def _create_all_pods_sg_rules(self, port, direction, sg_rule_body_list, pod_selector, policy_namespace): if type(port.get('port')) is not int: all_pods = driver_utils.get_namespaced_pods().get('items') self._create_sg_rule_body_on_text_port(direction, port, all_pods, sg_rule_body_list, pod_selector, policy_namespace, allow_all=True) else: for ethertype in (constants.IPv4, constants.IPv6): sg_rule = (driver_utils.create_security_group_rule_body( direction, port.get('port'), ethertype=ethertype, protocol=port.get('protocol'))) sg_rule_body_list.append(sg_rule) if direction == 'egress': self._create_svc_egress_sg_rule( policy_namespace, sg_rule_body_list, port=port.get('port'), protocol=port.get('protocol'))
def _create_all_pods_sg_rules(self, port, direction, sg_rule_body_list, pod_selector, policy_namespace, allowed_cidrs=None): if not isinstance(port.get('port'), int): all_pods = driver_utils.get_namespaced_pods().get('items') self._create_sg_rule_body_on_text_port(direction, port, all_pods, sg_rule_body_list, pod_selector, policy_namespace, allowed_cidrs=allowed_cidrs) elif allowed_cidrs: for cidr in allowed_cidrs: sg_rule = driver_utils.create_security_group_rule_body( direction, port.get('port'), protocol=port.get('protocol'), cidr=cidr) sg_rule_body_list.append(sg_rule) else: for ethertype in (constants.IPv4, constants.IPv6): sg_rule = ( driver_utils.create_security_group_rule_body( direction, port.get('port'), ethertype=ethertype, # NP's ports[].protocol defaults to TCP protocol=port.get('protocol', 'TCP'))) sg_rule_body_list.append(sg_rule)
def _create_all_pods_sg_rules(self, port, sg_id, direction, sg_rule_body_list, pod_selector, policy_namespace): if type(port.get('port')) is not int: all_pods = driver_utils.get_namespaced_pods().get('items') self._create_sg_rule_body_on_text_port(sg_id, direction, port, all_pods, sg_rule_body_list, pod_selector, policy_namespace, allow_all=True) else: sg_rule = (driver_utils.create_security_group_rule_body( sg_id, direction, port.get('port'), protocol=port.get('protocol'))) sg_rule_body_list.append(sg_rule) if direction == 'egress': rule = self._create_svc_egress_sg_rule( sg_id, policy_namespace, port=port.get('port'), protocol=port.get('protocol')) sg_rule_body_list.extend(rule)