class DefaultPolicyDriver(object):
"""
Implements default network policy for a generic CNI plugin.
"""
def __init__(self, network_name):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
self.profile_name = network_name
"""
Name of profile for attach to endpoint.
"""
# Validate the given network name to make sure it is compatible with
# Calico policy.
if not validate_characters(network_name):
raise ValueError("Invalid characters detected in the given network "
"name, %s. Only letters a-z, numbers 0-9, and "
"symbols _.- are supported.", network_name)
def apply_profile(self, endpoint):
"""Sets a profile for the networked container on the given endpoint.
Create a profile if it is not yet created.
:param endpoint:
:return: None
"""
assert self.profile_name, "No profile name set."
if not self._client.profile_exists(self.profile_name):
# If the profile doesn't exist, create it.
_log.info("Creating new profile '%s'", self.profile_name)
rules = self.generate_rules()
self._client.create_profile(self.profile_name, rules)
# Apply any additonal tags.
tags = self.generate_tags()
if tags:
_log.debug("Applying additional tags: %s", tags)
profile = self._client.get_profile(self.profile_name)
profile.tags.update(tags)
self._client.profile_update_tags(profile)
# Check if the profile has already been applied.
if self.profile_name in endpoint.profile_ids:
_log.warning("Endpoint already in profile %s",
self.profile_name)
return
# Append profile to Calico endpoint.
_log.info("Appending profile '%s' to endpoint %s",
self.profile_name, endpoint.endpoint_id)
try:
self._client.append_profiles_to_endpoint(
profile_names=[self.profile_name],
endpoint_id=endpoint.endpoint_id
)
except (KeyError, MultipleEndpointsMatch), e:
_log.exception("Failed to apply profile to endpoint %s: %s",
endpoint.name, e.message)
raise ApplyProfileError(e.message)
class DefaultPolicyDriver(object):
"""
Implements default network policy for a generic CNI plugin.
"""
def __init__(self, network_name):
self._client = DatastoreClient()
"""
DatastoreClient for access to the Calico datastore.
"""
self.profile_name = network_name
"""
Name of profile for attach to endpoint.
"""
# Validate the given network name to make sure it is compatible with
# Calico policy.
if not validate_characters(network_name):
raise ValueError(
"Invalid characters detected in the given network "
"name, %s. Only letters a-z, numbers 0-9, and "
"symbols _.- are supported.", network_name)
def apply_profile(self, endpoint):
"""Sets a profile for the networked container on the given endpoint.
Create a profile if it is not yet created.
:param endpoint:
:return: None
"""
assert self.profile_name, "No profile name set."
if not self._client.profile_exists(self.profile_name):
# If the profile doesn't exist, create it.
_log.info("Creating new profile '%s'", self.profile_name)
rules = self.generate_rules()
self._client.create_profile(self.profile_name, rules)
# Apply any additonal tags.
tags = self.generate_tags()
if tags:
_log.debug("Applying additional tags: %s", tags)
profile = self._client.get_profile(self.profile_name)
profile.tags.update(tags)
self._client.profile_update_tags(profile)
# Check if the profile has already been applied.
if self.profile_name in endpoint.profile_ids:
_log.warning("Endpoint already in profile %s", self.profile_name)
return
# Append profile to Calico endpoint.
_log.info("Appending profile '%s' to endpoint %s", self.profile_name,
endpoint.endpoint_id)
try:
self._client.append_profiles_to_endpoint(
profile_names=[self.profile_name],
endpoint_id=endpoint.endpoint_id)
except (KeyError, MultipleEndpointsMatch), e:
_log.exception("Failed to apply profile to endpoint %s: %s",
endpoint.name, e.message)
raise ApplyProfileError(e.message)
