Browse Source

create instances with security policy

dev
akumas 11 months ago
parent
commit
4f149e23d1
  1. 3
      CHANGELOG.md
  2. 34
      src/modules/api_module.go
  3. 49
      src/task/create_guest.go

3
CHANGELOG.md

@ -1,6 +1,6 @@
# Change Log
## [1.3.0] - 2020-11-07
## [1.3.0] - 2020-11-08
### Added
@ -8,6 +8,7 @@
- Manage security policy group
- Allow address pool bind IP using Cloud-Init
- Sync disk/media images from local path
- Create instances with security policy
### Changed

34
src/modules/api_module.go

@ -2139,22 +2139,23 @@ func (module *APIModule) handleCreateGuest(w http.ResponseWriter, r *http.Reques
}
type userRequest struct {
Name string `json:"name"`
Owner string `json:"owner"`
Group string `json:"group"`
Pool string `json:"pool"`
Cores uint `json:"cores"`
Memory uint `json:"memory"`
Disks []uint64 `json:"disks"`
Template string `json:"template"`
AutoStart bool `json:"auto_start,omitempty"`
NetworkAddress string `json:"network_address,omitempty"`
EthernetAddress string `json:"ethernet_address,omitempty"`
FromImage string `json:"from_image,omitempty"`
Port []uint64 `json:"port,omitempty"`
Modules []string `json:"modules,omitempty"`
CloudInit *ciConfig `json:"cloud_init,omitempty"`
QoS *restInstanceQoS `json:"qos,omitempty"`
Name string `json:"name"`
Owner string `json:"owner"`
Group string `json:"group"`
Pool string `json:"pool"`
Cores uint `json:"cores"`
Memory uint `json:"memory"`
Disks []uint64 `json:"disks"`
Template string `json:"template"`
AutoStart bool `json:"auto_start,omitempty"`
NetworkAddress string `json:"network_address,omitempty"`
EthernetAddress string `json:"ethernet_address,omitempty"`
FromImage string `json:"from_image,omitempty"`
Port []uint64 `json:"port,omitempty"`
Modules []string `json:"modules,omitempty"`
CloudInit *ciConfig `json:"cloud_init,omitempty"`
QoS *restInstanceQoS `json:"qos,omitempty"`
SecurityPolicyGroup string `json:"security_policy_group,omitempty"`
}
decoder := json.NewDecoder(r.Body)
@ -2214,6 +2215,7 @@ func (module *APIModule) handleCreateGuest(w http.ResponseWriter, r *http.Reques
msg.SetUIntArray(framework.ParamKeyDisk, request.Disks)
msg.SetBoolean(framework.ParamKeyOption, request.AutoStart)
msg.SetString(framework.ParamKeyTemplate, request.Template)
msg.SetString(framework.ParamKeyPolicy, request.SecurityPolicyGroup)
//optional disk image
if "" != request.FromImage{
msg.SetString(framework.ParamKeyImage, request.FromImage)

49
src/task/create_guest.go

@ -61,7 +61,7 @@ func (executor *CreateGuestExecutor)Execute(id framework.SessionID, request fram
executor.ResourceModule.GetSystemTemplate(templateID, respChan)
var result = <- respChan
if result.Error != nil{
err = fmt.Errorf("get template fail: %s", result.Error)
err = fmt.Errorf("get template '%s' fail: %s", templateID, result.Error)
return
}
var t = result.Template
@ -78,6 +78,53 @@ func (executor *CreateGuestExecutor)Execute(id framework.SessionID, request fram
}
request.SetUIntArray(framework.ParamKeyTemplate, options)
}
//Security policy
{
var policyID string
if policyID, err = request.GetString(framework.ParamKeyPolicy); nil == err && "" != policyID{
var respChan = make(chan modules.ResourceResult, 1)
executor.ResourceModule.GetSecurityPolicyGroup(policyID, respChan)
var result = <- respChan
if result.Error != nil{
err = fmt.Errorf("get security policy '%s' fail: %s", policyID, result.Error)
return
}
var policy = result.PolicyGroup
request.SetBoolean(framework.ParamKeyAction, policy.Accept)
executor.ResourceModule.GetSecurityPolicyRules(policyID, respChan)
result = <- respChan
if result.Error != nil{
err = fmt.Errorf("get security rules of policy '%s' fail: %s", policyID, result.Error)
return
}
var rules = result.PolicyRuleList
//accept,protocol,from,to,port
var policyParameters []uint64
for index, rule := range rules{
if rule.Accept{
policyParameters = append(policyParameters, modules.PolicyRuleActionAccept)
}else{
policyParameters = append(policyParameters, modules.PolicyRuleActionReject)
}
switch rule.Protocol {
case modules.PolicyRuleProtocolTCP:
policyParameters = append(policyParameters, modules.PolicyRuleProtocolIndexTCP)
case modules.PolicyRuleProtocolUDP:
policyParameters = append(policyParameters, modules.PolicyRuleProtocolIndexUDP)
case modules.PolicyRuleProtocolICMP:
policyParameters = append(policyParameters, modules.PolicyRuleProtocolIndexICMP)
default:
err = fmt.Errorf("invalid protocol '%s' on %dth rule of policy '%s'",
rule.Protocol, index, policy.Name)
return
}
policyParameters = append(policyParameters, uint64(modules.IPv4ToUInt32(rule.SourceAddress)))
policyParameters = append(policyParameters, uint64(modules.IPv4ToUInt32(rule.TargetAddress)))
policyParameters = append(policyParameters, uint64(rule.TargetPort))
}
request.SetUIntArray(framework.ParamKeyPolicy, policyParameters)
}
}
//QoS
{

Loading…
Cancel
Save