def _create_policy(self, policy_name, proj_obj, src_vn_obj, dst_vn_obj): policy_exists = False policy = NetworkPolicy(name=policy_name, parent_obj=proj_obj) try: policy_obj = self._vnc_lib.network_policy_read( fq_name=policy.get_fq_name()) policy_exists = True except NoIdError: # policy does not exist. Create one. policy_obj = policy network_policy_entries = PolicyEntriesType([ PolicyRuleType( direction='<>', action_list=ActionListType(simple_action='pass'), protocol='any', src_addresses=[ AddressType(virtual_network=src_vn_obj.get_fq_name_str()) ], src_ports=[PortType(-1, -1)], dst_addresses=[ AddressType(virtual_network=dst_vn_obj.get_fq_name_str()) ], dst_ports=[PortType(-1, -1)]) ]) policy_obj.set_network_policy_entries(network_policy_entries) if policy_exists: self._vnc_lib.network_policy_update(policy) else: self._vnc_lib.network_policy_create(policy) return policy_obj
def create_network_policy_with_multiple_rules(self, rules): pentrys = [] for rule in rules: addr1 = self.frame_rule_addresses(rule["src"]) addr2 = self.frame_rule_addresses(rule["dst"]) service_list = self.get_service_list(rule) mirror_service = self.get_mirror_service(rule) src_port = rule.get("src-port", PortType(-1, -1)) dst_port = rule.get("dst-port", PortType(-1, -1)) action_list = ActionListType() if mirror_service: mirror = MirrorActionType(analyzer_name=mirror_service) action_list.mirror_to = mirror if service_list: action_list.apply_service = service_list else: action_list.simple_action = rule["action"] prule = PolicyRuleType( rule_uuid=str(uuid.uuid4()), direction=rule["direction"], protocol=rule["protocol"], src_addresses=[addr1], dst_addresses=[addr2], src_ports=[src_port], dst_ports=[dst_port], action_list=action_list) pentrys.append(prule) pentry = PolicyEntriesType(pentrys) np = NetworkPolicy(str(uuid.uuid4()), network_policy_entries=pentry) self._vnc_lib.network_policy_create(np) return np
def _create_vn_vn_policy(self, policy_name, \ proj_obj, src_vn_obj, dst_vn_obj): policy_exists = False policy = NetworkPolicy(name=policy_name, parent_obj=proj_obj) try: policy_obj = self._vnc_lib.network_policy_read( fq_name=policy.get_fq_name()) policy_exists = True except NoIdError: # policy does not exist. Create one. policy_obj = policy network_policy_entries = PolicyEntriesType() policy_entry = self._create_policy_entry(src_vn_obj, dst_vn_obj) network_policy_entries.add_policy_rule(policy_entry) policy_obj.set_network_policy_entries(network_policy_entries) if policy_exists: self._vnc_lib.network_policy_update(policy) else: self._vnc_lib.network_policy_create(policy) return policy_obj
def _create_vn_vn_policy(self, policy_name, proj_obj, src_vn_obj, dst_vn_obj): policy_exists = False policy = NetworkPolicy(name=policy_name, parent_obj=proj_obj) try: policy_obj = self._vnc_lib.network_policy_read( fq_name=policy.get_fq_name()) policy_exists = True except NoIdError: # policy does not exist. Create one. policy_obj = policy network_policy_entries = PolicyEntriesType() policy_entry = self._create_policy_entry(src_vn_obj, dst_vn_obj) network_policy_entries.add_policy_rule(policy_entry) policy_obj.set_network_policy_entries(network_policy_entries) if policy_exists: self._vnc_lib.network_policy_update(policy) else: self._vnc_lib.network_policy_create(policy) return policy_obj