Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changes for local network policies #572

Merged
merged 1 commit into from
Jul 18, 2024
Merged

Commits on Jul 18, 2024

  1. Changes for local network policies

    - Implemented on top of Genie changes from Tom
    - Add the following classes
        class[gbpe/LocalL24Classifier]
        class[gbp/LocalSecGroup]
        class[gbp/LocalSecGroupSubject]
        class[gbp/LocalSecGroupRule]
        class[gbp/LocalAllowDenyAction]
        class[gbp/LocalLogAction]
        class[gbp/LocalSubnets]
        class[gbp/LocalSubnet]
    - These are enabled via opflex.enable-local-netpol config variable
      and read from .netpol files in the netpol-sources.filesystem
      thats configured in the opflex config (Default localnetpol is disabled)
    - Each security group will contain a .netpol json file containing
      corresponding netpol
    - The implemenation will read these files and update the MODB
      via the read that then triggers callbacks. These will be the old
      callbacks in the policymanager that have been extended to also
      process the Local network policies.
    - Add new classtype LOCAL_POLICY to differentiate between POLICY that
      is always assumed as remote and would trigger a resolveObj
    - extend deserialize to support local ObjectInstances, currently it
      assumes its only called for remote ones.
    - add LocalAllowDenyAction and LocalLogAction on
      startup since these MOs are shared across netpols
      and should never be deleted. This is added
      in common tenant and one is created at startup.
    - Implement delete by saving the notifs during add. File based
      delete will not work without some state because the file
      notification happens after the file is deleted.
    
    Signed-off-by: Madhu Challa <challa@gmail.com>
    mchalla committed Jul 18, 2024
    Configuration menu
    Copy the full SHA
    dab0a5c View commit details
    Browse the repository at this point in the history