示例#1
0
文件: policy.go 项目: romana/core
// augmentPolicy augments the provided policy with information gotten from
// various services.
func (policy *PolicySvc) augmentPolicy(policyDoc *common.Policy) error {
	// Get info from topology service
	log.Printf("Augmenting policy %s", policyDoc.Name)

	if policyDoc.ExternalID != "" {
		// TODO
		// Important! This should really be done in policy agent.
		// Only done here as temporary measure.
		externalId := makeId(policyDoc.AppliedTo, policyDoc.Name)
		log.Printf("Constructing internal policy name = %s", externalId)
		policyDoc.ExternalID = externalId
	}

	topoUrl, err := policy.client.GetServiceUrl("topology")
	if err != nil {
		return err
	}

	// Query topology for data center information
	// TODO move this to root
	index := common.IndexResponse{}
	err = policy.client.Get(topoUrl, &index)
	if err != nil {
		return err
	}

	dcURL := index.Links.FindByRel("datacenter")
	dc := &common.Datacenter{}
	err = policy.client.Get(dcURL, dc)
	if err != nil {
		return err
	}
	log.Printf("Policy server received datacenter information from topology service: %+v\n", dc)
	policyDoc.Datacenter = dc

	for i, _ := range policyDoc.AppliedTo {
		endpoint := &policyDoc.AppliedTo[i]
		err = policy.augmentEndpoint(endpoint)
		if err != nil {
			return err
		}
	}

	for j, _ := range policyDoc.Ingress {
		for i, _ := range policyDoc.Ingress[j].Rules {
			rule := &policyDoc.Ingress[j].Rules[i]
			rule.Protocol = strings.ToUpper(rule.Protocol)
		}

		for i, _ := range policyDoc.Ingress[j].Peers {
			endpoint := &policyDoc.Ingress[j].Peers[i]
			err = policy.augmentEndpoint(endpoint)
			if err != nil {
				return err
			}
		}
	}
	return nil
}
示例#2
0
func (s *MySuite) TestPolicy(c *check.C) {
	cfg := &common.ServiceConfig{Common: common.CommonConfig{Api: &common.Api{Port: 0, RestTimeoutMillis: 100}}}
	log.Printf("Test: Mock service config:\n\t%#v\n\t%#v\n", cfg.Common.Api, cfg.ServiceSpecific)
	svc := &mockSvc{mySuite: s}
	svc.tenants = make(map[uint64]string)
	svc.tenantsStr = make(map[string]uint64)
	svc.segments = make(map[uint64]string)
	svc.segmentsStr = make(map[string]uint64)
	svcInfo, err := common.InitializeService(svc, *cfg, nil)

	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	msg := <-svcInfo.Channel
	log.Printf("Test: Mock service says %s; listening on %s\n", msg, svcInfo.Address)
	addrComponents := strings.Split(svcInfo.Address, ":")
	portStr := addrComponents[len(addrComponents)-1]
	s.servicePort, err = strconv.ParseUint(portStr, 10, 64)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	s.serviceURL = fmt.Sprintf("http://%s", svcInfo.Address)
	log.Printf("Test: Mock service listens at %s\n", s.serviceURL)

	polSvc := &PolicySvc{}
	err = common.SimpleOverwriteSchema(polSvc, s.serviceURL)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Policy schema created.")

	svcInfo, err = common.SimpleStartService(polSvc, s.serviceURL)
	if err != nil {
		c.Fatal(err)
	}

	msg = <-svcInfo.Channel
	fmt.Printf("Policy service listening %s on said: %s", svcInfo.Address, msg)

	clientConfig := common.GetDefaultRestClientConfig(s.serviceURL)
	client, err := common.NewRestClient(clientConfig)
	if err != nil {
		c.Fatal(err)
	}
	polURL := "http://" + svcInfo.Address + "/policies"

	log.Println("1. Add policy pol1")
	policyIn := common.Policy{}
	err = json.Unmarshal([]byte(romanaPolicy1), &policyIn)
	if err != nil {
		c.Fatal(err)
		c.FailNow()
	}
	policyOut := common.Policy{}
	err = client.Post(polURL, policyIn, &policyOut)
	if err != nil {
		c.Error(err)
		c.FailNow()
	}
	log.Printf("Added policy result: %s", policyOut)
	c.Assert(policyOut.Name, check.Equals, "pol1")
	c.Assert(policyOut.ID, check.Equals, uint64(1))
	c.Assert(len(policyOut.AppliedTo), check.Equals, len(policyIn.AppliedTo))
	c.Assert(len(policyOut.Ingress[0].Peers), check.Equals, len(policyIn.Ingress[0].Peers))
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	pol1ExternalID := policyIn.ExternalID
	policyIn.ExternalID = "asdfghjkl"
	policyIn.ID = policyOut.ID
	log.Printf("2. Add policy again with different External ID %s but same ID %d", policyIn.ExternalID, policyIn.ID)
	err = client.Post(polURL, policyIn, &policyOut)
	c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
	log.Printf("2. Result: %+v", policyOut)

	log.Println("3. Add policy again")
	policyIn.ExternalID = pol1ExternalID
	policyIn.ID = 0
	err = client.Post(polURL, policyIn, &policyOut)
	c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
	log.Printf("3. Result: %+v", policyOut)

	log.Println("4. Add policy pol2")
	err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
	if err != nil {
		c.Fatal(err)
	}
	err = client.Post(polURL, policyIn, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Added policy result: %s", policyOut)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policyOut.Name, check.Equals, "pol2")

	log.Println("5. Add default policy")
	one := uint64(1)
	defPol := common.Policy{
		Direction:  common.PolicyDirectionIngress,
		Name:       "default",
		ExternalID: "default",
		AppliedTo:  []common.Endpoint{{TenantNetworkID: &one}},
		Ingress: []common.RomanaIngress{
			common.RomanaIngress{
				Peers: []common.Endpoint{{Peer: common.Wildcard}},
				Rules: []common.Rule{{Protocol: common.Wildcard}},
			},
		},
	}
	err = client.Post(polURL, defPol, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Added policy result: %s", policyOut)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policyOut.Name, check.Equals, "default")

	log.Println("6. Test list policies - should have 3.")
	var policies []common.Policy
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(len(policies), check.Equals, 3)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policies[0].Name, check.Equals, "pol1")
	c.Assert(policies[1].Name, check.Equals, "pol2")
	c.Assert(policies[2].Name, check.Equals, "default")

	log.Println("7. Test get policy.")
	policyGet := common.Policy{}
	err = client.Get(polURL+"/1", &policyGet)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(policyGet.Name, check.Equals, policies[0].Name)
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("8. Test delete by ID - delete pol1")
	policyOut = common.Policy{}
	err = client.Delete(polURL+"/1", nil, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Deleted policy result: %s", policyOut)
	c.Assert(policyOut.Name, check.Equals, "pol1")
	c.Assert(policyOut.ID, check.Equals, uint64(1))
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("9. Test list policies - should have 2 now - pol2 and default.")
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(len(policies), check.Equals, 2)
	c.Assert(policies[0].Name, check.Equals, "pol2")
	c.Assert(policies[1].Name, check.Equals, "default")
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("10. Test delete by ExternalID - delete policy 2")
	err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Unmarshaled %s to %v", romanaPolicy2, policyIn)
	policyOut = common.Policy{}
	err = client.Delete(polURL, policyIn, &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Deleted policy result: %s", policyOut)
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(policyOut.Name, check.Equals, policyIn.Name)

	log.Println("10. Test list policies - should have 1 now - only default")
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(client.GetStatusCode(), check.Equals, 200)
	c.Assert(len(policies), check.Equals, 1)
	c.Assert(policies[0].Name, check.Equals, "default")

	log.Println("11. Test find by name policies - should find it")
	findURL := "http://" + svcInfo.Address + "/find/policies"
	err = client.Get(findURL+"/default", &policyOut)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(policyOut.Name, check.Equals, "default")

	log.Println("12. Test find by name policies with non-existent policy - should NOT find it")
	err = client.Get(findURL+"/blabla", &policyOut)
	httpErr := err.(common.HttpError)
	c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
	c.Assert(httpErr.ResourceType, check.Equals, "policy")
	c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
	c.Assert(httpErr.ResourceID, check.Equals, "blabla")
	log.Printf("%v", err)

	log.Println("13. Test delete by ExternalID - delete default policy")
	policyOut = common.Policy{}
	err = client.Delete(polURL, defPol, &policyOut)

	if err != nil {
		c.Fatal(err)
	}
	log.Printf("Deleted policy result: %s", policyOut)
	c.Assert(policyOut.Name, check.Equals, defPol.Name)
	c.Assert(client.GetStatusCode(), check.Equals, 200)

	log.Println("14. Test list policies - should have 0 now")
	err = client.Get(polURL, &policies)
	if err != nil {
		c.Fatal(err)
	}
	c.Assert(len(policies), check.Equals, 0)

	log.Println("15. Test delete by ExternalID - delete default policy - should be Not Found error now")
	policyOut = common.Policy{}
	err = client.Delete(polURL, defPol, &policyOut)
	if err == nil {
		panic("Expected error")
	}
	httpErr = err.(common.HttpError)
	c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
	c.Assert(httpErr.ResourceType, check.Equals, "policy")
	c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
	// TODO
	// Important! This should really be done in policy agent.
	// Only done here as temporary measure.
	id := makeId(defPol.AppliedTo, defPol.Name)
	c.Assert(httpErr.ResourceID, check.Equals, id)
	//	c.Assert(httpErr.ResourceID, check.Equals, "default")

	log.Printf("%v", err)

}