placeholder for src/dest IP's + validation
This commit is contained in:
Ali Egal
Родитель
404eb16aac
Коммит
f34a463dc7
|
|
@ -253,9 +253,22 @@ func (networkContainerRequestPolicy *NetworkContainerRequestPolicies) Validate()
|
|||
if err := json.Unmarshal(networkContainerRequestPolicy.Settings, &requestedAclPolicy); err != nil {
|
||||
return fmt.Errorf("ACL policy failed to pass validation with error: %+v ", err)
|
||||
}
|
||||
//Deny request if ACL Action is empty
|
||||
if len(strings.TrimSpace(string(requestedAclPolicy.Action))) == 0 {
|
||||
return fmt.Errorf("Action field cannot be empty in ACL Policy")
|
||||
}
|
||||
//Deny request if ACL Action is not Allow or Deny
|
||||
if !strings.EqualFold(requestedAclPolicy.Action, "Allow") && !strings.EqualFold(requestedAclPolicy.Action, "Deny") {
|
||||
return fmt.Errorf("Only Allow or Deny is supported in Action field")
|
||||
}
|
||||
//Deny request if ACL Direction is empty
|
||||
if len(strings.TrimSpace(string(requestedAclPolicy.Direction))) == 0 {
|
||||
return fmt.Errorf("Direction field cannot be empty in ACL Policy")
|
||||
}
|
||||
//Deny request if ACL direction is not In or Out
|
||||
if !strings.EqualFold(requestedAclPolicy.Direction, "In") && !strings.EqualFold(requestedAclPolicy.Direction, "Out") {
|
||||
return fmt.Errorf("Only Allow or Deny is supported in Action field")
|
||||
}
|
||||
if requestedAclPolicy.Priority == 0 {
|
||||
return fmt.Errorf("Priority field cannot be empty in ACL Policy")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -445,6 +445,14 @@ func configureAclSettingHostNCApipaEndpoint(
|
|||
if err = json.Unmarshal(requestedPolicy.Settings, &requestedAclPolicy); err != nil {
|
||||
return nil, fmt.Errorf("Failed to Unmarshal requested ACL policy: %+v with error: %S", requestedPolicy.Settings, err)
|
||||
}
|
||||
//Using {NetworkContainerIP} as a placeholder to signal using Network Container IP
|
||||
if strings.EqualFold(requestedAclPolicy.LocalAddresses, "{NetworkContainerIP}") {
|
||||
requestedAclPolicy.LocalAddresses = networkContainerApipaIP
|
||||
}
|
||||
//Using {HostApipaIP} as a placeholder to signal using Host Apipa IP
|
||||
if strings.EqualFold(requestedAclPolicy.RemoteAddresses, "{HostApipaIP}") {
|
||||
requestedAclPolicy.RemoteAddresses = hostApipaIP
|
||||
}
|
||||
logger.Printf("ACL Policy requested in NcGoalState %+v", requestedAclPolicy)
|
||||
if err = addAclToEndpointPolicy(requestedAclPolicy, &endpointPolicies); err != nil {
|
||||
return nil, err
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче