func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error {
lhsName := strings.Join(lhsFQN, ":")
rhsName := strings.Join(rhsFQN, ":")
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return nil
}
}
rule := new(types.PolicyRuleType)
rule.Protocol = "any"
rule.Direction = "<>"
rule.SrcAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: lhsName,
}}
rule.DstAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: rhsName,
}}
rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
rule.ActionList = &types.ActionListType{
SimpleAction: "pass",
}
entries.AddPolicyRule(rule)
policy.SetNetworkPolicyEntries(&entries)
err := client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
return err
}
return nil
}
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error {
lhsName := strings.Join(lhs.GetFQName(), ":")
rhsName := strings.Join(rhs.GetFQName(), ":")
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return nil
}
}
rule := new(types.PolicyRuleType)
rule.Protocol = "any"
rule.Direction = "<>"
rule.SrcAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: lhsName,
}}
rule.DstAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: rhsName,
}}
rule.SrcPorts = []types.PortType{types.PortType{-1, -1}}
rule.DstPorts = []types.PortType{types.PortType{-1, -1}}
rule.ActionList = &types.ActionListType{
SimpleAction: "pass",
}
entries.AddPolicyRule(rule)
policy.SetNetworkPolicyEntries(&entries)
err := m.client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
return err
}
return nil
}
func policyDeleteRule(client contrail.ApiClient, policy *types.NetworkPolicy, lhsName, rhsName string) error {
entries := policy.GetNetworkPolicyEntries()
var index int = -1
for i, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
index = i
break
}
}
if index < 0 {
return nil
}
entries.PolicyRule = removeRulesIndex(entries.PolicyRule, index)
policy.SetNetworkPolicyEntries(&entries)
err := client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
}
return err
}
