-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlib.go
130 lines (101 loc) · 3.65 KB
/
lib.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package lib
import (
"encoding/json"
"fmt"
"lib/rules"
"code.cloudfoundry.org/garden"
"github.com/containernetworking/cni/pkg/types"
"github.com/containernetworking/cni/pkg/version"
)
type RuntimeConfig struct {
PortMappings []garden.NetIn `json:"portMappings"`
NetOutRules []garden.NetOutRule `json:"netOutRules"`
}
type WrapperConfig struct {
Datastore string `json:"datastore"`
IPTablesLockFile string `json:"iptables_lock_file"`
Delegate map[string]interface{} `json:"delegate"`
InstanceAddress string `json:"instance_address"`
DNSServers []string `json:"dns_servers"`
IPTablesASGLogging bool `json:"iptables_asg_logging"`
IPTablesC2CLogging bool `json:"iptables_c2c_logging"`
IPTablesDeniedLogsPerSec int `json:"iptables_denied_logs_per_sec" validate:"min=1"`
IPTablesAcceptedUDPLogsPerSec int `json:"iptables_accepted_udp_logs_per_sec" validate:"min=1"`
IngressTag string `json:"ingress_tag"`
VTEPName string `json:"vtep_name"`
RuntimeConfig RuntimeConfig `json:"runtimeConfig,omitempty"`
}
func LoadWrapperConfig(bytes []byte) (*WrapperConfig, error) {
n := &WrapperConfig{}
if err := json.Unmarshal(bytes, n); err != nil {
return nil, fmt.Errorf("loading wrapper config: %v", err)
}
if n.Datastore == "" {
return nil, fmt.Errorf("missing datastore path")
}
if n.IPTablesLockFile == "" {
return nil, fmt.Errorf("missing iptables lock file path")
}
if n.InstanceAddress == "" {
return nil, fmt.Errorf("missing instance address")
}
if n.IngressTag == "" {
return nil, fmt.Errorf("missing ingress tag")
}
if n.VTEPName == "" {
return nil, fmt.Errorf("missing vtep device name")
}
if n.IPTablesDeniedLogsPerSec <= 0 {
return nil, fmt.Errorf("invalid denied logs per sec")
}
if n.IPTablesAcceptedUDPLogsPerSec <= 0 {
return nil, fmt.Errorf("invalid accepted udp logs per sec")
}
if _, ok := n.Delegate["cniVersion"]; !ok {
n.Delegate["cniVersion"] = version.Current()
}
return n, nil
}
type PluginController struct {
Delegator Delegator
IPTables rules.IPTablesAdapter
}
func getDelegateParams(netconf map[string]interface{}) (string, []byte, error) {
netconfBytes, err := json.Marshal(netconf)
if err != nil {
return "", nil, fmt.Errorf("serializing delegate netconf: %v", err)
}
delegateType, ok := (netconf["type"]).(string)
if !ok {
return "", nil, fmt.Errorf("delegate config is missing type")
}
return delegateType, netconfBytes, nil
}
func (c *PluginController) DelegateAdd(netconf map[string]interface{}) (types.Result, error) {
delegateType, netconfBytes, err := getDelegateParams(netconf)
if err != nil {
return nil, err
}
return c.Delegator.DelegateAdd(delegateType, netconfBytes)
}
func (c *PluginController) DelegateDel(netconf map[string]interface{}) error {
delegateType, netconfBytes, err := getDelegateParams(netconf)
if err != nil {
return err
}
return c.Delegator.DelegateDel(delegateType, netconfBytes)
}
func (c *PluginController) AddIPMasq(ip, deviceName string) error {
rule := rules.NewDefaultEgressRule(ip, deviceName)
if err := c.IPTables.BulkAppend("nat", "POSTROUTING", rule); err != nil {
return err
}
return nil
}
func (c *PluginController) DelIPMasq(ip, deviceName string) error {
rule := rules.NewDefaultEgressRule(ip, deviceName)
if err := c.IPTables.Delete("nat", "POSTROUTING", rule); err != nil {
return err
}
return nil
}