go.ligato.io/vpp-agent/v3@v3.5.0/examples/kvscheduler/acl/main.go

go.ligato.io/vpp-agent/v3@v3.5.0/examples/kvscheduler/acl/main.go (about)

     1  //  Copyright (c) 2018 Cisco and/or its affiliates.
     2  //
     3  //  Licensed under the Apache License, Version 2.0 (the "License");
     4  //  you may not use this file except in compliance with the License.
     5  //  You may obtain a copy of the License at:
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  //  Unless required by applicable law or agreed to in writing, software
    10  //  distributed under the License is distributed on an "AS IS" BASIS,
    11  //  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  //  See the License for the specific language governing permissions and
    13  //  limitations under the License.
    14  
    15  package main
    16  
    17  import (
    18  	"fmt"
    19  	"log"
    20  	"time"
    21  
    22  	"go.ligato.io/cn-infra/v2/agent"
    23  
    24  	"go.ligato.io/vpp-agent/v3/clientv2/vpp/localclient"
    25  	"go.ligato.io/vpp-agent/v3/plugins/orchestrator"
    26  	vpp_aclplugin "go.ligato.io/vpp-agent/v3/plugins/vpp/aclplugin"
    27  	vpp_ifplugin "go.ligato.io/vpp-agent/v3/plugins/vpp/ifplugin"
    28  	acl "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/acl"
    29  	interfaces "go.ligato.io/vpp-agent/v3/proto/ligato/vpp/interfaces"
    30  )
    31  
    32  /*
    33  	This example demonstrates KVScheduler-based ACLPlugin.
    34  */
    35  
    36  func main() {
    37  	ep := &ExamplePlugin{
    38  		Orchestrator: &orchestrator.DefaultPlugin,
    39  		VPPIfPlugin:  &vpp_ifplugin.DefaultPlugin,
    40  		VPPACLPlugin: &vpp_aclplugin.DefaultPlugin,
    41  	}
    42  
    43  	a := agent.NewAgent(
    44  		agent.AllPlugins(ep),
    45  	)
    46  	if err := a.Run(); err != nil {
    47  		log.Fatal(err)
    48  	}
    49  }
    50  
    51  // ExamplePlugin is the main plugin which
    52  // handles resync and changes in this example.
    53  type ExamplePlugin struct {
    54  	VPPIfPlugin  *vpp_ifplugin.IfPlugin
    55  	VPPACLPlugin *vpp_aclplugin.ACLPlugin
    56  	Orchestrator *orchestrator.Plugin
    57  }
    58  
    59  // String returns plugin name
    60  func (p *ExamplePlugin) String() string {
    61  	return "acl-example"
    62  }
    63  
    64  // Init handles initialization phase.
    65  func (p *ExamplePlugin) Init() error {
    66  	return nil
    67  }
    68  
    69  // AfterInit handles phase after initialization.
    70  func (p *ExamplePlugin) AfterInit() error {
    71  	go testLocalClientWithScheduler()
    72  	return nil
    73  }
    74  
    75  // Close cleans up the resources.
    76  func (p *ExamplePlugin) Close() error {
    77  	return nil
    78  }
    79  
    80  func testLocalClientWithScheduler() {
    81  	// initial resync
    82  	time.Sleep(time.Second * 2)
    83  	fmt.Println("=== RESYNC ===")
    84  
    85  	txn := localclient.DataResyncRequest("example")
    86  	err := txn.
    87  		Interface(memif0).
    88  		ACL(acl0).
    89  		ACL(acl1).
    90  		ACL(acl3).
    91  		Send().ReceiveReply()
    92  	if err != nil {
    93  		fmt.Println(err)
    94  		return
    95  	}
    96  
    97  	// data change
    98  	time.Sleep(time.Second * 10)
    99  	fmt.Println("=== CHANGE ===")
   100  
   101  	acl1.Interfaces = nil
   102  	acl0.Interfaces.Egress = nil
   103  	acl3.Rules[0].IpRule.Ip.SourceNetwork = "0.0.0.0/0" // this is actually equivalent to unspecified field
   104  
   105  	txn2 := localclient.DataChangeRequest("example")
   106  	err = txn2.Put().
   107  		ACL(acl0).
   108  		ACL(acl1).
   109  		ACL(acl3).
   110  		Send().ReceiveReply()
   111  	if err != nil {
   112  		fmt.Println(err)
   113  		return
   114  	}
   115  }
   116  
   117  var (
   118  	memif0 = &interfaces.Interface{
   119  		Name:    "memif0",
   120  		Enabled: true,
   121  		Type:    interfaces.Interface_MEMIF,
   122  		Link: &interfaces.Interface_Memif{
   123  			Memif: &interfaces.MemifLink{
   124  				Id:             1,
   125  				Master:         true,
   126  				Secret:         "secret",
   127  				SocketFilename: "/tmp/memif1.sock",
   128  			},
   129  		},
   130  	}
   131  	acl0 = &acl.ACL{
   132  		Name: "acl0",
   133  		Rules: []*acl.ACL_Rule{
   134  			{
   135  				Action: acl.ACL_Rule_PERMIT,
   136  				IpRule: &acl.ACL_Rule_IpRule{
   137  					Ip: &acl.ACL_Rule_IpRule_Ip{
   138  						SourceNetwork:      "10.0.0.0/24",
   139  						DestinationNetwork: "20.0.0.0/24",
   140  					},
   141  				},
   142  			},
   143  		},
   144  		Interfaces: &acl.ACL_Interfaces{
   145  			Ingress: []string{"memif0"},
   146  			Egress:  []string{"memif0"},
   147  		},
   148  	}
   149  	acl1 = &acl.ACL{
   150  		Name: "acl1",
   151  		Rules: []*acl.ACL_Rule{
   152  			{
   153  				Action: acl.ACL_Rule_PERMIT,
   154  				MacipRule: &acl.ACL_Rule_MacIpRule{
   155  					SourceAddress:        "192.168.0.1",
   156  					SourceAddressPrefix:  16,
   157  					SourceMacAddress:     "b2:74:8c:12:67:d2",
   158  					SourceMacAddressMask: "ff:ff:ff:ff:00:00",
   159  				},
   160  			},
   161  		},
   162  		Interfaces: &acl.ACL_Interfaces{
   163  			Ingress: []string{"memif0"},
   164  		},
   165  	}
   166  	acl3 = &acl.ACL{
   167  		Name: "acl3",
   168  		Rules: []*acl.ACL_Rule{
   169  			{
   170  				Action: acl.ACL_Rule_DENY,
   171  				IpRule: &acl.ACL_Rule_IpRule{
   172  					Ip: &acl.ACL_Rule_IpRule_Ip{
   173  						// SourceNetwork is unspecified (ANY)
   174  						DestinationNetwork: "30.0.0.0/8",
   175  					},
   176  				},
   177  			},
   178  		},
   179  		Interfaces: &acl.ACL_Interfaces{
   180  			Egress: []string{"memif0"},
   181  		},
   182  	}
   183  )