// PolicyDetach detaches policy from an endpoint and removes associated rules from policyDB
func PolicyDetach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
epgpKey := epg.Key + ":" + policy.Key
// find the policy
gp := mastercfg.FindEpgPolicy(epgpKey)
if gp == nil {
log.Errorf("Epg policy %s does not exist", epgpKey)
return core.Errorf("epg policy does not exist")
}
// Delete all rules within the policy
for ruleKey := range policy.LinkSets.Rules {
// find the rule
rule := contivModel.FindRule(ruleKey)
if rule == nil {
log.Errorf("Error finding the rule %s", ruleKey)
continue
}
log.Infof("Deleting Rule %s from epgp policy %s", ruleKey, epgpKey)
// Add the rule to epg Policy
err := gp.DelRule(rule)
if err != nil {
log.Errorf("Error deleting rule %s from epg polict %s. Err: %v", ruleKey, epgpKey, err)
}
}
// delete it
return gp.Delete()
}
// PolicyAddRule adds a rule to existing policy
func PolicyAddRule(policy *contivModel.Policy, rule *contivModel.Rule) error {
// Walk all associated endpoint groups
for epgKey := range policy.LinkSets.EndpointGroups {
gpKey := epgKey + ":" + policy.Key
// Find the epg policy
gp := mastercfg.FindEpgPolicy(gpKey)
if gp == nil {
log.Errorf("Failed to find the epg policy %s", gpKey)
return core.Errorf("epg policy not found")
}
// Add the Rule
err := gp.AddRule(rule)
if err != nil {
log.Errorf("Error adding the rule %s to epg policy %s. Err: %v", rule.Key, gpKey, err)
return err
}
// Save the policy state
err = gp.Write()
if err != nil {
return err
}
}
return nil
}
// verifyEpgPolicy verifies an EPG policy state
func verifyEpgPolicy(t *testing.T, tenant, network, group, policy string) {
epgKey := tenant + ":" + network + ":" + group
policyKey := tenant + ":" + policy
epgpKey := epgKey + ":" + policyKey
// find the endpoint group
epg := contivModel.FindEndpointGroup(epgKey)
if epg == nil {
t.Fatalf("Error finding EPG %s", epgKey)
}
// find the policy
pol := contivModel.FindPolicy(policyKey)
if pol == nil {
t.Fatalf("Error finding policy %s", policyKey)
}
// See if it already exists
gp := mastercfg.FindEpgPolicy(epgpKey)
if gp == nil {
t.Fatalf("Error finding EPG policy %s", epgpKey)
}
// verify epg ids
if epg.EndpointGroupID != gp.EndpointGroupID {
t.Fatalf("EPG policy has incorrect epg-id %d. expecting %d", gp.EndpointGroupID, epg.EndpointGroupID)
}
// verify all rules exist in epg policy
for ruleKey := range pol.LinkSets.Rules {
if gp.RuleMaps[ruleKey] == nil {
t.Fatalf("Rule %s not found in EPG policy %s", ruleKey, epgpKey)
}
}
}
// PolicyDelRule removes a rule from existing policy
func PolicyDelRule(policy *contivModel.Policy, rule *contivModel.Rule) error {
// Dont install policies in ACI mode
if !isPolicyEnabled() {
return nil
}
// Walk all associated endpoint groups
for epgKey := range policy.LinkSets.EndpointGroups {
gpKey := epgKey + ":" + policy.Key
// Find the epg policy
gp := mastercfg.FindEpgPolicy(gpKey)
if gp == nil {
log.Errorf("Failed to find the epg policy %s", gpKey)
return core.Errorf("epg policy not found")
}
// delete the Rule
err := gp.DelRule(rule)
if err != nil {
log.Errorf("Error deleting the rule %s from epg policy %s. Err: %v", rule.Key, gpKey, err)
return err
}
// Save the policy state
err = gp.Write()
if err != nil {
log.Errorf("Error writing polify %s to state store. Err: %v", gp.EpgPolicyKey, err)
}
}
return nil
}
// checkEpgPolicyDeleted verifies EPG policy is deleted
func checkEpgPolicyDeleted(t *testing.T, tenant, network, group, policy string) {
epgKey := tenant + ":" + network + ":" + group
policyKey := tenant + ":" + policy
epgpKey := epgKey + ":" + policyKey
// See if it already exists
gp := mastercfg.FindEpgPolicy(epgpKey)
if gp != nil {
t.Fatalf("Found EPG policy %s while expecing it to be deleted", epgpKey)
}
}
// PolicyAttach attaches a policy to an endpoint and adds associated rules to policyDB
func PolicyAttach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
epgpKey := epg.Key + ":" + policy.Key
// See if it already exists
gp := mastercfg.FindEpgPolicy(epgpKey)
if gp != nil {
log.Errorf("EPG policy %s already exists", epgpKey)
return EpgPolicyExists
}
// Create the epg policy
gp, err := mastercfg.NewEpgPolicy(epgpKey, epg.EndpointGroupID, policy)
if err != nil {
log.Errorf("Error creating EPG policy. Err: %v", err)
return err
}
return nil
}
// PolicyAttach attaches a policy to an endpoint and adds associated rules to policyDB
func PolicyAttach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
// Dont install policies in ACI mode
if !isPolicyEnabled() {
return nil
}
epgpKey := epg.Key + ":" + policy.Key
// See if it already exists
gp := mastercfg.FindEpgPolicy(epgpKey)
if gp != nil {
log.Errorf("EPG policy %s already exists", epgpKey)
return EpgPolicyExists
}
stateDriver, err := utils.GetStateDriver()
if err != nil {
log.Errorf("Could not get StateDriver while attaching policy %+v", policy)
return err
}
epgID, err := mastercfg.GetEndpointGroupID(stateDriver, epg.GroupName, epg.TenantName)
if err != nil {
log.Errorf("Error getting epgID for %s. Err: %v", epgpKey, err)
return err
}
// Create the epg policy
gp, err = mastercfg.NewEpgPolicy(epgpKey, epgID, policy)
if err != nil {
log.Errorf("Error creating EPG policy. Err: %v", err)
return err
}
return nil
}