def _create_all_pods_sg_rules(self, port, direction, sg_rule_body_list,
pod_selector, policy_namespace):
if type(port.get('port')) is not int:
all_pods = driver_utils.get_namespaced_pods().get('items')
self._create_sg_rule_body_on_text_port(direction,
port,
all_pods,
sg_rule_body_list,
pod_selector,
policy_namespace,
allow_all=True)
else:
for ethertype in (constants.IPv4, constants.IPv6):
sg_rule = (driver_utils.create_security_group_rule_body(
direction,
port.get('port'),
ethertype=ethertype,
protocol=port.get('protocol')))
sg_rule_body_list.append(sg_rule)
if direction == 'egress':
self._create_svc_egress_sg_rule(
policy_namespace,
sg_rule_body_list,
port=port.get('port'),
protocol=port.get('protocol'))
def _create_all_pods_sg_rules(self,
port,
direction,
sg_rule_body_list,
pod_selector,
policy_namespace,
allowed_cidrs=None):
if not isinstance(port.get('port'), int):
all_pods = driver_utils.get_namespaced_pods().get('items')
self._create_sg_rule_body_on_text_port(direction,
port,
all_pods,
sg_rule_body_list,
pod_selector,
policy_namespace,
allowed_cidrs=allowed_cidrs)
elif allowed_cidrs:
for cidr in allowed_cidrs:
sg_rule = driver_utils.create_security_group_rule_body(
direction,
port.get('port'),
protocol=port.get('protocol'),
cidr=cidr)
sg_rule_body_list.append(sg_rule)
else:
for ethertype in (constants.IPv4, constants.IPv6):
sg_rule = (
driver_utils.create_security_group_rule_body(
direction,
port.get('port'),
ethertype=ethertype,
# NP's ports[].protocol defaults to TCP
protocol=port.get('protocol', 'TCP')))
sg_rule_body_list.append(sg_rule)
def _create_all_pods_sg_rules(self, port, sg_id, direction,
sg_rule_body_list, pod_selector,
policy_namespace):
if type(port.get('port')) is not int:
all_pods = driver_utils.get_namespaced_pods().get('items')
self._create_sg_rule_body_on_text_port(sg_id,
direction,
port,
all_pods,
sg_rule_body_list,
pod_selector,
policy_namespace,
allow_all=True)
else:
sg_rule = (driver_utils.create_security_group_rule_body(
sg_id,
direction,
port.get('port'),
protocol=port.get('protocol')))
sg_rule_body_list.append(sg_rule)
if direction == 'egress':
rule = self._create_svc_egress_sg_rule(
sg_id,
policy_namespace,
port=port.get('port'),
protocol=port.get('protocol'))
sg_rule_body_list.extend(rule)