def _get_rule(ingress, sg, prefix, ethertype):
sgr_uuid = str(uuid.uuid4())
if sg:
if ':' not in sg:
sg_fq_name = proj_obj.get_fq_name_str() + ':' + sg
else:
sg_fq_name = sg
addr = AddressType(security_group=sg_fq_name)
elif prefix:
addr = AddressType(subnet=SubnetType(prefix, 0))
local_addr = AddressType(security_group='local')
if ingress:
src_addr = addr
dst_addr = local_addr
else:
src_addr = local_addr
dst_addr = addr
rule = PolicyRuleType(rule_uuid=sgr_uuid,
direction='>',
protocol='any',
src_addresses=[src_addr],
src_ports=[PortType(0, 65535)],
dst_addresses=[dst_addr],
dst_ports=[PortType(0, 65535)],
ethertype=ethertype)
return rule
def _create_policy_entry(self, src_vn_obj, dst_vn_obj):
return PolicyRuleType(
direction='<>',
action_list=ActionListType(simple_action='pass'),
protocol='any',
src_addresses=[
AddressType(virtual_network=src_vn_obj.get_fq_name_str())
],
src_ports=[PortType(-1, -1)],
dst_addresses=[
AddressType(virtual_network=dst_vn_obj.get_fq_name_str())
],
dst_ports=[PortType(-1, -1)])
def add_properties(self, props):
left_vn_str, right_vn_str = self.get_virtual_networks(props)
ret = (self.auto_policy == props.auto_policy)
if (left_vn_str, right_vn_str) != (self.left_vn_str,
self.right_vn_str):
self.left_vn_str = left_vn_str
self.right_vn_str = right_vn_str
ret = True
if not props.auto_policy:
self.delete_properties()
return ret
self.auto_policy = True
if (not self.left_vn_str or not self.right_vn_str):
self._logger.error(
"%s: route table next hop service instance must "
"have left and right virtual networks" % self.name)
self.delete_properties()
return ret
policy_name = "_internal_" + self.name
addr1 = AddressType(virtual_network=self.left_vn_str)
addr2 = AddressType(virtual_network=self.right_vn_str)
action_list = ActionListType(apply_service=[self.name])
prule = PolicyRuleType(direction="<>",
protocol="any",
src_addresses=[addr1],
dst_addresses=[addr2],
src_ports=[PortType()],
dst_ports=[PortType()],
action_list=action_list)
pentry = PolicyEntriesType([prule])
policy_obj = NetworkPolicy(policy_name, network_policy_entries=pentry)
policy = ResourceBaseST.get_obj_type_map().get(
'network_policy').locate(policy_name, policy_obj)
policy.virtual_networks = set([self.left_vn_str, self.right_vn_str])
policy.set_internal()
vn1 = ResourceBaseST.get_obj_type_map().get('virtual_network').get(
self.left_vn_str)
if vn1:
vn1.add_policy(policy_name)
vn2 = ResourceBaseST.get_obj_type_map().get('virtual_network').get(
self.right_vn_str)
if vn2:
vn2.add_policy(policy_name)
def _get_ingress_sg_rule(self, src_sg_fq_name, dst_port):
sgr_uuid = 1
src_addr = AddressType(security_group=':'.join(src_sg_fq_name))
dst_addr = AddressType(security_group='local')
proto = dst_port['protocol'].lower()
rule = PolicyRuleType(rule_uuid=sgr_uuid,
direction='>',
protocol=proto,
src_addresses=[src_addr],
src_ports=[PortType(0, 65535)],
dst_addresses=[dst_addr],
dst_ports=[
PortType(int(dst_port['start_port']),
int(dst_port['end_port']))
],
ethertype='IPv4')
return rule
def gen_network_policy_entries():
""" Returns a configured vnc_api.gen.resource_xsd.PolicyEntriesType
Filled with ActionListType and PolicyEntriesType.
"""
src_port = PortType(start_port=-1, end_port=-1)
dst_port = PortType(start_port=-1, end_port=-1)
src_address = AddressType(virtual_network='any')
dst_address = AddressType(virtual_network='any')
action = ActionListType(simple_action='pass')
rule = PolicyRuleType(protocol='any',
direction='<>',
src_ports=[src_port],
src_addresses=[src_address],
dst_ports=[dst_port],
dst_addresses=[dst_address],
action_list=action)
entry = PolicyEntriesType(policy_rule=[rule])
return entry
and len(rule.get_dst_ports()) == 1
and rule.get_dst_ports()[0].get_start_port() == 0
and rule.get_dst_ports()[0].get_end_port() == 65535
and rule.get_protocol() == 'any'):
print "Default Egress rule exists in project %s" % proj_obj.name
egress_rule_exists = True
if ingress_rule_exists:
break
sgr_uuid = str(uuid.uuid4())
ingress_rule = PolicyRuleType(
rule_uuid=sgr_uuid,
direction='>',
protocol='any',
src_addresses=[
AddressType(security_group=proj_obj.get_fq_name_str() +
':' + 'default')
],
src_ports=[PortType(0, 65535)],
dst_addresses=[AddressType(security_group='local')],
dst_ports=[PortType(0, 65535)])
if not ingress_rule_exists:
print "Default Ingress rule doesn't exists in project %s" % proj_obj.name
sg_rules.add_policy_rule(ingress_rule)
sgr_uuid = str(uuid.uuid4())
egress_rule = PolicyRuleType(
rule_uuid=sgr_uuid,
direction='>',
protocol='any',