def create_NetworkPolicy(policy_name, left_network_name, right_network_name,
vnc, domain, project_name):
""" FUNCTION TO CREATE NETWORK POLICY """
project = vnc.project_read(fq_name=[domain, project_name])
rule = vnc_api.PolicyRuleType(
direction='<>',
protocol='any',
action_list=vnc_api.ActionListType(simple_action='pass'),
src_addresses=[vnc_api.AddressType(virtual_network=left_network_name)],
src_ports=[vnc_api.PortType(start_port=-1, end_port=-1)],
dst_addresses=[
vnc_api.AddressType(virtual_network=right_network_name)
],
dst_ports=[vnc_api.PortType(start_port=-1, end_port=-1)])
policy = vnc_api.NetworkPolicy(
name=policy_name,
parent_obj=project,
network_policy_entries=vnc_api.PolicyEntriesType([rule]))
vnc.network_policy_create(policy)
print 'Policy "{}" created between "{}" & "{}"\n'.format(
policy_name, left_network_name, right_network_name)
def handle_create(self):
props = {}
props['entries'] = copy.deepcopy(self.properties['entries'])
self.fix_vn_to_fqname(props)
self.fix_apply_service(props)
tenant_id = self.stack.context.tenant_id
project_obj = self.vnc_lib().project_read(id=str(uuid.UUID(tenant_id)))
np_obj = vnc_api.NetworkPolicy(name=self.properties[self.NAME],
parent_obj=project_obj)
np_obj.set_network_policy_entries(
vnc_api.PolicyEntriesType.factory(**props['entries']))
np_uuid = self.vnc_lib().network_policy_create(np_obj)
self.resource_id_set(np_uuid)
def create_networkpolicy(self, policy_name, vn1_name, vn2_name, action):
print "Create network policy %s between %s <---> %s" % (
policy_name, vn1_name, vn2_name)
project = self._vnc_lib.project_read(
fq_name=[self._domain, self._tenant_name])
rule = vnc_api.PolicyRuleType(
direction='<>',
protocol='any',
action_list=vnc_api.ActionListType(simple_action=action),
src_addresses=[vnc_api.AddressType(virtual_network=vn1_name)],
src_ports=[vnc_api.PortType(start_port=-1, end_port=-1)],
dst_addresses=[vnc_api.AddressType(virtual_network=vn2_name)],
dst_ports=[vnc_api.PortType(start_port=-1, end_port=-1)])
policy = vnc_api.NetworkPolicy(
name=policy_name,
parent_obj=project,
network_policy_entries=vnc_api.PolicyEntriesType([rule]))
self._vnc_lib.network_policy_create(policy)
def neutron_dict_to_vn(self, vn_obj, network_q):
net_name = network_q.get('name')
if net_name:
vn_obj.display_name = net_name
id_perms = vn_obj.get_id_perms()
if 'admin_state_up' in network_q:
id_perms.enable = network_q['admin_state_up']
vn_obj.set_id_perms(id_perms)
if 'policys' in network_q:
policy_fq_names = network_q['policys']
# reset and add with newly specified list
vn_obj.set_network_policy_list([], [])
seq = 0
for p_fq_name in policy_fq_names:
domain_name, project_name, policy_name = p_fq_name
domain_obj = vnc_api.Domain(domain_name)
project_obj = vnc_api.Project(project_name, domain_obj)
policy_obj = vnc_api.NetworkPolicy(policy_name, project_obj)
vn_obj.add_network_policy(
policy_obj,
vnc_api.VirtualNetworkPolicyType(
sequence=vnc_api.SequenceType(seq, 0)))
seq = seq + 1
if 'route_table' in network_q:
rt_fq_name = network_q['route_table']
if rt_fq_name:
try:
rt_obj = self._vnc_lib.route_table_read(fq_name=rt_fq_name)
vn_obj.set_route_table(rt_obj)
except vnc_api.NoIdError:
# TODO() add route table specific exception
self._raise_contrail_exception(
'NetworkNotFound', net_id=vn_obj.uuid,
resource='network')
return vn_obj
def resource_create(self, context, policy_q):
if 'tenant_id' not in policy_q:
raise self._raise_contrail_exception(
'BadRequest',
resource='policy',
msg="'tenant_id' is mandatory")
project_id = self._project_id_neutron_to_vnc(policy_q['tenant_id'])
policy_name = policy_q.get('name', None)
try:
project_obj = self._project_read(proj_id=project_id)
except vnc_exc.NoIdError:
raise self._raise_contrail_exception("ProjectNotFound",
id=project_id,
resource='policy')
policy_obj = vnc_api.NetworkPolicy(policy_name, project_obj)
policy_obj = self._policy_neutron_to_vnc(policy_q, policy_obj)
try:
self._resource_create(policy_obj)
except vnc_exc.RefsExistError as e:
raise self._raise_contrail_exception('BadRequest',
resource='policy',
msg=str(e))
return self._policy_vnc_to_neutron(policy_obj)
#create policy
rule = vnc_api.PolicyRuleType(
direction='<>',
protocol=policy_protocol,
action_list=vnc_api.ActionListType(simple_action=policy_action),
src_addresses=[vnc_api.AddressType(virtual_network=source_network)],
src_ports=[vnc_api.PortType(start_port=source_port, end_port=source_port)],
dst_addresses=[vnc_api.AddressType(virtual_network=destination_network)],
dst_ports=[
vnc_api.PortType(start_port=destination_port,
end_port=destination_port)
])
policy = vnc_api.NetworkPolicy(
name=policy_name,
parent_obj=tenant,
network_policy_entries=vnc_api.PolicyEntriesType([rule]))
vnc.network_policy_create(policy)
#add the policy to each network
policy = vnc.network_policy_read(
fq_name=['default-domain', tenant_name, policy_name])
policy_type = vnc_api.VirtualNetworkPolicyType(
sequence=vnc_api.SequenceType(major=0, minor=0))
vn = vnc.virtual_network_read(
fq_name=['default-domain', tenant_name, source_network])
vn.add_network_policy(ref_obj=policy, ref_data=policy_type)
vnc.virtual_network_update(vn)
vn = vnc.virtual_network_read(
fq_name=['default-domain', tenant_name, destination_network])
vn.add_network_policy(ref_obj=policy, ref_data=policy_type)
auth_port=auth_port,
auth_url=urlparts.path + '/tokens',
)
net1 = vnc_lib.virtual_network_read(id=args.net1_uuid)
net2 = vnc_lib.virtual_network_read(id=args.net2_uuid)
pol1 = vnc_api.NetworkPolicy(
'policy-%s-%s-any' % (net1.name, net2.name),
network_policy_entries=vnc_api.PolicyEntriesType([
vnc_api.PolicyRuleType(
direction='<>',
action_list=vnc_api.ActionListType(simple_action='pass'),
protocol='any',
src_addresses=[
vnc_api.AddressType(virtual_network=net1.get_fq_name_str())
],
src_ports=[vnc_api.PortType(-1, -1)],
dst_addresses=[
vnc_api.AddressType(virtual_network=net2.get_fq_name_str())
],
dst_ports=[vnc_api.PortType(-1, -1)])
]),
parent_obj=vnc_lib.project_read(fq_name=net1.get_parent_fq_name()))
vnc_lib.network_policy_create(pol1)
net1.add_network_policy(
pol1,
vnc_api.VirtualNetworkPolicyType(sequence=vnc_api.SequenceType(0, 0)))
vnc_lib.virtual_network_update(net1)
from vnc_api import vnc_api
vnc_lib = vnc_api.VncApi(api_server_host='10.10.7.149')
vn_blue_obj = vnc_api.VirtualNetwork('vn-blue')
vn_blue_obj.add_network_ipam(vnc_api.NetworkIpam(),vnc_api.VnSubnetsType([vnc_api.IpamSubnetType(subnet = vnc_api.SubnetType('10.0.2.0', 24))]))
vnc_lib.virtual_network_create(vn_blue_obj)
vn_red_obj = vnc_api.VirtualNetwork('vn-red')
vn_red_obj.add_network_ipam(vnc_api.NetworkIpam(),vnc_api.VnSubnetsType([vnc_api.IpamSubnetType(subnet = vnc_api.SubnetType('10.0.3.0', 24))]))
vnc_lib.virtual_network_create(vn_red_obj)
policy_obj = vnc_api.NetworkPolicy('policy-red-blue',network_policy_entries = vnc_api.PolicyEntriesType([vnc_api.PolicyRuleType(direction='<>',action_list = vnc_api.ActionListType(simple_action='pass'), protocol = 'tcp',src_addresses = [vnc_api.AddressType(virtual_network = vn_blue_obj.get_fq_name_str())], src_ports = [vnc_api.PortType(-1, -1)],dst_addresses = [vnc_api.AddressType(virtual_network = vn_red_obj.get_fq_name_str())], dst_ports = [vnc_api.PortType(80, 80)])]))
vnc_lib.network_policy_create(policy_obj)
vn_blue_obj.add_network_policy(policy_obj, vnc_api.VirtualNetworkPolicyType(sequence=vnc_api.SequenceType(0, 0)))
vn_red_obj.add_network_policy(policy_obj, vnc_api.VirtualNetworkPolicyType(sequence=vnc_api.SequenceType(0, 0)))
vnc_lib.virtual_network_update(vn_blue_obj)
vnc_lib.virtual_network_update(vn_red_obj)
print vnc_lib.virtual_network_read(id = vn_blue_obj.uuid)
print vnc_lib.virtual_networks_list()
