Changes for local network policies #572
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
mchalla
commented
Jun 23, 2024
mchalla
commented
- Implemented on top of Genie changes from Tom
- Add the following classes class[gbpe/LocalL24Classifier] class[gbp/LocalSecGroup] class[gbp/LocalSecGroupSubject] class[gbp/LocalSecGroupRule] class[gbp/LocalAllowDenyAction] class[gbp/LocalSubnets] class[gbp/LocalSubnet]
- These are enabled via opflex.enable-local-netpol config variable and read from .netpol files in the netpol-sources.filesystem thats configured in the opflex config (Default localnetpol is disabled)
- Each security group will contain a .netpol json file containing corresponding netpol
- The implemenation will read these files and update the MODB via the read that then triggers callbacks. These will be the old callbacks in the policymanager that have been extended to also process the Local network policies.
- Add new classtype LOCAL_POLICY to differentiate between POLICY that is always assumed as remote and would trigger a resolveObj
- extend deserialize to support local ObjectInstances, currently it assumes its only called for remote ones.
- add LocalAllowDenyAction on startup since this is the only MO shared across netpols and should never be deleted.
- Implement delete by saving the notifs during add. File based delete will not work without some state because the file notification happens after the file is deleted.
|
India team still testing. DO NOT MERGE. |
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
b8f4b59
to
2cc97df
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
2cc97df
to
58240ef
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
5 times, most recently
from
3149872
to
c003fe7
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
c003fe7
to
3999270
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
3999270
to
f12e3fa
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
f12e3fa
to
b4568cb
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
2 times, most recently
from
5455ed5
to
ba25800
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
ba25800
to
3c13467
Compare
mchalla
force-pushed
the
opflex-hpp-optimization
branch
2 times, most recently
from
1cfb816
to
c1fbbb8
Compare
tomflynn
approved these changes
Jul 18, 2024
| @@ -173,6 +177,18 @@ private static boolean isPolicy(MClass aIn) | |||
| return aIn.isSubclassOf("policy/Component") || aIn.isSubclassOf("policy/Definition"); | |||
| } | |||
|
|
|||
| private static boolean isLocalPolicy(MClass aIn) | |||
| { | |||
| return aIn.isInstanceOf("gbpe/LocalL24Classifier") | |||
There was a problem hiding this comment.
What do you think about checking isPolicy(aIn) and then just looking for Local at the start of the class name instead of listing them all individually. We could just say that's the convention going forward for any local policy
I can handle this in a followup PR if you think it makes sense
There was a problem hiding this comment.
yea thats a good idea. thanks.
genie/src/main/java/org/opendaylight/opflex/genie/content/format/proxy/meta/cpp/FMetaDef.java
Outdated
Show resolved
Hide resolved
- Implemented on top of Genie changes from Tom
- Add the following classes
class[gbpe/LocalL24Classifier]
class[gbp/LocalSecGroup]
class[gbp/LocalSecGroupSubject]
class[gbp/LocalSecGroupRule]
class[gbp/LocalAllowDenyAction]
class[gbp/LocalLogAction]
class[gbp/LocalSubnets]
class[gbp/LocalSubnet]
- These are enabled via opflex.enable-local-netpol config variable
and read from .netpol files in the netpol-sources.filesystem
thats configured in the opflex config (Default localnetpol is disabled)
- Each security group will contain a .netpol json file containing
corresponding netpol
- The implemenation will read these files and update the MODB
via the read that then triggers callbacks. These will be the old
callbacks in the policymanager that have been extended to also
process the Local network policies.
- Add new classtype LOCAL_POLICY to differentiate between POLICY that
is always assumed as remote and would trigger a resolveObj
- extend deserialize to support local ObjectInstances, currently it
assumes its only called for remote ones.
- add LocalAllowDenyAction and LocalLogAction on
startup since these MOs are shared across netpols
and should never be deleted. This is added
in common tenant and one is created at startup.
- Implement delete by saving the notifs during add. File based
delete will not work without some state because the file
notification happens after the file is deleted.
Signed-off-by: Madhu Challa <challa@gmail.com>
mchalla
force-pushed
the
opflex-hpp-optimization
branch
from
c1fbbb8
to
dab0a5c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.