api/server: fix non-compilable rule

"( )" rule does not seem to compile with NPF, this commit avoid having empty rules like this. closes outscale#83 Signed-off-by: Jerome Jutteau <jerome.jutteau@outscale.com>
jerome-jutteau · Jul 13, 2016 · 43786b4 · 43786b4
1 parent 857f715
commit 43786b4
Showing 1 changed file with 20 additions and 4 deletions.
diff --git a/api/server/graph.cc b/api/server/graph.cc
@@ -608,9 +608,17 @@ std::string Graph::fw_build_rule(const app::Rule &rule) {
 std::string Graph::fw_build_sg(const app::Sg &sg) {
     std::string r;
     for (auto it = sg.rules.begin(); it != sg.rules.end();) {
-        r += "(" + fw_build_rule(it->second) + ")";
+        auto fw_rule = fw_build_rule(it->second);
+        if (fw_rule.length() == 0)
+            continue;
+        r += "(" + fw_rule + ")";
         if (++it != sg.rules.end())
-            r += " || ";
+            r += "||";
+    }
+    // Special case when last rule is empty
+    if (r.back() == '|') {
+        r.pop_back();
+        r.pop_back();
     }
     return r;
 }
@@ -639,9 +647,17 @@ void Graph::fw_update(const app::Nic &nic) {
             it++;
             continue;
         }
-        in_rules += "( " + fw_build_sg(sit->second) + " )";
+        auto sg_rules = fw_build_sg(sit->second);
+        if (sg_rules.length() == 0)
+            continue;
+        in_rules += "(" + fw_build_sg(sit->second) + ")";
         if (++it != nic.security_groups.end())
-            in_rules += " || ";
+            in_rules += "||";
+        // Special case when last rule is empty
+        if (in_rules.back() == '|') {
+            in_rules.pop_back();
+            in_rules.pop_back();
+        }
     }
 
     // Set rules for the outgoing traffic: allow NIC's IPs