Merge "Add ipBlock support to NP"
This commit is contained in:
commit
0e31b03952
|
@ -12,6 +12,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
import netaddr
|
||||
from oslo_log import log as logging
|
||||
|
||||
from neutronclient.common import exceptions as n_exc
|
||||
|
@ -352,6 +353,23 @@ class NetworkPolicyDriver(base.NetworkPolicyDriver):
|
|||
allow_all, selectors, allowed_cidrs = self._parse_selectors(
|
||||
rule_block, rule_direction, policy_namespace)
|
||||
|
||||
ipblock_list = []
|
||||
|
||||
if rule_direction in rule_block:
|
||||
ipblock_list = [ipblock.get('ipBlock') for ipblock in
|
||||
rule_block[rule_direction] if 'ipBlock'
|
||||
in ipblock]
|
||||
|
||||
for ipblock in ipblock_list:
|
||||
if ipblock.get('except'):
|
||||
for cidr_except in ipblock.get('except'):
|
||||
cidr_list = netaddr.cidr_exclude(
|
||||
ipblock.get('cidr'), cidr_except)
|
||||
cidr_list = [{'cidr': str(cidr)} for cidr in cidr_list]
|
||||
allowed_cidrs.extend(cidr_list)
|
||||
else:
|
||||
allowed_cidrs.append(ipblock)
|
||||
|
||||
if 'ports' in rule_block:
|
||||
for port in rule_block['ports']:
|
||||
if allowed_cidrs or allow_all or selectors:
|
||||
|
|
|
@ -381,6 +381,27 @@ class TestNetworkPolicyDriver(test_base.TestCase):
|
|||
m_create.assert_called()
|
||||
m_get_ns_cidr.assert_not_called()
|
||||
|
||||
@mock.patch.object(network_policy.NetworkPolicyDriver,
|
||||
'_get_namespaces_cidr')
|
||||
@mock.patch('kuryr_kubernetes.controller.drivers.utils.'
|
||||
'create_security_group_rule_body')
|
||||
def test_parse_network_policy_rules_with_ipblock(self, m_create,
|
||||
m_get_ns_cidr):
|
||||
policy = self._policy.copy()
|
||||
policy['spec']['ingress'] = [{'from':
|
||||
[{'ipBlock':
|
||||
{'cidr': '172.17.0.0/16',
|
||||
'except': ['172.17.1.0/24']}}],
|
||||
'ports': [{'port': 6379,
|
||||
'protocol': 'TCP'}]}]
|
||||
policy['spec']['egress'] = [{'ports': [{'port': 5978, 'protocol':
|
||||
'TCP'}],
|
||||
'to': [{'ipBlock':
|
||||
{'cidr': '10.0.0.0/24'}}]}]
|
||||
self._driver.parse_network_policy_rules(policy, self._sg_id)
|
||||
m_create.assert_called()
|
||||
m_get_ns_cidr.assert_not_called()
|
||||
|
||||
@mock.patch.object(network_policy.NetworkPolicyDriver,
|
||||
'_get_namespaces_cidr')
|
||||
@mock.patch('kuryr_kubernetes.controller.drivers.utils.'
|
||||
|
|
|
@ -8,6 +8,7 @@ kuryr-lib>=0.5.0 # Apache-2.0
|
|||
pbr!=2.1.0,>=2.0.0 # Apache-2.0
|
||||
requests>=2.14.2 # Apache-2.0
|
||||
eventlet!=0.18.3,!=0.20.1,!=0.21.0,>=0.18.2 # MIT
|
||||
netaddr>=0.7.19 # BSD
|
||||
openstacksdk>=0.13.0 # Apache-2.0
|
||||
oslo.cache>=1.26.0 # Apache-2.0
|
||||
oslo.config>=5.2.0 # Apache-2.0
|
||||
|
|
Loading…
Reference in New Issue