func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error {
lhsName := strings.Join(lhsFQN, ":")
rhsName := strings.Join(rhsFQN, ":")
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return nil
}
}
rule := new(types.PolicyRuleType)
rule.Protocol = "any"
rule.Direction = "<>"
rule.SrcAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: lhsName,
}}
rule.DstAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: rhsName,
}}
rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}}
rule.ActionList = &types.ActionListType{
SimpleAction: "pass",
}
entries.AddPolicyRule(rule)
policy.SetNetworkPolicyEntries(&entries)
err := client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
return err
}
return nil
}
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error {
lhsName := strings.Join(lhs.GetFQName(), ":")
rhsName := strings.Join(rhs.GetFQName(), ":")
entries := policy.GetNetworkPolicyEntries()
for _, rule := range entries.PolicyRule {
if rule.SrcAddresses[0].VirtualNetwork == lhsName &&
rule.DstAddresses[0].VirtualNetwork == rhsName {
return nil
}
}
rule := new(types.PolicyRuleType)
rule.Protocol = "any"
rule.Direction = "<>"
rule.SrcAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: lhsName,
}}
rule.DstAddresses = []types.AddressType{types.AddressType{
VirtualNetwork: rhsName,
}}
rule.SrcPorts = []types.PortType{types.PortType{-1, -1}}
rule.DstPorts = []types.PortType{types.PortType{-1, -1}}
rule.ActionList = &types.ActionListType{
SimpleAction: "pass",
}
entries.AddPolicyRule(rule)
policy.SetNetworkPolicyEntries(&entries)
err := m.client.Update(policy)
if err != nil {
glog.Errorf("policy-rule: %v", err)
return err
}
return nil
}
func makePolicyRule(opts *policyRuleOptions) *types.PolicyRuleType {
rule := new(types.PolicyRuleType)
// RuleSequence
rule.RuleUuid = uuid.NewRandom().String()
rule.Direction = `<>`
rule.Protocol = string(opts.protocol)
rule.SrcAddresses = makeAddresses(opts.srcIpAddress, opts.srcNetwork)
rule.DstAddresses = makeAddresses(opts.dstIpAddress, opts.dstNetwork)
rule.SrcPorts = makePorts(opts.srcPort)
rule.DstPorts = makePorts(opts.dstPort)
if opts.actionDrop {
rule.ActionList.SimpleAction = "drop"
} else {
rule.ActionList.SimpleAction = "pass"
}
return rule
}