func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error { lhsName := strings.Join(lhsFQN, ":") rhsName := strings.Join(rhsFQN, ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}} rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error { lhsName := strings.Join(lhs.GetFQName(), ":") rhsName := strings.Join(rhs.GetFQName(), ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{-1, -1}} rule.DstPorts = []types.PortType{types.PortType{-1, -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := m.client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }
// Retrieves the virtual-network references from the policy rules // for display purposes. func getRulesNetworks(policy *types.NetworkPolicy) (string, string) { displayValue := func(m map[string]bool) string { if len(m) > 1 { return "<multiple>" } for key, _ := range m { fqn := strings.Split(key, ":") return fqn[len(fqn)-1] } return "none" } sourceMap := make(map[string]bool, 0) destMap := make(map[string]bool, 0) for _, rule := range policy.GetNetworkPolicyEntries().PolicyRule { if len(rule.SrcAddresses) > 0 && len(rule.SrcAddresses[0].VirtualNetwork) > 0 { sourceMap[rule.SrcAddresses[0].VirtualNetwork] = true } if len(rule.DstAddresses) > 0 && len(rule.DstAddresses[0].VirtualNetwork) > 0 { destMap[rule.DstAddresses[0].VirtualNetwork] = true } } source := displayValue(sourceMap) destination := displayValue(destMap) return source, destination }
func policyHasRule(policy *types.NetworkPolicy, lhsName, rhsName string) bool { entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return true } } return false }
func policyDeleteRule(client contrail.ApiClient, policy *types.NetworkPolicy, lhsName, rhsName string) error { entries := policy.GetNetworkPolicyEntries() var index int = -1 for i, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { index = i break } } if index < 0 { return nil } entries.PolicyRule = removeRulesIndex(entries.PolicyRule, index) policy.SetNetworkPolicyEntries(&entries) err := client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) } return err }