// RuleDelete deletes the rule within a policy
func (ac *APIController) RuleDelete(rule *contivModel.Rule) error {
log.Infof("Received RuleDelete: %+v", rule)
policyKey := rule.TenantName + ":" + rule.PolicyName
// find the policy
policy := contivModel.FindPolicy(policyKey)
if policy == nil {
log.Errorf("Error finding policy %s", policyKey)
return core.Errorf("Policy not found")
}
// unlink the rule from policy
modeldb.RemoveLinkSet(&policy.LinkSets.Rules, rule)
err := policy.Write()
if err != nil {
return err
}
// Trigger policyDB Update
err = master.PolicyDelRule(policy, rule)
if err != nil {
log.Errorf("Error deleting rule %s to policy %s. Err: %v", rule.Key, policy.Key, err)
return err
}
return nil
}
// EndpointGroupDelete deletes end point group
func (ac *APIController) EndpointGroupDelete(endpointGroup *contivModel.EndpointGroup) error {
log.Infof("Received EndpointGroupDelete: %+v", endpointGroup)
// delete the endpoint group state
err := master.DeleteEndpointGroup(endpointGroup.EndpointGroupID)
if err != nil {
log.Errorf("Error creating endpoing group %+v. Err: %v", endpointGroup, err)
}
// Detach the endpoint group from the Policies
for _, policyName := range endpointGroup.Policies {
policyKey := endpointGroup.TenantName + ":" + policyName
// find the policy
policy := contivModel.FindPolicy(policyKey)
if policy == nil {
log.Errorf("Could not find policy %s", policyName)
continue
}
// detach policy to epg
err := master.PolicyDetach(endpointGroup, policy)
if err != nil && err != master.EpgPolicyExists {
log.Errorf("Error detaching policy %s from epg %s", policyName, endpointGroup.Key)
}
// Remove links
modeldb.RemoveLinkSet(&policy.LinkSets.EndpointGroups, endpointGroup)
modeldb.RemoveLinkSet(&endpointGroup.LinkSets.Policies, policy)
policy.Write()
}
return nil
}
// EndpointGroupCreate creates end point group
func (ac *APIController) EndpointGroupCreate(endpointGroup *contivModel.EndpointGroup) error {
log.Infof("Received EndpointGroupCreate: %+v", endpointGroup)
// assign unique endpoint group ids
endpointGroup.EndpointGroupID = globalEpgID
globalEpgID = globalEpgID + 1
// Find the tenant
tenant := contivModel.FindTenant(endpointGroup.TenantName)
if tenant == nil {
return core.Errorf("Tenant not found")
}
// Setup links
modeldb.AddLink(&endpointGroup.Links.Tenant, tenant)
modeldb.AddLinkSet(&tenant.LinkSets.EndpointGroups, endpointGroup)
// Save the tenant too since we added the links
err := tenant.Write()
if err != nil {
return err
}
// for each policy create an epg policy Instance
for _, policyName := range endpointGroup.Policies {
policyKey := endpointGroup.TenantName + ":" + policyName
// find the policy
policy := contivModel.FindPolicy(policyKey)
if policy == nil {
log.Errorf("Could not find policy %s", policyName)
return core.Errorf("Policy not found")
}
// attach policy to epg
err = master.PolicyAttach(endpointGroup, policy)
if err != nil {
log.Errorf("Error attaching policy %s to epg %s", policyName, endpointGroup.Key)
return err
}
// establish Links
modeldb.AddLinkSet(&policy.LinkSets.EndpointGroups, endpointGroup)
modeldb.AddLinkSet(&endpointGroup.LinkSets.Policies, policy)
// Write the policy
err = policy.Write()
if err != nil {
return err
}
}
return nil
}
// EndpointGroupUpdate updates endpoint group
func (ac *APIController) EndpointGroupUpdate(endpointGroup, params *contivModel.EndpointGroup) error {
log.Infof("Received EndpointGroupUpdate: %+v, params: %+v", endpointGroup, params)
// Only update policy attachments
// Look for policy adds
for _, policyName := range params.Policies {
if !stringInSlice(policyName, endpointGroup.Policies) {
policyKey := endpointGroup.TenantName + ":" + policyName
// find the policy
policy := contivModel.FindPolicy(policyKey)
if policy == nil {
log.Errorf("Could not find policy %s", policyName)
return core.Errorf("Policy not found")
}
// attach policy to epg
err := master.PolicyAttach(endpointGroup, policy)
if err != nil && err != master.EpgPolicyExists {
log.Errorf("Error attaching policy %s to epg %s", policyName, endpointGroup.Key)
return err
}
// Setup links
modeldb.AddLinkSet(&policy.LinkSets.EndpointGroups, endpointGroup)
modeldb.AddLinkSet(&endpointGroup.LinkSets.Policies, policy)
err = policy.Write()
if err != nil {
return err
}
}
}
// now look for policy removals
for _, policyName := range endpointGroup.Policies {
if !stringInSlice(policyName, params.Policies) {
policyKey := endpointGroup.TenantName + ":" + policyName
// find the policy
policy := contivModel.FindPolicy(policyKey)
if policy == nil {
log.Errorf("Could not find policy %s", policyName)
return core.Errorf("Policy not found")
}
// detach policy to epg
err := master.PolicyDetach(endpointGroup, policy)
if err != nil && err != master.EpgPolicyExists {
log.Errorf("Error detaching policy %s from epg %s", policyName, endpointGroup.Key)
return err
}
// Remove links
modeldb.RemoveLinkSet(&policy.LinkSets.EndpointGroups, endpointGroup)
modeldb.RemoveLinkSet(&endpointGroup.LinkSets.Policies, policy)
err = policy.Write()
if err != nil {
return err
}
}
}
// Update the policy list
endpointGroup.Policies = params.Policies
return nil
}
// Extract relevant info from epg obj and append to application nw spec
func appendEpgInfo(eMap *epgMap, epgObj *contivModel.EndpointGroup, stateDriver core.StateDriver) error {
epg := epgSpec{}
epg.Name = epgObj.GroupName
//update vlantag from EpGroupState
epgCfg := &mastercfg.EndpointGroupState{}
epgCfg.StateDriver = stateDriver
eErr := epgCfg.Read(strconv.Itoa(epgObj.EndpointGroupID))
if eErr != nil {
log.Errorf("Error reading epg %v %v", epgObj.GroupName, eErr)
return eErr
}
epg.VlanTag = strconv.Itoa(epgCfg.PktTag)
// get all the service link details
for _, policy := range epgObj.Policies {
log.Debugf("==Processing policy %v", policy)
policyKey := epgObj.TenantName + ":" + policy
pObj := contivModel.FindPolicy(policyKey)
if pObj == nil {
errStr := fmt.Sprintf("Policy %v not found epg: %v", policy, epg.Name)
return errors.New(errStr)
}
for ruleName := range pObj.LinkSets.Rules {
log.Debugf("==Processing rule %v", ruleName)
rule := contivModel.FindRule(ruleName)
if rule == nil {
errStr := fmt.Sprintf("rule %v not found", ruleName)
return errors.New(errStr)
}
if rule.Action == "deny" {
log.Debugf("==Ignoring deny rule %v", ruleName)
continue
}
//TODO: make this a list and add protocol
epg.ServPort = append(epg.ServPort, strconv.Itoa(rule.Port))
log.Debugf("Service port: %v", strconv.Itoa(rule.Port))
if rule.EndpointGroup == "" {
log.Debugf("User unspecified %v == exposed contract", ruleName)
continue
}
// rule.EndpointGroup uses this epg
uEpg, ok := eMap.Specs[rule.EndpointGroup]
if ok {
uEpg.Uses = append(uEpg.Uses, epg.Name)
eMap.Specs[rule.EndpointGroup] = uEpg
} else {
//not in the map - need to add
userEpg := epgSpec{}
userEpg.Uses = append(userEpg.Uses, epg.Name)
eMap.Specs[rule.EndpointGroup] = userEpg
}
log.Debugf("==Used by %v", rule.EndpointGroup)
}
}
// add any saved uses info before overwriting
savedEpg, ok := eMap.Specs[epg.Name]
if ok {
epg.Uses = append(epg.Uses, savedEpg.Uses...)
}
eMap.Specs[epg.Name] = epg
return nil
}