// augmentPolicy augments the provided policy with information gotten from
// various services.
func (policy *PolicySvc) augmentPolicy(policyDoc *common.Policy) error {
// Get info from topology service
log.Printf("Augmenting policy %s", policyDoc.Name)
if policyDoc.ExternalID != "" {
// TODO
// Important! This should really be done in policy agent.
// Only done here as temporary measure.
externalId := makeId(policyDoc.AppliedTo, policyDoc.Name)
log.Printf("Constructing internal policy name = %s", externalId)
policyDoc.ExternalID = externalId
}
topoUrl, err := policy.client.GetServiceUrl("topology")
if err != nil {
return err
}
// Query topology for data center information
// TODO move this to root
index := common.IndexResponse{}
err = policy.client.Get(topoUrl, &index)
if err != nil {
return err
}
dcURL := index.Links.FindByRel("datacenter")
dc := &common.Datacenter{}
err = policy.client.Get(dcURL, dc)
if err != nil {
return err
}
log.Printf("Policy server received datacenter information from topology service: %+v\n", dc)
policyDoc.Datacenter = dc
for i, _ := range policyDoc.AppliedTo {
endpoint := &policyDoc.AppliedTo[i]
err = policy.augmentEndpoint(endpoint)
if err != nil {
return err
}
}
for j, _ := range policyDoc.Ingress {
for i, _ := range policyDoc.Ingress[j].Rules {
rule := &policyDoc.Ingress[j].Rules[i]
rule.Protocol = strings.ToUpper(rule.Protocol)
}
for i, _ := range policyDoc.Ingress[j].Peers {
endpoint := &policyDoc.Ingress[j].Peers[i]
err = policy.augmentEndpoint(endpoint)
if err != nil {
return err
}
}
}
return nil
}
func (s *MySuite) TestPolicy(c *check.C) {
cfg := &common.ServiceConfig{Common: common.CommonConfig{Api: &common.Api{Port: 0, RestTimeoutMillis: 100}}}
log.Printf("Test: Mock service config:\n\t%#v\n\t%#v\n", cfg.Common.Api, cfg.ServiceSpecific)
svc := &mockSvc{mySuite: s}
svc.tenants = make(map[uint64]string)
svc.tenantsStr = make(map[string]uint64)
svc.segments = make(map[uint64]string)
svc.segmentsStr = make(map[string]uint64)
svcInfo, err := common.InitializeService(svc, *cfg, nil)
if err != nil {
c.Error(err)
c.FailNow()
}
msg := <-svcInfo.Channel
log.Printf("Test: Mock service says %s; listening on %s\n", msg, svcInfo.Address)
addrComponents := strings.Split(svcInfo.Address, ":")
portStr := addrComponents[len(addrComponents)-1]
s.servicePort, err = strconv.ParseUint(portStr, 10, 64)
if err != nil {
c.Error(err)
c.FailNow()
}
s.serviceURL = fmt.Sprintf("http://%s", svcInfo.Address)
log.Printf("Test: Mock service listens at %s\n", s.serviceURL)
polSvc := &PolicySvc{}
err = common.SimpleOverwriteSchema(polSvc, s.serviceURL)
if err != nil {
c.Fatal(err)
}
log.Printf("Policy schema created.")
svcInfo, err = common.SimpleStartService(polSvc, s.serviceURL)
if err != nil {
c.Fatal(err)
}
msg = <-svcInfo.Channel
fmt.Printf("Policy service listening %s on said: %s", svcInfo.Address, msg)
clientConfig := common.GetDefaultRestClientConfig(s.serviceURL)
client, err := common.NewRestClient(clientConfig)
if err != nil {
c.Fatal(err)
}
polURL := "http://" + svcInfo.Address + "/policies"
log.Println("1. Add policy pol1")
policyIn := common.Policy{}
err = json.Unmarshal([]byte(romanaPolicy1), &policyIn)
if err != nil {
c.Fatal(err)
c.FailNow()
}
policyOut := common.Policy{}
err = client.Post(polURL, policyIn, &policyOut)
if err != nil {
c.Error(err)
c.FailNow()
}
log.Printf("Added policy result: %s", policyOut)
c.Assert(policyOut.Name, check.Equals, "pol1")
c.Assert(policyOut.ID, check.Equals, uint64(1))
c.Assert(len(policyOut.AppliedTo), check.Equals, len(policyIn.AppliedTo))
c.Assert(len(policyOut.Ingress[0].Peers), check.Equals, len(policyIn.Ingress[0].Peers))
c.Assert(client.GetStatusCode(), check.Equals, 200)
pol1ExternalID := policyIn.ExternalID
policyIn.ExternalID = "asdfghjkl"
policyIn.ID = policyOut.ID
log.Printf("2. Add policy again with different External ID %s but same ID %d", policyIn.ExternalID, policyIn.ID)
err = client.Post(polURL, policyIn, &policyOut)
c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
log.Printf("2. Result: %+v", policyOut)
log.Println("3. Add policy again")
policyIn.ExternalID = pol1ExternalID
policyIn.ID = 0
err = client.Post(polURL, policyIn, &policyOut)
c.Assert(err.(common.HttpError).StatusCode, check.Equals, http.StatusConflict)
log.Printf("3. Result: %+v", policyOut)
log.Println("4. Add policy pol2")
err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
if err != nil {
c.Fatal(err)
}
err = client.Post(polURL, policyIn, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Added policy result: %s", policyOut)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policyOut.Name, check.Equals, "pol2")
log.Println("5. Add default policy")
one := uint64(1)
defPol := common.Policy{
Direction: common.PolicyDirectionIngress,
Name: "default",
ExternalID: "default",
AppliedTo: []common.Endpoint{{TenantNetworkID: &one}},
Ingress: []common.RomanaIngress{
common.RomanaIngress{
Peers: []common.Endpoint{{Peer: common.Wildcard}},
Rules: []common.Rule{{Protocol: common.Wildcard}},
},
},
}
err = client.Post(polURL, defPol, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Added policy result: %s", policyOut)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policyOut.Name, check.Equals, "default")
log.Println("6. Test list policies - should have 3.")
var policies []common.Policy
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(len(policies), check.Equals, 3)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policies[0].Name, check.Equals, "pol1")
c.Assert(policies[1].Name, check.Equals, "pol2")
c.Assert(policies[2].Name, check.Equals, "default")
log.Println("7. Test get policy.")
policyGet := common.Policy{}
err = client.Get(polURL+"/1", &policyGet)
if err != nil {
c.Fatal(err)
}
c.Assert(policyGet.Name, check.Equals, policies[0].Name)
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("8. Test delete by ID - delete pol1")
policyOut = common.Policy{}
err = client.Delete(polURL+"/1", nil, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Deleted policy result: %s", policyOut)
c.Assert(policyOut.Name, check.Equals, "pol1")
c.Assert(policyOut.ID, check.Equals, uint64(1))
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("9. Test list policies - should have 2 now - pol2 and default.")
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(len(policies), check.Equals, 2)
c.Assert(policies[0].Name, check.Equals, "pol2")
c.Assert(policies[1].Name, check.Equals, "default")
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("10. Test delete by ExternalID - delete policy 2")
err = json.Unmarshal([]byte(romanaPolicy2), &policyIn)
if err != nil {
c.Fatal(err)
}
log.Printf("Unmarshaled %s to %v", romanaPolicy2, policyIn)
policyOut = common.Policy{}
err = client.Delete(polURL, policyIn, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Deleted policy result: %s", policyOut)
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(policyOut.Name, check.Equals, policyIn.Name)
log.Println("10. Test list policies - should have 1 now - only default")
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(client.GetStatusCode(), check.Equals, 200)
c.Assert(len(policies), check.Equals, 1)
c.Assert(policies[0].Name, check.Equals, "default")
log.Println("11. Test find by name policies - should find it")
findURL := "http://" + svcInfo.Address + "/find/policies"
err = client.Get(findURL+"/default", &policyOut)
if err != nil {
c.Fatal(err)
}
c.Assert(policyOut.Name, check.Equals, "default")
log.Println("12. Test find by name policies with non-existent policy - should NOT find it")
err = client.Get(findURL+"/blabla", &policyOut)
httpErr := err.(common.HttpError)
c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
c.Assert(httpErr.ResourceType, check.Equals, "policy")
c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
c.Assert(httpErr.ResourceID, check.Equals, "blabla")
log.Printf("%v", err)
log.Println("13. Test delete by ExternalID - delete default policy")
policyOut = common.Policy{}
err = client.Delete(polURL, defPol, &policyOut)
if err != nil {
c.Fatal(err)
}
log.Printf("Deleted policy result: %s", policyOut)
c.Assert(policyOut.Name, check.Equals, defPol.Name)
c.Assert(client.GetStatusCode(), check.Equals, 200)
log.Println("14. Test list policies - should have 0 now")
err = client.Get(polURL, &policies)
if err != nil {
c.Fatal(err)
}
c.Assert(len(policies), check.Equals, 0)
log.Println("15. Test delete by ExternalID - delete default policy - should be Not Found error now")
policyOut = common.Policy{}
err = client.Delete(polURL, defPol, &policyOut)
if err == nil {
panic("Expected error")
}
httpErr = err.(common.HttpError)
c.Assert(client.GetStatusCode(), check.Equals, http.StatusNotFound)
c.Assert(httpErr.ResourceType, check.Equals, "policy")
c.Assert(httpErr.StatusCode, check.Equals, http.StatusNotFound)
// TODO
// Important! This should really be done in policy agent.
// Only done here as temporary measure.
id := makeId(defPol.AppliedTo, defPol.Name)
c.Assert(httpErr.ResourceID, check.Equals, id)
// c.Assert(httpErr.ResourceID, check.Equals, "default")
log.Printf("%v", err)
}