func (a *Api) firewalls(w http.ResponseWriter, r *http.Request) {
w.Header().Set("content-type", "application/json")
containers, err := a.client.ListContainers(true, true, "")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
containerMap := map[string]string{}
for _, container := range containers {
var name = ""
if len(container.Names) > 0 {
name = container.Names[0]
}
containerMap[container.Id] = name
}
firewalls, err := a.store.List(pathNameFirewall)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
var values = []model.Firewall{}
for _, firewall := range firewalls {
var fw model.Firewall
if err := json.Unmarshal(firewall.Value, &fw); err != nil {
continue
}
fw.Container = containerMap[fw.Container]
values = append(values, fw)
}
if err := json.NewEncoder(w).Encode(values); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
func (a *Api) saveFirewall(w http.ResponseWriter, r *http.Request) {
firewall := model.Firewall{}
if err := json.NewDecoder(r.Body).Decode(&firewall); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
name := firewall.Name
container := firewall.Container
gatewayIP := firewall.GatewayIP
if name == "" || container == "" {
http.Error(w, "name or container cannot be empty.", http.StatusInternalServerError)
return
}
nameurl := path.Join(pathNameFirewall, name)
exists, err := a.store.Exists(nameurl)
if exists {
http.Error(w, ErrFirewallNameExists.Error(), http.StatusInternalServerError)
return
}
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
client := newClientAndScheme(a.client.TLSConfig)
resp, err := client.Get(a.dUrl + "/containers/" + container + "/json")
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
//cleanup
defer resp.Body.Close()
defer closeIdleConnections(client)
data, err := ioutil.ReadAll(resp.Body)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if resp.StatusCode >= 400 {
http.Error(w, string(data), http.StatusInternalServerError)
return
}
var info ContainerInfo
if err := json.Unmarshal(data, &info); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if gatewayIP == "" {
gatewayIP = info.Node.IP
}
gateway, err := a.choiceGateway(gatewayIP)
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
firewall.Container = info.Id
firewall.DatapathID = gateway.DatapathID
firewall.GatewayIP = gateway.ExtIP
value, err := json.Marshal(firewall)
if err != nil {
log.Fatalf("json marshal error: %v", err)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
nodeurl := path.Join(pathNodeFirewall, gateway.DatapathID, strconv.Itoa(firewall.GatewayPort))
exists, err = a.store.Exists(nodeurl)
if exists {
http.Error(w, ErrFirewallPortExists.Error(), http.StatusInternalServerError)
return
}
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err := a.store.Put(nodeurl, value, nil); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
if err := a.store.Put(nameurl, value, nil); err != nil {
a.store.Delete(nodeurl)
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
w.Header().Set("Content-Type", "application/json")
if err := json.NewEncoder(w).Encode(firewall); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
}
func (a *Api) resetContainerById(oldId, newId string) {
// Reset old container firewall to new.
firewalls, err := a.store.List(pathNameFirewall)
if err != nil {
log.Errorf("error to get all firewalls: %v", err)
} else {
for _, fw := range firewalls {
var firewall model.Firewall
err := json.Unmarshal(fw.Value, &firewall)
if err != nil {
log.Errorf("error unmarshal firewall: %v", err)
continue
}
if firewall.Container == oldId {
firewall.Container = newId
value, err := json.Marshal(firewall)
if err != nil {
log.Errorf("json marshal error: %v", err)
continue
}
if err := a.store.Put(fw.Key, value, nil); err != nil {
log.Errorf("error to update container firewall by name: %v", err)
continue
}
nodeurl := path.Join(pathNodeFirewall, firewall.DatapathID, strconv.Itoa(firewall.GatewayPort))
if err := a.store.Put(nodeurl, value, nil); err != nil {
log.Errorf("error to update container firewall by node: %v", err)
continue
}
}
}
}
// Reset old container policy to new.
policies, err := a.store.List(pathPolicy)
if err != nil {
log.Errorf("error to get all policies : %v", err)
} else {
for _, policy := range policies {
peer := strings.Split(policy.Key, "/")
parts := strings.Split(peer[len(peer)-1], ":")
if len(parts) != 2 {
log.Error(ErrPolicyFormat.Error())
continue
}
if oldId == parts[0] || oldId == parts[1] {
if err := a.store.Delete(policy.Key); err != nil {
log.Warnf("error deleting policy: %v", err)
}
if oldId == parts[0] {
parts[0] = newId
} else {
parts[1] = newId
}
var key string
if strings.Compare(parts[0], parts[1]) > 0 {
key = fmt.Sprintf("%s:%s", parts[1], parts[0])
} else {
key = fmt.Sprintf("%s:%s", parts[0], parts[1])
}
if err := a.store.Put(path.Join(pathPolicy, key), policy.Value, nil); err != nil {
log.Errorf("error to save policy: %v", err)
}
}
}
}
}