func (c *consistencyChecker) globalNetworkCheckPolicyAttachment(network *types.VirtualNetwork) bool { policyName := makeGlobalNetworkPolicyName(c.config, network.GetFQName()) policy, err := types.NetworkPolicyByName(c.client, strings.Join(policyName, ":")) if err != nil { glog.V(3).Infof("No network policy for %s", network.GetName()) return true } policyRefs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Error(err) return true } for _, ref := range policyRefs { if ref.Uuid == policy.GetUuid() { glog.V(5).Infof("Network %s attached to %s", network.GetName(), policy.GetUuid()) return true } } err = policyAttach(c.client, network, policy) if err != nil { glog.Error(err) } else { glog.Infof("attached global network %s to policy", strings.Join(network.GetFQName(), ":")) } return false }
func (c *consistencyChecker) networkEvalPolicyRefs(network *types.VirtualNetwork, services ServiceIdList, lastIterationMap networkConnectionMap) (bool, error) { policyRefs, err := network.GetNetworkPolicyRefs() if err != nil { return false, err } consistent := true serviceDeleteList := make([]string, 0) gblNetworkDeleteList := make(map[string]string, 0) networkCSN := strings.Join(network.GetFQName(), ":") for _, ref := range policyRefs { if len(ref.To) < 3 { glog.Errorf("unexpected policy id %+v", ref.To) continue } if serviceName, err := serviceNameFromPolicyName(ref.To[len(ref.To)-1]); err == nil { namespace := ref.To[1] if !services.Contains(namespace, serviceName) { consistent = false if lastIterationMap == nil || c.connectionShouldDelete(network, lastIterationMap, ref.To) { serviceDeleteList = append(serviceDeleteList, ref.Uuid) } } } else if targetName, err := globalNetworkFromPolicyName(c.config, ref.To); err == nil { if targetName == networkCSN { continue } if !networkAccessGlobalNetworks(c.config, network.GetFQName()) || !isGlobalNetworkName(c.config, targetName) { consistent = false if lastIterationMap == nil || c.connectionShouldDelete(network, lastIterationMap, ref.To) { glog.Infof("Delete connection %s %s", networkCSN, targetName) gblNetworkDeleteList[ref.Uuid] = targetName } else { glog.Infof("Network connection %s %s not used by global network configuration", networkCSN, targetName) } } } } if len(gblNetworkDeleteList) > 0 { c.networkMgr.DeleteConnections(network, gblNetworkDeleteList) } if len(serviceDeleteList) > 0 { c.serviceMgr.DeleteConnections(network, serviceDeleteList) } return consistent, nil }
func (m *ServiceManagerImpl) PurgeStalePolicyRefs(network *types.VirtualNetwork, services ServiceIdList, doDelete func(string, string) bool) error { purgeList := make([]string, 0) refs, err := network.GetNetworkPolicyRefs() if err != nil { return err } for _, ref := range refs { if len(ref.To) < 3 { glog.Errorf("unexpected policy id %+v", ref.To) continue } namespace := ref.To[1] serviceName := ref.To[len(ref.To)-1] if !services.Contains(namespace, serviceName) && doDelete(namespace, serviceName) { purgeList = append(purgeList, ref.Uuid) } } if len(purgeList) == 0 { return nil } for _, policyId := range purgeList { network.DeleteNetworkPolicy(policyId) } err = m.client.Update(network) if err != nil { return err } for _, policyId := range purgeList { policy, err := types.NetworkPolicyByUuid(m.client, policyId) if err != nil { glog.Error(err) continue } refs, err := policy.GetVirtualNetworkBackRefs() if err != nil { glog.Error(err) } if len(refs) == 0 { err = m.client.Delete(policy) if err != nil { glog.Error(err) } } } return nil }
func policyDetach(client contrail.ApiClient, network *types.VirtualNetwork, policyName string) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("get network policy-refs %s: %v", network.GetName(), err) return err } for _, ref := range refs { if strings.Join(ref.To, ":") == policyName { network.DeleteNetworkPolicy(ref.Uuid) err := client.Update(network) if err != nil { glog.Errorf("Update network %s policies: %v", network.GetName(), err) } return err } } return nil }
func (m *ServiceManagerImpl) detachPolicy(network *types.VirtualNetwork, policyName string) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("get network policy-refs %s: %v", network.GetName(), err) return err } for _, ref := range refs { if strings.Join(ref.To, ":") == policyName { network.DeleteNetworkPolicy(ref.Uuid) err := m.client.Update(network) if err != nil { glog.Errorf("Update network %s policies: %v", network.GetName(), err) } return err } } return nil }
func (m *NetworkManagerImpl) DeleteNetwork(network *types.VirtualNetwork) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("Get %s policy refs: %v", network.GetName(), err) } m.client.Delete(network) for _, ref := range refs { obj, err := m.client.FindByUuid("network-policy", ref.Uuid) if err != nil { glog.Errorf("Get policy %s: %v", ref.Uuid, err) } policy := obj.(*types.NetworkPolicy) npRefs, err := policy.GetVirtualNetworkBackRefs() if len(npRefs) == 0 { m.client.Delete(policy) } } return nil }
func policyAttach(client contrail.ApiClient, network *types.VirtualNetwork, policy *types.NetworkPolicy) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("get network policy-refs %s: %v", network.GetName(), err) return err } for _, ref := range refs { if ref.Uuid == policy.GetUuid() { return nil } } network.AddNetworkPolicy(policy, types.VirtualNetworkPolicyType{ Sequence: &types.SequenceType{Major: 10, Minor: 0}, }) err = client.Update(network) if err != nil { glog.Errorf("Update network %s policies: %v", network.GetName(), err) return err } return nil }
func (m *ServiceManagerImpl) attachPolicy(network *types.VirtualNetwork, policy *types.NetworkPolicy) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("get network policy-refs %s: %v", network.GetName(), err) return err } for _, ref := range refs { if ref.Uuid == policy.GetUuid() { return nil } } network.AddNetworkPolicy(policy, types.VirtualNetworkPolicyType{ Sequence: &types.SequenceType{10, 0}, }) err = m.client.Update(network) if err != nil { glog.Errorf("Update network %s policies: %v", network.GetName(), err) return err } return nil }
func buildNetworkInfo(net *types.VirtualNetwork, detail bool) ( *NetworkInfo, error) { var subnets []string var policies []string refList, err := net.GetNetworkIpamRefs() if err != nil { return nil, err } for _, ref := range refList { attr := ref.Attr.(types.VnSubnetsType) for _, ipamSubnet := range attr.IpamSubnets { subnets = append(subnets, fmt.Sprintf("%s/%d", ipamSubnet.Subnet.IpPrefix, ipamSubnet.Subnet.IpPrefixLen)) } } if detail { refList, err = net.GetNetworkPolicyRefs() for _, ref := range refList { policies = append(policies, strings.Join(ref.To, ":")) } } info := &NetworkInfo{ net.GetUuid(), net.GetName(), net.GetIdPerms().Enable, net.GetVirtualNetworkProperties().NetworkId, net.GetVirtualNetworkProperties().AllowTransit, net.GetVirtualNetworkProperties().ForwardingMode, subnets, policies, net.GetRouteTargetList().RouteTarget, } return info, err }