func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error { lhsName := strings.Join(lhsFQN, ":") rhsName := strings.Join(rhsFQN, ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}} rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error { lhsName := strings.Join(lhs.GetFQName(), ":") rhsName := strings.Join(rhs.GetFQName(), ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{-1, -1}} rule.DstPorts = []types.PortType{types.PortType{-1, -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := m.client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }
// Retrieves the virtual-network references from the policy rules // for display purposes. func getRulesNetworks(policy *types.NetworkPolicy) (string, string) { displayValue := func(m map[string]bool) string { if len(m) > 1 { return "<multiple>" } for key, _ := range m { fqn := strings.Split(key, ":") return fqn[len(fqn)-1] } return "none" } sourceMap := make(map[string]bool, 0) destMap := make(map[string]bool, 0) for _, rule := range policy.GetNetworkPolicyEntries().PolicyRule { if len(rule.SrcAddresses) > 0 && len(rule.SrcAddresses[0].VirtualNetwork) > 0 { sourceMap[rule.SrcAddresses[0].VirtualNetwork] = true } if len(rule.DstAddresses) > 0 && len(rule.DstAddresses[0].VirtualNetwork) > 0 { destMap[rule.DstAddresses[0].VirtualNetwork] = true } } source := displayValue(sourceMap) destination := displayValue(destMap) return source, destination }
func policyHasRule(policy *types.NetworkPolicy, lhsName, rhsName string) bool { entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return true } } return false }
func (m *NetworkManagerImpl) disconnectNetworkFromPolicy(policy *types.NetworkPolicy, targetCSN string) error { target, err := types.VirtualNetworkByName(m.client, targetCSN) if err != nil { return err } err = target.DeleteNetworkPolicy(policy.GetUuid()) if err != nil { return err } return m.client.Update(target) }
func (m *ServiceManagerImpl) locatePolicy(tenant, serviceName string) (*types.NetworkPolicy, error) { var policy *types.NetworkPolicy = nil policyName := makeServicePolicyName(m.config, tenant, serviceName) obj, err := m.client.FindByName("network-policy", strings.Join(policyName, ":")) if err != nil { policy = new(types.NetworkPolicy) policy.SetFQName("project", policyName) err = m.client.Create(policy) if err != nil { glog.Errorf("Create policy %s: %v", strings.Join(policyName, ":"), err) return nil, err } } else { policy = obj.(*types.NetworkPolicy) } return policy, nil }
func (m *ServiceManagerImpl) locatePolicy(tenant, serviceName string) (*types.NetworkPolicy, error) { var policy *types.NetworkPolicy = nil fqn := []string{DefaultDomain, tenant, serviceName} obj, err := m.client.FindByName("network-policy", strings.Join(fqn, ":")) if err != nil { policy = new(types.NetworkPolicy) policy.SetFQName("project", fqn) err = m.client.Create(policy) if err != nil { glog.Errorf("Create policy %s: %v", strings.Join(fqn, ":"), err) return nil, err } } else { policy = obj.(*types.NetworkPolicy) } return policy, nil }
func policyDeleteRule(client contrail.ApiClient, policy *types.NetworkPolicy, lhsName, rhsName string) error { entries := policy.GetNetworkPolicyEntries() var index int = -1 for i, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { index = i break } } if index < 0 { return nil } entries.PolicyRule = removeRulesIndex(entries.PolicyRule, index) policy.SetNetworkPolicyEntries(&entries) err := client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) } return err }
func policyAttach(client contrail.ApiClient, network *types.VirtualNetwork, policy *types.NetworkPolicy) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("get network policy-refs %s: %v", network.GetName(), err) return err } for _, ref := range refs { if ref.Uuid == policy.GetUuid() { return nil } } network.AddNetworkPolicy(policy, types.VirtualNetworkPolicyType{ Sequence: &types.SequenceType{Major: 10, Minor: 0}, }) err = client.Update(network) if err != nil { glog.Errorf("Update network %s policies: %v", network.GetName(), err) return err } return nil }
func (m *ServiceManagerImpl) attachPolicy(network *types.VirtualNetwork, policy *types.NetworkPolicy) error { refs, err := network.GetNetworkPolicyRefs() if err != nil { glog.Errorf("get network policy-refs %s: %v", network.GetName(), err) return err } for _, ref := range refs { if ref.Uuid == policy.GetUuid() { return nil } } network.AddNetworkPolicy(policy, types.VirtualNetworkPolicyType{ Sequence: &types.SequenceType{10, 0}, }) err = m.client.Update(network) if err != nil { glog.Errorf("Update network %s policies: %v", network.GetName(), err) return err } return nil }
func TestReadModifiedPolicy(t *testing.T) { client := new(ApiClient) client.Init() project := new(types.Project) project.SetFQName("domain", []string{"default-domain", "p1"}) assert.NoError(t, client.Create(project)) policy := new(types.NetworkPolicy) policy.SetFQName("project", []string{"default-domain", "p1", "x"}) assert.NoError(t, client.Create(policy)) net1 := new(types.VirtualNetwork) net1.SetFQName("project", []string{"default-domain", "p1", "n1"}) net1.AddNetworkPolicy(policy, types.VirtualNetworkPolicyType{ Sequence: &types.SequenceType{10, 0}, }) assert.NoError(t, client.Create(net1)) net2 := new(types.VirtualNetwork) net2.SetFQName("project", []string{"default-domain", "p1", "n2"}) net2.AddNetworkPolicy(policy, types.VirtualNetworkPolicyType{ Sequence: &types.SequenceType{10, 0}, }) assert.NoError(t, client.Create(net2)) refs, err := policy.GetVirtualNetworkBackRefs() assert.NoError(t, err) assert.Len(t, refs, 2) assert.NoError(t, client.Delete(net1)) refs, err = policy.GetVirtualNetworkBackRefs() assert.NoError(t, err) assert.Len(t, refs, 1) assert.NoError(t, client.Delete(net2)) refs, err = policy.GetVirtualNetworkBackRefs() assert.NoError(t, err) assert.Len(t, refs, 0) }
// Create (an empty) network-policy. func policyCreate(client *contrail.Client, flagSet *flag.FlagSet) { if flagSet.NArg() < 1 { flagSet.Usage() os.Exit(2) } name := flagSet.Args()[0] projectFQN, err := config.GetProjectFQN(client, policyCommonOpts.project, policyCommonOpts.projectId) if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } policy := new(types.NetworkPolicy) policy.SetFQName("project", append(projectFQN, name)) err = client.Create(policy) if err != nil { fmt.Fprintln(os.Stderr, err) os.Exit(1) } }