Implement security group manager, codec and watcher with unit tests
Change-Id: Ib2201d140b9dcb2eff453f13447113bdba66babd
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java
index 0c97fb6..81fd064 100644
--- a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/Constants.java
@@ -88,6 +88,7 @@
public static final int CLI_LABELS_LENGTH = 30;
public static final int CLI_CONTAINERS_LENGTH = 30;
public static final int CLI_FLAG_LENGTH = 10;
+ public static final int CLI_NUMBER_LENGTH = 10;
public static final int CLI_MARGIN_LENGTH = 2;
public static final int PRIORITY_STATEFUL_SNAT_RULE = 40500;
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java
index 251ec0d..35d367f 100644
--- a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtNetwork.java
@@ -335,7 +335,7 @@
}
@Override
- public KubevirtNetwork.Builder dnses(Set<IpAddress> dnses) {
+ public Builder dnses(Set<IpAddress> dnses) {
this.dnses = dnses;
return this;
}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroup.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroup.java
new file mode 100644
index 0000000..e5c81ed
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroup.java
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import com.google.common.base.MoreObjects;
+
+import java.util.HashSet;
+import java.util.Objects;
+import java.util.Set;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+/**
+ * Default implementation class of kubevirt security group.
+ */
+public final class DefaultKubevirtSecurityGroup implements KubevirtSecurityGroup {
+
+ private static final String NOT_NULL_MSG = "Security Group % cannot be null";
+
+ private final String id;
+ private final String name;
+ private final String description;
+ private final Set<KubevirtSecurityGroupRule> rules;
+
+ /**
+ * A default constructor.
+ *
+ * @param id security group identifier
+ * @param name security group name
+ * @param description security group description
+ * @param rules security group rules
+ */
+ public DefaultKubevirtSecurityGroup(String id, String name, String description,
+ Set<KubevirtSecurityGroupRule> rules) {
+ this.id = id;
+ this.name = name;
+ this.description = description;
+ this.rules = rules;
+ }
+
+ @Override
+ public String id() {
+ return id;
+ }
+
+ @Override
+ public String name() {
+ return name;
+ }
+
+ @Override
+ public String description() {
+ return description;
+ }
+
+ @Override
+ public Set<KubevirtSecurityGroupRule> rules() {
+ return Objects.requireNonNullElseGet(rules, HashSet::new);
+ }
+
+ @Override
+ public KubevirtSecurityGroup updateRules(Set<KubevirtSecurityGroupRule> updatedRules) {
+ return new Builder()
+ .id(id)
+ .name(name)
+ .description(description)
+ .rules(updatedRules)
+ .build();
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ DefaultKubevirtSecurityGroup that = (DefaultKubevirtSecurityGroup) o;
+ return id.equals(that.id) && name.equals(that.name) &&
+ Objects.equals(description, that.description) &&
+ Objects.equals(rules, that.rules);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, name, description, rules);
+ }
+
+ @Override
+ public String toString() {
+ return MoreObjects.toStringHelper(this)
+ .add("id", id)
+ .add("name", name)
+ .add("description", description)
+ .add("rules", rules)
+ .toString();
+ }
+
+ /**
+ * Returns new builder instance.
+ *
+ * @return kubevirt security group builder
+ */
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static final class Builder implements KubevirtSecurityGroup.Builder {
+
+ private String id;
+ private String name;
+ private String description;
+ private Set<KubevirtSecurityGroupRule> rules;
+
+ @Override
+ public KubevirtSecurityGroup build() {
+ checkArgument(id != null, NOT_NULL_MSG, "id");
+ checkArgument(name != null, NOT_NULL_MSG, "name");
+
+ return new DefaultKubevirtSecurityGroup(id, name, description, rules);
+ }
+
+ @Override
+ public Builder id(String id) {
+ this.id = id;
+ return this;
+ }
+
+ @Override
+ public Builder name(String name) {
+ this.name = name;
+ return this;
+ }
+
+ @Override
+ public Builder description(String description) {
+ this.description = description;
+ return this;
+ }
+
+ @Override
+ public Builder rules(Set<KubevirtSecurityGroupRule> rules) {
+ this.rules = rules;
+ return this;
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRule.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRule.java
new file mode 100644
index 0000000..556d0bc
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/DefaultKubevirtSecurityGroupRule.java
@@ -0,0 +1,242 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import com.google.common.base.MoreObjects;
+import org.onlab.packet.IpPrefix;
+
+import java.util.Objects;
+
+import static com.google.common.base.Preconditions.checkArgument;
+
+/**
+ * Default implementation class of kubevirt security group rule.
+ */
+public final class DefaultKubevirtSecurityGroupRule implements KubevirtSecurityGroupRule {
+
+ private static final String NOT_NULL_MSG = "Security Group Rule % cannot be null";
+
+ private final String id;
+ private final String securityGroupId;
+ private final String direction;
+ private final String etherType;
+ private final Integer portRangeMax;
+ private final Integer portRangeMin;
+ private final String protocol;
+ private final IpPrefix remoteIpPrefix;
+ private final String remoteGroupId;
+
+ /**
+ * A default constructor.
+ *
+ * @param id security group rule identifier
+ * @param securityGroupId security group identifier
+ * @param direction traffic direction
+ * @param etherType ethernet type
+ * @param portRangeMax maximum port range
+ * @param portRangeMin minimum port range
+ * @param protocol network protocol
+ * @param remoteIpPrefix remote IP prefix
+ * @param remoteGroupId remote group identifier
+ */
+ public DefaultKubevirtSecurityGroupRule(String id, String securityGroupId,
+ String direction, String etherType,
+ Integer portRangeMax, Integer portRangeMin,
+ String protocol, IpPrefix remoteIpPrefix,
+ String remoteGroupId) {
+ this.id = id;
+ this.securityGroupId = securityGroupId;
+ this.direction = direction;
+ this.etherType = etherType;
+ this.portRangeMax = portRangeMax;
+ this.portRangeMin = portRangeMin;
+ this.protocol = protocol;
+ this.remoteIpPrefix = remoteIpPrefix;
+ this.remoteGroupId = remoteGroupId;
+ }
+
+ @Override
+ public String id() {
+ return id;
+ }
+
+ @Override
+ public String securityGroupId() {
+ return securityGroupId;
+ }
+
+ @Override
+ public String direction() {
+ return direction;
+ }
+
+ @Override
+ public String etherType() {
+ return etherType;
+ }
+
+ @Override
+ public Integer portRangeMax() {
+ return portRangeMax;
+ }
+
+ @Override
+ public Integer portRangeMin() {
+ return portRangeMin;
+ }
+
+ @Override
+ public String protocol() {
+ return protocol;
+ }
+
+ @Override
+ public IpPrefix remoteIpPrefix() {
+ return remoteIpPrefix;
+ }
+
+ @Override
+ public String remoteGroupId() {
+ return remoteGroupId;
+ }
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
+ }
+ DefaultKubevirtSecurityGroupRule that = (DefaultKubevirtSecurityGroupRule) o;
+ return id.equals(that.id) && securityGroupId.equals(that.securityGroupId) &&
+ direction.equals(that.direction) &&
+ Objects.equals(etherType, that.etherType) &&
+ Objects.equals(portRangeMax, that.portRangeMax) &&
+ Objects.equals(portRangeMin, that.portRangeMin) &&
+ Objects.equals(protocol, that.protocol) &&
+ Objects.equals(remoteIpPrefix, that.remoteIpPrefix) &&
+ Objects.equals(remoteGroupId, that.remoteGroupId);
+ }
+
+ @Override
+ public int hashCode() {
+ return Objects.hash(id, securityGroupId, direction, etherType, portRangeMax,
+ portRangeMin, protocol, remoteIpPrefix, remoteGroupId);
+ }
+
+ @Override
+ public String toString() {
+ return MoreObjects.toStringHelper(this)
+ .add("id", id)
+ .add("securityGroupId", securityGroupId)
+ .add("direction", direction)
+ .add("etherType", etherType)
+ .add("portRangeMax", portRangeMax)
+ .add("portRangeMin", portRangeMin)
+ .add("protocol", protocol)
+ .add("remoteIpPrefix", remoteIpPrefix)
+ .add("remoteGroupId", remoteGroupId)
+ .toString();
+ }
+
+ /**
+ * Returns new builder instance.
+ *
+ * @return kubevirt security group rule builder
+ */
+ public static Builder builder() {
+ return new Builder();
+ }
+
+ public static final class Builder implements KubevirtSecurityGroupRule.Builder {
+
+ private String id;
+ private String securityGroupId;
+ private String direction;
+ private String etherType;
+ private Integer portRangeMax;
+ private Integer portRangeMin;
+ private String protocol;
+ private IpPrefix remoteIpPrefix;
+ private String remoteGroupId;
+
+ @Override
+ public KubevirtSecurityGroupRule build() {
+ checkArgument(id != null, NOT_NULL_MSG, "id");
+ checkArgument(securityGroupId != null, NOT_NULL_MSG, "securityGroupId");
+ checkArgument(direction != null, NOT_NULL_MSG, "direction");
+
+ return new DefaultKubevirtSecurityGroupRule(id, securityGroupId,
+ direction, etherType, portRangeMax, portRangeMin, protocol,
+ remoteIpPrefix, remoteGroupId);
+ }
+
+ @Override
+ public Builder id(String id) {
+ this.id = id;
+ return this;
+ }
+
+ @Override
+ public Builder securityGroupId(String securityGroupId) {
+ this.securityGroupId = securityGroupId;
+ return this;
+ }
+
+ @Override
+ public Builder direction(String direction) {
+ this.direction = direction;
+ return this;
+ }
+
+ @Override
+ public Builder etherType(String etherType) {
+ this.etherType = etherType;
+ return this;
+ }
+
+ @Override
+ public Builder portRangeMax(Integer portRangeMax) {
+ this.portRangeMax = portRangeMax;
+ return this;
+ }
+
+ @Override
+ public Builder portRangeMin(Integer portRangeMin) {
+ this.portRangeMin = portRangeMin;
+ return this;
+ }
+
+ @Override
+ public Builder protocol(String protocol) {
+ this.protocol = protocol;
+ return this;
+ }
+
+ @Override
+ public Builder remoteIpPrefix(IpPrefix remoteIpPrefix) {
+ this.remoteIpPrefix = remoteIpPrefix;
+ return this;
+ }
+
+ @Override
+ public Builder remoteGroupId(String remoteGroupId) {
+ this.remoteGroupId = remoteGroupId;
+ return this;
+ }
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroup.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroup.java
new file mode 100644
index 0000000..fc4bc5b
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroup.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import java.util.Set;
+
+/**
+ * Representation of security group.
+ */
+public interface KubevirtSecurityGroup {
+
+ /**
+ * Returns the security group identifier.
+ *
+ * @return security group identifier
+ */
+ String id();
+
+ /**
+ * Returns the security group name.
+ *
+ * @return security group name
+ */
+ String name();
+
+ /**
+ * Returns the description.
+ *
+ * @return description
+ */
+ String description();
+
+ /**
+ * Returns rules associated with this security group.
+ *
+ * @return security group rules
+ */
+ Set<KubevirtSecurityGroupRule> rules();
+
+ /**
+ * Returns new kubevirt security group instance with given rules.
+ *
+ * @param updatedRules set of updated security group rules
+ * @return updated kubevirt security group
+ */
+ KubevirtSecurityGroup updateRules(Set<KubevirtSecurityGroupRule> updatedRules);
+
+ /**
+ * A default builder interface.
+ */
+ interface Builder {
+ /**
+ * Builds an immutable security group instance.
+ *
+ * @return kubevirt security group
+ */
+ KubevirtSecurityGroup build();
+
+ /**
+ * Returns kubevirt security group builder with supplied identifier.
+ *
+ * @param id security group identifier
+ * @return security group builder
+ */
+ Builder id(String id);
+
+ /**
+ * Returns kubevirt security group builder with supplied name.
+ *
+ * @param name security group name
+ * @return security group builder
+ */
+ Builder name(String name);
+
+ /**
+ * Returns kubevirt security group builder with supplied description.
+ *
+ * @param description security group description
+ * @return security group builder
+ */
+ Builder description(String description);
+
+ /**
+ * Returns kubevirt security group builder with supplied security group rules.
+ *
+ * @param rules security group rules
+ * @return security group builder
+ */
+ Builder rules(Set<KubevirtSecurityGroupRule> rules);
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupAdminService.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupAdminService.java
new file mode 100644
index 0000000..c7c5896
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupAdminService.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+/**
+ * Service for administering the inventory of kubevirty security group.
+ */
+public interface KubevirtSecurityGroupAdminService extends KubevirtSecurityGroupService {
+
+ /**
+ * Creates a security group.
+ *
+ * @param sg security group
+ */
+ void createSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Updates the security group.
+ *
+ * @param sg security group
+ */
+ void updateSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Removes the security group.
+ *
+ * @param sgId security group ID
+ */
+ void removeSecurityGroup(String sgId);
+
+ /**
+ * Creates a security group rule.
+ *
+ * @param sgRule security group rule
+ */
+ void createSecurityGroupRule(KubevirtSecurityGroupRule sgRule);
+
+ /**
+ * Removes the security group rule.
+ *
+ * @param sgRuleId security group rule ID
+ */
+ void removeSecurityGroupRule(String sgRuleId);
+
+ /**
+ * Removes the existing security groups.
+ */
+ void clear();
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupEvent.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupEvent.java
new file mode 100644
index 0000000..1445591
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupEvent.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.event.AbstractEvent;
+
+/**
+ * Describes kubevirt security group event.
+ */
+public class KubevirtSecurityGroupEvent
+ extends AbstractEvent<KubevirtSecurityGroupEvent.Type, KubevirtSecurityGroup> {
+
+ private KubevirtSecurityGroupRule sgRule;
+
+ /**
+ * SecurityGroupEvent constructor.
+ *
+ * @param type SecurityGroupEvent type
+ * @param sg SecurityGroup object
+ */
+ public KubevirtSecurityGroupEvent(Type type, KubevirtSecurityGroup sg) {
+ super(type, sg);
+ }
+
+ /**
+ * SecurityGroupEvent constructor.
+ *
+ * @param type SecurityGroupEvent type
+ * @param sg SecurityGroup object
+ * @param sgRule SecurityGroupRule object
+ */
+ public KubevirtSecurityGroupEvent(Type type, KubevirtSecurityGroup sg,
+ KubevirtSecurityGroupRule sgRule) {
+ super(type, sg);
+ this.sgRule = sgRule;
+ }
+
+ /**
+ * Returns security group rule.
+ *
+ * @return SecurityGroupRule
+ */
+ public KubevirtSecurityGroupRule rule() {
+ return this.sgRule;
+ }
+
+ public enum Type {
+ /**
+ * Signifies that a new kubevirt security group is created.
+ */
+ KUBEVIRT_SECURITY_GROUP_CREATED,
+
+ /**
+ * Signifies that the kubevirt security group is removed.
+ */
+ KUBEVIRT_SECURITY_GROUP_REMOVED,
+
+ /**
+ * Signifies that a new kubevirt security group rule is created.
+ */
+ KUBEVIRT_SECURITY_GROUP_RULE_CREATED,
+
+ /**
+ * Signifies that the kubevirt security group rule is removed.
+ */
+ KUBEVIRT_SECURITY_GROUP_RULE_REMOVED,
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupListener.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupListener.java
new file mode 100644
index 0000000..9b325cd
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupListener.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.event.EventListener;
+
+/**
+ * Listener for kubevirt Security Group events.
+ */
+public interface KubevirtSecurityGroupListener extends EventListener<KubevirtSecurityGroupEvent> {
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupRule.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupRule.java
new file mode 100644
index 0000000..8010d97
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupRule.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onlab.packet.IpPrefix;
+
+/**
+ * Representation of security group rule.
+ */
+public interface KubevirtSecurityGroupRule {
+
+ /**
+ * Returns the security group rule identifier.
+ *
+ * @return security group rule identifier
+ */
+ String id();
+
+ /**
+ * Returns the security group identifier.
+ *
+ * @return security group identifier
+ */
+ String securityGroupId();
+
+ /**
+ * Returns the traffic direction.
+ *
+ * @return traffic direction
+ */
+ String direction();
+
+ /**
+ * Returns the ethernet type.
+ *
+ * @return ethernet type
+ */
+ String etherType();
+
+ /**
+ * Returns the maximum port range.
+ *
+ * @return maximum port range
+ */
+ Integer portRangeMax();
+
+ /**
+ * Returns the minimum port range.
+ *
+ * @return minimum port range
+ */
+ Integer portRangeMin();
+
+ /**
+ * Returns the network protocol.
+ *
+ * @return network protocol
+ */
+ String protocol();
+
+ /**
+ * Returns the remote IP prefix.
+ *
+ * @return remote IP prefix
+ */
+ IpPrefix remoteIpPrefix();
+
+ /**
+ * Returns the remote group identifier.
+ *
+ * @return remote group identifier
+ */
+ String remoteGroupId();
+
+ /**
+ * A default builder interface.
+ */
+ interface Builder {
+ /**
+ * Builds an immutable security group rule instance.
+ *
+ * @return kubevirt security group rule
+ */
+ KubevirtSecurityGroupRule build();
+
+ /**
+ * Returns kubevirt security group rule builder with supplied id.
+ *
+ * @param id security group rule id
+ * @return security group rule builder
+ */
+ Builder id(String id);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied security group id.
+ *
+ * @param securityGroupId security group id
+ * @return security group rule builder
+ */
+ Builder securityGroupId(String securityGroupId);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied direction.
+ *
+ * @param direction traffic direction
+ * @return security group rule builder
+ */
+ Builder direction(String direction);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied etherType.
+ *
+ * @param etherType network etherType
+ * @return security group rule builder
+ */
+ Builder etherType(String etherType);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied maximum port range.
+ *
+ * @param portRangeMax maximum port range
+ * @return security group rule builder
+ */
+ Builder portRangeMax(Integer portRangeMax);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied minimum port range.
+ *
+ * @param portRangeMin minimum port range
+ * @return security group rule builder
+ */
+ Builder portRangeMin(Integer portRangeMin);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied protocol.
+ *
+ * @param protocol network protocol
+ * @return security group rule builder
+ */
+ Builder protocol(String protocol);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied remote IP prefix.
+ *
+ * @param remoteIpPrefix remote IP prefix
+ * @return security group rule builder
+ */
+ Builder remoteIpPrefix(IpPrefix remoteIpPrefix);
+
+ /**
+ * Returns kubevirt security group rule builder with supplied remote group id.
+ *
+ * @param remoteGroupId remote group id
+ * @return security group rule builder
+ */
+ Builder remoteGroupId(String remoteGroupId);
+ }
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupService.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupService.java
new file mode 100644
index 0000000..19ddf62
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupService.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.event.ListenerService;
+
+import java.util.Set;
+
+/**
+ * Service for interfacing kubevirt SecurityGroup events and SecurityGroup store.
+ */
+public interface KubevirtSecurityGroupService
+ extends ListenerService<KubevirtSecurityGroupEvent, KubevirtSecurityGroupListener> {
+
+ /**
+ * Returns all security groups.
+ *
+ * @return set of security group
+ */
+ Set<KubevirtSecurityGroup> securityGroups();
+
+ /**
+ * Returns the security group for the sgId.
+ *
+ * @param sgId security group Id
+ * @return security group
+ */
+ KubevirtSecurityGroup securityGroup(String sgId);
+
+ /**
+ * Returns the security group rule for the sgId.
+ *
+ * @param sgrId security group rule Id
+ * @return security group rule
+ */
+ KubevirtSecurityGroupRule securityGroupRule(String sgrId);
+
+ /**
+ * Returns whether security group is enabled or not.
+ *
+ * @return true security group is enabled, false otherwise
+ */
+ boolean isSecurityGroupEnabled();
+
+ /**
+ * Sets security group enable option.
+ *
+ * @param option security group enable option
+ */
+ void setSecurityGroupEnabled(boolean option);
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStore.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStore.java
new file mode 100644
index 0000000..ffa10cf
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStore.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.store.Store;
+
+import java.util.Set;
+
+/**
+ * Manages inventory of kubevirt security group states; not intended for direct use.
+ */
+public interface KubevirtSecurityGroupStore
+ extends Store<KubevirtSecurityGroupEvent, KubevirtSecurityGroupStoreDelegate> {
+
+ /**
+ * Creates a security group.
+ *
+ * @param sg security group
+ */
+ void createSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Updates the security group with the security group ID with the security group object.
+ *
+ * @param sg new SecurityGroup object
+ */
+ void updateSecurityGroup(KubevirtSecurityGroup sg);
+
+ /**
+ * Removes the security group with the security group ID.
+ *
+ * @param sgId security group Id
+ * @return SecurityGroup object removed
+ */
+ KubevirtSecurityGroup removeSecurityGroup(String sgId);
+
+ /**
+ * Returns the security group with the security group ID.
+ *
+ * @param sgId security group ID
+ * @return Security Group
+ */
+ KubevirtSecurityGroup securityGroup(String sgId);
+
+ /**
+ * Returns all security groups.
+ *
+ * @return set of security groups
+ */
+ Set<KubevirtSecurityGroup> securityGroups();
+
+ /**
+ * Clears the security group store.
+ */
+ void clear();
+}
diff --git a/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStoreDelegate.java b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStoreDelegate.java
new file mode 100644
index 0000000..0560e7a
--- /dev/null
+++ b/apps/kubevirt-networking/api/src/main/java/org/onosproject/kubevirtnetworking/api/KubevirtSecurityGroupStoreDelegate.java
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2021-present Open Networking Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.onosproject.kubevirtnetworking.api;
+
+import org.onosproject.store.StoreDelegate;
+
+/**
+ * Kubevirt security group store delegate abstraction.
+ */
+public interface KubevirtSecurityGroupStoreDelegate
+ extends StoreDelegate<KubevirtSecurityGroupEvent> {
+}