From 5421ce1ba53962cdfe157461b2e696f735498693 Mon Sep 17 00:00:00 2001
From: Daniel Mellado <dmellado@redhat.com>
Date: Mon, 9 Jul 2018 04:39:05 -0400
Subject: [PATCH] Add Network Policies Driver

This patch adds the driver skel for Network Policy Support and hooks the
previously merged handler to use it. Follow up patches will provide translation
between NP and Neutron security groups and driver implementation.

Partially Implements: blueprint k8s-network-policies
Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com>
Change-Id: Ie8cca7b717677347f6a100e8d3b3912bdc20a148
---
 kuryr_kubernetes/config.py                    |  7 +++++
 kuryr_kubernetes/controller/drivers/base.py   |  2 +-
 .../controller/drivers/default_project.py     |  9 ++++++
 .../controller/drivers/network_policy.py      | 30 +++++++++++++++++++
 .../controller/handlers/policy.py             | 11 +++++--
 setup.cfg                                     |  6 ++++
 6 files changed, 62 insertions(+), 3 deletions(-)
 create mode 100644 kuryr_kubernetes/controller/drivers/network_policy.py

diff --git a/kuryr_kubernetes/config.py b/kuryr_kubernetes/config.py
index e2c42d293..fb54fdf00 100644
--- a/kuryr_kubernetes/config.py
+++ b/kuryr_kubernetes/config.py
@@ -112,6 +112,10 @@ k8s_opts = [
                help=_("The driver to determine OpenStack "
                       "project for namespaces"),
                default='default'),
+    cfg.StrOpt('network_policy_project_driver',
+               help=_("The driver to determine OpenStack "
+                      "project for network policies"),
+               default='default'),
     cfg.StrOpt('pod_subnets_driver',
                help=_("The driver to determine Neutron "
                       "subnets for pod ports"),
@@ -169,6 +173,9 @@ k8s_opts = [
     cfg.PortOpt('controller_ha_elector_port',
                 help=_('Port on which leader-elector pod is listening to.'),
                 default=16401),
+    cfg.StrOpt('network_policy_driver',
+               help=_("Driver for network policies"),
+               default='default'),
 ]
 
 neutron_defaults = [
diff --git a/kuryr_kubernetes/controller/drivers/base.py b/kuryr_kubernetes/controller/drivers/base.py
index c531d8057..0c7edc949 100644
--- a/kuryr_kubernetes/controller/drivers/base.py
+++ b/kuryr_kubernetes/controller/drivers/base.py
@@ -664,7 +664,7 @@ class NetworkPolicyDriver(DriverBase):
 class NetworkPolicyProjectDriver(DriverBase):
     """Get an OpenStack project id for K8s network policies"""
 
-    ALIAS = 'policy_project'
+    ALIAS = 'network_policy_project'
 
     @abc.abstractmethod
     def get_project(self, policy):
diff --git a/kuryr_kubernetes/controller/drivers/default_project.py b/kuryr_kubernetes/controller/drivers/default_project.py
index a7744fc8c..7f2513815 100644
--- a/kuryr_kubernetes/controller/drivers/default_project.py
+++ b/kuryr_kubernetes/controller/drivers/default_project.py
@@ -67,4 +67,13 @@ class DefaultNamespaceProjectDriver(base.NamespaceProjectDriver):
             raise cfg.RequiredOptError('project',
                                        cfg.OptGroup('neutron_defaults'))
 
+
+class DefaultNetworkPolicyProjectDriver(base.NetworkPolicyProjectDriver):
+
+    def get_project(self, policy):
+        project_id = config.CONF.neutron_defaults.project
+
+        if not project_id:
+            raise cfg.RequiredOptError('project',
+                                       cfg.OptGroup('neutron_defaults'))
         return project_id
diff --git a/kuryr_kubernetes/controller/drivers/network_policy.py b/kuryr_kubernetes/controller/drivers/network_policy.py
new file mode 100644
index 000000000..26fa49830
--- /dev/null
+++ b/kuryr_kubernetes/controller/drivers/network_policy.py
@@ -0,0 +1,30 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from oslo_log import log as logging
+
+from kuryr_kubernetes.controller.drivers import base
+
+LOG = logging.getLogger(__name__)
+
+
+class NetworkPolicyDriver(base.NetworkPolicyDriver):
+    """Provides security groups actions based on K8s Network Policies"""
+
+    def ensure_network_policy(self, policy, project_id):
+        pass
+
+    def release_network_policy(self, policy, project_id):
+        pass
diff --git a/kuryr_kubernetes/controller/handlers/policy.py b/kuryr_kubernetes/controller/handlers/policy.py
index 0a70a6989..7b7e5b057 100644
--- a/kuryr_kubernetes/controller/handlers/policy.py
+++ b/kuryr_kubernetes/controller/handlers/policy.py
@@ -15,6 +15,7 @@
 from oslo_log import log as logging
 
 from kuryr_kubernetes import constants as k_const
+from kuryr_kubernetes.controller.drivers import base as drivers
 from kuryr_kubernetes.handlers import k8s_base
 
 LOG = logging.getLogger(__name__)
@@ -28,9 +29,15 @@ class NetworkPolicyHandler(k8s_base.ResourceEventHandler):
 
     def __init__(self):
         super(NetworkPolicyHandler, self).__init__()
+        self._drv_policy = drivers.NetworkPolicyDriver.get_instance()
+        self._drv_project = drivers.NetworkPolicyProjectDriver.get_instance()
 
     def on_present(self, policy):
-        LOG.debug("Received event notification on network policy: %s", policy)
+        LOG.debug("Created or updated: %s", policy)
+        project_id = self._drv_project.get_project(policy)
+        self._drv_policy.ensure_network_policy(policy, project_id)
 
     def on_deleted(self, policy):
-        LOG.debug("Received event notification on network policy: %s", policy)
+        LOG.debug("Deleted network policy: %s", policy)
+        project_id = self._drv_project.get_project(policy)
+        self._drv_policy.release_network_policy(policy, project_id)
diff --git a/setup.cfg b/setup.cfg
index 557538b22..af387b7ff 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -49,6 +49,9 @@ kuryr_kubernetes.controller.drivers.service_project =
 kuryr_kubernetes.controller.drivers.namespace_project =
     default = kuryr_kubernetes.controller.drivers.default_project:DefaultNamespaceProjectDriver
 
+kuryr_kubernetes.controller.drivers.network_policy_project =
+    default = kuryr_kubernetes.controller.drivers.default_project:DefaultNetworkPolicyProjectDriver
+
 kuryr_kubernetes.controller.drivers.pod_subnets =
     default = kuryr_kubernetes.controller.drivers.default_subnet:DefaultPodSubnetDriver
     namespace = kuryr_kubernetes.controller.drivers.namespace_subnet:NamespacePodSubnetDriver
@@ -62,6 +65,9 @@ kuryr_kubernetes.controller.drivers.pod_security_groups =
 kuryr_kubernetes.controller.drivers.service_security_groups =
     default = kuryr_kubernetes.controller.drivers.default_security_groups:DefaultServiceSecurityGroupsDriver
 
+kuryr_kubernetes.controller.drivers.network_policy =
+    default = kuryr_kubernetes.controller.drivers.network_policy:NetworkPolicyDriver
+
 kuryr_kubernetes.controller.drivers.pod_vif =
     neutron-vif = kuryr_kubernetes.controller.drivers.neutron_vif:NeutronPodVIFDriver
     nested-vlan = kuryr_kubernetes.controller.drivers.nested_vlan_vif:NestedVlanPodVIFDriver