示例#1
0
// PolicyDetach detaches policy from an endpoint and removes associated rules from policyDB
func PolicyDetach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
	epgpKey := epg.Key + ":" + policy.Key

	// find the policy
	gp := mastercfg.FindEpgPolicy(epgpKey)
	if gp == nil {
		log.Errorf("Epg policy %s does not exist", epgpKey)
		return core.Errorf("epg policy does not exist")
	}

	// Delete all rules within the policy
	for ruleKey := range policy.LinkSets.Rules {
		// find the rule
		rule := contivModel.FindRule(ruleKey)
		if rule == nil {
			log.Errorf("Error finding the rule %s", ruleKey)
			continue
		}

		log.Infof("Deleting Rule %s from epgp policy %s", ruleKey, epgpKey)

		// Add the rule to epg Policy
		err := gp.DelRule(rule)
		if err != nil {
			log.Errorf("Error deleting rule %s from epg polict %s. Err: %v", ruleKey, epgpKey, err)
		}
	}

	// delete it
	return gp.Delete()
}
示例#2
0
// PolicyAddRule adds a rule to existing policy
func PolicyAddRule(policy *contivModel.Policy, rule *contivModel.Rule) error {
	// Walk all associated endpoint groups
	for epgKey := range policy.LinkSets.EndpointGroups {
		gpKey := epgKey + ":" + policy.Key

		// Find the epg policy
		gp := mastercfg.FindEpgPolicy(gpKey)
		if gp == nil {
			log.Errorf("Failed to find the epg policy %s", gpKey)
			return core.Errorf("epg policy not found")
		}

		// Add the Rule
		err := gp.AddRule(rule)
		if err != nil {
			log.Errorf("Error adding the rule %s to epg policy %s. Err: %v", rule.Key, gpKey, err)
			return err
		}

		// Save the policy state
		err = gp.Write()
		if err != nil {
			return err
		}
	}

	return nil
}
示例#3
0
// verifyEpgPolicy verifies an EPG policy state
func verifyEpgPolicy(t *testing.T, tenant, network, group, policy string) {
	epgKey := tenant + ":" + network + ":" + group
	policyKey := tenant + ":" + policy
	epgpKey := epgKey + ":" + policyKey

	// find the endpoint group
	epg := contivModel.FindEndpointGroup(epgKey)
	if epg == nil {
		t.Fatalf("Error finding EPG %s", epgKey)
	}

	// find the policy
	pol := contivModel.FindPolicy(policyKey)
	if pol == nil {
		t.Fatalf("Error finding policy %s", policyKey)
	}

	// See if it already exists
	gp := mastercfg.FindEpgPolicy(epgpKey)
	if gp == nil {
		t.Fatalf("Error finding EPG policy %s", epgpKey)
	}

	// verify epg ids
	if epg.EndpointGroupID != gp.EndpointGroupID {
		t.Fatalf("EPG policy has incorrect epg-id %d. expecting %d", gp.EndpointGroupID, epg.EndpointGroupID)
	}

	// verify all rules exist in epg policy
	for ruleKey := range pol.LinkSets.Rules {
		if gp.RuleMaps[ruleKey] == nil {
			t.Fatalf("Rule %s not found in EPG policy %s", ruleKey, epgpKey)
		}
	}
}
示例#4
0
// PolicyDelRule removes a rule from existing policy
func PolicyDelRule(policy *contivModel.Policy, rule *contivModel.Rule) error {
	// Dont install policies in ACI mode
	if !isPolicyEnabled() {
		return nil
	}

	// Walk all associated endpoint groups
	for epgKey := range policy.LinkSets.EndpointGroups {
		gpKey := epgKey + ":" + policy.Key

		// Find the epg policy
		gp := mastercfg.FindEpgPolicy(gpKey)
		if gp == nil {
			log.Errorf("Failed to find the epg policy %s", gpKey)
			return core.Errorf("epg policy not found")
		}

		// delete the Rule
		err := gp.DelRule(rule)
		if err != nil {
			log.Errorf("Error deleting the rule %s from epg policy %s. Err: %v", rule.Key, gpKey, err)
			return err
		}

		// Save the policy state
		err = gp.Write()
		if err != nil {
			log.Errorf("Error writing polify %s to state store. Err: %v", gp.EpgPolicyKey, err)
		}
	}

	return nil
}
示例#5
0
// checkEpgPolicyDeleted verifies EPG policy is deleted
func checkEpgPolicyDeleted(t *testing.T, tenant, network, group, policy string) {
	epgKey := tenant + ":" + network + ":" + group
	policyKey := tenant + ":" + policy
	epgpKey := epgKey + ":" + policyKey

	// See if it already exists
	gp := mastercfg.FindEpgPolicy(epgpKey)
	if gp != nil {
		t.Fatalf("Found EPG policy %s while expecing it to be deleted", epgpKey)
	}

}
示例#6
0
// PolicyAttach attaches a policy to an endpoint and adds associated rules to policyDB
func PolicyAttach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
	epgpKey := epg.Key + ":" + policy.Key

	// See if it already exists
	gp := mastercfg.FindEpgPolicy(epgpKey)
	if gp != nil {
		log.Errorf("EPG policy %s already exists", epgpKey)
		return EpgPolicyExists
	}

	// Create the epg policy
	gp, err := mastercfg.NewEpgPolicy(epgpKey, epg.EndpointGroupID, policy)
	if err != nil {
		log.Errorf("Error creating EPG policy. Err: %v", err)
		return err
	}

	return nil
}
示例#7
0
// PolicyAttach attaches a policy to an endpoint and adds associated rules to policyDB
func PolicyAttach(epg *contivModel.EndpointGroup, policy *contivModel.Policy) error {
	// Dont install policies in ACI mode
	if !isPolicyEnabled() {
		return nil
	}

	epgpKey := epg.Key + ":" + policy.Key

	// See if it already exists
	gp := mastercfg.FindEpgPolicy(epgpKey)
	if gp != nil {
		log.Errorf("EPG policy %s already exists", epgpKey)
		return EpgPolicyExists
	}

	stateDriver, err := utils.GetStateDriver()
	if err != nil {
		log.Errorf("Could not get StateDriver while attaching policy %+v", policy)
		return err
	}

	epgID, err := mastercfg.GetEndpointGroupID(stateDriver, epg.GroupName, epg.TenantName)
	if err != nil {
		log.Errorf("Error getting epgID for %s. Err: %v", epgpKey, err)
		return err
	}

	// Create the epg policy
	gp, err = mastercfg.NewEpgPolicy(epgpKey, epgID, policy)
	if err != nil {
		log.Errorf("Error creating EPG policy. Err: %v", err)
		return err
	}

	return nil
}