// PolicyDetach detaches policy from an endpoint and removes associated rules from policyDB
func PolicyDetach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
epgpKey := epg.Key + ":" + policy.Key
// find the policy
gp := FindEpgPolicy(epgpKey)
if gp == nil {
log.Errorf("Epg policy %s does not exist", epgpKey)
return core.Errorf("epg policy does not exist")
}
// Delete all rules within the policy
for ruleKey := range policy.LinkSets.Rules {
// find the rule
rule := contivModel.FindRule(ruleKey)
if rule == nil {
log.Errorf("Error finding the rule %s", ruleKey)
continue
}
log.Infof("Deleting Rule %s from epgp policy %s", ruleKey, epgpKey)
// Add the rule to epg Policy
err := gp.DelRule(rule)
if err != nil {
log.Errorf("Error deleting rule %s from epg polict %s. Err: %v", ruleKey, epgpKey, err)
}
}
// delete it
return gp.Delete()
}
// NewEpgPolicy creates a new policy instance attached to an endpoint group
func NewEpgPolicy(epgpKey string, epgID int, policy *contivModel.Policy) (*EpgPolicy, error) {
gp := new(EpgPolicy)
gp.EpgPolicyKey = epgpKey
gp.ID = epgpKey
gp.EndpointGroupID = epgID
gp.StateDriver = stateStore
log.Infof("Creating new epg policy: %s", epgpKey)
// init the dbs
gp.RuleMaps = make(map[string]*RuleMap)
// Install all rules within the policy
for ruleKey := range policy.LinkSets.Rules {
// find the rule
rule := contivModel.FindRule(ruleKey)
if rule == nil {
log.Errorf("Error finding the rule %s", ruleKey)
return nil, core.Errorf("rule not found")
}
log.Infof("Adding Rule %s to epgp policy %s", ruleKey, epgpKey)
// Add the rule to epg Policy
err := gp.AddRule(rule)
if err != nil {
log.Errorf("Error adding rule %s to epg polict %s. Err: %v", ruleKey, epgpKey, err)
return nil, err
}
}
// Save the policy state
err := gp.Write()
if err != nil {
return nil, err
}
// Save it in local cache
epgPolicyDb[epgpKey] = gp
log.Info("Created epg policy {%+v}", gp)
return gp, nil
}
// Extract relevant info from epg obj and append to application nw spec
func appendEpgInfo(eMap *epgMap, epgObj *contivModel.EndpointGroup, stateDriver core.StateDriver) error {
epg := epgSpec{}
epg.Name = epgObj.GroupName
//update vlantag from EpGroupState
epgCfg := &mastercfg.EndpointGroupState{}
epgCfg.StateDriver = stateDriver
eErr := epgCfg.Read(strconv.Itoa(epgObj.EndpointGroupID))
if eErr != nil {
log.Errorf("Error reading epg %v %v", epgObj.GroupName, eErr)
return eErr
}
epg.VlanTag = strconv.Itoa(epgCfg.PktTag)
// get all the service link details
for _, policy := range epgObj.Policies {
log.Debugf("==Processing policy %v", policy)
policyKey := epgObj.TenantName + ":" + policy
pObj := contivModel.FindPolicy(policyKey)
if pObj == nil {
errStr := fmt.Sprintf("Policy %v not found epg: %v", policy, epg.Name)
return errors.New(errStr)
}
for ruleName := range pObj.LinkSets.Rules {
log.Debugf("==Processing rule %v", ruleName)
rule := contivModel.FindRule(ruleName)
if rule == nil {
errStr := fmt.Sprintf("rule %v not found", ruleName)
return errors.New(errStr)
}
if rule.Action == "deny" {
log.Debugf("==Ignoring deny rule %v", ruleName)
continue
}
//TODO: make this a list and add protocol
epg.ServPort = append(epg.ServPort, strconv.Itoa(rule.Port))
log.Debugf("Service port: %v", strconv.Itoa(rule.Port))
if rule.EndpointGroup == "" {
log.Debugf("User unspecified %v == exposed contract", ruleName)
continue
}
// rule.EndpointGroup uses this epg
uEpg, ok := eMap.Specs[rule.EndpointGroup]
if ok {
uEpg.Uses = append(uEpg.Uses, epg.Name)
eMap.Specs[rule.EndpointGroup] = uEpg
} else {
//not in the map - need to add
userEpg := epgSpec{}
userEpg.Uses = append(userEpg.Uses, epg.Name)
eMap.Specs[rule.EndpointGroup] = userEpg
}
log.Debugf("==Used by %v", rule.EndpointGroup)
}
}
// add any saved uses info before overwriting
savedEpg, ok := eMap.Specs[epg.Name]
if ok {
epg.Uses = append(epg.Uses, savedEpg.Uses...)
}
eMap.Specs[epg.Name] = epg
return nil
}
