Blame - apps/acl/src/main/java/org/onosproject/acl/impl/DistributedAclStore.java - onos

blob: 20611a9d05fe5d1d51f6055a0f1cb405e57751dc [file] [log] [blame]

Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	1	/*
Brian O'Connor	5ab426f	2016-04-09 01:19:45 -0700	[diff] [blame]	2	* Copyright 2015-present Open Networking Laboratory
Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
Ray Milkey	8526700	2016-11-16 11:06:35 -0800	[diff] [blame^]	15	*
				16	* Originally created by Pengfei Lu, Network and Cloud Computing Laboratory, Dalian University of Technology, China
				17	* Advisers: Keqiu Li, Heng Qi and Haisheng Yu
				18	* This work is supported by the State Key Program of National Natural Science of China(Grant No. 61432002)
				19	* and Prospective Research Project on Future Networks in Jiangsu Future Networks Innovation Institute.
Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	20	*/
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	21	package org.onosproject.acl.impl;
Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	22
				23	import com.google.common.collect.Collections2;
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	24	import org.onosproject.acl.AclRule;
				25	import org.onosproject.acl.AclStore;
Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	26	import org.apache.felix.scr.annotations.Activate;
				27	import org.apache.felix.scr.annotations.Component;
				28	import org.apache.felix.scr.annotations.Deactivate;
				29	import org.apache.felix.scr.annotations.Reference;
				30	import org.apache.felix.scr.annotations.ReferenceCardinality;
				31	import org.apache.felix.scr.annotations.Service;
				32	import org.onlab.util.KryoNamespace;
Thomas Vachuska	9bb3235	2015-09-25 11:31:22 -0700	[diff] [blame]	33	import org.onosproject.acl.RuleId;
Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	34	import org.onosproject.core.ApplicationId;
				35	import org.onosproject.core.CoreService;
				36	import org.onosproject.net.DeviceId;
				37	import org.onosproject.net.flow.FlowRule;
				38	import org.onosproject.store.AbstractStore;
				39	import org.onosproject.store.serializers.KryoNamespaces;
				40	import org.onosproject.store.service.ConsistentMap;
				41	import org.onosproject.store.service.Serializer;
				42	import org.onosproject.store.service.StorageService;
				43	import org.onosproject.store.service.Versioned;
				44	import org.slf4j.Logger;
				45
				46	import java.util.ArrayList;
				47	import java.util.HashSet;
				48	import java.util.List;
				49	import java.util.Set;
				50
				51	import static org.slf4j.LoggerFactory.getLogger;
				52
				53	/**
				54	* Implementation of the ACL store service.
				55	*/
				56	@Component(immediate = true)
				57	@Service
				58	public class DistributedAclStore extends AbstractStore implements AclStore {
				59
				60	private final Logger log = getLogger(getClass());
				61	private final int defaultFlowMaxPriority = 30000;
				62
				63	private ConsistentMap<RuleId, AclRule> ruleSet;
				64	private ConsistentMap<DeviceId, Integer> deviceToPriority;
				65	private ConsistentMap<RuleId, Set<DeviceId>> ruleToDevice;
				66	private ConsistentMap<RuleId, Set<FlowRule>> ruleToFlow;
				67	private ConsistentMap<RuleId, List<RuleId>> denyRuleToAllowRule;
				68
				69	@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
				70	protected StorageService storageService;
				71	@Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY)
				72	protected CoreService coreService;
				73
				74	@Activate
				75	public void activate() {
				76	ApplicationId appId = coreService.getAppId("org.onosproject.acl");
				77
				78	KryoNamespace.Builder serializer = KryoNamespace.newBuilder()
				79	.register(KryoNamespaces.API)
				80	.register(AclRule.class)
				81	.register(AclRule.Action.class)
				82	.register(RuleId.class);
				83
				84	ruleSet = storageService.<RuleId, AclRule>consistentMapBuilder()
				85	.withSerializer(Serializer.using(serializer.build()))
				86	.withName("acl-rule-set")
				87	.withApplicationId(appId)
				88	.withPurgeOnUninstall()
				89	.build();
				90
				91	deviceToPriority = storageService.<DeviceId, Integer>consistentMapBuilder()
				92	.withSerializer(Serializer.using(serializer.build()))
				93	.withName("device-to-priority")
				94	.withApplicationId(appId)
				95	.withPurgeOnUninstall()
				96	.build();
				97
				98	ruleToFlow = storageService.<RuleId, Set<FlowRule>>consistentMapBuilder()
				99	.withSerializer(Serializer.using(serializer.build()))
				100	.withName("rule-to-flow")
				101	.withApplicationId(appId)
				102	.withPurgeOnUninstall()
				103	.build();
				104
				105	denyRuleToAllowRule = storageService.<RuleId, List<RuleId>>consistentMapBuilder()
				106	.withSerializer(Serializer.using(serializer.build()))
				107	.withName("deny-to-allow")
				108	.withApplicationId(appId)
				109	.withPurgeOnUninstall()
				110	.build();
				111
				112	ruleToDevice = storageService.<RuleId, Set<DeviceId>>consistentMapBuilder()
				113	.withSerializer(Serializer.using(serializer.build()))
				114	.withName("rule-to-device")
				115	.withApplicationId(appId)
				116	.withPurgeOnUninstall()
				117	.build();
				118
				119	log.info("Started");
				120	}
				121
				122	@Deactivate
				123	public void deactive() {
				124	log.info("Stopped");
				125	}
				126
				127	@Override
				128	public List<AclRule> getAclRules() {
				129	List<AclRule> aclRules = new ArrayList<>();
				130	aclRules.addAll(Collections2.transform(ruleSet.values(), Versioned::value));
				131	return aclRules;
				132	}
				133
				134	@Override
				135	public void addAclRule(AclRule rule) {
				136	ruleSet.putIfAbsent(rule.id(), rule);
				137	}
				138
				139	@Override
				140	public AclRule getAclRule(RuleId ruleId) {
				141	Versioned<AclRule> rule = ruleSet.get(ruleId);
				142	if (rule != null) {
				143	return rule.value();
				144	} else {
				145	return null;
				146	}
				147	}
				148
				149	@Override
				150	public void removeAclRule(RuleId ruleId) {
				151	ruleSet.remove(ruleId);
				152	}
				153
				154	@Override
				155	public void clearAcl() {
				156	ruleSet.clear();
				157	deviceToPriority.clear();
				158	ruleToFlow.clear();
				159	denyRuleToAllowRule.clear();
				160	ruleToDevice.clear();
				161	}
				162
				163	@Override
				164	public int getPriorityByDevice(DeviceId deviceId) {
				165	return deviceToPriority.compute(deviceId,
				166	(id, priority) -> (priority == null) ? defaultFlowMaxPriority : (priority - 1))
				167	.value();
				168	}
				169
				170	@Override
				171	public Set<FlowRule> getFlowByRule(RuleId ruleId) {
				172	Versioned<Set<FlowRule>> flowRuleSet = ruleToFlow.get(ruleId);
				173	if (flowRuleSet != null) {
				174	return flowRuleSet.value();
				175	} else {
				176	return null;
				177	}
				178	}
				179
				180	@Override
				181	public void addRuleToFlowMapping(RuleId ruleId, FlowRule flowRule) {
				182	ruleToFlow.computeIf(ruleId,
				183	flowRuleSet -> (flowRuleSet == null \|\| !flowRuleSet.contains(flowRule)),
				184	(id, flowRuleSet) -> {
				185	Set<FlowRule> newSet = new HashSet<>();
				186	if (flowRuleSet != null) {
				187	newSet.addAll(flowRuleSet);
				188	}
				189	newSet.add(flowRule);
				190	return newSet;
				191	});
				192	}
				193
				194	@Override
				195	public void removeRuleToFlowMapping(RuleId ruleId) {
				196	ruleToFlow.remove(ruleId);
				197	}
				198
				199	@Override
				200	public List<RuleId> getAllowingRuleByDenyingRule(RuleId denyingRuleId) {
				201	Versioned<List<RuleId>> allowRuleIdSet = denyRuleToAllowRule.get(denyingRuleId);
				202	if (allowRuleIdSet != null) {
				203	return allowRuleIdSet.value();
				204	} else {
				205	return null;
				206	}
				207	}
				208
				209	@Override
				210	public void addDenyToAllowMapping(RuleId denyingRuleId, RuleId allowingRuleId) {
				211	denyRuleToAllowRule.computeIf(denyingRuleId,
				212	ruleIdList -> (ruleIdList == null \|\| !ruleIdList.contains(allowingRuleId)),
				213	(id, ruleIdList) -> {
				214	ArrayList<RuleId> newList = new ArrayList<>();
				215	if (ruleIdList != null) {
				216	newList.addAll(ruleIdList);
				217	}
				218	newList.add(allowingRuleId);
				219	return newList;
				220	});
				221	}
				222
				223	@Override
				224	public void removeDenyToAllowMapping(RuleId denyingRuleId) {
				225	denyRuleToAllowRule.remove(denyingRuleId);
				226	}
				227
				228	@Override
				229	public boolean checkIfRuleWorksInDevice(RuleId ruleId, DeviceId deviceId) {
				230	return ruleToDevice.containsKey(ruleId) && ruleToDevice.get(ruleId).value().contains(deviceId);
				231	}
				232
				233	@Override
				234	public void addRuleToDeviceMapping(RuleId ruleId, DeviceId deviceId) {
				235	ruleToDevice.computeIf(ruleId,
				236	deviceIdSet -> (deviceIdSet == null \|\| !deviceIdSet.contains(deviceId)),
				237	(id, deviceIdSet) -> {
Sho SHIMIZU	6cfc02d	2015-09-11 11:19:11 -0700	[diff] [blame]	238	Set<DeviceId> newSet = new HashSet<>();
Pengfei Lu	e0c02e2	2015-07-07 15:41:31 +0800	[diff] [blame]	239	if (deviceIdSet != null) {
				240	newSet.addAll(deviceIdSet);
				241	}
				242	newSet.add(deviceId);
				243	return newSet;
				244	});
				245	}
				246
				247	@Override
				248	public void removeRuleToDeviceMapping(RuleId ruleId) {
				249	ruleToDevice.remove(ruleId);
				250	}
				251
Sho SHIMIZU	6cfc02d	2015-09-11 11:19:11 -0700	[diff] [blame]	252	}