func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error {
	lhsName := strings.Join(lhsFQN, ":")
	rhsName := strings.Join(rhsFQN, ":")
	entries := policy.GetNetworkPolicyEntries()
	for _, rule := range entries.PolicyRule {
		if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
			rule.DstAddresses[0].VirtualNetwork == rhsName {
			return nil
		}
	}
	rule := new(types.PolicyRuleType)
	rule.Protocol = "any"
	rule.Direction = "<>"
	rule.SrcAddresses = []types.AddressType{types.AddressType{
		VirtualNetwork: lhsName,
	}}
	rule.DstAddresses = []types.AddressType{types.AddressType{
		VirtualNetwork: rhsName,
	}}
	rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
	rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
	rule.ActionList = &types.ActionListType{
		SimpleAction: "pass",
	}

	entries.AddPolicyRule(rule)
	policy.SetNetworkPolicyEntries(&entries)
	err := client.Update(policy)
	if err != nil {
		glog.Errorf("policy-rule: %v", err)
		return err
	}
	return nil
}
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error {
	lhsName := strings.Join(lhs.GetFQName(), ":")
	rhsName := strings.Join(rhs.GetFQName(), ":")

	entries := policy.GetNetworkPolicyEntries()
	for _, rule := range entries.PolicyRule {
		if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
			rule.DstAddresses[0].VirtualNetwork == rhsName {
			return nil
		}
	}
	rule := new(types.PolicyRuleType)
	rule.Protocol = "any"
	rule.Direction = "<>"
	rule.SrcAddresses = []types.AddressType{types.AddressType{
		VirtualNetwork: lhsName,
	}}
	rule.DstAddresses = []types.AddressType{types.AddressType{
		VirtualNetwork: rhsName,
	}}
	rule.SrcPorts = []types.PortType{types.PortType{-1, -1}}
	rule.DstPorts = []types.PortType{types.PortType{-1, -1}}
	rule.ActionList = &types.ActionListType{
		SimpleAction: "pass",
	}

	entries.AddPolicyRule(rule)
	policy.SetNetworkPolicyEntries(&entries)
	err := m.client.Update(policy)
	if err != nil {
		glog.Errorf("policy-rule: %v", err)
		return err
	}
	return nil
}
Exemple #3
0
// Retrieves the virtual-network references from the policy rules
// for display purposes.
func getRulesNetworks(policy *types.NetworkPolicy) (string, string) {
	displayValue := func(m map[string]bool) string {
		if len(m) > 1 {
			return "<multiple>"
		}
		for key, _ := range m {
			fqn := strings.Split(key, ":")
			return fqn[len(fqn)-1]
		}
		return "none"
	}

	sourceMap := make(map[string]bool, 0)
	destMap := make(map[string]bool, 0)
	for _, rule := range policy.GetNetworkPolicyEntries().PolicyRule {
		if len(rule.SrcAddresses) > 0 &&
			len(rule.SrcAddresses[0].VirtualNetwork) > 0 {
			sourceMap[rule.SrcAddresses[0].VirtualNetwork] = true
		}
		if len(rule.DstAddresses) > 0 &&
			len(rule.DstAddresses[0].VirtualNetwork) > 0 {
			destMap[rule.DstAddresses[0].VirtualNetwork] = true
		}
	}

	source := displayValue(sourceMap)
	destination := displayValue(destMap)
	return source, destination
}
func policyHasRule(policy *types.NetworkPolicy, lhsName, rhsName string) bool {
	entries := policy.GetNetworkPolicyEntries()
	for _, rule := range entries.PolicyRule {
		if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
			rule.DstAddresses[0].VirtualNetwork == rhsName {
			return true
		}
	}
	return false
}
func (m *NetworkManagerImpl) disconnectNetworkFromPolicy(policy *types.NetworkPolicy, targetCSN string) error {
	target, err := types.VirtualNetworkByName(m.client, targetCSN)
	if err != nil {
		return err
	}
	err = target.DeleteNetworkPolicy(policy.GetUuid())
	if err != nil {
		return err
	}
	return m.client.Update(target)
}
func (m *ServiceManagerImpl) locatePolicy(tenant, serviceName string) (*types.NetworkPolicy, error) {
	var policy *types.NetworkPolicy = nil

	policyName := makeServicePolicyName(m.config, tenant, serviceName)
	obj, err := m.client.FindByName("network-policy", strings.Join(policyName, ":"))
	if err != nil {
		policy = new(types.NetworkPolicy)
		policy.SetFQName("project", policyName)
		err = m.client.Create(policy)
		if err != nil {
			glog.Errorf("Create policy %s: %v", strings.Join(policyName, ":"), err)
			return nil, err
		}
	} else {
		policy = obj.(*types.NetworkPolicy)
	}
	return policy, nil
}
func (m *ServiceManagerImpl) locatePolicy(tenant, serviceName string) (*types.NetworkPolicy, error) {
	var policy *types.NetworkPolicy = nil

	fqn := []string{DefaultDomain, tenant, serviceName}
	obj, err := m.client.FindByName("network-policy", strings.Join(fqn, ":"))
	if err != nil {
		policy = new(types.NetworkPolicy)
		policy.SetFQName("project", fqn)
		err = m.client.Create(policy)
		if err != nil {
			glog.Errorf("Create policy %s: %v", strings.Join(fqn, ":"), err)
			return nil, err
		}
	} else {
		policy = obj.(*types.NetworkPolicy)
	}
	return policy, nil
}
func policyDeleteRule(client contrail.ApiClient, policy *types.NetworkPolicy, lhsName, rhsName string) error {
	entries := policy.GetNetworkPolicyEntries()
	var index int = -1
	for i, rule := range entries.PolicyRule {
		if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
			rule.DstAddresses[0].VirtualNetwork == rhsName {
			index = i
			break
		}
	}
	if index < 0 {
		return nil
	}
	entries.PolicyRule = removeRulesIndex(entries.PolicyRule, index)
	policy.SetNetworkPolicyEntries(&entries)
	err := client.Update(policy)
	if err != nil {
		glog.Errorf("policy-rule: %v", err)
	}
	return err
}
func policyAttach(client contrail.ApiClient, network *types.VirtualNetwork, policy *types.NetworkPolicy) error {
	refs, err := network.GetNetworkPolicyRefs()
	if err != nil {
		glog.Errorf("get network policy-refs %s: %v", network.GetName(), err)
		return err
	}
	for _, ref := range refs {
		if ref.Uuid == policy.GetUuid() {
			return nil
		}
	}
	network.AddNetworkPolicy(policy,
		types.VirtualNetworkPolicyType{
			Sequence: &types.SequenceType{Major: 10, Minor: 0},
		})
	err = client.Update(network)
	if err != nil {
		glog.Errorf("Update network %s policies: %v", network.GetName(), err)
		return err
	}
	return nil
}
func (m *ServiceManagerImpl) attachPolicy(network *types.VirtualNetwork, policy *types.NetworkPolicy) error {
	refs, err := network.GetNetworkPolicyRefs()
	if err != nil {
		glog.Errorf("get network policy-refs %s: %v", network.GetName(), err)
		return err
	}
	for _, ref := range refs {
		if ref.Uuid == policy.GetUuid() {
			return nil
		}
	}
	network.AddNetworkPolicy(policy,
		types.VirtualNetworkPolicyType{
			Sequence: &types.SequenceType{10, 0},
		})
	err = m.client.Update(network)
	if err != nil {
		glog.Errorf("Update network %s policies: %v", network.GetName(), err)
		return err
	}
	return nil
}
func TestReadModifiedPolicy(t *testing.T) {
	client := new(ApiClient)
	client.Init()

	project := new(types.Project)
	project.SetFQName("domain", []string{"default-domain", "p1"})
	assert.NoError(t, client.Create(project))

	policy := new(types.NetworkPolicy)
	policy.SetFQName("project", []string{"default-domain", "p1", "x"})
	assert.NoError(t, client.Create(policy))

	net1 := new(types.VirtualNetwork)
	net1.SetFQName("project", []string{"default-domain", "p1", "n1"})
	net1.AddNetworkPolicy(policy,
		types.VirtualNetworkPolicyType{
			Sequence: &types.SequenceType{10, 0},
		})
	assert.NoError(t, client.Create(net1))

	net2 := new(types.VirtualNetwork)
	net2.SetFQName("project", []string{"default-domain", "p1", "n2"})
	net2.AddNetworkPolicy(policy,
		types.VirtualNetworkPolicyType{
			Sequence: &types.SequenceType{10, 0},
		})
	assert.NoError(t, client.Create(net2))

	refs, err := policy.GetVirtualNetworkBackRefs()
	assert.NoError(t, err)
	assert.Len(t, refs, 2)

	assert.NoError(t, client.Delete(net1))

	refs, err = policy.GetVirtualNetworkBackRefs()
	assert.NoError(t, err)
	assert.Len(t, refs, 1)

	assert.NoError(t, client.Delete(net2))
	refs, err = policy.GetVirtualNetworkBackRefs()
	assert.NoError(t, err)
	assert.Len(t, refs, 0)
}
Exemple #12
0
// Create (an empty) network-policy.
func policyCreate(client *contrail.Client, flagSet *flag.FlagSet) {
	if flagSet.NArg() < 1 {
		flagSet.Usage()
		os.Exit(2)
	}

	name := flagSet.Args()[0]

	projectFQN, err := config.GetProjectFQN(client,
		policyCommonOpts.project, policyCommonOpts.projectId)
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		os.Exit(1)
	}

	policy := new(types.NetworkPolicy)
	policy.SetFQName("project", append(projectFQN, name))
	err = client.Create(policy)
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		os.Exit(1)
	}
}