Beispiel #1
0
// PolicyDetach detaches policy from an endpoint and removes associated rules from policyDB
func PolicyDetach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
	epgpKey := epg.Key + ":" + policy.Key

	// find the policy
	gp := FindEpgPolicy(epgpKey)
	if gp == nil {
		log.Errorf("Epg policy %s does not exist", epgpKey)
		return core.Errorf("epg policy does not exist")
	}

	// Delete all rules within the policy
	for ruleKey := range policy.LinkSets.Rules {
		// find the rule
		rule := contivModel.FindRule(ruleKey)
		if rule == nil {
			log.Errorf("Error finding the rule %s", ruleKey)
			continue
		}

		log.Infof("Deleting Rule %s from epgp policy %s", ruleKey, epgpKey)

		// Add the rule to epg Policy
		err := gp.DelRule(rule)
		if err != nil {
			log.Errorf("Error deleting rule %s from epg polict %s. Err: %v", ruleKey, epgpKey, err)
		}
	}

	// delete it
	return gp.Delete()
}
Beispiel #2
0
// NewEpgPolicy creates a new policy instance attached to an endpoint group
func NewEpgPolicy(epgpKey string, epgID int, policy *contivModel.Policy) (*EpgPolicy, error) {
	gp := new(EpgPolicy)
	gp.EpgPolicyKey = epgpKey
	gp.ID = epgpKey
	gp.EndpointGroupID = epgID
	gp.StateDriver = stateStore

	log.Infof("Creating new epg policy: %s", epgpKey)

	// init the dbs
	gp.RuleMaps = make(map[string]*RuleMap)

	// Install all rules within the policy
	for ruleKey := range policy.LinkSets.Rules {
		// find the rule
		rule := contivModel.FindRule(ruleKey)
		if rule == nil {
			log.Errorf("Error finding the rule %s", ruleKey)
			return nil, core.Errorf("rule not found")
		}

		log.Infof("Adding Rule %s to epgp policy %s", ruleKey, epgpKey)

		// Add the rule to epg Policy
		err := gp.AddRule(rule)
		if err != nil {
			log.Errorf("Error adding rule %s to epg polict %s. Err: %v", ruleKey, epgpKey, err)
			return nil, err
		}
	}

	// Save the policy state
	err := gp.Write()
	if err != nil {
		return nil, err
	}

	// Save it in local cache
	epgPolicyDb[epgpKey] = gp

	log.Info("Created epg policy {%+v}", gp)

	return gp, nil
}
Beispiel #3
0
// Extract relevant info from epg obj and append to application nw spec
func appendEpgInfo(eMap *epgMap, epgObj *contivModel.EndpointGroup, stateDriver core.StateDriver) error {
	epg := epgSpec{}
	epg.Name = epgObj.GroupName

	//update vlantag from EpGroupState
	epgCfg := &mastercfg.EndpointGroupState{}
	epgCfg.StateDriver = stateDriver
	eErr := epgCfg.Read(strconv.Itoa(epgObj.EndpointGroupID))
	if eErr != nil {
		log.Errorf("Error reading epg %v %v", epgObj.GroupName, eErr)
		return eErr
	}

	epg.VlanTag = strconv.Itoa(epgCfg.PktTag)

	// get all the service link details
	for _, policy := range epgObj.Policies {
		log.Debugf("==Processing policy %v", policy)
		policyKey := epgObj.TenantName + ":" + policy
		pObj := contivModel.FindPolicy(policyKey)
		if pObj == nil {
			errStr := fmt.Sprintf("Policy %v not found epg: %v", policy, epg.Name)
			return errors.New(errStr)
		}

		for ruleName := range pObj.LinkSets.Rules {
			log.Debugf("==Processing rule %v", ruleName)
			rule := contivModel.FindRule(ruleName)
			if rule == nil {
				errStr := fmt.Sprintf("rule %v not found", ruleName)
				return errors.New(errStr)
			}

			if rule.Action == "deny" {
				log.Debugf("==Ignoring deny rule %v", ruleName)
				continue
			}

			//TODO: make this a list and add protocol
			epg.ServPort = append(epg.ServPort, strconv.Itoa(rule.Port))
			log.Debugf("Service port: %v", strconv.Itoa(rule.Port))

			if rule.EndpointGroup == "" {
				log.Debugf("User unspecified %v == exposed contract", ruleName)
				continue
			}

			// rule.EndpointGroup uses this epg
			uEpg, ok := eMap.Specs[rule.EndpointGroup]
			if ok {
				uEpg.Uses = append(uEpg.Uses, epg.Name)
				eMap.Specs[rule.EndpointGroup] = uEpg
			} else {
				//not in the map - need to add
				userEpg := epgSpec{}
				userEpg.Uses = append(userEpg.Uses, epg.Name)
				eMap.Specs[rule.EndpointGroup] = userEpg
			}
			log.Debugf("==Used by %v", rule.EndpointGroup)
		}

	}

	// add any saved uses info before overwriting
	savedEpg, ok := eMap.Specs[epg.Name]
	if ok {
		epg.Uses = append(epg.Uses, savedEpg.Uses...)
	}
	eMap.Specs[epg.Name] = epg
	return nil
}