func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error {
lhsName := strings.Join(lhsFQN, ":")
rhsName := strings.Join(rhsFQN, ":")
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return nil
}
}
rule := new(types.PolicyRuleType)
rule.Protocol = "any"
rule.Direction = "<>"
rule.SrcAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: lhsName,
}}
rule.DstAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: rhsName,
}}
rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
rule.ActionList = &types.ActionListType{
SimpleAction: "pass",
}
entries.AddPolicyRule(rule)
policy.SetNetworkPolicyEntries(&entries)
err := client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
return err
}
return nil
}
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error {
lhsName := strings.Join(lhs.GetFQName(), ":")
rhsName := strings.Join(rhs.GetFQName(), ":")
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return nil
}
}
rule := new(types.PolicyRuleType)
rule.Protocol = "any"
rule.Direction = "<>"
rule.SrcAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: lhsName,
}}
rule.DstAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: rhsName,
}}
rule.SrcPorts = []types.PortType{types.PortType{-1, -1}}
rule.DstPorts = []types.PortType{types.PortType{-1, -1}}
rule.ActionList = &types.ActionListType{
SimpleAction: "pass",
}
entries.AddPolicyRule(rule)
policy.SetNetworkPolicyEntries(&entries)
err := m.client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
return err
}
return nil
}
// Retrieves the virtual-network references from the policy rules
// for display purposes.
func getRulesNetworks(policy *types.NetworkPolicy) (string, string) {
displayValue := func(m map[string]bool) string {
if len(m) > 1 {
return "<multiple>"
}
for key, _ := range m {
fqn := strings.Split(key, ":")
return fqn[len(fqn)-1]
}
return "none"
}
sourceMap := make(map[string]bool, 0)
destMap := make(map[string]bool, 0)
for _, rule := range policy.GetNetworkPolicyEntries().PolicyRule {
if len(rule.SrcAddresses) > 0 &&
len(rule.SrcAddresses[0].VirtualNetwork) > 0 {
sourceMap[rule.SrcAddresses[0].VirtualNetwork] = true
}
if len(rule.DstAddresses) > 0 &&
len(rule.DstAddresses[0].VirtualNetwork) > 0 {
destMap[rule.DstAddresses[0].VirtualNetwork] = true
}
}
source := displayValue(sourceMap)
destination := displayValue(destMap)
return source, destination
}
func policyHasRule(policy *types.NetworkPolicy, lhsName, rhsName string) bool {
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return true
}
}
return false
}
func policyDeleteRule(client contrail.ApiClient, policy *types.NetworkPolicy, lhsName, rhsName string) error {
entries := policy.GetNetworkPolicyEntries()
var index int = -1
for i, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
index = i
break
}
}
if index < 0 {
return nil
}
entries.PolicyRule = removeRulesIndex(entries.PolicyRule, index)
policy.SetNetworkPolicyEntries(&entries)
err := client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
}
return err
}
