected void doExecute() throws Exception {
+ KubevirtSecurityGroupService service = get(KubevirtSecurityGroupService.class);
+
+ if (names == null || names.size() == 0) {
+ print("Need to specify at least one security group name using --name option.");
+ return;
+ }
+
+ for (String name : names) {
+ KubevirtSecurityGroup sg = service.securityGroups().stream()
+ .filter(s -> s.name().equals(name))
+ .findAny().orElse(null);
+ if (sg == null) {
+ print("Unable to find %s", name);
+ continue;
+ }
+
+ if (outputJson()) {
+ print("%s", json(sg));
+ } else {
+ printSecurityGroup(sg);
+ }
+ }
+ }
+
+ private void printSecurityGroup(KubevirtSecurityGroup sg) {
+ print("Name: %s", sg.name());
+ print(" ID: %s", sg.id());
+ print(" Description: %s", sg.description());
+
+ int counter = 1;
+ for (KubevirtSecurityGroupRule rule : sg.rules()) {
+ print(" Rule #%d:", counter);
+ print(" ID: %s", rule.id());
+ print(" Direction: %s", rule.direction());
+ print(" EtherType: %s", rule.etherType());
+ print(" Protocol: %s", rule.protocol());
+ print(" PortRangeMax: %s", rule.portRangeMax());
+ print(" PortRangeMin: %s", rule.portRangeMin());
+ print(" RemoteIpPrefix: %s", rule.remoteIpPrefix());
+ print(" RemoteGroupID: %s", rule.remoteGroupId());
+ counter++;
+ }
+ }
+
+ private String json(KubevirtSecurityGroup sg) {
+ return prettyJson(new ObjectMapper(),
+ jsonForEntity(sg, KubevirtSecurityGroup.class).toString());
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodec.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodec.java
new file mode 100644
index 0000000..fe290f9
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodec.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import org.onosproject.codec.CodecContext;
+import org.onosproject.codec.JsonCodec;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.slf4j.Logger;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.IntStream;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onlab.util.Tools.nullIsIllegal;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Kubevirt security group codec used for serializing and de-serializing JSON string.
+ */
+public final class KubevirtSecurityGroupCodec extends JsonCodec<KubevirtSecurityGroup> {
+
+ private final Logger log = getLogger(getClass());
+
+ private static final String ID = "id";
+ private static final String NAME = "name";
+ private static final String DESCRIPTION = "description";
+ private static final String RULES = "rules";
+
+ private static final String MISSING_MESSAGE = " is required in KubevirtSecurityGroup";
+
+ @Override
+ public ObjectNode encode(KubevirtSecurityGroup sg, CodecContext context) {
+ checkNotNull(sg, "Kubevirt Security Group cannot be null");
+
+ ObjectNode result = context.mapper().createObjectNode()
+ .put(ID, sg.id())
+ .put(NAME, sg.name());
+
+ if (sg.description() != null) {
+ result.put(DESCRIPTION, sg.description());
+ }
+
+ if (sg.rules() != null && !sg.rules().isEmpty()) {
+ ArrayNode rules = context.mapper().createArrayNode();
+ sg.rules().forEach(rule -> {
+ ObjectNode ruleJson = context.codec(
+ KubevirtSecurityGroupRule.class).encode(rule, context);
+ rules.add(ruleJson);
+ });
+ result.set(RULES, rules);
+ }
+
+ return result;
+ }
+
+ @Override
+ public KubevirtSecurityGroup decode(ObjectNode json, CodecContext context) {
+ if (json == null || !json.isObject()) {
+ return null;
+ }
+
+ String id = nullIsIllegal(json.get(ID).asText(), ID + MISSING_MESSAGE);
+ String name = nullIsIllegal(json.get(NAME).asText(), NAME + MISSING_MESSAGE);
+
+ KubevirtSecurityGroup.Builder builder = DefaultKubevirtSecurityGroup.builder()
+ .id(id)
+ .name(name);
+
+ JsonNode description = json.get(DESCRIPTION);
+ if (description != null) {
+ builder.description(description.asText());
+ }
+
+ JsonNode rulesJson = json.get(RULES);
+ if (rulesJson != null) {
+ Set<KubevirtSecurityGroupRule> rules = new HashSet<>();
+ IntStream.range(0, rulesJson.size())
+ .forEach(i -> {
+ ObjectNode ruleJson = get(rulesJson, i);
+ KubevirtSecurityGroupRule rule = context.codec(
+ KubevirtSecurityGroupRule.class).decode(ruleJson, context);
+ rules.add(rule);
+ });
+ builder.rules(rules);
+ }
+
+ return builder.build();
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleCodec.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleCodec.java
new file mode 100644
index 0000000..b63b555
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleCodec.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import org.onlab.packet.IpPrefix;
+import org.onosproject.codec.CodecContext;
+import org.onosproject.codec.JsonCodec;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.slf4j.Logger;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onlab.util.Tools.nullIsIllegal;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Kubevirt security group rule codec used for serializing and de-serializing JSON string.
+ */
+public final class KubevirtSecurityGroupRuleCodec extends JsonCodec<KubevirtSecurityGroupRule> {
+
+ private final Logger log = getLogger(getClass());
+
+ private static final String ID = "id";
+ private static final String SECURITY_GROUP_ID = "securityGroupId";
+ private static final String DIRECTION = "direction";
+ private static final String ETHER_TYPE = "etherType";
+ private static final String PORT_RANGE_MAX = "portRangeMax";
+ private static final String PORT_RANGE_MIN = "portRangeMin";
+ private static final String PROTOCOL = "protocol";
+ private static final String REMOTE_IP_PREFIX = "remoteIpPrefix";
+ private static final String REMOTE_GROUP_ID = "remoteGroupId";
+
+ private static final String MISSING_MESSAGE = " is required in KubevirtSecurityGroupRule";
+
+ @Override
+ public ObjectNode encode(KubevirtSecurityGroupRule sgRule, CodecContext context) {
+ checkNotNull(sgRule, "Kubevirt security group rule cannot be null");
+
+ ObjectNode result = context.mapper().createObjectNode()
+ .put(ID, sgRule.id())
+ .put(SECURITY_GROUP_ID, sgRule.securityGroupId())
+ .put(DIRECTION, sgRule.direction());
+
+ if (sgRule.etherType() != null) {
+ result.put(ETHER_TYPE, sgRule.etherType());
+ }
+
+ if (sgRule.portRangeMax() != null) {
+ result.put(PORT_RANGE_MAX, sgRule.portRangeMax());
+ }
+
+ if (sgRule.portRangeMin() != null) {
+ result.put(PORT_RANGE_MIN, sgRule.portRangeMin());
+ }
+
+ if (sgRule.protocol() != null) {
+ result.put(PROTOCOL, sgRule.protocol());
+ }
+
+ if (sgRule.remoteIpPrefix() != null) {
+ result.put(REMOTE_IP_PREFIX, sgRule.remoteIpPrefix().toString());
+ }
+
+ if (sgRule.remoteGroupId() != null) {
+ result.put(REMOTE_GROUP_ID, sgRule.remoteGroupId());
+ }
+
+ return result;
+ }
+
+ @Override
+ public KubevirtSecurityGroupRule decode(ObjectNode json, CodecContext context) {
+ if (json == null || !json.isObject()) {
+ return null;
+ }
+
+ String id = nullIsIllegal(json.get(ID).asText(), ID + MISSING_MESSAGE);
+ String securityGroupId = nullIsIllegal(json.get(SECURITY_GROUP_ID).asText(),
+ SECURITY_GROUP_ID + MISSING_MESSAGE);
+ String direction = nullIsIllegal(json.get(DIRECTION).asText(),
+ DIRECTION + MISSING_MESSAGE);
+
+ KubevirtSecurityGroupRule.Builder builder = DefaultKubevirtSecurityGroupRule.builder()
+ .id(id)
+ .securityGroupId(securityGroupId)
+ .direction(direction);
+
+ JsonNode etherType = json.get(ETHER_TYPE);
+ if (etherType != null) {
+ builder.etherType(etherType.asText());
+ }
+
+ JsonNode portRangeMax = json.get(PORT_RANGE_MAX);
+ if (portRangeMax != null) {
+ builder.portRangeMax(portRangeMax.asInt());
+ }
+
+ JsonNode portRangeMin = json.get(PORT_RANGE_MIN);
+ if (portRangeMin != null) {
+ builder.portRangeMin(portRangeMin.asInt());
+ }
+
+ JsonNode protocol = json.get(PROTOCOL);
+ if (protocol != null) {
+ builder.protocol(protocol.asText());
+ }
+
+ JsonNode remoteIpPrefix = json.get(REMOTE_IP_PREFIX);
+ if (remoteIpPrefix != null) {
+ builder.remoteIpPrefix(IpPrefix.valueOf(remoteIpPrefix.asText()));
+ }
+
+ JsonNode remoteGroupId = json.get(REMOTE_GROUP_ID);
+ if (remoteGroupId != null) {
+ builder.remoteGroupId(remoteGroupId.asText());
+ }
+
+ return builder.build();
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/DistributedKubevirtSecurityGroupStore.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/DistributedKubevirtSecurityGroupStore.java
new file mode 100644
index 0000000..96bbb16
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/DistributedKubevirtSecurityGroupStore.java
@@ -0,0 +1,203 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.impl;
+
+import com.google.common.collect.ImmutableSet;
+import org.onlab.util.KryoNamespace;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.CoreService;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupStore;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupStoreDelegate;
+import org.onosproject.store.AbstractStore;
+import org.onosproject.store.serializers.KryoNamespaces;
+import org.onosproject.store.service.ConsistentMap;
+import org.onosproject.store.service.MapEvent;
+import org.onosproject.store.service.MapEventListener;
+import org.onosproject.store.service.Serializer;
+import org.onosproject.store.service.StorageService;
+import org.onosproject.store.service.Versioned;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.slf4j.Logger;
+
+import java.util.Collection;
+import java.util.Set;
+import java.util.concurrent.ExecutorService;
+import java.util.stream.Collectors;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
+import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_CREATED;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_REMOVED;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_RULE_CREATED;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_RULE_REMOVED;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Implementation of kubevirt security group store using consistent map.
+ */
+@Component(immediate = true, service = KubevirtSecurityGroupStore.class)
+public class DistributedKubevirtSecurityGroupStore
+ extends AbstractStore<KubevirtSecurityGroupEvent, KubevirtSecurityGroupStoreDelegate>
+ implements KubevirtSecurityGroupStore {
+
+ private final Logger log = getLogger(getClass());
+
+ private static final String ERR_NOT_FOUND = " does not exist";
+ private static final String ERR_DUPLICATE = " already exists";
+ private static final String APP_ID = "org.onosproject.kubevirtnetwork";
+
+
+ private static final KryoNamespace SERIALIZER_KUBEVIRT_SG = KryoNamespace.newBuilder()
+ .register(KryoNamespaces.API)
+ .register(KubevirtSecurityGroup.class)
+ .register(KubevirtSecurityGroupRule.class)
+ .register(DefaultKubevirtSecurityGroup.class)
+ .register(DefaultKubevirtSecurityGroupRule.class)
+ .register(Collection.class)
+ .build();
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected CoreService coreService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected StorageService storageService;
+
+ private final ExecutorService eventExecutor = newSingleThreadExecutor(
+ groupedThreads(this.getClass().getSimpleName(), "event-handler", log));
+
+ private final MapEventListener<String, KubevirtSecurityGroup> securityGroupListener =
+ new KubevirtSecurityGroupMapListener();
+
+ private ConsistentMap<String, KubevirtSecurityGroup> sgStore;
+
+ @Activate
+ protected void activate() {
+ ApplicationId appId = coreService.registerApplication(APP_ID);
+ sgStore = storageService.<String, KubevirtSecurityGroup>consistentMapBuilder()
+ .withSerializer(Serializer.using(SERIALIZER_KUBEVIRT_SG))
+ .withName("kubevirt-securitygroupstore")
+ .withApplicationId(appId)
+ .build();
+ sgStore.addListener(securityGroupListener);
+ log.info("Started");
+ }
+
+ @Deactivate
+ protected void deactivate() {
+ sgStore.removeListener(securityGroupListener);
+ eventExecutor.shutdown();
+ log.info("Stopped");
+ }
+
+ @Override
+ public void createSecurityGroup(KubevirtSecurityGroup sg) {
+ sgStore.compute(sg.id(), (id, existing) -> {
+ final String error = sg.id() + ERR_DUPLICATE;
+ checkArgument(existing == null, error);
+ return sg;
+ });
+ }
+
+ @Override
+ public void updateSecurityGroup(KubevirtSecurityGroup sg) {
+ sgStore.compute(sg.id(), (id, existing) -> {
+ final String error = sg.id() + ERR_NOT_FOUND;
+ checkArgument(existing != null, error);
+ return sg;
+ });
+ }
+
+ @Override
+ public KubevirtSecurityGroup removeSecurityGroup(String sgId) {
+ Versioned<KubevirtSecurityGroup> sg = sgStore.remove(sgId);
+ if (sg == null) {
+ final String error = sgId + ERR_NOT_FOUND;
+ throw new IllegalArgumentException(error);
+ }
+ return sg.value();
+ }
+
+ @Override
+ public KubevirtSecurityGroup securityGroup(String sgId) {
+ return sgStore.asJavaMap().get(sgId);
+ }
+
+ @Override
+ public Set<KubevirtSecurityGroup> securityGroups() {
+ return ImmutableSet.copyOf(sgStore.asJavaMap().values());
+ }
+
+ @Override
+ public void clear() {
+ sgStore.clear();
+ }
+
+ private class KubevirtSecurityGroupMapListener
+ implements MapEventListener<String, KubevirtSecurityGroup> {
+
+ @Override
+ public void event(MapEvent<String, KubevirtSecurityGroup> event) {
+
+ switch (event.type()) {
+ case INSERT:
+ log.debug("Kubevirt security group created {}", event.newValue());
+ eventExecutor.execute(() ->
+ notifyDelegate(new KubevirtSecurityGroupEvent(
+ KUBEVIRT_SECURITY_GROUP_CREATED, event.newValue().value())));
+ break;
+ case UPDATE:
+ log.debug("Kubevirt security group updated {}", event.newValue());
+ eventExecutor.execute(() -> processUpdate(
+ event.oldValue().value(),
+ event.newValue().value()));
+ break;
+ case REMOVE:
+ log.debug("Kubevirt security group removed {}", event.oldValue());
+ eventExecutor.execute(() ->
+ notifyDelegate(new KubevirtSecurityGroupEvent(
+ KUBEVIRT_SECURITY_GROUP_REMOVED, event.oldValue().value())));
+ break;
+ default:
+ // do nothing
+ break;
+ }
+ }
+
+ private void processUpdate(KubevirtSecurityGroup oldSg, KubevirtSecurityGroup newSg) {
+ Set<String> oldSgRuleIds = oldSg.rules().stream()
+ .map(KubevirtSecurityGroupRule::id).collect(Collectors.toSet());
+ Set<String> newSgRuleIds = newSg.rules().stream()
+ .map(KubevirtSecurityGroupRule::id).collect(Collectors.toSet());
+
+ oldSg.rules().stream().filter(sgRule -> !newSgRuleIds.contains(sgRule.id()))
+ .forEach(sgRule -> notifyDelegate(new KubevirtSecurityGroupEvent(
+ KUBEVIRT_SECURITY_GROUP_RULE_REMOVED, newSg, sgRule)));
+ newSg.rules().stream().filter(sgRule -> !oldSgRuleIds.contains(sgRule.id()))
+ .forEach(sgRule -> notifyDelegate(new KubevirtSecurityGroupEvent(
+ KUBEVIRT_SECURITY_GROUP_RULE_CREATED, newSg, sgRule)));
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupManager.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupManager.java
new file mode 100644
index 0000000..b92db05
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupManager.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.impl;
+
+import com.google.common.base.Strings;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.CoreService;
+import org.onosproject.event.ListenerRegistry;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupAdminService;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupListener;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupService;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupStore;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupStoreDelegate;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.slf4j.Logger;
+
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.Set;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.onosproject.kubevirtnetworking.api.Constants.KUBEVIRT_NETWORKING_APP_ID;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Provides implementation of administering and interfacing kubevirt security groups.
+ */
+@Component(
+ immediate = true,
+ service = {KubevirtSecurityGroupAdminService.class, KubevirtSecurityGroupService.class }
+)
+public class KubevirtSecurityGroupManager
+ extends ListenerRegistry<KubevirtSecurityGroupEvent, KubevirtSecurityGroupListener>
+ implements KubevirtSecurityGroupAdminService, KubevirtSecurityGroupService {
+
+ protected final Logger log = getLogger(getClass());
+
+ private static final String MSG_SG = "Kubevirt security group %s %s";
+ private static final String MSG_SG_RULE = "Kubevirt security group rule %s %s";
+
+ private static final String MSG_CREATED = "created";
+ private static final String MSG_REMOVED = "removed";
+
+ private static final String ERR_NULL_SG =
+ "Kubevirt security group cannot be null";
+ private static final String ERR_NULL_SG_ID =
+ "Kubevirt security group ID cannot be null";
+ private static final String ERR_NULL_SG_RULE =
+ "Kubevirt security group rule cannot be null";
+ private static final String ERR_NULL_SG_RULE_ID =
+ "Kubevirt security group rule ID cannot be null";
+ private static final String ERR_NOT_FOUND = "not found";
+ private static final String ERR_DUPLICATE = "already exist";
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected CoreService coreService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected KubevirtSecurityGroupStore sgStore;
+
+ private final KubevirtSecurityGroupStoreDelegate
+ delegate = new InternalSecurityGroupStoreDelegate();
+
+ private ApplicationId appId;
+ private boolean useSecurityGroup = false;
+
+ @Activate
+ protected void activate() {
+ appId = coreService.registerApplication(KUBEVIRT_NETWORKING_APP_ID);
+
+ sgStore.setDelegate(delegate);
+ log.info("Started");
+ }
+
+ @Deactivate
+ protected void deactivate() {
+ sgStore.unsetDelegate(delegate);
+ log.info("Stopped");
+ }
+
+ @Override
+ public void createSecurityGroup(KubevirtSecurityGroup sg) {
+ checkNotNull(sg, ERR_NULL_SG);
+ checkArgument(!Strings.isNullOrEmpty(sg.id()), ERR_NULL_SG_ID);
+
+ sgStore.createSecurityGroup(sg);
+ log.info(String.format(MSG_SG, sg.id(), MSG_CREATED));
+ }
+
+ @Override
+ public void updateSecurityGroup(KubevirtSecurityGroup sg) {
+ checkNotNull(sg, ERR_NULL_SG);
+ checkArgument(!Strings.isNullOrEmpty(sg.id()), ERR_NULL_SG_ID);
+
+ sgStore.updateSecurityGroup(sg);
+ }
+
+ @Override
+ public void removeSecurityGroup(String sgId) {
+ checkArgument(!Strings.isNullOrEmpty(sgId), ERR_NULL_SG_ID);
+
+ sgStore.removeSecurityGroup(sgId);
+ log.info(String.format(MSG_SG, sgId, MSG_REMOVED));
+ }
+
+ @Override
+ public void createSecurityGroupRule(KubevirtSecurityGroupRule sgRule) {
+ checkNotNull(sgRule, ERR_NULL_SG_RULE);
+ checkArgument(!Strings.isNullOrEmpty(sgRule.id()), ERR_NULL_SG_RULE_ID);
+ checkArgument(!Strings.isNullOrEmpty(sgRule.securityGroupId()), ERR_NULL_SG_ID);
+
+ synchronized (this) {
+ KubevirtSecurityGroup sg = securityGroup(sgRule.securityGroupId());
+ if (sg == null) {
+ final String error = String.format(MSG_SG,
+ sgRule.securityGroupId(), ERR_NOT_FOUND);
+ throw new IllegalStateException(error);
+ }
+
+ if (sg.rules().stream().anyMatch(rule -> Objects.equals(rule.id(), sgRule.id()))) {
+ final String error = String.format(MSG_SG_RULE, sgRule.securityGroupId(), ERR_DUPLICATE);
+ throw new IllegalStateException(error);
+ }
+
+ // FIXME we cannot add element to extend list
+ Set<KubevirtSecurityGroupRule> updatedSgRules = new HashSet<>(sg.rules());
+ updatedSgRules.add(sgRule);
+ sgStore.updateSecurityGroup(sg.updateRules(updatedSgRules));
+ }
+
+ log.info(String.format(MSG_SG_RULE, sgRule.id(), MSG_CREATED));
+ }
+
+ @Override
+ public void removeSecurityGroupRule(String sgRuleId) {
+ checkArgument(!Strings.isNullOrEmpty(sgRuleId), ERR_NULL_SG_RULE_ID);
+
+ synchronized (this) {
+ KubevirtSecurityGroupRule sgRule = securityGroupRule(sgRuleId);
+ if (sgRule == null) {
+ final String error = String.format(MSG_SG_RULE, sgRuleId, ERR_NOT_FOUND);
+ throw new IllegalStateException(error);
+ }
+
+ KubevirtSecurityGroup sg = securityGroup(sgRule.securityGroupId());
+ if (sg == null) {
+ final String error = String.format(MSG_SG,
+ sgRule.securityGroupId(), ERR_NOT_FOUND);
+ throw new IllegalStateException(error);
+ }
+
+ if (sg.rules().stream().noneMatch(rule -> Objects.equals(rule.id(), sgRule.id()))) {
+ final String error = String.format(MSG_SG_RULE,
+ sgRule.securityGroupId(), ERR_NOT_FOUND);
+ throw new IllegalStateException(error);
+ }
+
+ Set<KubevirtSecurityGroupRule> updatedSgRules = new HashSet<>(sg.rules());
+ updatedSgRules.removeIf(r -> r.id().equals(sgRuleId));
+ sgStore.updateSecurityGroup(sg.updateRules(updatedSgRules));
+ }
+
+ log.info(String.format(MSG_SG_RULE, sgRuleId, MSG_REMOVED));
+ }
+
+ @Override
+ public void clear() {
+ sgStore.clear();
+ }
+
+ @Override
+ public Set<KubevirtSecurityGroup> securityGroups() {
+ return sgStore.securityGroups();
+ }
+
+ @Override
+ public KubevirtSecurityGroup securityGroup(String sgId) {
+ checkArgument(!Strings.isNullOrEmpty(sgId), ERR_NULL_SG_ID);
+ return sgStore.securityGroup(sgId);
+ }
+
+ @Override
+ public boolean isSecurityGroupEnabled() {
+ return useSecurityGroup;
+ }
+
+ @Override
+ public void setSecurityGroupEnabled(boolean option) {
+ useSecurityGroup = option;
+ }
+
+ @Override
+ public KubevirtSecurityGroupRule securityGroupRule(String sgRuleId) {
+ return sgStore.securityGroups().stream()
+ .flatMap(sg -> sg.rules().stream())
+ .filter(sgRule -> Objects.equals(sgRule.id(), sgRuleId))
+ .findAny().orElse(null);
+ }
+
+ private class InternalSecurityGroupStoreDelegate
+ implements KubevirtSecurityGroupStoreDelegate {
+
+ @Override
+ public void notify(KubevirtSecurityGroupEvent event) {
+ if (event != null) {
+ log.trace("send kubevirt security group event {}", event);
+ process(event);
+ }
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupWatcher.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupWatcher.java
new file mode 100644
index 0000000..2fb53a9
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupWatcher.java
@@ -0,0 +1,364 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.impl;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.Watcher;
+import io.fabric8.kubernetes.client.WatcherException;
+import io.fabric8.kubernetes.client.dsl.base.CustomResourceDefinitionContext;
+import org.onosproject.cluster.ClusterService;
+import org.onosproject.cluster.LeadershipService;
+import org.onosproject.cluster.NodeId;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.CoreService;
+import org.onosproject.kubevirtnetworking.api.AbstractWatcher;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupAdminService;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnode.api.KubevirtApiConfigEvent;
+import org.onosproject.kubevirtnode.api.KubevirtApiConfigListener;
+import org.onosproject.kubevirtnode.api.KubevirtApiConfigService;
+import org.onosproject.mastership.MastershipService;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Deactivate;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
+import org.slf4j.Logger;
+
+import java.io.IOException;
+import java.util.Objects;
+import java.util.concurrent.ExecutorService;
+
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
+import static org.onlab.util.Tools.groupedThreads;
+import static org.onosproject.kubevirtnetworking.api.Constants.KUBEVIRT_NETWORKING_APP_ID;
+import static org.onosproject.kubevirtnetworking.util.KubevirtNetworkingUtil.k8sClient;
+import static org.slf4j.LoggerFactory.getLogger;
+
+/**
+ * Kubevirt security group watcher used for feeding kubevirt security group information.
+ */
+@Component(immediate = true)
+public class KubevirtSecurityGroupWatcher extends AbstractWatcher {
+
+ private final Logger log = getLogger(getClass());
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected CoreService coreService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected MastershipService mastershipService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected ClusterService clusterService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected LeadershipService leadershipService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected KubevirtSecurityGroupAdminService adminService;
+
+ @Reference(cardinality = ReferenceCardinality.MANDATORY)
+ protected KubevirtApiConfigService configService;
+
+ private final ExecutorService eventExecutor = newSingleThreadExecutor(
+ groupedThreads(this.getClass().getSimpleName(), "event-handler"));
+
+ private final InternalSecurityGroupWatcher
+ sgWatcher = new InternalSecurityGroupWatcher();
+ private final InternalSecurityGroupRuleWatcher
+ sgrWatcher = new InternalSecurityGroupRuleWatcher();
+ private final InternalKubevirtApiConfigListener
+ configListener = new InternalKubevirtApiConfigListener();
+
+ CustomResourceDefinitionContext securityGroupCrdCxt = new CustomResourceDefinitionContext
+ .Builder()
+ .withGroup("kubevirt.io")
+ .withScope("Cluster")
+ .withVersion("v1")
+ .withPlural("securitygroups")
+ .build();
+
+ CustomResourceDefinitionContext securityGroupRuleCrdCxt = new CustomResourceDefinitionContext
+ .Builder()
+ .withGroup("kubevirt.io")
+ .withScope("Cluster")
+ .withVersion("v1")
+ .withPlural("securitygrouprules")
+ .build();
+
+ private ApplicationId appId;
+ private NodeId localNodeId;
+
+ @Activate
+ protected void activate() {
+ appId = coreService.registerApplication(KUBEVIRT_NETWORKING_APP_ID);
+ localNodeId = clusterService.getLocalNode().id();
+ leadershipService.runForLeadership(appId.name());
+ configService.addListener(configListener);
+
+ log.info("Started");
+ }
+
+ @Deactivate
+ protected void deactivate() {
+ configService.removeListener(configListener);
+ leadershipService.withdraw(appId.name());
+ eventExecutor.shutdown();
+
+ log.info("Stopped");
+ }
+
+ private void instantiateSgWatcher() {
+ KubernetesClient client = k8sClient(configService);
+
+ if (client != null) {
+ try {
+ client.customResource(securityGroupCrdCxt).watch(sgWatcher);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private void instantiateSgrWatcher() {
+ KubernetesClient client = k8sClient(configService);
+
+ if (client != null) {
+ try {
+ client.customResource(securityGroupRuleCrdCxt).watch(sgrWatcher);
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ }
+ }
+
+ private KubevirtSecurityGroup parseSecurityGroup(String resource) {
+ try {
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode json = mapper.readTree(resource);
+ ObjectNode spec = (ObjectNode) json.get("spec");
+ return codec(KubevirtSecurityGroup.class).decode(spec, this);
+ } catch (IOException e) {
+ log.error("Failed to parse kubevirt security group object");
+ }
+
+ return null;
+ }
+
+ private KubevirtSecurityGroupRule parseSecurityGroupRule(String resource) {
+ try {
+ ObjectMapper mapper = new ObjectMapper();
+ JsonNode json = mapper.readTree(resource);
+ ObjectNode spec = (ObjectNode) json.get("spec");
+ return codec(KubevirtSecurityGroupRule.class).decode(spec, this);
+ } catch (IOException e) {
+ log.error("Failed to parse kubevirt security group rule object");
+ }
+
+ return null;
+ }
+
+ private class InternalKubevirtApiConfigListener implements KubevirtApiConfigListener {
+
+ private boolean isRelevantHelper() {
+ return Objects.equals(localNodeId, leadershipService.getLeader(appId.name()));
+ }
+
+ @Override
+ public void event(KubevirtApiConfigEvent event) {
+
+ switch (event.type()) {
+ case KUBEVIRT_API_CONFIG_UPDATED:
+ eventExecutor.execute(this::processConfigUpdate);
+ break;
+ case KUBEVIRT_API_CONFIG_CREATED:
+ case KUBEVIRT_API_CONFIG_REMOVED:
+ default:
+ // do nothing
+ break;
+ }
+ }
+
+ private void processConfigUpdate() {
+ if (!isRelevantHelper()) {
+ return;
+ }
+
+ instantiateSgWatcher();
+ instantiateSgrWatcher();
+ }
+ }
+
+ private class InternalSecurityGroupWatcher implements Watcher<String> {
+
+ @Override
+ public void eventReceived(Action action, String resource) {
+ switch (action) {
+ case ADDED:
+ eventExecutor.execute(() -> processAddition(resource));
+ break;
+ case MODIFIED:
+ eventExecutor.execute(() -> processModification(resource));
+ break;
+ case DELETED:
+ eventExecutor.execute(() -> processDeletion(resource));
+ break;
+ default:
+ // do nothing
+ break;
+ }
+ }
+
+ @Override
+ public void onClose(WatcherException e) {
+ // due to the bugs in fabric8, the watcher might be closed,
+ // we will re-instantiate the watcher in this case
+ // FIXME: https://github.com/fabric8io/kubernetes-client/issues/2135
+ log.warn("Security Group watcher OnClose, re-instantiate the watcher...");
+
+ instantiateSgWatcher();
+ }
+
+ private void processAddition(String resource) {
+ if (!isMaster()) {
+ return;
+ }
+
+ KubevirtSecurityGroup sg = parseSecurityGroup(resource);
+
+ if (sg != null) {
+ log.trace("Process Security Group {} creating event from API server.", sg.name());
+
+ if (adminService.securityGroup(sg.id()) == null) {
+ adminService.createSecurityGroup(sg);
+ }
+ }
+ }
+
+ private void processModification(String resource) {
+ if (!isMaster()) {
+ return;
+ }
+
+ KubevirtSecurityGroup sg = parseSecurityGroup(resource);
+
+ if (sg != null) {
+ log.trace("Process Security Group {} updating event from API server.", sg.name());
+
+ // since Security Group CRD does not contains any rules information,
+ // we need to manually add all rules from original to the updated one
+ KubevirtSecurityGroup orig = adminService.securityGroup(sg.id());
+ if (orig != null) {
+ KubevirtSecurityGroup updated = sg.updateRules(orig.rules());
+ adminService.updateSecurityGroup(updated);
+ }
+ }
+ }
+
+ private void processDeletion(String resource) {
+ if (!isMaster()) {
+ return;
+ }
+
+ KubevirtSecurityGroup sg = parseSecurityGroup(resource);
+
+ if (sg != null) {
+ log.trace("Process Security Group {} removal event from API server.", sg.name());
+
+ adminService.removeSecurityGroup(sg.id());
+ }
+ }
+ }
+
+ private class InternalSecurityGroupRuleWatcher implements Watcher<String> {
+
+ @Override
+ public void eventReceived(Action action, String resource) {
+ switch (action) {
+ case ADDED:
+ eventExecutor.execute(() -> processAddition(resource));
+ break;
+ case MODIFIED:
+ eventExecutor.execute(() -> processModification(resource));
+ break;
+ case DELETED:
+ eventExecutor.execute(() -> processDeletion(resource));
+ break;
+ default:
+ // do nothing
+ break;
+ }
+ }
+
+ @Override
+ public void onClose(WatcherException e) {
+ // due to the bugs in fabric8, the watcher might be closed,
+ // we will re-instantiate the watcher in this case
+ // FIXME: https://github.com/fabric8io/kubernetes-client/issues/2135
+ log.warn("Security Group Rule watcher OnClose, re-instantiate the watcher...");
+
+ instantiateSgrWatcher();
+ }
+
+ private void processAddition(String resource) {
+ if (!isMaster()) {
+ return;
+ }
+
+ KubevirtSecurityGroupRule sgr = parseSecurityGroupRule(resource);
+
+ if (sgr != null) {
+ log.trace("Process Security Group Rule {} creating event from API server.", sgr.id());
+
+ if (adminService.securityGroupRule(sgr.id()) == null) {
+ adminService.createSecurityGroupRule(sgr);
+ }
+ }
+ }
+
+ private void processModification(String resource) {
+ if (!isMaster()) {
+ return;
+ }
+
+ // we do not handle the update case, as we assume the security group rule
+ // object is immutable
+ }
+
+ private void processDeletion(String resource) {
+ if (!isMaster()) {
+ return;
+ }
+
+ KubevirtSecurityGroupRule sgr = parseSecurityGroupRule(resource);
+
+ if (sgr != null) {
+ log.trace("Process Security Group Rule {} removal event from API server.", sgr.id());
+
+ adminService.removeSecurityGroupRule(sgr.id());
+ }
+ }
+ }
+
+ private boolean isMaster() {
+ return Objects.equals(localNodeId, leadershipService.getLeader(appId.name()));
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtFloatingIpsWebResource.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtFloatingIpsWebResource.java
index 6314a31..ec41622 100644
--- a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtFloatingIpsWebResource.java
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtFloatingIpsWebResource.java
@@ -30,11 +30,13 @@
/**
* Handles REST API call for kubevirt floating IPs.
*/
-@Path("floatingips")
+@Path("floating-ip")
public class KubevirtFloatingIpsWebResource extends AbstractWebResource {
protected final Logger log = LoggerFactory.getLogger(getClass());
+ private static final String FLOATING_IPS = "floating-ips";
+
/**
* Returns set of all floating IPs.
*
@@ -46,6 +48,6 @@
public Response getFloatingIps() {
KubevirtRouterService service = get(KubevirtRouterService.class);
final Iterable<KubevirtFloatingIp> fips = service.floatingIps();
- return ok(encodeArray(KubevirtFloatingIp.class, "floatingips", fips)).build();
+ return ok(encodeArray(KubevirtFloatingIp.class, FLOATING_IPS, fips)).build();
}
}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingCodecRegister.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingCodecRegister.java
index 2754e7c..b8f27e3 100644
--- a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingCodecRegister.java
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingCodecRegister.java
@@ -22,12 +22,16 @@
import org.onosproject.kubevirtnetworking.api.KubevirtNetwork;
import org.onosproject.kubevirtnetworking.api.KubevirtPort;
import org.onosproject.kubevirtnetworking.api.KubevirtRouter;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
import org.onosproject.kubevirtnetworking.codec.KubevirtFloatingIpCodec;
import org.onosproject.kubevirtnetworking.codec.KubevirtHostRouteCodec;
import org.onosproject.kubevirtnetworking.codec.KubevirtIpPoolCodec;
import org.onosproject.kubevirtnetworking.codec.KubevirtNetworkCodec;
import org.onosproject.kubevirtnetworking.codec.KubevirtPortCodec;
import org.onosproject.kubevirtnetworking.codec.KubevirtRouterCodec;
+import org.onosproject.kubevirtnetworking.codec.KubevirtSecurityGroupCodec;
+import org.onosproject.kubevirtnetworking.codec.KubevirtSecurityGroupRuleCodec;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
@@ -57,6 +61,8 @@
codecService.registerCodec(KubevirtPort.class, new KubevirtPortCodec());
codecService.registerCodec(KubevirtRouter.class, new KubevirtRouterCodec());
codecService.registerCodec(KubevirtFloatingIp.class, new KubevirtFloatingIpCodec());
+ codecService.registerCodec(KubevirtSecurityGroup.class, new KubevirtSecurityGroupCodec());
+ codecService.registerCodec(KubevirtSecurityGroupRule.class, new KubevirtSecurityGroupRuleCodec());
log.info("Started");
}
@@ -70,6 +76,8 @@
codecService.unregisterCodec(KubevirtPort.class);
codecService.unregisterCodec(KubevirtRouter.class);
codecService.unregisterCodec(KubevirtFloatingIp.class);
+ codecService.unregisterCodec(KubevirtSecurityGroup.class);
+ codecService.unregisterCodec(KubevirtSecurityGroupRule.class);
log.info("Stopped");
}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingWebApplication.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingWebApplication.java
index d2a45af..139b92d 100644
--- a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingWebApplication.java
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtNetworkingWebApplication.java
@@ -28,7 +28,9 @@
return getClasses(
KubevirtNetworkWebResource.class,
KubevirtManagementWebResource.class,
- KubevirtRouterWebResource.class
+ KubevirtRouterWebResource.class,
+ KubevirtFloatingIpsWebResource.class,
+ KubevirtSecurityGroupWebResource.class
);
}
}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtRouterWebResource.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtRouterWebResource.java
index 731b0d4..8a40f51 100644
--- a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtRouterWebResource.java
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtRouterWebResource.java
@@ -34,6 +34,7 @@
public class KubevirtRouterWebResource extends AbstractWebResource {
protected final Logger log = LoggerFactory.getLogger(getClass());
+ private static final String ROUTERS = "routers";
/**
* Returns set of all routers.
@@ -46,6 +47,6 @@
public Response getRouters() {
KubevirtRouterService service = get(KubevirtRouterService.class);
final Iterable<KubevirtRouter> routers = service.routers();
- return ok(encodeArray(KubevirtRouter.class, "routers", routers)).build();
+ return ok(encodeArray(KubevirtRouter.class, ROUTERS, routers)).build();
}
}
diff --git a/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtSecurityGroupWebResource.java b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtSecurityGroupWebResource.java
new file mode 100644
index 0000000..02acd87
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/java/org/onosproject/kubevirtnetworking/web/KubevirtSecurityGroupWebResource.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.web;
+
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupService;
+import org.onosproject.rest.AbstractWebResource;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+
+/**
+ * Handles REST API call for kubevirt security group.
+ */
+@Path("security-group")
+public class KubevirtSecurityGroupWebResource extends AbstractWebResource {
+
+ protected final Logger log = LoggerFactory.getLogger(getClass());
+ private static final String SECURITY_GROUPS = "security-groups";
+
+ /**
+ * Returns set of all security groups.
+ *
+ * @return 200 OK with set of all security groups
+ * @onos.rsModel KubevirtSecurityGroups
+ */
+ @GET
+ @Produces(MediaType.APPLICATION_JSON)
+ public Response getSecurityGroups() {
+ KubevirtSecurityGroupService service = get(KubevirtSecurityGroupService.class);
+ final Iterable<KubevirtSecurityGroup> sgs = service.securityGroups();
+ return ok(encodeArray(KubevirtSecurityGroup.class, SECURITY_GROUPS, sgs)).build();
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/main/resources/definitions/KubevirtSecurityGroups.json b/apps/kubevirt-networking/app/src/main/resources/definitions/KubevirtSecurityGroups.json
new file mode 100644
index 0000000..bd724c9
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/main/resources/definitions/KubevirtSecurityGroups.json
@@ -0,0 +1,103 @@
+{
+ "type": "object",
+ "description": "A security_group object.",
+ "required": [
+ "securityGroup"
+ ],
+ "properties": {
+ "securityGroup": {
+ "type": "object",
+ "required": [
+ "id",
+ "description",
+ "name",
+ "securityGroupRules"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "example": "2076db17-a522-4506-91de-c6dd8e837028",
+ "description": "The ID of the security group."
+ },
+ "description": {
+ "type": "string",
+ "example": "security group for webservers",
+ "description": "A human-readable description for the resource."
+ },
+ "name": {
+ "type": "string",
+ "example": "new-webservers",
+ "description": "Human-readable name of the resource."
+ },
+ "securityGroupRules": {
+ "type": "array",
+ "description": "A list of security_group_rule objects.",
+ "items": {
+ "type": "object",
+ "description": "A security group rule object.",
+ "required": [
+ "id",
+ "securityGroupId",
+ "direction",
+ "etherType",
+ "portRangeMax",
+ "portRangeMin",
+ "protocol",
+ "remoteIpPrefix",
+ "remoteGroupId"
+ ],
+ "properties": {
+ "id": {
+ "type": "string",
+ "example": "2bc0accf-312e-429a-956e-e4407625eb62",
+ "description": "The ID of this security group rule."
+ },
+ "securityGroupId": {
+ "type": "string",
+ "example": "a7734e61-b545-452d-a3cd-0189cbd9747a",
+ "description": "The security group ID to associate with this security group rule."
+ },
+ "direction": {
+ "type": "string",
+ "example": "ingress",
+ "description": "Ingress or egress, which is the direction in which the metering rule is applied."
+ },
+ "etherType": {
+ "type": "string",
+ "example": "IPv4",
+ "description": "Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules."
+ },
+ "portRangeMax": {
+ "type": "integer",
+ "format": "int32",
+ "example": 80,
+ "description": "The maximum port number in the range that is matched by the security group rule."
+ },
+ "portRangeMin": {
+ "type": "integer",
+ "format": "int32",
+ "example": 80,
+ "description": "The minimum port number in the range that is matched by the security group rule."
+ },
+ "protocol": {
+ "type": "string",
+ "example": "tcp",
+ "description": "The IP protocol can be represented by a string, an integer, or null."
+ },
+ "remoteIpPrefix": {
+ "type": "string",
+ "example": "",
+ "description": "The remote IP prefix to associate with this metering rule packet."
+ },
+ "remoteGroupId": {
+ "type": "string",
+ "example": "85cc3048-abc3-43cc-89b3-377341426ac5",
+ "description": "The remote group UUID to associate with this security group rule."
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodecTest.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodecTest.java
new file mode 100644
index 0000000..51bdeb5
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupCodecTest.java
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.google.common.collect.ImmutableSet;
+import org.hamcrest.MatcherAssert;
+import org.junit.Before;
+import org.junit.Test;
+import org.onlab.packet.IpPrefix;
+import org.onosproject.codec.CodecContext;
+import org.onosproject.codec.JsonCodec;
+import org.onosproject.codec.impl.CodecManager;
+import org.onosproject.core.CoreService;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import static junit.framework.TestCase.assertEquals;
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+import static org.easymock.EasyMock.replay;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.notNullValue;
+import static org.onosproject.kubevirtnetworking.codec.KubevirtSecurityGroupJsonMatcher.matchesKubevirtSecurityGroup;
+import static org.onosproject.net.NetTestTools.APP_ID;
+
+/**
+ * Unit tests for KubevirtSecurityGroup codec.
+ */
+public final class KubevirtSecurityGroupCodecTest {
+
+ MockCodecContext context;
+
+ JsonCodec<KubevirtSecurityGroup> kubevirtSecurityGroupCodec;
+ JsonCodec<KubevirtSecurityGroupRule> kubevirtSecurityGroupRuleCodec;
+
+ final CoreService mockCoreService = createMock(CoreService.class);
+ private static final String REST_APP_ID = "org.onosproject.rest";
+
+ @Before
+ public void setUp() {
+ context = new MockCodecContext();
+ kubevirtSecurityGroupCodec = new KubevirtSecurityGroupCodec();
+ kubevirtSecurityGroupRuleCodec = new KubevirtSecurityGroupRuleCodec();
+
+ assertThat(kubevirtSecurityGroupCodec, notNullValue());
+ assertThat(kubevirtSecurityGroupRuleCodec, notNullValue());
+ expect(mockCoreService.registerApplication(REST_APP_ID))
+ .andReturn(APP_ID).anyTimes();
+ replay(mockCoreService);
+ context.registerService(CoreService.class, mockCoreService);
+ }
+
+ /**
+ * Tests the kubevirt security group encoding.
+ */
+ @Test
+ public void testKubevirtSecurityGroupEncode() {
+ KubevirtSecurityGroupRule rule = DefaultKubevirtSecurityGroupRule.builder()
+ .id("sgr-1")
+ .securityGroupId("sg-1")
+ .direction("ingress")
+ .etherType("IPv4")
+ .portRangeMin(0)
+ .portRangeMax(80)
+ .protocol("tcp")
+ .remoteIpPrefix(IpPrefix.valueOf("0.0.0.0/0"))
+ .remoteGroupId("g-1")
+ .build();
+
+ KubevirtSecurityGroup sg = DefaultKubevirtSecurityGroup.builder()
+ .id("sg-1")
+ .name("sg")
+ .description("example-sg")
+ .rules(ImmutableSet.of(rule))
+ .build();
+
+ ObjectNode sgJson = kubevirtSecurityGroupCodec.encode(sg, context);
+ assertThat(sgJson, matchesKubevirtSecurityGroup(sg));
+ }
+
+ /**
+ * Tests the kubevirt security group decoding.
+ */
+ @Test
+ public void testKubevirtSecurityGroupDecode() throws IOException {
+ KubevirtSecurityGroup sg = getKubevirtSecurityGroup("KubevirtSecurityGroup.json");
+ KubevirtSecurityGroupRule rule = sg.rules().stream().findAny().orElse(null);
+
+ assertEquals("sg-1", sg.id());
+ assertEquals("sg", sg.name());
+ assertEquals("example-sg", sg.description());
+
+ assertEquals("sgr-1", rule.id());
+ assertEquals("sg-1", rule.securityGroupId());
+ assertEquals("ingress", rule.direction());
+ assertEquals("IPv4", rule.etherType());
+ assertEquals((Integer) 80, rule.portRangeMax());
+ assertEquals((Integer) 0, rule.portRangeMin());
+ assertEquals("tcp", rule.protocol());
+ assertEquals("0.0.0.0/0", rule.remoteIpPrefix().toString());
+ assertEquals("g-1", rule.remoteGroupId());
+ }
+
+ private KubevirtSecurityGroup getKubevirtSecurityGroup(String resourceName) throws IOException {
+ InputStream jsonStream = KubevirtSecurityGroupCodecTest.class.getResourceAsStream(resourceName);
+ JsonNode json = context.mapper().readTree(jsonStream);
+ MatcherAssert.assertThat(json, notNullValue());
+ KubevirtSecurityGroup sg = kubevirtSecurityGroupCodec.decode((ObjectNode) json, context);
+ assertThat(sg, notNullValue());
+ return sg;
+ }
+
+ private class MockCodecContext implements CodecContext {
+
+ private final ObjectMapper mapper = new ObjectMapper();
+ private final CodecManager manager = new CodecManager();
+ private final Map<Class<?>, Object> services = new HashMap<>();
+
+ /**
+ * Constructs a new mock codec context.
+ */
+ public MockCodecContext() {
+ manager.activate();
+ }
+
+ @Override
+ public ObjectMapper mapper() {
+ return mapper;
+ }
+
+ @Override
+ public <T> JsonCodec<T> codec(Class<T> entityClass) {
+ if (entityClass == KubevirtSecurityGroupRule.class) {
+ return (JsonCodec<T>) kubevirtSecurityGroupRuleCodec;
+ }
+
+ return manager.getCodec(entityClass);
+ }
+
+ @Override
+ public <T> T getService(Class<T> serviceClass) {
+ return (T) services.get(serviceClass);
+ }
+
+ // for registering mock services
+ public <T> void registerService(Class<T> serviceClass, T impl) {
+ services.put(serviceClass, impl);
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupJsonMatcher.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupJsonMatcher.java
new file mode 100644
index 0000000..ea04c60
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupJsonMatcher.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+
+/**
+ * Hamcrest matcher for security group.
+ */
+public final class KubevirtSecurityGroupJsonMatcher extends TypeSafeDiagnosingMatcher<JsonNode> {
+
+ private static final String ID = "id";
+ private static final String NAME = "name";
+ private static final String DESCRIPTION = "description";
+ private static final String RULES = "rules";
+
+ private final KubevirtSecurityGroup sg;
+
+ private KubevirtSecurityGroupJsonMatcher(KubevirtSecurityGroup sg) {
+ this.sg = sg;
+ }
+
+ @Override
+ protected boolean matchesSafely(JsonNode jsonNode, Description description) {
+ // check sg ID
+ String jsonId = jsonNode.get(ID).asText();
+ String id = sg.id();
+ if (!jsonId.equals(id)) {
+ description.appendText("ID was " + jsonId);
+ return false;
+ }
+
+ // check sg name
+ String jsonName = jsonNode.get(NAME).asText();
+ String name = sg.name();
+ if (!jsonName.equals(name)) {
+ description.appendText("Name was " + jsonName);
+ return false;
+ }
+
+ // check description
+ JsonNode jsonDescription = jsonNode.get(DESCRIPTION);
+ if (jsonDescription != null) {
+ String myDescription = sg.description();
+ if (!jsonDescription.asText().equals(myDescription)) {
+ description.appendText("Description was " + jsonDescription);
+ return false;
+ }
+ }
+
+ JsonNode jsonSgr = jsonNode.get(RULES);
+ if (jsonSgr != null) {
+ // check size of rule array
+ if (jsonSgr.size() != sg.rules().size()) {
+ description.appendText("Rules was " + jsonSgr.size());
+ return false;
+ }
+
+ // check rules
+ for (KubevirtSecurityGroupRule sgr : sg.rules()) {
+ boolean ruleFound = false;
+ for (int ruleIndex = 0; ruleIndex < jsonSgr.size(); ruleIndex++) {
+ KubevirtSecurityGroupRuleJsonMatcher ruleMatcher =
+ KubevirtSecurityGroupRuleJsonMatcher
+ .matchesKubevirtSecurityGroupRule(sgr);
+ if (ruleMatcher.matches(jsonSgr.get(ruleIndex))) {
+ ruleFound = true;
+ break;
+ }
+ }
+
+ if (!ruleFound) {
+ description.appendText("Rule not found " + sgr.toString());
+ return false;
+ }
+ }
+ }
+
+ return true;
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendText(sg.toString());
+ }
+
+ /**
+ * Factory to allocate a kubevirt security group matcher.
+ *
+ * @param sg kubevirt security group object we are looking for
+ * @return matcher
+ */
+ public static KubevirtSecurityGroupJsonMatcher
+ matchesKubevirtSecurityGroup(KubevirtSecurityGroup sg) {
+ return new KubevirtSecurityGroupJsonMatcher(sg);
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleJsonMatcher.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleJsonMatcher.java
new file mode 100644
index 0000000..81ba374
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroupRuleJsonMatcher.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.codec;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import org.hamcrest.Description;
+import org.hamcrest.TypeSafeDiagnosingMatcher;
+import org.onlab.packet.IpPrefix;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+
+/**
+ * Hamcrest matcher for kubevirt port.
+ */
+public final class KubevirtSecurityGroupRuleJsonMatcher extends TypeSafeDiagnosingMatcher<JsonNode> {
+
+ private final KubevirtSecurityGroupRule rule;
+
+ private static final String ID = "id";
+ private static final String SECURITY_GROUP_ID = "securityGroupId";
+ private static final String DIRECTION = "direction";
+ private static final String ETHER_TYPE = "etherType";
+ private static final String PORT_RANGE_MAX = "portRangeMax";
+ private static final String PORT_RANGE_MIN = "portRangeMin";
+ private static final String PROTOCOL = "protocol";
+ private static final String REMOTE_IP_PREFIX = "remoteIpPrefix";
+ private static final String REMOTE_GROUP_ID = "remoteGroupId";
+
+ private KubevirtSecurityGroupRuleJsonMatcher(KubevirtSecurityGroupRule rule) {
+ this.rule = rule;
+ }
+
+ @Override
+ protected boolean matchesSafely(JsonNode jsonNode, Description description) {
+ // check rule ID
+ String jsonId = jsonNode.get(ID).asText();
+ String id = rule.id();
+ if (!jsonId.equals(id)) {
+ description.appendText("Rule ID was " + jsonId);
+ return false;
+ }
+
+ // check security group ID
+ String jsonSecurityGroupId = jsonNode.get(SECURITY_GROUP_ID).asText();
+ String securityGroupId = rule.securityGroupId();
+ if (!jsonSecurityGroupId.equals(securityGroupId)) {
+ description.appendText("Security group ID was " + jsonSecurityGroupId);
+ return false;
+ }
+
+ // check direction
+ String jsonDirection = jsonNode.get(DIRECTION).asText();
+ String direction = rule.direction();
+ if (!jsonDirection.equals(direction)) {
+ description.appendText("Direction was " + jsonDirection);
+ return false;
+ }
+
+ // check ether type
+ JsonNode jsonEtherType = jsonNode.get(ETHER_TYPE);
+ if (jsonEtherType != null) {
+ String etherType = rule.etherType();
+ if (!jsonEtherType.asText().equals(etherType)) {
+ description.appendText("EtherType was " + jsonEtherType);
+ return false;
+ }
+ }
+
+ // check port range max
+ JsonNode jsonPortRangeMax = jsonNode.get(PORT_RANGE_MAX);
+ if (jsonPortRangeMax != null) {
+ int portRangeMax = rule.portRangeMax();
+ if (portRangeMax != jsonPortRangeMax.asInt()) {
+ description.appendText("PortRangeMax was " + jsonPortRangeMax);
+ return false;
+ }
+ }
+
+ // check port range min
+ JsonNode jsonPortRangeMin = jsonNode.get(PORT_RANGE_MIN);
+ if (jsonPortRangeMin != null) {
+ int portRangeMin = rule.portRangeMin();
+ if (portRangeMin != jsonPortRangeMin.asInt()) {
+ description.appendText("PortRangeMin was " + jsonPortRangeMin);
+ return false;
+ }
+ }
+
+ // check protocol
+ JsonNode jsonProtocol = jsonNode.get(PROTOCOL);
+ if (jsonProtocol != null) {
+ String protocol = rule.protocol();
+ if (!jsonProtocol.asText().equals(protocol)) {
+ description.appendText("Protocol was " + jsonProtocol);
+ return false;
+ }
+ }
+
+ // check remote IP prefix
+ JsonNode jsonRemoteIpPrefix = jsonNode.get(REMOTE_IP_PREFIX);
+ if (jsonRemoteIpPrefix != null) {
+ IpPrefix remoteIpPrefix = rule.remoteIpPrefix();
+ if (!jsonRemoteIpPrefix.asText().equals(remoteIpPrefix.toString())) {
+ description.appendText("Remote IP prefix was " + jsonRemoteIpPrefix);
+ return false;
+ }
+ }
+
+ // check remote group ID
+ JsonNode jsonRemoteGroupId = jsonNode.get(REMOTE_GROUP_ID);
+ if (jsonRemoteGroupId != null) {
+ String remoteGroupId = rule.remoteGroupId();
+ if (!jsonRemoteGroupId.asText().equals(remoteGroupId)) {
+ description.appendText("Remote group ID was " + jsonRemoteGroupId);
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ description.appendText(rule.toString());
+ }
+
+ /**
+ * Factory to allocate an kubevirt security group rule matcher.
+ *
+ * @param rule kubevirt security group rule object we are looking for
+ * @return matcher
+ */
+ public static KubevirtSecurityGroupRuleJsonMatcher
+ matchesKubevirtSecurityGroupRule(KubevirtSecurityGroupRule rule) {
+ return new KubevirtSecurityGroupRuleJsonMatcher(rule);
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupManagerTest.java b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupManagerTest.java
new file mode 100644
index 0000000..b7d8d64
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/java/org/onosproject/kubevirtnetworking/impl/KubevirtSecurityGroupManagerTest.java
@@ -0,0 +1,299 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.impl;
+
+import com.google.common.collect.Lists;
+import com.google.common.util.concurrent.MoreExecutors;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.onlab.junit.TestUtils;
+import org.onlab.packet.IpPrefix;
+import org.onosproject.core.ApplicationId;
+import org.onosproject.core.CoreServiceAdapter;
+import org.onosproject.core.DefaultApplicationId;
+import org.onosproject.event.Event;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.DefaultKubevirtSecurityGroupRule;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroup;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupListener;
+import org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupRule;
+import org.onosproject.store.service.TestStorageService;
+
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_CREATED;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_REMOVED;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_RULE_CREATED;
+import static org.onosproject.kubevirtnetworking.api.KubevirtSecurityGroupEvent.Type.KUBEVIRT_SECURITY_GROUP_RULE_REMOVED;
+
+/**
+ * Unit tests for kubevirt security group manager.
+ */
+public class KubevirtSecurityGroupManagerTest {
+
+ private static final ApplicationId TEST_APP_ID = new DefaultApplicationId(1, "test");
+
+ private static final String SECURITY_GROUP_ID_1 = "sg-id-1";
+ private static final String SECURITY_GROUP_ID_2 = "sg-id-2";
+ private static final String UNKNOWN_ID = "sg-id-x";
+
+
+ private static final String SECURITY_GROUP_NAME_1 = "sg-name-1";
+ private static final String SECURITY_GROUP_NAME_2 = "sg-name-2";
+
+ private static final String SECURITY_GROUP_DESCRIPTION_1 = "description-1";
+ private static final String SECURITY_GROUP_DESCRIPTION_2 = "description-2";
+
+ private static final String SECURITY_GROUP_RULE_ID_1_1 = "sgr-id-1-1";
+ private static final String SECURITY_GROUP_RULE_ID_1_2 = "sgr-id-1-2";
+
+ private static final String SECURITY_GROUP_ETH_TYPE = "IP";
+ private static final String SECURITY_GROUP_DIRECTION = "EGRESS";
+ private static final String SECURITY_GROUP_PROTOCOL_1 = "TCP";
+ private static final String SECURITY_GROUP_PROTOCOL_2 = "UDP";
+
+ private static final int SECURITY_GROUP_PORT_RANGE_MIN_1 = 1;
+ private static final int SECURITY_GROUP_PORT_RANGE_MIN_2 = 101;
+ private static final int SECURITY_GROUP_PORT_RANGE_MAX_1 = 100;
+ private static final int SECURITY_GROUP_PORT_RANGE_MAX_2 = 200;
+
+ private static final IpPrefix SECURITY_GROUP_REMOTE_IP_PREFIX_1 = IpPrefix.valueOf("1.1.1.0/24");
+ private static final IpPrefix SECURITY_GROUP_REMOTE_IP_PREFIX_2 = IpPrefix.valueOf("2.2.2.0/24");
+
+ private KubevirtSecurityGroup sg1;
+ private KubevirtSecurityGroup sg2;
+
+ private KubevirtSecurityGroupRule sgRule11;
+ private KubevirtSecurityGroupRule sgRule12;
+
+ private KubevirtSecurityGroupManager target;
+ private DistributedKubevirtSecurityGroupStore store;
+
+ private final TestKubevirtSecurityGroupListener testListener =
+ new TestKubevirtSecurityGroupListener();
+
+ /**
+ * Initial setup for this unit test.
+ */
+ @Before
+ public void setUp() throws Exception {
+ store = new DistributedKubevirtSecurityGroupStore();
+ TestUtils.setField(store, "coreService", new TestCoreService());
+ TestUtils.setField(store, "storageService", new TestStorageService());
+ TestUtils.setField(store, "eventExecutor", MoreExecutors.newDirectExecutorService());
+ store.activate();
+
+ target = new KubevirtSecurityGroupManager();
+ TestUtils.setField(target, "coreService", new TestCoreService());
+ target.sgStore = store;
+ target.addListener(testListener);
+ target.activate();
+
+ sgRule11 = DefaultKubevirtSecurityGroupRule.builder()
+ .id(SECURITY_GROUP_RULE_ID_1_1)
+ .securityGroupId(SECURITY_GROUP_ID_1)
+ .remoteGroupId(SECURITY_GROUP_ID_1)
+ .direction(SECURITY_GROUP_DIRECTION)
+ .etherType(SECURITY_GROUP_ETH_TYPE)
+ .portRangeMax(SECURITY_GROUP_PORT_RANGE_MAX_1)
+ .portRangeMin(SECURITY_GROUP_PORT_RANGE_MIN_1)
+ .protocol(SECURITY_GROUP_PROTOCOL_1)
+ .remoteIpPrefix(SECURITY_GROUP_REMOTE_IP_PREFIX_1)
+ .build();
+
+ sgRule12 = DefaultKubevirtSecurityGroupRule.builder()
+ .id(SECURITY_GROUP_RULE_ID_1_2)
+ .securityGroupId(SECURITY_GROUP_ID_1)
+ .remoteGroupId(SECURITY_GROUP_ID_2)
+ .direction(SECURITY_GROUP_DIRECTION)
+ .etherType(SECURITY_GROUP_ETH_TYPE)
+ .portRangeMax(SECURITY_GROUP_PORT_RANGE_MAX_2)
+ .portRangeMin(SECURITY_GROUP_PORT_RANGE_MIN_2)
+ .protocol(SECURITY_GROUP_PROTOCOL_2)
+ .remoteIpPrefix(SECURITY_GROUP_REMOTE_IP_PREFIX_2)
+ .build();
+
+ sg1 = DefaultKubevirtSecurityGroup.builder()
+ .id(SECURITY_GROUP_ID_1)
+ .name(SECURITY_GROUP_NAME_1)
+ .description(SECURITY_GROUP_DESCRIPTION_1)
+ .build();
+
+ sg2 = DefaultKubevirtSecurityGroup.builder()
+ .id(SECURITY_GROUP_ID_2)
+ .name(SECURITY_GROUP_NAME_2)
+ .description(SECURITY_GROUP_DESCRIPTION_2)
+ .build();
+ }
+
+ /**
+ * Tears down all of this unit test.
+ */
+ @After
+ public void tearDown() {
+ target.removeListener(testListener);
+ store.deactivate();
+ target.deactivate();
+ store = null;
+ target = null;
+ }
+
+ /**
+ * Tests if getting all security groups returns the correct set of groups.
+ */
+ @Test
+ public void testGetSecurityGroups() {
+ createBasicSecurityGroups();
+ assertEquals("Number of security group did not match",
+ 2, target.securityGroups().size());
+ }
+
+ /**
+ * Tests if getting a security group with group ID returns the correct group.
+ */
+ @Test
+ public void testGetSecurityGroupById() {
+ createBasicSecurityGroups();
+ assertNotNull("Security group did not match", target.securityGroup(SECURITY_GROUP_ID_1));
+ assertNotNull("Security group did not match", target.securityGroup(SECURITY_GROUP_ID_2));
+ assertNull("Security group did not match", target.securityGroup(UNKNOWN_ID));
+ }
+
+ /**
+ * Tests creating and removing a security group, and checks if it triggers proper events.
+ */
+ @Test
+ public void testCreateAndRemoveSecurityGroup() {
+ target.createSecurityGroup(sg1);
+ assertEquals("Number of security group did not match",
+ 1, target.securityGroups().size());
+ assertNotNull("Security group did not match",
+ target.securityGroup(SECURITY_GROUP_ID_1));
+
+ target.removeSecurityGroup(SECURITY_GROUP_ID_1);
+ assertEquals("Number of security group did not match",
+ 0, target.securityGroups().size());
+ assertNull("Security group did not match",
+ target.securityGroup(SECURITY_GROUP_ID_1));
+
+ validateEvents(KUBEVIRT_SECURITY_GROUP_CREATED, KUBEVIRT_SECURITY_GROUP_REMOVED);
+ }
+
+ /**
+ * Tests creating and removing a security group rule, and checks if it triggers proper events.
+ */
+ @Test
+ public void testCreateAndRemoveSecurityGroupRule() {
+ target.createSecurityGroup(sg1);
+ assertEquals("Number of security group rule did not match",
+ 0, target.securityGroup(sg1.id()).rules().size());
+
+ target.createSecurityGroupRule(sgRule11);
+ assertEquals("Number of security group rule did not match",
+ 1, target.securityGroup(sg1.id()).rules().size());
+
+ target.createSecurityGroupRule(sgRule12);
+ assertEquals("Number of security group rule did not match",
+ 2, target.securityGroup(sg1.id()).rules().size());
+
+ target.removeSecurityGroupRule(sgRule11.id());
+ assertEquals("Number of security group rule did not match",
+ 1, target.securityGroup(sg1.id()).rules().size());
+
+ target.removeSecurityGroupRule(sgRule12.id());
+ assertEquals("Number of security group rule did not match",
+ 0, target.securityGroup(sg1.id()).rules().size());
+
+ validateEvents(KUBEVIRT_SECURITY_GROUP_CREATED,
+ KUBEVIRT_SECURITY_GROUP_RULE_CREATED,
+ KUBEVIRT_SECURITY_GROUP_RULE_CREATED,
+ KUBEVIRT_SECURITY_GROUP_RULE_REMOVED,
+ KUBEVIRT_SECURITY_GROUP_RULE_REMOVED);
+ }
+
+ /**
+ * Tests if creating a null security group fails with an exception.
+ */
+ @Test(expected = NullPointerException.class)
+ public void testCreateNullSecurityGroup() {
+ target.createSecurityGroup(null);
+ }
+
+ /**
+ * Tests if creating a duplicated security group fails with an exception.
+ */
+ @Test(expected = IllegalArgumentException.class)
+ public void testCreateDuplicateSecurityGroup() {
+ target.createSecurityGroup(sg1);
+ target.createSecurityGroup(sg1);
+ }
+
+ /**
+ * Tests if removing security group with null ID fails with an exception.
+ */
+ @Test(expected = IllegalArgumentException.class)
+ public void testRemoveSecurityGroupWithNull() {
+ target.removeSecurityGroup(null);
+ }
+
+ /**
+ * Tests if updating an unregistered security group fails with an exception.
+ */
+ @Test(expected = IllegalArgumentException.class)
+ public void testUpdateUnregisteredSecurityGroup() {
+ target.updateSecurityGroup(sg1);
+ }
+
+ private void createBasicSecurityGroups() {
+ target.createSecurityGroup(sg1);
+ target.createSecurityGroup(sg2);
+ }
+
+ private static class TestCoreService extends CoreServiceAdapter {
+
+ @Override
+ public ApplicationId registerApplication(String name) {
+ return TEST_APP_ID;
+ }
+ }
+
+ private static class TestKubevirtSecurityGroupListener
+ implements KubevirtSecurityGroupListener {
+
+ private List<KubevirtSecurityGroupEvent> events = Lists.newArrayList();
+
+ @Override
+ public void event(KubevirtSecurityGroupEvent event) {
+ events.add(event);
+ }
+ }
+
+ private void validateEvents(Enum... types) {
+ int i = 0;
+ assertEquals("Number of events did not match", types.length,
+ testListener.events.size());
+ for (Event event : testListener.events) {
+ assertEquals("Incorrect event received", types[i], event.type());
+ i++;
+ }
+ testListener.events.clear();
+ }
+}
diff --git a/apps/kubevirt-networking/app/src/test/resources/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroup.json b/apps/kubevirt-networking/app/src/test/resources/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroup.json
new file mode 100644
index 0000000..365f5a3
--- /dev/null
+++ b/apps/kubevirt-networking/app/src/test/resources/org/onosproject/kubevirtnetworking/codec/KubevirtSecurityGroup.json
@@ -0,0 +1,18 @@
+{
+ "id": "sg-1",
+ "name": "sg",
+ "description": "example-sg",
+ "rules": [
+ {
+ "id": "sgr-1",
+ "securityGroupId": "sg-1",
+ "direction": "ingress",
+ "etherType": "IPv4",
+ "portRangeMax": 80,
+ "portRangeMin": 0,
+ "protocol": "tcp",
+ "remoteIpPrefix": "0.0.0.0/0",
+ "remoteGroupId": "g-1"
+ }
+ ]
+}
\ No newline at end of file