acl

package
v0.0.0-...-51844b1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2021 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Create 

func Create(s *state.State, projectName string, aclInfo *api.NetworkACLsPost) error

Create validates supplied record and creates new Network ACL record in the database.

func Exists 

func Exists(s *state.State, projectName string, name ...string) error

Exists checks the ACL name(s) provided exists in the project. If multiple names are provided, also checks that duplicate names aren't specified in the list.

func NetworkUsage 

func NetworkUsage(s *state.State, aclProjectName string, aclNames []string, aclNets map[string]NetworkACLUsage) error

NetworkUsage populates the provided aclNets map with networks that are using any of the specified ACLs.

func OVNACLNetworkPortGroupName 

func OVNACLNetworkPortGroupName(networkACLID int64, networkID int64) openvswitch.OVNPortGroup

OVNACLNetworkPortGroupName returns the port group name for a Network ACL ID and Network ID.

func OVNACLPortGroupName 

func OVNACLPortGroupName(networkACLID int64) openvswitch.OVNPortGroup

OVNACLPortGroupName returns the port group name for a Network ACL ID.

func OVNApplyNetworkBaselineRules 

func OVNApplyNetworkBaselineRules(client *openvswitch.OVN, switchName openvswitch.OVNSwitch, routerPortName openvswitch.OVNSwitchPort, intRouterIPs []*net.IPNet, dnsIPs []net.IP) error

OVNApplyNetworkBaselineRules applies preset baseline logical switch rules to a allow access to network services.

func OVNEnsureACLs 

func OVNEnsureACLs(s *state.State, logger logger.Logger, client *openvswitch.OVN, aclProjectName string, aclNameIDs map[string]int64, aclNets map[string]NetworkACLUsage, aclNames []string, reapplyRules bool) (*revert.Reverter, error)

OVNEnsureACLs ensures that the requested aclNames exist as OVN port groups (creates & applies ACL rules if not), If reapplyRules is true then the current ACL rules in the database are applied to the existing port groups rather than just new ones. Any ACLs referenced in the requested ACLs rules are also created as empty OVN port groups if needed. If a requested ACL exists, but has no ACL rules applied, then the current rules are loaded out of the database and applied. For each network provided in aclNets, the network specific port group for each ACL is checked for existence (it is created & applies network specific ACL rules if not).

func OVNIntSwitchName 

func OVNIntSwitchName(networkID int64) openvswitch.OVNSwitch

OVNIntSwitchName returns the internal logical switch name for a Network ID.

func OVNIntSwitchPortGroupName 

func OVNIntSwitchPortGroupName(networkID int64) openvswitch.OVNPortGroup

OVNIntSwitchPortGroupName returns the port group name for a Network ID.

func OVNIntSwitchRouterPortName 

func OVNIntSwitchRouterPortName(networkID int64) openvswitch.OVNSwitchPort

OVNIntSwitchRouterPortName returns OVN logical internal switch router port name.

func OVNNetworkPrefix 

func OVNNetworkPrefix(networkID int64) string

OVNNetworkPrefix returns the prefix used for OVN entities related to a Network ID.

func OVNPortGroupDeleteIfUnused 

func OVNPortGroupDeleteIfUnused(s *state.State, logger logger.Logger, client *openvswitch.OVN, aclProjectName string, ignoreUsageType interface{}, ignoreUsageNicName string, keepACLs ...string) error

OVNPortGroupDeleteIfUnused deletes unused port groups. Accepts optional ignoreUsageType and ignoreUsageNicName arguments, allowing the used by logic to ignore an instance/profile NIC or network (useful if config not applied to database yet). Also accepts optional list of ACLs to explicitly consider in use by OVN. The combination of ignoring the specifified usage type and explicit keep ACLs allows the caller to ensure that the desired ACLs are considered unused by the usage type even if the referring config has not yet been removed from the database.

func OVNPortGroupInstanceNICSchedule 

func OVNPortGroupInstanceNICSchedule(portUUID openvswitch.OVNSwitchPortUUID, changeSet map[openvswitch.OVNPortGroup][]openvswitch.OVNSwitchPortUUID, portGroups ...openvswitch.OVNPortGroup)

OVNPortGroupInstanceNICSchedule adds the specified NIC port to the specified port groups in the changeSet.

func UsedBy 

func UsedBy(s *state.State, aclProjectName string, usageFunc func(matchedACLNames []string, usageType interface{}, nicName string, nicConfig map[string]string) error, matchACLNames ...string) error

UsedBy finds all networks, profiles and instance NICs that use any of the specified ACLs and executes usageFunc once for each resource using one or more of the ACLs with info about the resource and matched ACLs being used.

Types

type NetworkACL 

type NetworkACL interface {

	// Info.
	ID() int64
	Project() string
	Info() *api.NetworkACL
	Etag() []interface{}
	UsedBy() ([]string, error)

	// Modifications.
	Update(config *api.NetworkACLPut) error
	Rename(newName string) error
	Delete() error
	// contains filtered or unexported methods
}

NetworkACL represents a Network ACL.

func LoadByName 

func LoadByName(s *state.State, projectName string, name string) (NetworkACL, error)

LoadByName loads and initialises a Network ACL from the database by project and name.

type NetworkACLUsage 

type NetworkACLUsage struct {
	ID   int64
	Name string
	Type string
}

NetworkACLUsage info about a network and what ACL it uses.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.