Ejemplo n.º 1
0
func (a *Api) firewalls(w http.ResponseWriter, r *http.Request) {
	w.Header().Set("content-type", "application/json")

	containers, err := a.client.ListContainers(true, true, "")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	containerMap := map[string]string{}
	for _, container := range containers {
		var name = ""
		if len(container.Names) > 0 {
			name = container.Names[0]
		}
		containerMap[container.Id] = name
	}

	firewalls, err := a.store.List(pathNameFirewall)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	var values = []model.Firewall{}
	for _, firewall := range firewalls {
		var fw model.Firewall
		if err := json.Unmarshal(firewall.Value, &fw); err != nil {
			continue
		}
		fw.Container = containerMap[fw.Container]
		values = append(values, fw)
	}

	if err := json.NewEncoder(w).Encode(values); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
}
Ejemplo n.º 2
0
func (a *Api) saveFirewall(w http.ResponseWriter, r *http.Request) {
	firewall := model.Firewall{}
	if err := json.NewDecoder(r.Body).Decode(&firewall); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
	name := firewall.Name
	container := firewall.Container
	gatewayIP := firewall.GatewayIP

	if name == "" || container == "" {
		http.Error(w, "name or container cannot be empty.", http.StatusInternalServerError)
		return
	}

	nameurl := path.Join(pathNameFirewall, name)
	exists, err := a.store.Exists(nameurl)
	if exists {
		http.Error(w, ErrFirewallNameExists.Error(), http.StatusInternalServerError)
		return
	}

	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	client := newClientAndScheme(a.client.TLSConfig)
	resp, err := client.Get(a.dUrl + "/containers/" + container + "/json")
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	//cleanup
	defer resp.Body.Close()
	defer closeIdleConnections(client)

	data, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	if resp.StatusCode >= 400 {
		http.Error(w, string(data), http.StatusInternalServerError)
		return
	}

	var info ContainerInfo
	if err := json.Unmarshal(data, &info); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	if gatewayIP == "" {
		gatewayIP = info.Node.IP
	}
	gateway, err := a.choiceGateway(gatewayIP)
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	firewall.Container = info.Id
	firewall.DatapathID = gateway.DatapathID
	firewall.GatewayIP = gateway.ExtIP

	value, err := json.Marshal(firewall)
	if err != nil {
		log.Fatalf("json marshal error: %v", err)
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	nodeurl := path.Join(pathNodeFirewall, gateway.DatapathID, strconv.Itoa(firewall.GatewayPort))
	exists, err = a.store.Exists(nodeurl)
	if exists {
		http.Error(w, ErrFirewallPortExists.Error(), http.StatusInternalServerError)
		return
	}
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	if err := a.store.Put(nodeurl, value, nil); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	if err := a.store.Put(nameurl, value, nil); err != nil {
		a.store.Delete(nodeurl)
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	w.Header().Set("Content-Type", "application/json")
	if err := json.NewEncoder(w).Encode(firewall); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}
}
Ejemplo n.º 3
0
func (a *Api) resetContainerById(oldId, newId string) {
	// Reset old container firewall to new.
	firewalls, err := a.store.List(pathNameFirewall)
	if err != nil {
		log.Errorf("error to get all firewalls: %v", err)
	} else {
		for _, fw := range firewalls {
			var firewall model.Firewall
			err := json.Unmarshal(fw.Value, &firewall)
			if err != nil {
				log.Errorf("error unmarshal firewall: %v", err)
				continue
			}
			if firewall.Container == oldId {
				firewall.Container = newId
				value, err := json.Marshal(firewall)
				if err != nil {
					log.Errorf("json marshal error: %v", err)
					continue
				}
				if err := a.store.Put(fw.Key, value, nil); err != nil {
					log.Errorf("error to update container firewall by name: %v", err)
					continue
				}
				nodeurl := path.Join(pathNodeFirewall, firewall.DatapathID, strconv.Itoa(firewall.GatewayPort))
				if err := a.store.Put(nodeurl, value, nil); err != nil {
					log.Errorf("error to update container firewall by node: %v", err)
					continue
				}
			}
		}
	}

	// Reset old container policy to new.
	policies, err := a.store.List(pathPolicy)
	if err != nil {
		log.Errorf("error to get all policies : %v", err)
	} else {
		for _, policy := range policies {
			peer := strings.Split(policy.Key, "/")
			parts := strings.Split(peer[len(peer)-1], ":")
			if len(parts) != 2 {
				log.Error(ErrPolicyFormat.Error())
				continue
			}
			if oldId == parts[0] || oldId == parts[1] {
				if err := a.store.Delete(policy.Key); err != nil {
					log.Warnf("error deleting policy: %v", err)
				}
				if oldId == parts[0] {
					parts[0] = newId
				} else {
					parts[1] = newId
				}

				var key string
				if strings.Compare(parts[0], parts[1]) > 0 {
					key = fmt.Sprintf("%s:%s", parts[1], parts[0])
				} else {
					key = fmt.Sprintf("%s:%s", parts[0], parts[1])
				}

				if err := a.store.Put(path.Join(pathPolicy, key), policy.Value, nil); err != nil {
					log.Errorf("error to save policy: %v", err)
				}
			}
		}
	}
}