func policyLocateRuleByFQN(client contrail.ApiClient, policy *types.NetworkPolicy, lhsFQN, rhsFQN []string) error { lhsName := strings.Join(lhsFQN, ":") rhsName := strings.Join(rhsFQN, ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}} rule.DstPorts = []types.PortType{types.PortType{StartPort: -1, EndPort: -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }
func (m *ServiceManagerImpl) locatePolicyRule(policy *types.NetworkPolicy, lhs, rhs *types.VirtualNetwork) error { lhsName := strings.Join(lhs.GetFQName(), ":") rhsName := strings.Join(rhs.GetFQName(), ":") entries := policy.GetNetworkPolicyEntries() for _, rule := range entries.PolicyRule { if rule.SrcAddresses[0].VirtualNetwork == lhsName && rule.DstAddresses[0].VirtualNetwork == rhsName { return nil } } rule := new(types.PolicyRuleType) rule.Protocol = "any" rule.Direction = "<>" rule.SrcAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: lhsName, }} rule.DstAddresses = []types.AddressType{types.AddressType{ VirtualNetwork: rhsName, }} rule.SrcPorts = []types.PortType{types.PortType{-1, -1}} rule.DstPorts = []types.PortType{types.PortType{-1, -1}} rule.ActionList = &types.ActionListType{ SimpleAction: "pass", } entries.AddPolicyRule(rule) policy.SetNetworkPolicyEntries(&entries) err := m.client.Update(policy) if err != nil { glog.Errorf("policy-rule: %v", err) return err } return nil }