-# cnf
+```
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) 2021 Intel Corporation
+```
-sdewan cnf docker image for Akraino ICN SDEWAN solution
+# cnf-openwrt
+
+sdewan cnf docker image for SDEWAN solution
# folder structure
--- /dev/null
+```
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) 2021 Intel Corporation
+```
+
+# SDEWAN CNF documents
--- /dev/null
+```
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) 2021 Intel Corporation
+```
+
+# SDEWAN CNF examples
-FROM openwrt-1806-4-base
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+FROM openwrt-1806-4-base:v0.1
#EXPOSE 80
+ENV http_proxy={docker_proxy}
+ENV https_proxy={docker_proxy}
+ENV no_proxy=localhost,120.0.0.1,192.168.*
RUN mkdir /var/lock && \
opkg update && \
+ opkg install shadow-chpasswd && \
+ opkg install luci-ssl && \
opkg install uhttpd-mod-lua && \
uci set uhttpd.main.interpreter='.lua=/usr/bin/lua' && \
uci commit uhttpd && \
opkg install shadow-useradd shadow-groupadd shadow-usermod sudo && \
- opkg install mwan3 jq bash && \
+ opkg install mwan3 jq bash conntrack && \
opkg install strongswan-default luasocket && \
opkg install luci-app-mwan3; exit 0
COPY sdewan_svc.info /etc/sdewan_svc.info
COPY app_cr.info /etc/app_cr.info
COPY route_cr.info /etc/route_cr.info
+COPY rule_cr.info /etc/rule_cr.info
COPY default_firewall /etc/config/firewall
COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1
COPY 10-default.conf /etc/sysctl.d/10-default.conf
+ENV http_proxy=""
+ENV https_proxy=""
+ENV no_proxy=""
+
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN groupadd --system sudo && useradd wrt
RUN usermod -a -G sudo wrt
-FROM openwrt-1806-4-base
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
+FROM openwrt-1806-4-base:v0.1
#EXPOSE 80
-ENV http_proxy={docker_proxy}
-ENV https_proxy={docker_proxy}
-ENV no_proxy=localhost,120.0.0.1,192.168.*
RUN mkdir /var/lock && \
opkg update && \
+ opkg install shadow-chpasswd && \
+ opkg install luci-ssl && \
opkg install uhttpd-mod-lua && \
uci set uhttpd.main.interpreter='.lua=/usr/bin/lua' && \
uci commit uhttpd && \
opkg install shadow-useradd shadow-groupadd shadow-usermod sudo && \
- opkg install mwan3 jq bash && \
+ opkg install mwan3 jq bash conntrack && \
opkg install strongswan-default luasocket && \
opkg install luci-app-mwan3; exit 0
COPY sdewan_svc.info /etc/sdewan_svc.info
COPY app_cr.info /etc/app_cr.info
COPY route_cr.info /etc/route_cr.info
+COPY rule_cr.info /etc/rule_cr.info
COPY default_firewall /etc/config/firewall
COPY rest_v1 /usr/lib/lua/luci/controller/rest_v1
COPY 10-default.conf /etc/sysctl.d/10-default.conf
-ENV http_proxy=
-ENV https_proxy=
-ENV no_proxy=
-
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN groupadd --system sudo && useradd wrt
RUN usermod -a -G sudo wrt
#!/bin/bash
+#SPDX-License-Identifier: Apache-2.0
+#Copyright (c) 2021 Intel Corporation
+
# usage: build_images.sh
set -ex
-base_image_tag=openwrt-1806-4-base
+base_image_tag=openwrt-1806-4-base:v0.1
docker_file=Dockerfile_1806_mwan3
-image_tag=openwrt-1806-mwan3
+image_tag=openwrt-1806-mwan3:v0.1
package=openwrt-18.06.4-x86-64-generic-rootfs
# build openwrt base docker images
-base_image=`docker images | grep $base_image_tag | awk '{print $1}'`
+base_image=$(docker images | grep $base_image_tag | awk '{print $1}')
if [ -z "$base_image" ]; then
# download driver source package
if [ ! -e /tmp/$package.tar.gz ]; then
#!/bin/sh /etc/rc.common
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
START=90
STOP=10
secret_xappend "# generated by /etc/init.d/ipsec"
config_get debug "$1" debug 0
- config_get_bool rtinstall_enabled "$1" rtinstall_enabled 0
- config_get_bool vip_enabled "$1" vip_enabled 0
+ config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
+ config_get_bool vip_enabled "$1" vip_enabled 1
[ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
- [ $vip_enabled -eq 1] && install_virtual_ip=yes || install_virtual_ip=no
+ [ $vip_enabled -eq 1 ] && install_virtual_ip=yes || install_virtual_ip=no
# prepare extra charon config option ignore_routing_tables
for routing_table in $(config_get "$1" "ignore_routing_tables"); do
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.app_rest", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.firewall_rest", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.index", package.seeall)
entry({"sdewan", "service", ver}, call("help")).dependent = false
entry({"sdewan", "application", ver}, call("help")).dependent = false
entry({"sdewan", "route", ver}, call("help")).dependent = false
+ entry({"sdewan", "rule", ver}, call("help")).dependent = false
end
--- Copyright 2020 Intel Corporation, Inc.
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.ipsec_rest", package.seeall)
config_type="remote",
object_validator=function(value) return check_auth_method(value) end,
{name="name"},
- {name="type"},
+ {name="type", save_func=function(value) return is_vti_enabled(value) end},
{name="gateway", required=true},
{name="enabled", default="1"},
{name="authentication_method", required=true, validator=function(value) return utils.in_array(value, {"psk", "pubkey"}) end},
end
end
+function is_vti_enabled(value)
+ local mode = value["type"]
+ if mode == "VTI-based" then
+ uci:set(uci_conf, "@ipsec[0]", "rtinstall_enabled", 0)
+ uci:set(uci_conf, "@ipsec[0]", "vip_enabled", 0)
+ else
+ uci:set(uci_conf, "@ipsec[0]", "rtinstall_enabled", 1)
+ uci:set(uci_conf, "@ipsec[0]", "vip_enabled", 1)
+ end
+ uci:save(uci_conf)
+ uci:commit(uci_conf)
+ return true, value
+end
+
function save_cert(content, path)
local file = io.open(path, "w")
if file == nil then
--- /dev/null
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
+
+module("luci.controller.rest_v1.modules.conntrack", package.seeall)
+
+NX = require("nixio")
+sys = require "luci.sys"
+util = require "luci.util"
+utils = require "luci.controller.rest_v1.utils"
+
+tcp_table = {
+ {field="protocol", key=function(data) return split(data, ' ')[1] end},
+ {field="request", key=function(data) return get_info(data, 5) end},
+ {field="response", key=function(data) return get_info(data, 9) end},
+ {field="mark", key="mark"},
+ {field="state", key=function(data) return split(data, ' ')[4] end},
+}
+
+udp_table = {
+ {field="protocol", key=function(data) return split(data, ' ')[1] end},
+ {field="request", key=function(data) return get_info(data, 4) end},
+ {field="response", key=function(data) return get_info(data, 8) end},
+ {field="mark", key="mark"},
+}
+
+function register()
+ return "conntrack", _M["get_conn_info"]
+end
+
+function get_info(data, index)
+ local ret = {}
+ local message = split(data, ' ')
+ if string.find(message[index], 'src') == nil then
+ index = index + 1
+ end
+ local src = split(message[index], '=')[2]
+ local dst = split(message[index+1], '=')[2]
+ local sport = split(message[index+2], '=')[2]
+ local dport = split(message[index+3], '=')[2]
+ if src == nil then
+ util.perror("Invalid request or response source")
+ return nil
+ end
+ ret["src"] = src..':'..sport
+ ret["dst"] = dst..':'..dport
+ return ret
+end
+
+function get_field(data, key)
+ if type(key) == "function" then
+ return key(data)
+ end
+
+ local reg = {
+ key .. " [^%s]+[%s]",
+ }
+
+ local ret = nil
+ for index=1, #reg do
+ for item in string.gmatch(data, reg[index]) do
+ local value = nil
+ local i,j = string.find(item, key .. " ")
+ if i ~= nil then
+ value = string.sub(item, j+1, string.len(item)-1)
+ end
+ if value ~= nil then
+ ret = value
+ break
+ end
+ end
+ end
+ return ret
+end
+
+function get_conn(conn)
+ local ret = {}
+ local protocol = split(conn, ' ')[1]
+ if protocol == "tcp" then
+ fields_table = tcp_table
+ elseif protocol == "udp" then
+ fields_table = udp_table
+ else
+ return ret
+ end
+ for i,v in pairs(fields_table) do
+ local value = get_field(conn, v["key"])
+ if value ~= nil then
+ ret[v["field"]] = value
+ end
+ end
+ return ret
+end
+
+function get_conn_info()
+ local ret = {}
+ local index = 1
+ for conn in util.execi("conntrack -L") do
+ ret[index] = get_conn(conn)
+ index = index + 1
+ end
+ return ret
+end
+
+function split(str,reps)
+ local arr = {}
+ string.gsub(str,'[^'..reps..']+',function(w)
+ table.insert(arr, w)
+ end)
+ return arr
+end
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.modules.interface", package.seeall)
--- /dev/null
+-- Copyright 2021 Intel Corporation, Inc
+-- Licensed to the public under the Apache License 2.0.
+
+module("luci.controller.rest_v1.modules.ipsec", package.seeall)
+
+util = require "luci.util"
+utils = require "luci.controller.rest_v1.utils"
+uci = require "luci.model.uci"
+json = require "luci.jsonc"
+
+uci_conf = "ipsec"
+fields_table = {
+ {field="connecting", key="connecting"},
+ {field="up", key="up"},
+ {field="connection", key="==="}
+}
+
+function register()
+ return "ipsec", _M["get_ipsec_info"]
+end
+
+function get_field(data, key, field_type)
+ if type(key) == "function" then
+ return key(data)
+ end
+
+ local reg = {
+ "%d+%s" .. key,
+ "%w+%p%w+%p%w+%p%w+%p%w+%s" .. key .. "%s%w+%p%w+%p%w+%p%w+%p%w+"
+ }
+
+ local ret = nil
+
+ if (key == "===") then
+ index = 2
+ else
+ index = 1
+ end
+
+ for item in string.gmatch(data, reg[index]) do
+ local value = nil
+ local i,j = string.find(item, " " .. key)
+ if i ~= nil then
+ if (key == "===") then
+ value = item
+ else
+ value = string.sub(item, 1, i-1)
+ end
+ end
+ if value ~= nil
+ then
+ ret = value
+ break
+ end
+ end
+ return ret
+end
+
+function get_ipsec_detail(stat)
+ local ret = nil
+ for i,v in pairs(fields_table) do
+ local value = get_field(stat, v["key"], v["type"])
+ if value ~= nil then
+ if ret == nil then
+ ret = {}
+ end
+ ret[v["field"]] = value
+ end
+ end
+ return ret
+end
+
+function getTunnelCounts(configuration)
+ local c = 0
+ uci:foreach(configuration, "remote",
+ function(session)
+ print(json.stringify(session))
+ local t = session["tunnel"]
+ if t ~= nil and #t > 0 then
+ c = c + #t
+ end
+ t = session["transport"]
+ if t ~= nil and #t > 0 then
+ c = c + #t
+ end
+ end
+ )
+ return c
+end
+
+function get_ipsec_info()
+ local ret = {}
+ local index = 1
+ local stats = "InitConnection"
+ local upi
+ local connecti
+ local total = getTunnelCounts(uci_conf)
+ ret[stats] = "success"
+ ret["details"] = {}
+ for stat in util.execi("ipsec status") do
+ local res = get_ipsec_detail(stat)
+ if res ~= nil then
+ for k, v in pairs(res) do
+ if (k == "up") then
+ upi = tonumber(v)
+ elseif (k == "connecting") then
+ connecti = tonumber(v)
+ else
+ break
+ end
+ end
+ if (upi + connecti < total) then
+ util.perror("Finding connection failed ...")
+ ret[stats] = "fail"
+ end
+ ret["details"][index] = res
+ index = index + 1
+ end
+ end
+ return ret
+end
--- /dev/null
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
+
+module("luci.controller.rest_v1.modules.route", package.seeall)
+
+NX = require("nixio")
+sys = require "luci.sys"
+util = require "luci.util"
+utils = require "luci.controller.rest_v1.utils"
+
+fields_table = {
+ {field="gateway", key="via"},
+ {field="device", key="dev"},
+ {field="destination", key=function(data) return split(data, ' ')[1] end},
+ {field="scope", key="scope"},
+ {field="proto", key="proto"},
+ {field="metric", key="metric"},
+ {field="src", key="src"},
+}
+
+function register()
+ return "route", _M["get_route_info"]
+end
+
+function get_field(data, key, field_type)
+ if type(key) == "function" then
+ return key(data)
+ end
+
+ local reg = {
+ key .. " [^%s]+[%s]",
+ }
+
+ local ret = nil
+ for index=1, #reg do
+ for item in string.gmatch(data, reg[index]) do
+ local value = nil
+ local i,j = string.find(item, key .. " ")
+ if i ~= nil then
+ value = string.sub(item, j+1, string.len(item)-1)
+ end
+ if value ~= nil then
+ ret = value
+ break
+ end
+ end
+ end
+ return ret
+end
+
+function get_route(route)
+ local ret = {}
+ for i,v in pairs(fields_table) do
+ local value = get_field(route, v["key"], v["type"])
+ if value ~= nil then
+ ret[v["field"]] = value
+ end
+ end
+ return ret
+end
+
+function get_route_info()
+ local ret = {}
+ for table in util.execi("ip rule | awk '{print $NF}' | sort | uniq") do
+ if table == "main" or table == "local" or table == "default" or utils.is_integer_and_in_range(table, 0) then
+ local cont = {}
+ local index = 1
+ local data = {}
+ for route in util.execi("ip route show table " .. table) do
+ data[index] = get_route(route)
+ index = index + 1
+ end
+ cont["item"] = data
+ ret[table] = cont
+ end
+ end
+ return ret
+end
+
+function split(str,reps)
+ local arr = {}
+ string.gsub(str,'[^'..reps..']+',function(w)
+ table.insert(arr, w)
+ end)
+ return arr
+end
--- /dev/null
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
+
+module("luci.controller.rest_v1.modules.rule", package.seeall)
+
+NX = require("nixio")
+sys = require "luci.sys"
+util = require "luci.util"
+utils = require "luci.controller.rest_v1.utils"
+
+fields_table = {
+ {field="src", key="from"},
+ {field="dst", key="to"},
+ {field="prio", key=function(data) return split(data, ':')[1] end},
+ {field="fwmark", key="fwmark"},
+ {field="table", key="lookup"},
+ {field="not", key=function(data) if string.match(data, "[%s]not[%s]") ~= nil then return "true" else return "false" end end},
+}
+
+function register()
+ return "rule", _M["get_rule_info"]
+end
+
+function get_field(data, key, field_type)
+ if type(key) == "function" then
+ return key(data)
+ end
+
+ local reg = {
+ key .. " [^%s]+[%s]",
+ }
+
+ local ret = nil
+ for index=1, #reg do
+ for item in string.gmatch(data, reg[index]) do
+ local value = nil
+ local i,j = string.find(item, key .. " ")
+ if i ~= nil then
+ value = string.sub(item, j+1, string.len(item)-1)
+ end
+ if value ~= nil then
+ ret = value
+ break
+ end
+ end
+ end
+ return ret
+end
+
+function get_rule(rule)
+ local ret = {}
+ for i,v in pairs(fields_table) do
+ local value = get_field(rule, v["key"], v["type"])
+ if value ~= nil then
+ ret[v["field"]] = value
+ end
+ end
+ return ret
+end
+
+function get_rule_info()
+ local ret = {}
+ local index = 1
+ for rule in util.execi("ip rule") do
+ ret[index] = get_rule(rule)
+ index = index + 1
+ end
+ return ret
+end
+
+function split(str,reps)
+ local arr = {}
+ string.gsub(str,'[^'..reps..']+',function(w)
+ table.insert(arr, w)
+ end)
+ return arr
+end
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.modules.wan", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.mwan3_rest", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.route_rest", package.seeall)
--- /dev/null
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
+
+module("luci.controller.rest_v1.rule_rest", package.seeall)
+
+local uci = require "luci.model.uci"
+
+json = require "luci.jsonc"
+io = require "io"
+sys = require "luci.sys"
+utils = require "luci.controller.rest_v1.utils"
+
+function index()
+ ver = "v1"
+ configuration = "rule"
+ entry({"sdewan", configuration, ver, "rules"}, call("handle_request")).leaf = true
+end
+
+-- Request Handler
+function handle_request()
+ local method = utils.get_req_method()
+ if method == "PUT" then
+ return update_rule()
+ elseif method == "POST" then
+ return create_rule()
+ elseif method == "DELETE" then
+ return delete_rule()
+ elseif method == "GET" then
+ return get_rule()
+ else
+ utils.response_error(405, "Method Not Allowed")
+ end
+end
+
+-- Post
+function create_rule()
+ local obj = utils.get_request_body_object()
+ if obj == nil then
+ utils.response_error(400, "No Rule Data")
+ return
+ end
+ if is_duplicated(obj.name, obj.src, obj.dst) then
+ utils.response_error(409, "Duplicated Rule Configuration")
+ return
+ end
+ if not is_valid_format(obj.src, obj.dst, obj.prio, obj.table, obj.fwmark) then
+ utils.response_error(400, "Invalid rule format")
+ return
+ end
+
+ local comm = "ip rule add "
+ comm = rule_gen(comm, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag)
+ os.execute(comm)
+
+ local file = io.open("/etc/rule_cr.info", "a+")
+ local rule_str = input_format(obj.name, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag)
+ file:write(rule_str, "\n")
+ file:close()
+ luci.http.prepare_content("application/json")
+ luci.http.write_json(obj)
+end
+
+-- Delete
+function delete_rule()
+ local uri_list = utils.get_URI_list(7)
+ if uri_list == nil then
+ return
+ end
+ local name = uri_list[#uri_list]
+ local file = io.open("/etc/rule_cr.info", "r")
+ local content = {}
+ for line in file:lines() do
+ local message = split(line, ',')
+ if name ~= message[1] then
+ content[#content+1] = line
+ else
+ local comm = "ip rule del "
+ comm = rule_gen(comm, message[2], message[3], message[4], message[5], message[6], message[7])
+ os.execute(comm)
+ end
+ end
+ file:close()
+ local file = io.open("/etc/rule_cr.info", "w+")
+ for i = 1, #content do
+ file:write(content[i], "\n")
+ end
+ file:close()
+end
+
+-- Update
+function update_rule()
+ local uri_list = utils.get_URI_list(7)
+ if uri_list == nil then
+ return
+ end
+ local name = uri_list[#uri_list]
+ local obj = utils.get_request_body_object()
+ if obj == nil then
+ utils.response_error(400, "Rule CR not found")
+ return
+ end
+ if obj.name ~= name then
+ utils.response_error(400, "Rule CR name mismatch")
+ return
+ end
+ if not is_valid_format(obj.src, obj.dst, obj.prio, obj.table, obj.fwmark) then
+ utils.response_error(400, "Invalid rule format")
+ return
+ end
+
+ local file = io.open("/etc/rule_cr.info", "r")
+ local content = {}
+ local is_found = false
+ for line in file:lines() do
+ local message = split(line, ',')
+ if name ~= message[1] then
+ content[#content+1] = line
+ else
+ is_found = true
+ local pre_comm = "ip rule del "
+ pre_comm = rule_gen(pre_comm, message[2], message[3], message[4], message[5], message[6], message[7])
+ os.execute(pre_comm)
+ local post_comm = "ip rule add "
+ post_comm = rule_gen(post_comm, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag)
+ os.execute(post_comm)
+ content[#content+1] = input_format(obj.name, obj.src, obj.dst, obj.prio, obj.table, obj.fwmark, obj.flag)
+ end
+ end
+ file:close()
+
+ if not is_found then
+ utils.response_error(404, "Cannot find ".."Rule ".."[".. name.."]".." to update." )
+ return
+ end
+
+ local file = io.open("/etc/rule_cr.info", "w+")
+ for i = 1, #content do
+ file:write(content[i], "\n")
+ end
+ file:close()
+ luci.http.prepare_content("application/json")
+ luci.http.write_json(obj)
+end
+
+-- Get
+function get_rule()
+ local uri_list = utils.get_URI_list()
+ local file = io.open("/etc/rule_cr.info", "r")
+ if #uri_list == 6 then
+ local objs = {}
+ objs["rules"] = {}
+ for line in file:lines() do
+ local message = split(line, ',')
+ local obj = {}
+ obj["name"] = message[1]
+ obj["src"] = message[2]
+ obj["dst"] = message[3]
+ obj["prio"] = message[4]
+ obj["table"] = message[5]
+ obj["fwmark"] = message[6]
+ if message[7] == "false" then
+ obj["flag"] = false
+ else
+ obj["flag"] = true
+ end
+ table.insert(objs["rules"], obj)
+ end
+ luci.http.prepare_content("application/json")
+ luci.http.write_json(objs)
+ elseif #uri_list == 7 then
+ local name = uri_list[#uri_list]
+ local no = true
+ for line in file:lines() do
+ local message = split(line, ',')
+ if name == message[1] then
+ no = false
+ local obj = {}
+ obj["name"] = message[1]
+ obj["src"] = message[2]
+ obj["dst"] = message[3]
+ obj["prio"] = message[4]
+ obj["table"] = message[5]
+ obj["fwmark"] = message[6]
+ if message[7] == "false" then
+ obj["flag"] = false
+ else
+ obj["flag"] = true
+ end
+ luci.http.prepare_content("application/json")
+ luci.http.write_json(obj)
+ break
+ end
+ end
+ if no then
+ utils.response_error(404, "Cannot find ".."Rule CR ".."[".. name.."]" )
+ end
+ else
+ utils.response_error(400, "Bad request URI")
+ end
+ file:close()
+end
+
+-- Sync and validate
+function split(str,reps)
+ local arr = {}
+ string.gsub(str,'[^'..reps..']+',function(w)
+ table.insert(arr, w)
+ end)
+ return arr
+end
+
+function is_duplicated(name, src, dst)
+ local file = io.open("/etc/rule_cr.info", "r")
+ local judge = false
+ for line in file:lines() do
+ local message = split(line, ',')
+ if name == message[1] then
+ judge = true
+ break
+ end
+ if src == "" then
+ src = "NULL"
+ end
+ if dst == "" then
+ dst = "NULL"
+ end
+ if src == message[2] and dst == message[3] then
+ judge = true
+ break
+ end
+ end
+ file:close()
+ return judge
+end
+
+function is_valid_format(src, dst, prio, table, fwmark)
+ local judge = true
+ if src == "" and dst == "" then
+ judge = false
+ elseif src == "" then
+ judge = utils.is_valid_ip(dst)
+ elseif dst == "" then
+ judge = utils.is_valid_ip(src)
+ else
+ judge = utils.is_valid_ip(dst) and utils.is_valid_ip(src)
+ end
+
+ if prio ~= "" then
+ judge = judge and utils.is_integer_and_in_range(prio, 0)
+ end
+
+ if fwmark ~= "" then
+ local num = tonumber(fwmark, 16)
+ if not num then
+ judge = false
+ elseif string.len(fwmark) > 10 then
+ judge = false
+ end
+ end
+
+ if table == "main" or table == "local" or table == "default" or table == "" then
+ return judge
+ else
+ table_id = get_table_id(table)
+ judge = judge and utils.is_integer_and_in_range(table_id, 0)
+ return judge
+ end
+end
+
+function rule_gen(comm, src, dst, prio, table, fwmark, flag)
+ if tostring(flag) == "true" then
+ comm = comm.."not "
+ end
+ if prio ~= "" and prio ~= "NULL" then
+ comm = comm.."prio "..prio.." "
+ end
+ if src == "" or src == "NULL" then
+ comm = comm.."to "..dst.." "
+ elseif dst == "" or dst == "NULL" then
+ comm = comm.."from "..src.." "
+ else
+ comm = comm.."from "..src.." to "..dst.." "
+ end
+ local table_id = get_table_id(table)
+ comm = comm.."lookup "..table_id
+ if fwmark ~= "" and fwmark ~= "NULL" then
+ comm = comm.." fwmark "..fwmark
+ end
+ return comm
+end
+
+function get_table_id(table)
+ --TODO
+ local table_id = table
+ if table == "" then
+ table_id = "main"
+ end
+ return table_id
+end
+
+function input_format(name, src, dst, prio, table, fwmark, flag)
+ local str = name
+ if src == "" then
+ str = str..",".."NULL"
+ else
+ str = str..","..src
+ end
+ if dst == "" then
+ str = str..",".."NULL"
+ else
+ str = str..","..dst
+ end
+ if prio == "" then
+ str = str..",".."NULL"
+ else
+ str = str..","..prio
+ end
+ str = str..","..get_table_id(table)
+ if fwmark == "" then
+ str = str..",".."NULL"
+ else
+ str = str..","..fwmark
+ end
+ str = str..","..tostring(flag)
+ return str
+end
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.service", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.status_rest", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.svc_rest", package.seeall)
--- Copyright 2020 Intel Corporation, Inc
--- Licensed to the public under the Apache License 2.0.
+--- SPDX-License-Identifier: Apache-2.0
+--- Copyright (c) 2021 Intel Corporation
module("luci.controller.rest_v1.utils", package.seeall)
--- /dev/null
+#SPDX-License-Identifier: Apache-2.0
+#Copyright (c) 2021 Intel Corporation
+# set docker proxy with below line
+#docker_proxy=
#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# set charon.install_virtual_ip = no to prevent the daemon from also installing the VIP
set -o nounset
set -o errexit
-MARK=`echo ${PLUTO_MARK_IN} | cut -d'/' -f1`
-VTI_IF="vti${MARK}"
+NET_IF=`ip a | grep ${PLUTO_ME} | grep inet | cut -d' ' -f 11`
+VTI_IF="vti_${NET_IF}"
case "${PLUTO_VERB}" in
up-host)
- ip tunnel add "${VTI_IF}" local "${PLUTO_ME}" remote "${PLUTO_PEER}" mode vti \
+ #ip tunnel add "${VTI_IF}" local "${PLUTO_ME}" remote "${PLUTO_PEER}" mode vti \
+ ip tunnel add "${VTI_IF}" local "${PLUTO_ME}" remote 0.0.0.0 mode vti \
key "${PLUTO_MARK_OUT%%/*}"
ip link set "${VTI_IF}" up
ip route add "${PLUTO_PEER_SOURCEIP}" dev "${VTI_IF}" src "${PLUTO_ME}"
#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# set charon.install_virtual_ip = no to prevent the daemon from also installing the VIP
set -o nounset
set -o errexit
-MARK=`echo ${PLUTO_MARK_IN} | cut -d'/' -f1`
-VTI_IF="vti${MARK}"
+NET_IF=`ip a | grep ${PLUTO_ME} | grep inet | cut -d' ' -f 11`
+VTI_IF="vti_${NET_IF}"
case "${PLUTO_VERB}" in
up-client)
+++ /dev/null
-# SDEWAN CNF documents
+++ /dev/null
-# SDEWAN CNF examples
+++ /dev/null
-# set docker proxy with below line
-#docker_proxy=
+```
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) 2021 Intel Corporation
+```
+
# Sdewan operator
The sdewan operator is developed under kubebuilder framework
We are going to run command from this directory in the deployment guide.
The installation steps for Sdewan operator:
-1. kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml --validate=false
+1. kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
2. kubectl apply -f examples/sdewan-controller.yaml
Sample deployment of CNF:
- IpsecProposal
- IpsecHost
- IpsecSite
+ - SdewanApplication
+ - CNFService
+ - CNFRoute
+ - CNFRouteRule
+ - CNFStatus
### NOTEs
+```
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) 2021 Intel Corporation
+```
+
# SDEWAN crd-ctrlr document
+```
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) 2021 Intel Corporation
+```
+
# SDEWAN crd-ctrlr examples
## To deploy an example CNF
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
# You need to already have a Role named "pod-reader" in that namespace.
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: v1
data:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: v1
data:
+#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+
NAME=test
kubectl create serviceaccount $NAME
-SECRET_NAME=`kubectl get sa $NAME -o jsonpath='{.secrets[0].name}'`
-TOKEN=`kubectl get secret $SECRET_NAME -o jsonpath='{.data.token}' | base64 -d`
+SECRET_NAME=$(kubectl get sa $NAME -o jsonpath='{.secrets[0].name}')
+TOKEN=$(kubectl get secret "$SECRET_NAME" -o jsonpath='{.data.token}' | base64 -d)
kubectl config view --raw > ~/$NAME.conf
-kubectl --kubeconfig ~/$NAME.conf config rename-context `kubectl --kubeconfig ~/$NAME.conf config current-context` $NAME
-kubectl --kubeconfig ~/$NAME.conf config set-credentials sa-$NAME --token $TOKEN
+kubectl --kubeconfig ~/$NAME.conf config rename-context "$(kubectl --kubeconfig ~/$NAME.conf config current-context)" $NAME
+kubectl --kubeconfig ~/$NAME.conf config set-credentials sa-$NAME --token "$TOKEN"
kubectl --kubeconfig ~/$NAME.conf config set-context $NAME --user sa-$NAME
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: k8s.plugin.opnfv.org/v1alpha1
kind: Network
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: k8s.plugin.opnfv.org/v1alpha1
kind: Network
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: k8s.plugin.opnfv.org/v1alpha1
kind: ProviderNetwork
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
# This role binding allows "jane" to read pods in the "default" namespace.
# You need to already have a Role named "pod-reader" in that namespace.
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# Build the manager binary
-FROM golang:1.13 as builder
+FROM golang:1.16 as builder
WORKDIR /workspace
# Copy the Go Modules manifests
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# Image URL to use all building/pushing image targets
IMG ?= integratedcloudnative/sdewan-controller:dev
# Install CRDs into a cluster
install: manifests
kustomize build config/crd | kubectl apply -f -
- kubectl apply -f config/local/webhook_config.yaml
- cp -r ../examples/tmp/k8s-webhook-server /tmp/
+# kubectl apply -f config/local/webhook_config.yaml
+# cp -r ../examples/tmp/k8s-webhook-server /tmp/
# Uninstall CRDs from a cluster
uninstall: manifests
kustomize build config/crd | kubectl delete -f -
- kubectl delete -f config/local/webhook_config.yaml
+# kubectl delete -f config/local/webhook_config.yaml
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config
deploy: manifests uninstall
vet:
go vet ./...
+# Run go race against code
+race:
+ go build -race -o bin/manager_race main.go
+
# Generate code
generate: controller-gen
$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./..."
- group: batch
kind: CNFRoute
version: v1alpha1
+- group: batch
+ kind: CNFRouteRule
+ version: v1alpha1
version: "2"
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
- logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
+ logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
return nil
}
-// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org
+// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org
// bucketPermissionValidator validates Pods
type bucketPermissionValidator struct {
obj = &IpsecSite{}
case "CNFService":
obj = &CNFService{}
+ case "CNFStatus":
+ obj = &CNFStatus{}
case "SdewanApplication":
obj = &SdewanApplication{}
default:
return admission.Errored(
http.StatusBadRequest,
- errors.New(fmt.Sprintf("Kind is not supported: %v", req.Kind)))
+ fmt.Errorf("Kind is not supported: %v", req.Kind))
}
if req.Operation == "CREATE" || req.Operation == "UPDATE" {
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
--- /dev/null
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+package v1alpha1
+
+import (
+ metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
+// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
+
+// CNFRouteRuleSpec defines the desired state of CNFRouteRule
+type CNFRouteRuleSpec struct {
+ // +kubebuilder:validation:Default:=""
+ Src string `json:"src,omitempty"`
+ // +kubebuilder:validation:Default:=""
+ Dst string `json:"dst,omitempty"`
+ // +kubebuilder:validation:Default:=false
+ Not bool `json:"not,omitempty"`
+ // +kubebuilder:validation:Default:=""
+ Prio string `json:"prio,omitempty"`
+ // +kubebuilder:validation:Default:=""
+ Fwmark string `json:"fwmark,omitempty"`
+ // +kubebuilder:validation:Default:=""
+ Table string `json:"table,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+
+// CNFRouteRule is the Schema for the cnfrouterules API
+type CNFRouteRule struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ObjectMeta `json:"metadata,omitempty"`
+
+ Spec CNFRouteRuleSpec `json:"spec,omitempty"`
+ Status SdewanStatus `json:"status,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// CNFRouteRuleList contains a list of CNFRouteRule
+type CNFRouteRuleList struct {
+ metav1.TypeMeta `json:",inline"`
+ metav1.ListMeta `json:"metadata,omitempty"`
+ Items []CNFRouteRule `json:"items"`
+}
+
+func init() {
+ SchemeBuilder.Register(&CNFRouteRule{}, &CNFRouteRuleList{})
+}
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
// Important: Run "make" to regenerate code after modifying this file
}
-// CNFStatusInformation defines the runtime information of a CMF
+// CNFStatusInformation defines the runtime information of a CNF
type CNFStatusInformation struct {
Name string `json:"name"`
NameSpace string `json:"namespace,omitempty"`
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
const (
InSync SdewanState = "In Sync"
- Idle = "Idle"
- Applying = "Trying to apply"
- Deleting = "Being delete"
- Unknown = "Unknown status"
+ Idle SdewanState = "Idle"
+ Applying SdewanState = "Trying to apply"
+ Deleting SdewanState = "Being delete"
+ Unknown SdewanState = "Unknown status"
)
// status subsource used for Sdewan rule CRDs
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
// Package v1alpha1 contains API Schema definitions for the batch v1alpha1 API group
// +kubebuilder:object:generate=true
// +groupName=batch.sdewan.akraino.org
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
"k8s.io/apimachinery/pkg/runtime"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
- logf "sigs.k8s.io/controller-runtime/pkg/runtime/log"
+ //logf "sigs.k8s.io/controller-runtime/pkg/log"
"sigs.k8s.io/controller-runtime/pkg/webhook"
"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
)
// log is for logging in this package.
-var label_check_log = logf.Log.WithName("label-validator")
+//var label_check_log = logf.Log.WithName("label-validator")
func SetupLabelValidateWebhookWithManager(mgr ctrl.Manager) error {
mgr.GetWebhookServer().Register(
return nil
}
-// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org
+// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org
type labelValidator struct {
Client client.Client
obj = &IpsecSite{}
case "CNFService":
obj = &CNFService{}
+ case "CNFStatus":
+ obj = &CNFStatus{}
case "SdewanApplication":
obj = &SdewanApplication{}
default:
return admission.Errored(
http.StatusBadRequest,
- errors.New(fmt.Sprintf("Kind is not supported: %v", req.Kind)))
+ fmt.Errorf("Kind is not supported: %v", req.Kind))
}
if req.Operation != "UPDATE" {
return admission.Errored(http.StatusBadRequest, errors.New("object Decode error"))
}
if old_value != new_value {
- return admission.Denied(fmt.Sprintf("Label 'sdewanPurpose' is immutable"))
+ return admission.Denied("Label 'sdewanPurpose' is immutable")
}
return admission.Allowed("")
}
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package v1alpha1
import (
// +build !ignore_autogenerated
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
// Code generated by controller-gen. DO NOT EDIT.
return nil
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFRouteRule) DeepCopyInto(out *CNFRouteRule) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+ out.Spec = in.Spec
+ in.Status.DeepCopyInto(&out.Status)
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFRouteRule.
+func (in *CNFRouteRule) DeepCopy() *CNFRouteRule {
+ if in == nil {
+ return nil
+ }
+ out := new(CNFRouteRule)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CNFRouteRule) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFRouteRuleList) DeepCopyInto(out *CNFRouteRuleList) {
+ *out = *in
+ out.TypeMeta = in.TypeMeta
+ in.ListMeta.DeepCopyInto(&out.ListMeta)
+ if in.Items != nil {
+ in, out := &in.Items, &out.Items
+ *out = make([]CNFRouteRule, len(*in))
+ for i := range *in {
+ (*in)[i].DeepCopyInto(&(*out)[i])
+ }
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFRouteRuleList.
+func (in *CNFRouteRuleList) DeepCopy() *CNFRouteRuleList {
+ if in == nil {
+ return nil
+ }
+ out := new(CNFRouteRuleList)
+ in.DeepCopyInto(out)
+ return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *CNFRouteRuleList) DeepCopyObject() runtime.Object {
+ if c := in.DeepCopy(); c != nil {
+ return c
+ }
+ return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *CNFRouteRuleSpec) DeepCopyInto(out *CNFRouteRuleSpec) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CNFRouteRuleSpec.
+func (in *CNFRouteRuleSpec) DeepCopy() *CNFRouteRuleSpec {
+ if in == nil {
+ return nil
+ }
+ out := new(CNFRouteRuleSpec)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CNFRouteSpec) DeepCopyInto(out *CNFRouteSpec) {
*out = *in
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package basehandler
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package cnfprovider
"sdewan.akraino.org/sdewan/openwrt"
"sigs.k8s.io/controller-runtime/pkg/client"
logf "sigs.k8s.io/controller-runtime/pkg/log"
+ "strings"
)
var log = logf.Log.WithName("OpenWrtProvider")
K8sClient client.Client
}
+func getDataFromSecret(r client.Client, ns string, name string, key string) []byte {
+ instance := &corev1.Secret{}
+ err := r.Get(context.Background(), client.ObjectKey{
+ Namespace: ns,
+ Name: name,
+ }, instance)
+
+ if err != nil {
+ log.Error(err, "Get Data from secret")
+ return []byte{}
+ }
+
+ return instance.Data[key]
+}
+
+func CreateOpenwrtClient(pod corev1.Pod, r client.Client) *openwrt.OpenwrtClientInfo {
+ user := "root"
+ pass := ""
+ ip := pod.Status.PodIP
+ cert := []byte{}
+ if account_secret, ok := pod.ObjectMeta.Labels["cnf-account-secret"]; ok {
+ pass = string(getDataFromSecret(r, pod.ObjectMeta.Namespace, account_secret, "password"))
+ }
+
+ if cert_secret, ok := pod.ObjectMeta.Labels["cnf-cert-secret"]; ok {
+ ip = strings.Replace(ip, ".", "-", -1) + "." + pod.ObjectMeta.Namespace + ".pod.cluster.local"
+ cert = getDataFromSecret(r, pod.ObjectMeta.Namespace, cert_secret, "ca.crt")
+ }
+
+ return &openwrt.OpenwrtClientInfo{
+ Ip: ip,
+ User: user,
+ Password: string(pass),
+ RootCA: cert,
+ }
+}
+
func NewOpenWrt(namespace string, sdewanPurpose string, k8sClient client.Client) (*OpenWrtProvider, error) {
ctx := context.Background()
deployments := &appsv1.DeploymentList{}
return false, err
}
if len(ReplicaSetList.Items) != 1 {
- return false, errors.New(fmt.Sprintf("More than one of repicaset exist with label: sdewanPurpose=%s", p.SdewanPurpose))
+ return false, fmt.Errorf("More than one of repicaset exist with label: sdewanPurpose=%s", p.SdewanPurpose)
}
podList := &corev1.PodList{}
err = p.K8sClient.List(ctx, podList, client.MatchingFields{"OwnBy": ReplicaSetList.Items[0].ObjectMeta.Name})
if pod.Status.PodIP == "" {
return false, errors.New("The target pod doesn't have an IP address")
}
- clientInfo := &openwrt.OpenwrtClientInfo{Ip: pod.Status.PodIP, User: "root", Password: ""}
+ clientInfo := CreateOpenwrtClient(pod, p.K8sClient)
runtime_instance, err := handler.GetObject(clientInfo, new_instance.GetName())
changed := false
}
cnfChanged := false
for _, pod := range podList.Items {
- clientInfo := &openwrt.OpenwrtClientInfo{Ip: pod.Status.PodIP, User: "root", Password: ""}
+ clientInfo := CreateOpenwrtClient(pod, p.K8sClient)
runtime_instance, err := handler.GetObject(clientInfo, handler.GetName(instance))
if err != nil {
err2, ok := err.(*openwrt.OpenwrtError)
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following manifests contain a self-signed issuer CR and a certificate CR.
# More document can be found at https://docs.cert-manager.io
# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for breaking changes
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
resources:
- certificate.yaml
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# This configuration is for teaching kustomize how to update name ref and var substitution
nameReference:
- kind: Issuer
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# This kustomization.yaml is not intended to be run by itself,
# since it depends on service name and namespace that are out of this kustomize package.
# It should be run by config/default
- bases/batch.sdewan.akraino.org_sdewanapplications.yaml
- bases/batch.sdewan.akraino.org_cnfstatuses.yaml
- bases/batch.sdewan.akraino.org_cnfroutes.yaml
+- bases/batch.sdewan.akraino.org_cnfrouterules.yaml
# +kubebuilder:scaffold:crdkustomizeresource
patchesStrategicMerge:
#- patches/webhook_in_sdewanapplications.yaml
#- patches/webhook_in_cnfstatuses.yaml
#- patches/webhook_in_cnfroutes.yaml
+#- patches/webhook_in_cnfrouterules.yaml
# +kubebuilder:scaffold:crdkustomizewebhookpatch
# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
#- patches/cainjection_in_sdewanapplications.yaml
#- patches/cainjection_in_cnfstatuses.yaml
#- patches/cainjection_in_cnfroutes.yaml
+#- patches/cainjection_in_cnfrouterules.yaml
# +kubebuilder:scaffold:crdkustomizecainjectionpatch
# the following config is for teaching kustomize how to do kustomization for CRDs.
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# This file is for teaching kustomize how to substitute name and namespace reference in CRD
nameReference:
- kind: Service
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+ name: cnfrouterules.batch.sdewan.akraino.org
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch adds a directive for certmanager to inject CA into the CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: cnfrouterules.batch.sdewan.akraino.org
+spec:
+ conversion:
+ strategy: Webhook
+ webhookClientConfig:
+ # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+ # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+ caBundle: Cg==
+ service:
+ namespace: system
+ name: webhook-service
+ path: /convert
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# The following patch enables conversion webhook for CRD
# CRD conversion requires k8s 1.13 or later.
apiVersion: apiextensions.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# Adds namespace to all resources.
namespace: sdewan-system
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# This patch inject a sidecar container which is a HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: apps/v1
kind: Deployment
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# This patch add annotation to admission webhook config and
# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
#apiVersion: admissionregistration.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
resources:
- manager.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: v1
kind: Namespace
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
resources:
- monitor.yaml
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: v1
kind: Service
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to edit cnfroutes.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to view cnfroutes.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+# permissions for end users to edit cnfrouterules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cnfrouterule-editor-role
+rules:
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfrouterules
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfrouterules/status
+ verbs:
+ - get
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+# permissions for end users to view cnfrouterules.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cnfrouterule-viewer-role
+rules:
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfrouterules
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - cnfrouterules/status
+ verbs:
+ - get
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to edit cnfservices.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to view cnfservices.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to edit cnfstatuses.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to view cnfstatuses.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
resources:
- role.yaml
- role_binding.yaml
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to edit sdewanapplications.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# permissions for end users to view sdewanapplications.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: CNFRoute
metadata:
name: cnfroute-sample
labels:
- sdewanPurpose: cnf1
+ sdewanPurpose: cnf3
spec:
dst: "192.167.23.0/24"
gw: "172.16.44.11"
--- /dev/null
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
+apiVersion: batch.sdewan.akraino.org/v1alpha1
+kind: CNFRouteRule
+metadata:
+ name: cnfrouterule-sample1
+ labels:
+ sdewanPurpose: cnf1
+spec:
+ # ip rule add prio ${prio} from ${src} to ${dst} lookup %{table} fwmark %{fwmark}
+ # ip rule add not prio ${prio} from ${src} to ${dst} lookup %{table} fwmark %{fwmark}
+ # src and dst can not be empty meanwhile
+ src: "192.167.24.0/24"
+ # true | false, default is false
+ not: true
+ # a priority number, can be enpty
+ prio: "888"
+ # main | default | local | number ID, can be empty
+ table: "40"
+ # from 0x0 to 0xffffffff, can be empty
+ fwmark: "0x110"
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: CNFService
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: CNFStatus
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: FirewallDNAT
namespace: default
labels:
sdewanPurpose: cnf1
-spec:
+spec:
src: firewallzone-sample
src_ip: 192.168.1.2
src_dip: 1.2.3.4
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: FirewallForwarding
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: FirewallRule
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: FirewallSNAT
namespace: default
labels:
sdewanPurpose: cnf1
-spec:
+spec:
src: firewallzone-sample
src_ip: 192.168.1.2
src_dip: 1.2.3.5
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: FirewallZone
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: FirewallZone
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: IpsecHost
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: IpsecProposal
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: IpsecSite
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: Mwan3Policy
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
---
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: Mwan3Rule
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: SdewanApplication
metadata:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
resources:
- manifests.yaml
- service.yaml
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
# the following config is for teaching kustomize where to look at when substituting vars.
# It requires kustomize v2.1.0 or newer to work properly.
nameReference:
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2021 Intel Corporation
apiVersion: v1
kind: Service
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
"context"
"encoding/json"
- "errors"
"fmt"
"github.com/go-logr/logr"
errs "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
+ "log"
"reflect"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/builder"
var enqueueRequest []reconcile.Request
cnfName := h.Meta.GetLabels()["sdewanPurpose"]
ctx := context.Background()
- r.List(ctx, crliststruct, client.MatchingLabels{"sdewanPurpose": cnfName})
+ err := r.List(ctx, crliststruct, client.MatchingLabels{"sdewanPurpose": cnfName})
+ if err != nil {
+ log.Println(err)
+ }
value := reflect.ValueOf(crliststruct)
items := reflect.Indirect(value).FieldByName("Items")
for i := 0; i < items.Len(); i++ {
deploymentList := &appsv1.DeploymentList{}
podList := &corev1.PodList{}
ctx := context.Background()
- r.List(ctx, deploymentList)
+ err := r.List(ctx, deploymentList)
+ if err != nil {
+ log.Println(err)
+ }
for _, deployment := range deploymentList.Items {
if _, ok := deployment.ObjectMeta.GetLabels()["sdewanPurpose"]; !ok {
continue
// TODO: For multi-namespace deployments with different sdewanPurpose label, a cnfName list is needed to hold them.
break
}
- r.List(ctx, podList, client.MatchingLabels{"sdewanPurpose": cnfName})
+ err = r.List(ctx, podList, client.MatchingLabels{"sdewanPurpose": cnfName})
+ if err != nil {
+ log.Println(err)
+ }
for _, pod := range podList.Items {
- clientInfo := &openwrt.OpenwrtClientInfo{Ip: pod.Status.PodIP, User: "root", Password: ""}
+ clientInfo := cnfprovider.CreateOpenwrtClient(pod, r)
openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
service := openwrt.ServiceClient{OpenwrtClient: openwrtClient}
- service.ExecuteService("firewall", "restart")
+ _, err := service.ExecuteService("firewall", "restart")
+ if err != nil {
+ log.Println(err)
+ }
}
return []reconcile.Request{}
}
return iface.Interface, nil
}
}
- return "", errors.New(fmt.Sprintf("No matched network in annotation: %s", net))
+ return "", fmt.Errorf("No matched network in annotation: %s", net)
}
// +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch
if err != nil {
log.Error(err, "Failed to add/update "+handler.GetType())
setStatus(instance, batchv1alpha1.SdewanStatus{State: batchv1alpha1.Applying, Message: err.Error()})
+ _, ok := err.(*openwrt.OpenwrtError)
err = r.Status().Update(ctx, instance)
if err != nil {
log.Error(err, "Failed to update status for "+handler.GetType())
return ctrl.Result{}, err
}
- return ctrl.Result{RequeueAfter: during}, nil
+ if ok {
+ return ctrl.Result{}, err
+ } else {
+ return ctrl.Result{RequeueAfter: during}, nil
+ }
}
finalizers := getFinalizers(instance)
if !containsString(finalizers, finalizerName) {
}
}
} else {
- // deletin CR
+ // deleting CR
if cnf == nil {
// no cnf exists
finalizers := getFinalizers(instance)
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
--- /dev/null
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+package controllers
+
+import (
+ "context"
+ "reflect"
+
+ "github.com/go-logr/logr"
+ appsv1 "k8s.io/api/apps/v1"
+ "k8s.io/apimachinery/pkg/runtime"
+ ctrl "sigs.k8s.io/controller-runtime"
+ "sigs.k8s.io/controller-runtime/pkg/client"
+ "sigs.k8s.io/controller-runtime/pkg/handler"
+ "sigs.k8s.io/controller-runtime/pkg/source"
+
+ batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1"
+ "sdewan.akraino.org/sdewan/openwrt"
+)
+
+var cnfRouteRuleHandler = new(CNFRouteRuleHandler)
+
+type CNFRouteRuleHandler struct {
+}
+
+func (m *CNFRouteRuleHandler) GetType() string {
+ return "cnfRouteRule"
+}
+
+func (m *CNFRouteRuleHandler) GetName(instance runtime.Object) string {
+ routerule := instance.(*batchv1alpha1.CNFRouteRule)
+ return routerule.Name
+}
+
+func (m *CNFRouteRuleHandler) GetFinalizer() string {
+ return "rule.finalizers.sdewan.akraino.org"
+}
+
+func (m *CNFRouteRuleHandler) GetInstance(r client.Client, ctx context.Context, req ctrl.Request) (runtime.Object, error) {
+ instance := &batchv1alpha1.CNFRouteRule{}
+ err := r.Get(ctx, req.NamespacedName, instance)
+ return instance, err
+}
+
+func (m *CNFRouteRuleHandler) Convert(instance runtime.Object, deployment appsv1.Deployment) (openwrt.IOpenWrtObject, error) {
+ routerule := instance.(*batchv1alpha1.CNFRouteRule)
+ openwrtrouterule := openwrt.SdewanRouteRule{
+ Name: routerule.Name,
+ Src: routerule.Spec.Src,
+ Dst: routerule.Spec.Dst,
+ Flag: routerule.Spec.Not,
+ Prio: routerule.Spec.Prio,
+ Fwmark: routerule.Spec.Fwmark,
+ Table: routerule.Spec.Table,
+ }
+ return &openwrtrouterule, nil
+}
+
+func (m *CNFRouteRuleHandler) IsEqual(instance1 openwrt.IOpenWrtObject, instance2 openwrt.IOpenWrtObject) bool {
+ routerule1 := instance1.(*openwrt.SdewanRouteRule)
+ routerule2 := instance2.(*openwrt.SdewanRouteRule)
+ return reflect.DeepEqual(*routerule1, *routerule2)
+}
+
+func (m *CNFRouteRuleHandler) GetObject(clientInfo *openwrt.OpenwrtClientInfo, name string) (openwrt.IOpenWrtObject, error) {
+ openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+ routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient}
+ ret, err := routerule.GetRouteRule(name)
+ return ret, err
+}
+
+func (m *CNFRouteRuleHandler) CreateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) {
+ openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+ routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient}
+ obj := instance.(*openwrt.SdewanRouteRule)
+ return routerule.CreateRouteRule(*obj)
+}
+
+func (m *CNFRouteRuleHandler) UpdateObject(clientInfo *openwrt.OpenwrtClientInfo, instance openwrt.IOpenWrtObject) (openwrt.IOpenWrtObject, error) {
+ openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+ routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient}
+ obj := instance.(*openwrt.SdewanRouteRule)
+ return routerule.UpdateRouteRule(*obj)
+}
+
+func (m *CNFRouteRuleHandler) DeleteObject(clientInfo *openwrt.OpenwrtClientInfo, name string) error {
+ openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+ routerule := openwrt.RouteRuleClient{OpenwrtClient: openwrtClient}
+ return routerule.DeleteRouteRule(name)
+}
+
+func (m *CNFRouteRuleHandler) Restart(clientInfo *openwrt.OpenwrtClientInfo) (bool, error) {
+ return true, nil
+}
+
+// CNFRouteRuleReconciler reconciles a CNFRouteRule object
+type CNFRouteRuleReconciler struct {
+ client.Client
+ Log logr.Logger
+ Scheme *runtime.Scheme
+}
+
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfrouterules,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfrouterules/status,verbs=get;update;patch
+
+func (r *CNFRouteRuleReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
+ return ProcessReconcile(r, r.Log, req, cnfRouteRuleHandler)
+}
+
+func (r *CNFRouteRuleReconciler) SetupWithManager(mgr ctrl.Manager) error {
+ return ctrl.NewControllerManagedBy(mgr).
+ For(&batchv1alpha1.CNFRouteRule{}).
+ Watches(
+ &source.Kind{Type: &appsv1.Deployment{}},
+ &handler.EnqueueRequestsFromMapFunc{
+ ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFRouteRuleList{})),
+ },
+ Filter).
+ Complete(r)
+}
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
errs "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/wait"
+
batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1"
+ "sdewan.akraino.org/sdewan/cnfprovider"
"sdewan.akraino.org/sdewan/openwrt"
"sigs.k8s.io/controller-runtime/pkg/client"
"sync"
var cnfCRName = "cnf-status"
var inQueryStatus = false
+// IStatusAction: defines the action to be executed based on CNF status
+type IStatusAction interface {
+ Execute(clientInfo *openwrt.OpenwrtClientInfo, status interface{}) error
+}
+
+// IpsecStatusAction: restart ipsec service if inactive
+type IpsecStatusAction struct {
+ client.Client
+ Log logr.Logger
+}
+
+func (r *IpsecStatusAction) Execute(clientInfo *openwrt.OpenwrtClientInfo, status interface{}) error {
+ stat := status.(map[string]interface{})
+ val, ok := stat["InitConnection"]
+ if !ok {
+ return nil
+ }
+
+ if s := val.(string); s == "fail" {
+ r.Log.Info("Restart IPSec service for " + clientInfo.Ip)
+ openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
+ service := openwrt.ServiceClient{OpenwrtClient: openwrtClient}
+ _, err := service.ExecuteService("ipsec", "restart")
+ if err != nil {
+ r.Log.Info(err.Error())
+ return err
+ }
+ }
+
+ return nil
+}
+
// SdewanCNFStatusController: query CNF status periodically
type SdewanCNFStatusController struct {
client.Client
Log logr.Logger
CheckInterval time.Duration
+ actions map[string]IStatusAction
mux sync.Mutex
}
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfstatuses,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=batch.sdewan.akraino.org,resources=cnfstatuses/status,verbs=get;update;patch
+
func (r *SdewanCNFStatusController) SetupWithManager() error {
+ r.actions = make(map[string]IStatusAction)
+ r.RegisterAction("ipsec", &IpsecStatusAction{r.Client, r.Log})
+
go wait.Until(r.SafeQuery, r.CheckInterval, wait.NeverStop)
return nil
}
+func (r *SdewanCNFStatusController) RegisterAction(module string, action IStatusAction) {
+ r.mux.Lock()
+ defer r.mux.Unlock()
+
+ r.Log.Info("Register Action: " + module)
+ if r.actions[module] == nil {
+ r.actions[module] = action
+ }
+}
+
func (r *SdewanCNFStatusController) GetInstance(ctx context.Context) (*batchv1alpha1.CNFStatus, error) {
instance := &batchv1alpha1.CNFStatus{}
err := r.Get(ctx, client.ObjectKey{
func (r *SdewanCNFStatusController) SafeQuery() {
doQuery := true
r.mux.Lock()
- if inQueryStatus == false {
+ if !inQueryStatus {
inQueryStatus = true
} else {
doQuery = false
info.IP = cnfPod.Status.PodIP
// Get CNF Status
- clientInfo := &openwrt.OpenwrtClientInfo{Ip: info.IP, User: "root", Password: ""}
+ clientInfo := cnfprovider.CreateOpenwrtClient(cnfPod, r)
openwrtClient := openwrt.GetOpenwrtClient(*clientInfo)
status_client := openwrt.StatusClient{OpenwrtClient: openwrtClient}
cnf_status, err := status_client.GetStatus()
if err != nil {
info.Status = "Not Available"
} else {
+ // ececute registered actions
+ r.mux.Lock()
+ for _, cs := range *cnf_status {
+ if r.actions[cs.Name] != nil {
+ go func() {
+ err := r.actions[cs.Name].Execute(clientInfo, cs.Status)
+ if err != nil {
+ r.Log.Info(err.Error())
+ }
+ }()
+ }
+ }
+ r.mux.Unlock()
+
p_data, _ := json.Marshal(cnf_status)
info.Status = string(p_data)
}
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
"context"
"fmt"
+ "log"
"reflect"
"github.com/go-logr/logr"
ps := instance.Spec.PodSelector.MatchLabels
ns := instance.Spec.AppNamespace
podList := &corev1.PodList{}
- r.List(ctx, podList, client.MatchingLabels(ps), client.InNamespace(ns))
+ err = r.List(ctx, podList, client.MatchingLabels(ps), client.InNamespace(ns))
+ if err != nil {
+ log.Println(err)
+ }
ips := ""
for _, item := range podList.Items {
if ips == "" {
CreateFunc: func(e event.CreateEvent) bool {
podPhase := reflect.ValueOf(e.Object).Interface().(*corev1.Pod).Status.Phase
- if podPhase == "Running" {
- return true
- }
- return false
+ return podPhase == "Running"
},
UpdateFunc: func(e event.UpdateEvent) bool {
podOldPhase := reflect.ValueOf(e.ObjectOld).Interface().(*corev1.Pod).Status.Phase
appCRList := &batchv1alpha1.SdewanApplicationList{}
cr := &batchv1alpha1.SdewanApplication{}
ctx := context.Background()
- r.List(ctx, appCRList)
+ err := r.List(ctx, appCRList)
+ if err != nil {
+ log.Println(err)
+ }
crIsFound := false
for _, appCR := range appCRList.Items {
ps := appCR.Spec.PodSelector.MatchLabels
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package controllers
import (
}
var _ = BeforeSuite(func(done Done) {
- logf.SetLogger(zap.LoggerTo(GinkgoWriter, true))
+ logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true)))
By("bootstrapping test environment")
testEnv = &envtest.Environment{
err = batchv1alpha1.AddToScheme(scheme.Scheme)
Expect(err).NotTo(HaveOccurred())
+ err = batchv1alpha1.AddToScheme(scheme.Scheme)
+ Expect(err).NotTo(HaveOccurred())
+
// +kubebuilder:scaffold:scheme
k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme})
module sdewan.akraino.org/sdewan
-go 1.14
+go 1.16
require (
github.com/go-logr/logr v0.1.0
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
\ No newline at end of file
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
-/*
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package main
import (
setupLog.Error(err, "unable to create controller", "controller", "CNFRoute")
os.Exit(1)
}
+ if err = (&controllers.CNFRouteRuleReconciler{
+ Client: mgr.GetClient(),
+ Log: ctrl.Log.WithName("controllers").WithName("CNFRouteRule"),
+ Scheme: mgr.GetScheme(),
+ }).SetupWithManager(mgr); err != nil {
+ setupLog.Error(err, "unable to create controller", "controller", "CNFRouteRule")
+ os.Exit(1)
+ }
// +kubebuilder:scaffold:builder
setupLog.Info("start CNFStatusController to query CNF status periodicly")
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+
package openwrt
import (
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package openwrt
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package openwrt
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package openwrt
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package openwrt
import (
"bytes"
+ "crypto/tls"
+ "crypto/x509"
"fmt"
"io/ioutil"
+ "log"
"net/http"
"runtime"
"strings"
Ip string
User string
Password string
+ RootCA []byte
}
type openwrtClient struct {
OpenwrtClientInfo
- token string
+ caCertPool *x509.CertPool
+ token string
}
type safeOpenwrtClient struct {
var gclients = safeOpenwrtClient{clients: make(map[string]*openwrtClient)}
func CloseClient(o *openwrtClient) {
- o.logout()
+ err := o.logout()
+ if err != nil {
+ log.Println(err)
+ }
runtime.SetFinalizer(o, nil)
}
func GetOpenwrtClient(clientInfo OpenwrtClientInfo) *openwrtClient {
- return gclients.GetClient(clientInfo.Ip, clientInfo.User, clientInfo.Password)
+ return gclients.GetClient(clientInfo.Ip, clientInfo.User, clientInfo.Password, clientInfo.RootCA)
}
// SafeOpenwrtClients
-func (s *safeOpenwrtClient) GetClient(ip string, user string, password string) *openwrtClient {
+func (s *safeOpenwrtClient) GetClient(ip string, user string, password string, rootCA []byte) *openwrtClient {
s.mux.Lock()
defer s.mux.Unlock()
key := ip + "-" + user + "-" + password
if s.clients[key] == nil {
+ caCertPool := x509.NewCertPool()
+ ok := caCertPool.AppendCertsFromPEM(rootCA)
+ if !ok {
+ log.Println("Error to create rootCA")
+ }
+
s.clients[key] = &openwrtClient{
OpenwrtClientInfo: OpenwrtClientInfo{
Ip: ip,
User: user,
Password: password,
+ RootCA: rootCA,
},
- token: "",
+ caCertPool: caCertPool,
+ token: "",
}
}
// openwrt base URL
func (o *openwrtClient) getBaseURL() string {
- return "http://" + o.Ip + "/cgi-bin/luci/"
+ return "https://" + o.Ip + "/cgi-bin/luci/"
}
// login to openwrt http server
func (o *openwrtClient) login() error {
+ if o.Password == "" {
+ return &OpenwrtError{Code: 403, Message: "Unauthorized"}
+ }
client := &http.Client{
// block redirect
CheckRedirect: func(req *http.Request, via []*http.Request) error {
return http.ErrUseLastResponse
},
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: o.caCertPool,
+ },
+ },
}
// login
}
}
- client := &http.Client{}
+ client := &http.Client{
+ Transport: &http.Transport{
+ TLSClientConfig: &tls.Config{
+ RootCAs: o.caCertPool,
+ },
+ },
+ }
+
req_body := bytes.NewBuffer([]byte(request))
req, _ := http.NewRequest(method, o.getBaseURL()+url, req_body)
req.Header.Add("Cookie", "sysauth="+o.token)
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+
package openwrt
import (
--- /dev/null
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+
+package openwrt
+
+import (
+ "encoding/json"
+)
+
+const (
+ ruleBaseURL = "sdewan/rule/v1/"
+)
+
+type RouteRuleClient struct {
+ OpenwrtClient *openwrtClient
+}
+
+// RouteRule Info
+type SdewanRouteRule struct {
+ Name string `json:"name"`
+ Src string `json:"src"`
+ Dst string `json:"dst"`
+ Flag bool `json:"flag"`
+ Prio string `json:"prio"`
+ Fwmark string `json:"fwmark"`
+ Table string `json:"table"`
+}
+
+type SdewanRouteRules struct {
+ RouteRules []SdewanRouteRule `json:"routerules"`
+}
+
+func (o *SdewanRouteRule) GetName() string {
+ return o.Name
+}
+
+// RouteRule APIs
+// get rules
+func (m *RouteRuleClient) GetRouteRules() (*SdewanRouteRules, error) {
+ response, err := m.OpenwrtClient.Get(ruleBaseURL + "rules")
+ if err != nil {
+ return nil, err
+ }
+
+ var sdewanRouteRules SdewanRouteRules
+ err2 := json.Unmarshal([]byte(response), &sdewanRouteRules)
+ if err2 != nil {
+ return nil, err2
+ }
+
+ return &sdewanRouteRules, nil
+}
+
+// get rule
+func (m *RouteRuleClient) GetRouteRule(rule_name string) (*SdewanRouteRule, error) {
+ response, err := m.OpenwrtClient.Get(ruleBaseURL + "rules/" + rule_name)
+ if err != nil {
+ return nil, err
+ }
+
+ var sdewanRouteRule SdewanRouteRule
+ err2 := json.Unmarshal([]byte(response), &sdewanRouteRule)
+ if err2 != nil {
+ return nil, err2
+ }
+
+ return &sdewanRouteRule, nil
+}
+
+// create rule
+func (m *RouteRuleClient) CreateRouteRule(rule SdewanRouteRule) (*SdewanRouteRule, error) {
+ rule_obj, _ := json.Marshal(rule)
+ response, err := m.OpenwrtClient.Post(ruleBaseURL+"rules/", string(rule_obj))
+ if err != nil {
+ return nil, err
+ }
+
+ var sdewanRouteRule SdewanRouteRule
+ err2 := json.Unmarshal([]byte(response), &sdewanRouteRule)
+ if err2 != nil {
+ return nil, err2
+ }
+
+ return &sdewanRouteRule, nil
+}
+
+// delete rule
+func (m *RouteRuleClient) DeleteRouteRule(rule_name string) error {
+ _, err := m.OpenwrtClient.Delete(ruleBaseURL + "rules/" + rule_name)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// update rule
+func (m *RouteRuleClient) UpdateRouteRule(rule SdewanRouteRule) (*SdewanRouteRule, error) {
+ rule_obj, _ := json.Marshal(rule)
+ rule_name := rule.Name
+ response, err := m.OpenwrtClient.Put(ruleBaseURL+"rules/"+rule_name, string(rule_obj))
+ if err != nil {
+ return nil, err
+ }
+
+ var sdewanRouteRule SdewanRouteRule
+ err2 := json.Unmarshal([]byte(response), &sdewanRouteRule)
+ if err2 != nil {
+ return nil, err2
+ }
+
+ return &sdewanRouteRule, nil
+}
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package openwrt
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+
package openwrt
import (
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
+
package openwrt
import (
-/*
- * Copyright 2020 Intel Corporation, Inc
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
+// SPDX-License-Identifier: Apache-2.0
+// Copyright (c) 2021 Intel Corporation
package openwrt
Code Review / icn / sdwan.git / commitdiff