def create_sg_rules(self, pod): LOG.debug("Creating sg rule for pod: %s", pod['metadata']['name']) knp_crds = driver_utils.get_kuryrnetpolicy_crds() for crd in knp_crds.get('items'): crd_selector = crd['spec'].get('podSelector') i_matched, i_rules = _parse_rules('ingress', crd, pod=pod) e_matched, e_rules = _parse_rules('egress', crd, pod=pod) if i_matched or e_matched: driver_utils.patch_kuryr_crd(crd, i_rules, e_rules, crd_selector)
def delete_namespace_sg_rules(self, namespace): ns_name = namespace['metadata']['name'] LOG.debug("Deleting sg rule for namespace: %s", ns_name) knp_crds = driver_utils.get_kuryrnetpolicy_crds() for crd in knp_crds.get('items'): crd_selector = crd['spec'].get('podSelector') ingress_rule_list = crd['spec'].get('ingressSgRules') egress_rule_list = crd['spec'].get('egressSgRules') i_rules = [] e_rules = [] matched = False for i_rule in ingress_rule_list: LOG.debug("Parsing ingress rule: %r", i_rule) rule_namespace = i_rule.get('namespace', None) if rule_namespace and rule_namespace == ns_name: matched = True driver_utils.delete_security_group_rule( i_rule['security_group_rule']['id']) else: i_rules.append(i_rule) for e_rule in egress_rule_list: LOG.debug("Parsing egress rule: %r", e_rule) rule_namespace = e_rule.get('namespace', None) if rule_namespace and rule_namespace == ns_name: matched = True driver_utils.delete_security_group_rule( e_rule['security_group_rule']['id']) else: e_rules.append(e_rule) if matched: driver_utils.patch_kuryr_crd( crd, i_rules, e_rules, crd_selector)