def _create_policy(self, policy_name, proj_obj, src_vn_obj, dst_vn_obj):
policy_exists = False
policy = NetworkPolicy(name=policy_name, parent_obj=proj_obj)
try:
policy_obj = self._vnc_lib.network_policy_read(
fq_name=policy.get_fq_name())
policy_exists = True
except NoIdError:
# policy does not exist. Create one.
policy_obj = policy
network_policy_entries = PolicyEntriesType([
PolicyRuleType(
direction='<>',
action_list=ActionListType(simple_action='pass'),
protocol='any',
src_addresses=[
AddressType(virtual_network=src_vn_obj.get_fq_name_str())
],
src_ports=[PortType(-1, -1)],
dst_addresses=[
AddressType(virtual_network=dst_vn_obj.get_fq_name_str())
],
dst_ports=[PortType(-1, -1)])
])
policy_obj.set_network_policy_entries(network_policy_entries)
if policy_exists:
self._vnc_lib.network_policy_update(policy)
else:
self._vnc_lib.network_policy_create(policy)
return policy_obj
def create_network_policy_with_multiple_rules(self, rules):
pentrys = []
for rule in rules:
addr1 = self.frame_rule_addresses(rule["src"])
addr2 = self.frame_rule_addresses(rule["dst"])
service_list = self.get_service_list(rule)
mirror_service = self.get_mirror_service(rule)
src_port = rule.get("src-port", PortType(-1, -1))
dst_port = rule.get("dst-port", PortType(-1, -1))
action_list = ActionListType()
if mirror_service:
mirror = MirrorActionType(analyzer_name=mirror_service)
action_list.mirror_to = mirror
if service_list:
action_list.apply_service = service_list
else:
action_list.simple_action = rule["action"]
prule = PolicyRuleType(
rule_uuid=str(uuid.uuid4()),
direction=rule["direction"], protocol=rule["protocol"],
src_addresses=[addr1], dst_addresses=[addr2],
src_ports=[src_port], dst_ports=[dst_port],
action_list=action_list)
pentrys.append(prule)
pentry = PolicyEntriesType(pentrys)
np = NetworkPolicy(str(uuid.uuid4()), network_policy_entries=pentry)
self._vnc_lib.network_policy_create(np)
return np
def _create_vn_vn_policy(self, policy_name, \
proj_obj, src_vn_obj, dst_vn_obj):
policy_exists = False
policy = NetworkPolicy(name=policy_name, parent_obj=proj_obj)
try:
policy_obj = self._vnc_lib.network_policy_read(
fq_name=policy.get_fq_name())
policy_exists = True
except NoIdError:
# policy does not exist. Create one.
policy_obj = policy
network_policy_entries = PolicyEntriesType()
policy_entry = self._create_policy_entry(src_vn_obj, dst_vn_obj)
network_policy_entries.add_policy_rule(policy_entry)
policy_obj.set_network_policy_entries(network_policy_entries)
if policy_exists:
self._vnc_lib.network_policy_update(policy)
else:
self._vnc_lib.network_policy_create(policy)
return policy_obj
def _create_vn_vn_policy(self, policy_name,
proj_obj, src_vn_obj, dst_vn_obj):
policy_exists = False
policy = NetworkPolicy(name=policy_name, parent_obj=proj_obj)
try:
policy_obj = self._vnc_lib.network_policy_read(
fq_name=policy.get_fq_name())
policy_exists = True
except NoIdError:
# policy does not exist. Create one.
policy_obj = policy
network_policy_entries = PolicyEntriesType()
policy_entry = self._create_policy_entry(src_vn_obj, dst_vn_obj)
network_policy_entries.add_policy_rule(policy_entry)
policy_obj.set_network_policy_entries(network_policy_entries)
if policy_exists:
self._vnc_lib.network_policy_update(policy)
else:
self._vnc_lib.network_policy_create(policy)
return policy_obj