// RuleCreate Creates the rule within a policy func (ac *APIController) RuleCreate(rule *contivModel.Rule) error { log.Infof("Received RuleCreate: %+v", rule) policyKey := rule.TenantName + ":" + rule.PolicyName // find the policy policy := contivModel.FindPolicy(policyKey) if policy == nil { log.Errorf("Error finding policy %s", policyKey) return core.Errorf("Policy not found") } // link the rule to policy modeldb.AddLinkSet(&rule.LinkSets.Policies, policy) modeldb.AddLinkSet(&policy.LinkSets.Rules, rule) err := policy.Write() if err != nil { return err } // Trigger policyDB Update err = master.PolicyAddRule(policy, rule) if err != nil { log.Errorf("Error adding rule %s to policy %s. Err: %v", rule.Key, policy.Key, err) return err } return nil }
// RuleCreate Creates the rule within a policy func (ac *APIController) RuleCreate(rule *contivModel.Rule) error { log.Infof("Received RuleCreate: %+v", rule) // verify parameter values if rule.Direction == "in" { if rule.ToNetwork != "" || rule.ToEndpointGroup != "" || rule.ToIpAddress != "" { return errors.New("Can not specify 'to' parameters in incoming rule") } if rule.FromNetwork != "" && rule.FromIpAddress != "" { return errors.New("Can not specify both from network and from ip address") } } else if rule.Direction == "out" { if rule.FromNetwork != "" || rule.FromEndpointGroup != "" || rule.FromIpAddress != "" { return errors.New("Can not specify 'from' parameters in outgoing rule") } if rule.ToNetwork != "" && rule.ToIpAddress != "" { return errors.New("Can not specify both to-network and to-ip address") } } else { return errors.New("Invalid direction for the rule") } policyKey := rule.TenantName + ":" + rule.PolicyName // find the policy policy := contivModel.FindPolicy(policyKey) if policy == nil { log.Errorf("Error finding policy %s", policyKey) return core.Errorf("Policy not found") } // Trigger policyDB Update err := master.PolicyAddRule(policy, rule) if err != nil { log.Errorf("Error adding rule %s to policy %s. Err: %v", rule.Key, policy.Key, err) return err } // link the rule to policy modeldb.AddLinkSet(&rule.LinkSets.Policies, policy) modeldb.AddLinkSet(&policy.LinkSets.Rules, rule) err = policy.Write() if err != nil { return err } return nil }
// RuleCreate Creates the rule within a policy func (ac *APIController) RuleCreate(rule *contivModel.Rule) error { log.Infof("Received RuleCreate: %+v", rule) // verify parameter values if rule.Direction == "in" { if rule.ToNetwork != "" || rule.ToEndpointGroup != "" || rule.ToIpAddress != "" { return errors.New("Can not specify 'to' parameters in incoming rule") } if rule.FromNetwork != "" && rule.FromIpAddress != "" { return errors.New("Can not specify both from network and from ip address") } if rule.FromNetwork != "" && rule.FromEndpointGroup != "" { return errors.New("Can not specify both from network and from EndpointGroup") } } else if rule.Direction == "out" { if rule.FromNetwork != "" || rule.FromEndpointGroup != "" || rule.FromIpAddress != "" { return errors.New("Can not specify 'from' parameters in outgoing rule") } if rule.ToNetwork != "" && rule.ToIpAddress != "" { return errors.New("Can not specify both to-network and to-ip address") } if rule.ToNetwork != "" && rule.ToEndpointGroup != "" { return errors.New("Can not specify both to-network and to-EndpointGroup") } } else { return errors.New("Invalid direction for the rule") } // Make sure endpoint groups and networks referred exists. if rule.FromEndpointGroup != "" { epgKey := rule.TenantName + ":" + rule.FromEndpointGroup // find the endpoint group epg := contivModel.FindEndpointGroup(epgKey) if epg == nil { log.Errorf("Error finding endpoint group %s", epgKey) return errors.New("endpoint group not found") } } else if rule.ToEndpointGroup != "" { epgKey := rule.TenantName + ":" + rule.ToEndpointGroup // find the endpoint group epg := contivModel.FindEndpointGroup(epgKey) if epg == nil { log.Errorf("Error finding endpoint group %s", epgKey) return errors.New("endpoint group not found") } } else if rule.FromNetwork != "" { netKey := rule.TenantName + ":" + rule.FromNetwork net := contivModel.FindNetwork(netKey) if net == nil { log.Errorf("Network %s not found", netKey) return errors.New("FromNetwork not found") } } else if rule.ToNetwork != "" { netKey := rule.TenantName + ":" + rule.ToNetwork net := contivModel.FindNetwork(netKey) if net == nil { log.Errorf("Network %s not found", netKey) return errors.New("ToNetwork not found") } } policyKey := rule.TenantName + ":" + rule.PolicyName // find the policy policy := contivModel.FindPolicy(policyKey) if policy == nil { log.Errorf("Error finding policy %s", policyKey) return core.Errorf("Policy not found") } // Trigger policyDB Update err := master.PolicyAddRule(policy, rule) if err != nil { log.Errorf("Error adding rule %s to policy %s. Err: %v", rule.Key, policy.Key, err) return err } // link the rule to policy modeldb.AddLinkSet(&rule.LinkSets.Policies, policy) modeldb.AddLinkSet(&policy.LinkSets.Rules, rule) err = policy.Write() if err != nil { return err } // Update any affected app profiles syncAppProfile(policy) return nil }