public static ClauseName getClauseName(SecurityRule secRule) { IpPrefix remoteIpPrefix = secRule.getRemoteIpPrefix(); SubjectName subjectName = getSubjectName(secRule); if (remoteIpPrefix == null) { return new ClauseName(subjectName); } return new ClauseName(subjectName.getValue() + MappingUtils.NAME_DOUBLE_DELIMETER + Utils.getStringIpPrefix(remoteIpPrefix).replace('/', '_')); }
private SelectorName getSelectorNameWithProvider(SecurityRule secRule, Neutron neutron) { ClauseName clauseName = SecRuleNameDecoder.getClauseName(secRule); Uuid providerSecGroupId = secRule.getSecurityGroupId(); // we cannot use name of security group in selector, because name can be changed // therefore name is used only in debug mode if (NeutronMapperModule.isDebugEnabled()) { Optional<SecurityGroup> potentialProviderSecGroup = SecurityGroupUtils.findSecurityGroup(secRule.getSecurityGroupId(), neutron.getSecurityGroups()); if (!potentialProviderSecGroup.isPresent()) { LOG.error("Neutron Security Group with UUID {} does not exist but it is in {}", providerSecGroupId.getValue(), secRule); throw new IllegalStateException( "Neutron Security Group with UUID " + providerSecGroupId.getValue() + " does not exist."); } String selectorName = new StringBuilder().append(clauseName.getValue()) .append(MappingUtils.NAME_DOUBLE_DELIMETER) .append(PROVIDED_BY) .append(SecurityGroupUtils.getNameOrUuid(potentialProviderSecGroup.get())) .toString(); return new SelectorName(selectorName); } String selectorName = new StringBuilder().append(clauseName.getValue()) .append(MappingUtils.NAME_DOUBLE_DELIMETER) .append(PROVIDED_BY) .append(providerSecGroupId.getValue()) .toString(); return new SelectorName(selectorName); }
private Contract getDefaultContract() { ContractBuilder contractBuilder = new ContractBuilder().setId(new ContractId(this.contractId)); Subject subject = null; Action action = intent.getActions().get(0).getAction(); if (action instanceof Block) { subject = this.getBlockSubject(); } else if (action instanceof Allow) { subject = this.getAllowSubject(); } else { LOG.warn("The specified action is not recognized {}", action); } List<SubjectName> subjectNames = new ArrayList<>(); subjectNames.add(subject.getName()); contractBuilder.setSubject(ImmutableList.of(subject)); contractBuilder.setClause(ImmutableList.of(new ClauseBuilder() .setName(new ClauseName(DEFAULT_CONTRACT)) .setSubjectRefs(subjectNames) .build())); return contractBuilder.build(); }
private SelectorName getSelectorNameWithConsumer(SecurityRule secRule, Neutron neutron) { ClauseName clauseName = SecRuleNameDecoder.getClauseName(secRule); StringBuilder selectorNameBuilder = new StringBuilder().append(clauseName.getValue()); Uuid consumerSecGroupId = secRule.getRemoteGroupId(); if (consumerSecGroupId == null) { return new SelectorName(selectorNameBuilder.toString()); } // we cannot use name of security group in selector, because name can be changed // therefore name is used only in debug mode if (NeutronMapperModule.isDebugEnabled()) { Optional<SecurityGroup> potentialConsumerSecGroup = SecurityGroupUtils.findSecurityGroup(secRule.getRemoteGroupId(), neutron.getSecurityGroups()); if (!potentialConsumerSecGroup.isPresent()) { LOG.error("Neutron Security Group with UUID {} does not exist but it is in {}", consumerSecGroupId.getValue(), secRule); throw new IllegalStateException( "Neutron Security Group with UUID " + consumerSecGroupId.getValue() + " does not exist."); } selectorNameBuilder.append(MappingUtils.NAME_DOUBLE_DELIMETER) .append(POSSIBLE_CONSUMER) .append(SecurityGroupUtils.getNameOrUuid(potentialConsumerSecGroup.get())); return new SelectorName(selectorNameBuilder.toString()); } selectorNameBuilder.append(MappingUtils.NAME_DOUBLE_DELIMETER) .append(POSSIBLE_CONSUMER) .append(consumerSecGroupId.getValue()); return new SelectorName(selectorNameBuilder.toString()); }
.build(); return new ClauseBuilder().setName(new ClauseName(clauseName.toString())) .setSubjectRefs(ImmutableList.of(subjectName)) .setConsumerMatchers(consumerMatchers)
LOG.debug("Clause {} in contract {} has no Subject Ref", clause.getName().getValue(), contract.getId() .getValue()); continue;