def create_NetworkPolicy(policy_name, left_network_name, right_network_name, vnc, domain, project_name): """ FUNCTION TO CREATE NETWORK POLICY """ project = vnc.project_read(fq_name=[domain, project_name]) rule = vnc_api.PolicyRuleType( direction='<>', protocol='any', action_list=vnc_api.ActionListType(simple_action='pass'), src_addresses=[vnc_api.AddressType(virtual_network=left_network_name)], src_ports=[vnc_api.PortType(start_port=-1, end_port=-1)], dst_addresses=[ vnc_api.AddressType(virtual_network=right_network_name) ], dst_ports=[vnc_api.PortType(start_port=-1, end_port=-1)]) policy = vnc_api.NetworkPolicy( name=policy_name, parent_obj=project, network_policy_entries=vnc_api.PolicyEntriesType([rule])) vnc.network_policy_create(policy) print 'Policy "{}" created between "{}" & "{}"\n'.format( policy_name, left_network_name, right_network_name)
def handle_create(self): props = {} props['entries'] = copy.deepcopy(self.properties['entries']) self.fix_vn_to_fqname(props) self.fix_apply_service(props) tenant_id = self.stack.context.tenant_id project_obj = self.vnc_lib().project_read(id=str(uuid.UUID(tenant_id))) np_obj = vnc_api.NetworkPolicy(name=self.properties[self.NAME], parent_obj=project_obj) np_obj.set_network_policy_entries( vnc_api.PolicyEntriesType.factory(**props['entries'])) np_uuid = self.vnc_lib().network_policy_create(np_obj) self.resource_id_set(np_uuid)
def create_networkpolicy(self, policy_name, vn1_name, vn2_name, action): print "Create network policy %s between %s <---> %s" % ( policy_name, vn1_name, vn2_name) project = self._vnc_lib.project_read( fq_name=[self._domain, self._tenant_name]) rule = vnc_api.PolicyRuleType( direction='<>', protocol='any', action_list=vnc_api.ActionListType(simple_action=action), src_addresses=[vnc_api.AddressType(virtual_network=vn1_name)], src_ports=[vnc_api.PortType(start_port=-1, end_port=-1)], dst_addresses=[vnc_api.AddressType(virtual_network=vn2_name)], dst_ports=[vnc_api.PortType(start_port=-1, end_port=-1)]) policy = vnc_api.NetworkPolicy( name=policy_name, parent_obj=project, network_policy_entries=vnc_api.PolicyEntriesType([rule])) self._vnc_lib.network_policy_create(policy)
def neutron_dict_to_vn(self, vn_obj, network_q): net_name = network_q.get('name') if net_name: vn_obj.display_name = net_name id_perms = vn_obj.get_id_perms() if 'admin_state_up' in network_q: id_perms.enable = network_q['admin_state_up'] vn_obj.set_id_perms(id_perms) if 'policys' in network_q: policy_fq_names = network_q['policys'] # reset and add with newly specified list vn_obj.set_network_policy_list([], []) seq = 0 for p_fq_name in policy_fq_names: domain_name, project_name, policy_name = p_fq_name domain_obj = vnc_api.Domain(domain_name) project_obj = vnc_api.Project(project_name, domain_obj) policy_obj = vnc_api.NetworkPolicy(policy_name, project_obj) vn_obj.add_network_policy( policy_obj, vnc_api.VirtualNetworkPolicyType( sequence=vnc_api.SequenceType(seq, 0))) seq = seq + 1 if 'route_table' in network_q: rt_fq_name = network_q['route_table'] if rt_fq_name: try: rt_obj = self._vnc_lib.route_table_read(fq_name=rt_fq_name) vn_obj.set_route_table(rt_obj) except vnc_api.NoIdError: # TODO() add route table specific exception self._raise_contrail_exception( 'NetworkNotFound', net_id=vn_obj.uuid, resource='network') return vn_obj
def resource_create(self, context, policy_q): if 'tenant_id' not in policy_q: raise self._raise_contrail_exception( 'BadRequest', resource='policy', msg="'tenant_id' is mandatory") project_id = self._project_id_neutron_to_vnc(policy_q['tenant_id']) policy_name = policy_q.get('name', None) try: project_obj = self._project_read(proj_id=project_id) except vnc_exc.NoIdError: raise self._raise_contrail_exception("ProjectNotFound", id=project_id, resource='policy') policy_obj = vnc_api.NetworkPolicy(policy_name, project_obj) policy_obj = self._policy_neutron_to_vnc(policy_q, policy_obj) try: self._resource_create(policy_obj) except vnc_exc.RefsExistError as e: raise self._raise_contrail_exception('BadRequest', resource='policy', msg=str(e)) return self._policy_vnc_to_neutron(policy_obj)
#create policy rule = vnc_api.PolicyRuleType( direction='<>', protocol=policy_protocol, action_list=vnc_api.ActionListType(simple_action=policy_action), src_addresses=[vnc_api.AddressType(virtual_network=source_network)], src_ports=[vnc_api.PortType(start_port=source_port, end_port=source_port)], dst_addresses=[vnc_api.AddressType(virtual_network=destination_network)], dst_ports=[ vnc_api.PortType(start_port=destination_port, end_port=destination_port) ]) policy = vnc_api.NetworkPolicy( name=policy_name, parent_obj=tenant, network_policy_entries=vnc_api.PolicyEntriesType([rule])) vnc.network_policy_create(policy) #add the policy to each network policy = vnc.network_policy_read( fq_name=['default-domain', tenant_name, policy_name]) policy_type = vnc_api.VirtualNetworkPolicyType( sequence=vnc_api.SequenceType(major=0, minor=0)) vn = vnc.virtual_network_read( fq_name=['default-domain', tenant_name, source_network]) vn.add_network_policy(ref_obj=policy, ref_data=policy_type) vnc.virtual_network_update(vn) vn = vnc.virtual_network_read( fq_name=['default-domain', tenant_name, destination_network]) vn.add_network_policy(ref_obj=policy, ref_data=policy_type)
auth_port=auth_port, auth_url=urlparts.path + '/tokens', ) net1 = vnc_lib.virtual_network_read(id=args.net1_uuid) net2 = vnc_lib.virtual_network_read(id=args.net2_uuid) pol1 = vnc_api.NetworkPolicy( 'policy-%s-%s-any' % (net1.name, net2.name), network_policy_entries=vnc_api.PolicyEntriesType([ vnc_api.PolicyRuleType( direction='<>', action_list=vnc_api.ActionListType(simple_action='pass'), protocol='any', src_addresses=[ vnc_api.AddressType(virtual_network=net1.get_fq_name_str()) ], src_ports=[vnc_api.PortType(-1, -1)], dst_addresses=[ vnc_api.AddressType(virtual_network=net2.get_fq_name_str()) ], dst_ports=[vnc_api.PortType(-1, -1)]) ]), parent_obj=vnc_lib.project_read(fq_name=net1.get_parent_fq_name())) vnc_lib.network_policy_create(pol1) net1.add_network_policy( pol1, vnc_api.VirtualNetworkPolicyType(sequence=vnc_api.SequenceType(0, 0))) vnc_lib.virtual_network_update(net1)
from vnc_api import vnc_api vnc_lib = vnc_api.VncApi(api_server_host='10.10.7.149') vn_blue_obj = vnc_api.VirtualNetwork('vn-blue') vn_blue_obj.add_network_ipam(vnc_api.NetworkIpam(),vnc_api.VnSubnetsType([vnc_api.IpamSubnetType(subnet = vnc_api.SubnetType('10.0.2.0', 24))])) vnc_lib.virtual_network_create(vn_blue_obj) vn_red_obj = vnc_api.VirtualNetwork('vn-red') vn_red_obj.add_network_ipam(vnc_api.NetworkIpam(),vnc_api.VnSubnetsType([vnc_api.IpamSubnetType(subnet = vnc_api.SubnetType('10.0.3.0', 24))])) vnc_lib.virtual_network_create(vn_red_obj) policy_obj = vnc_api.NetworkPolicy('policy-red-blue',network_policy_entries = vnc_api.PolicyEntriesType([vnc_api.PolicyRuleType(direction='<>',action_list = vnc_api.ActionListType(simple_action='pass'), protocol = 'tcp',src_addresses = [vnc_api.AddressType(virtual_network = vn_blue_obj.get_fq_name_str())], src_ports = [vnc_api.PortType(-1, -1)],dst_addresses = [vnc_api.AddressType(virtual_network = vn_red_obj.get_fq_name_str())], dst_ports = [vnc_api.PortType(80, 80)])])) vnc_lib.network_policy_create(policy_obj) vn_blue_obj.add_network_policy(policy_obj, vnc_api.VirtualNetworkPolicyType(sequence=vnc_api.SequenceType(0, 0))) vn_red_obj.add_network_policy(policy_obj, vnc_api.VirtualNetworkPolicyType(sequence=vnc_api.SequenceType(0, 0))) vnc_lib.virtual_network_update(vn_blue_obj) vnc_lib.virtual_network_update(vn_red_obj) print vnc_lib.virtual_network_read(id = vn_blue_obj.uuid) print vnc_lib.virtual_networks_list()