Merge "Ensure no sg rule is repeated on the Network Policy CRD"
This commit is contained in:
commit
47cd603ef8
|
@ -192,7 +192,8 @@ def _create_sg_rule_on_text_port(sg_id, direction, port, rule_selected_pods,
|
||||||
pods=pods)
|
pods=pods)
|
||||||
sgr_id = driver_utils.create_security_group_rule(sg_rule)
|
sgr_id = driver_utils.create_security_group_rule(sg_rule)
|
||||||
sg_rule['security_group_rule']['id'] = sgr_id
|
sg_rule['security_group_rule']['id'] = sgr_id
|
||||||
crd_rules.append(sg_rule)
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
return matched
|
return matched
|
||||||
|
|
||||||
|
|
||||||
|
@ -222,12 +223,14 @@ def _create_sg_rules(crd, pod, pod_selector, rule_block,
|
||||||
sg_rule = _create_sg_rule(
|
sg_rule = _create_sg_rule(
|
||||||
sg_id, direction, cidr=pod_ip, port=port,
|
sg_id, direction, cidr=pod_ip, port=port,
|
||||||
namespace=namespace)
|
namespace=namespace)
|
||||||
crd_rules.append(sg_rule)
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
else:
|
else:
|
||||||
matched = True
|
matched = True
|
||||||
sg_rule = _create_sg_rule(
|
sg_rule = _create_sg_rule(
|
||||||
sg_id, direction, cidr=pod_ip, namespace=namespace)
|
sg_id, direction, cidr=pod_ip, namespace=namespace)
|
||||||
crd_rules.append(sg_rule)
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
else:
|
else:
|
||||||
# NOTE (maysams) When a policy with namespaceSelector and text port
|
# NOTE (maysams) When a policy with namespaceSelector and text port
|
||||||
# is applied the port on the pods needs to be retrieved.
|
# is applied the port on the pods needs to be retrieved.
|
||||||
|
@ -296,9 +299,11 @@ def _parse_selectors_on_namespace(crd, direction, pod_selector,
|
||||||
LOG.debug("Skipping SG rule creation for pod "
|
LOG.debug("Skipping SG rule creation for pod "
|
||||||
"%s due to no IP assigned", pod_name)
|
"%s due to no IP assigned", pod_name)
|
||||||
continue
|
continue
|
||||||
crd_rules.append(_create_sg_rule(
|
sg_rule = _create_sg_rule(
|
||||||
sg_id, direction, pod_ip, port=port,
|
sg_id, direction, pod_ip, port=port,
|
||||||
namespace=ns_name))
|
namespace=ns_name)
|
||||||
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
else:
|
else:
|
||||||
for pod in pods:
|
for pod in pods:
|
||||||
pod_ip = driver_utils.get_pod_ip(pod)
|
pod_ip = driver_utils.get_pod_ip(pod)
|
||||||
|
@ -308,9 +313,11 @@ def _parse_selectors_on_namespace(crd, direction, pod_selector,
|
||||||
" to no IP assigned", pod_name)
|
" to no IP assigned", pod_name)
|
||||||
continue
|
continue
|
||||||
matched = True
|
matched = True
|
||||||
crd_rules.append(_create_sg_rule(
|
sg_rule = _create_sg_rule(
|
||||||
sg_id, direction, pod_ip,
|
sg_id, direction, pod_ip,
|
||||||
namespace=ns_name))
|
namespace=ns_name)
|
||||||
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
else:
|
else:
|
||||||
ns_pods = driver_utils.get_pods(ns_selector)
|
ns_pods = driver_utils.get_pods(ns_selector)
|
||||||
ns_cidr = driver_utils.get_namespace_subnet_cidr(namespace)
|
ns_cidr = driver_utils.get_namespace_subnet_cidr(namespace)
|
||||||
|
@ -323,14 +330,18 @@ def _parse_selectors_on_namespace(crd, direction, pod_selector,
|
||||||
crd_rules, matched, crd))
|
crd_rules, matched, crd))
|
||||||
else:
|
else:
|
||||||
matched = True
|
matched = True
|
||||||
crd_rules.append(_create_sg_rule(
|
sg_rule = _create_sg_rule(
|
||||||
sg_id, direction, ns_cidr,
|
sg_id, direction, ns_cidr,
|
||||||
port=port, namespace=ns_name))
|
port=port, namespace=ns_name)
|
||||||
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
else:
|
else:
|
||||||
matched = True
|
matched = True
|
||||||
crd_rules.append(_create_sg_rule(
|
sg_rule = _create_sg_rule(
|
||||||
sg_id, direction, ns_cidr,
|
sg_id, direction, ns_cidr,
|
||||||
namespace=ns_name))
|
namespace=ns_name)
|
||||||
|
if sg_rule not in crd_rules:
|
||||||
|
crd_rules.append(sg_rule)
|
||||||
return matched, crd_rules
|
return matched, crd_rules
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue