replace acl/address_set function call with ovnClient (#2648)

kubeovn · May 5, 2023 · f6414ce · f6414ce
1 parent c77f368
commit f6414ce
Show file tree

Hide file tree

Showing 15 changed files with 1,341 additions and 1,369 deletions.
diff --git a/mocks/pkg/ovs/interface.go b/mocks/pkg/ovs/interface.go
diff --git a/pkg/controller/init.go b/pkg/controller/init.go
@@ -773,8 +773,8 @@ func (c *Controller) migrateNodeRoute(af int, node, ip, nexthop string) error {
 		return err
 	}
 
-	if err := c.ovnLegacyClient.DeleteAddressSet(asName); err != nil {
-		klog.Errorf("failed to delete obsolete address set %s for node %s: %v", asName, node, err)
+	if err := c.ovnClient.DeleteAddressSet(asName); err != nil {
+		klog.Errorf("delete obsolete address set %s for node %s: %v", asName, node, err)
 		return err
 	}
 

diff --git a/pkg/controller/network_policy.go b/pkg/controller/network_policy.go
diff --git a/pkg/controller/node.go b/pkg/controller/node.go
@@ -498,11 +498,11 @@ func (c *Controller) handleDeleteNode(key string) error {
 			return err
 		}
 	}
-	if err := c.ovnLegacyClient.DeleteAddressSet(nodeUnderlayAddressSetName(key, 4)); err != nil {
+	if err := c.ovnClient.DeleteAddressSet(nodeUnderlayAddressSetName(key, 4)); err != nil {
 		klog.Errorf("failed to delete address set for node %s: %v", key, err)
 		return err
 	}
-	if err := c.ovnLegacyClient.DeleteAddressSet(nodeUnderlayAddressSetName(key, 6)); err != nil {
+	if err := c.ovnClient.DeleteAddressSet(nodeUnderlayAddressSetName(key, 6)); err != nil {
 		klog.Errorf("failed to delete address set for node %s: %v", key, err)
 		return err
 	}
@@ -989,12 +989,13 @@ func (c *Controller) checkAndUpdateNodePortGroup() error {
 		}
 
 		if networkPolicyExists {
-			if err := c.ovnLegacyClient.CreateACLForNodePg(pgName, nodeIP, joinIP); err != nil {
-				klog.Errorf("failed to create node acl for node pg %v, %v", pgName, err)
+			if err := c.ovnClient.CreateNodeAcl(pgName, nodeIP, joinIP); err != nil {
+				klog.Errorf("create node acl for node pg %s: %v", pgName, err)
 			}
 		} else {
-			if err := c.ovnLegacyClient.DeleteAclForNodePg(pgName); err != nil {
-				klog.Errorf("failed to delete node acl for node pg %v, %v", pgName, err)
+			// clear all acl
+			if err = c.ovnClient.DeleteAcls(pgName, portGroupKey, "", nil); err != nil {
+				klog.Errorf("delete node acl for node pg %s: %v", pgName, err)
 			}
 		}
 	}

diff --git a/pkg/controller/security_group.go b/pkg/controller/security_group.go
@@ -176,7 +176,8 @@ func (c *Controller) initDenyAllSecurityGroup() error {
 		return err
 	}
 
-	if err := c.ovnLegacyClient.CreateSgDenyAllACL(); err != nil {
+	if err := c.ovnClient.CreateSgDenyAllAcl(util.DenyAllSecurityGroup); err != nil {
+		klog.Errorf("create deny all acl for sg %s: %v", util.DenyAllSecurityGroup, err)
 		return err
 	}
 
@@ -259,8 +260,20 @@ func (c *Controller) handleAddOrUpdateSg(key string) error {
 		return err
 	}
 
-	if err = c.ovnLegacyClient.CreateSgAssociatedAddressSet(sg.Name); err != nil {
-		return fmt.Errorf("failed to create sg associated address_set %s, %v", key, err.Error())
+	v4AsName := ovs.GetSgV4AssociatedName(sg.Name)
+	v6AsName := ovs.GetSgV6AssociatedName(sg.Name)
+	externalIDs := map[string]string{
+		sgKey: sg.Name,
+	}
+
+	if err = c.ovnClient.CreateAddressSet(v4AsName, externalIDs); err != nil {
+		klog.Errorf("create address set %s for sg %s: %v", v4AsName, key, err)
+		return err
+	}
+
+	if err = c.ovnClient.CreateAddressSet(v6AsName, externalIDs); err != nil {
+		klog.Errorf("create address set %s for sg %s: %v", v6AsName, key, err)
+		return err
 	}
 
 	ingressNeedUpdate := false
@@ -287,27 +300,30 @@ func (c *Controller) handleAddOrUpdateSg(key string) error {
 
 	// update sg rule
 	if ingressNeedUpdate {
-		if err = c.ovnLegacyClient.UpdateSgACL(sg, ovs.SgAclIngressDirection); err != nil {
+		if err = c.ovnClient.UpdateSgAcl(sg, ovnnb.ACLDirectionToLport); err != nil {
 			sg.Status.IngressLastSyncSuccess = false
 			c.patchSgStatus(sg)
 			return err
 		}
-		if err := c.ovnLegacyClient.CreateSgBaseIngressACL(sg.Name); err != nil {
+
+		if err := c.ovnClient.CreateSgBaseACL(sg.Name, ovnnb.ACLDirectionToLport); err != nil {
 			return err
 		}
 		sg.Status.IngressMd5 = newIngressMd5
 		sg.Status.IngressLastSyncSuccess = true
 		c.patchSgStatus(sg)
 	}
 	if egressNeedUpdate {
-		if err = c.ovnLegacyClient.UpdateSgACL(sg, ovs.SgAclEgressDirection); err != nil {
-			sg.Status.EgressLastSyncSuccess = false
+		if err = c.ovnClient.UpdateSgAcl(sg, ovnnb.ACLDirectionFromLport); err != nil {
+			sg.Status.IngressLastSyncSuccess = false
 			c.patchSgStatus(sg)
 			return err
 		}
-		if err := c.ovnLegacyClient.CreateSgBaseEgressACL(sg.Name); err != nil {
+
+		if err := c.ovnClient.CreateSgBaseACL(sg.Name, ovnnb.ACLDirectionFromLport); err != nil {
 			return err
 		}
+
 		sg.Status.EgressMd5 = newEgressMd5
 		sg.Status.EgressLastSyncSuccess = true
 		c.patchSgStatus(sg)
@@ -433,15 +449,18 @@ func (c *Controller) syncSgLogicalPort(key string) error {
 		return err
 	}
 
-	if err = c.ovnLegacyClient.SetAddressesToAddressSet(v4s, ovs.GetSgV4AssociatedName(key)); err != nil {
-		klog.Errorf("failed to set address_set, %v", err)
+	v4AsName := ovs.GetSgV4AssociatedName(key)
+	if err := c.ovnClient.AddressSetUpdateAddress(v4AsName, v4s...); err != nil {
+		klog.Errorf("set ips to address set %s: %v", v4AsName, err)
 		return err
 	}
 
-	if err = c.ovnLegacyClient.SetAddressesToAddressSet(v6s, ovs.GetSgV6AssociatedName(key)); err != nil {
-		klog.Errorf("failed to set address_set, %v", err)
+	v6AsName := ovs.GetSgV6AssociatedName(key)
+	if err := c.ovnClient.AddressSetUpdateAddress(v6AsName, v6s...); err != nil {
+		klog.Errorf("set ips to address set %s: %v", v6AsName, err)
 		return err
 	}
+
 	c.addOrUpdateSgQueue.Add(util.DenyAllSecurityGroup)
 	return nil
 }

diff --git a/pkg/controller/subnet.go b/pkg/controller/subnet.go
@@ -749,25 +749,28 @@ func (c *Controller) handleAddOrUpdateSubnet(key string) error {
 	}
 
 	if subnet.Spec.Private {
-		if err := c.ovnLegacyClient.SetPrivateLogicalSwitch(subnet.Name, subnet.Spec.CIDRBlock, subnet.Spec.AllowSubnets); err != nil {
+		if err := c.ovnClient.SetLogicalSwitchPrivate(subnet.Name, subnet.Spec.CIDRBlock, subnet.Spec.AllowSubnets); err != nil {
 			c.patchSubnetStatus(subnet, "SetPrivateLogicalSwitchFailed", err.Error())
 			return err
 		}
+
 		c.patchSubnetStatus(subnet, "SetPrivateLogicalSwitchSuccess", "")
 	} else {
-		if err := c.ovnLegacyClient.ResetLogicalSwitchAcl(subnet.Name); err != nil {
+		// clear acl when direction is ""
+		if err = c.ovnClient.DeleteAcls(subnet.Name, logicalSwitchKey, "", nil); err != nil {
 			c.patchSubnetStatus(subnet, "ResetLogicalSwitchAclFailed", err.Error())
 			return err
 		}
+
 		c.patchSubnetStatus(subnet, "ResetLogicalSwitchAclSuccess", "")
 	}
 
-	if err := c.ovnLegacyClient.CreateGatewayACL(subnet.Name, "", subnet.Spec.Gateway, subnet.Spec.CIDRBlock); err != nil {
+	if err := c.ovnClient.CreateGatewayAcl(subnet.Name, "", subnet.Spec.Gateway); err != nil {
 		klog.Errorf("create gateway acl %s failed, %v", subnet.Name, err)
 		return err
 	}
 
-	if err := c.ovnLegacyClient.UpdateSubnetACL(subnet.Name, subnet.Spec.Acls); err != nil {
+	if err := c.ovnClient.UpdateLogicalSwitchAcl(subnet.Name, subnet.Spec.Acls); err != nil {
 		c.patchSubnetStatus(subnet, "SetLogicalSwitchAclsFailed", err.Error())
 		return err
 	}
@@ -820,8 +823,9 @@ func (c *Controller) handleDeleteLogicalSwitch(key string) (err error) {
 		return nil
 	}
 
-	if err = c.ovnLegacyClient.CleanLogicalSwitchAcl(key); err != nil {
-		klog.Errorf("failed to delete acl of logical switch %s %v", key, err)
+	// clear acl when direction is ""
+	if err = c.ovnClient.DeleteAcls(key, logicalSwitchKey, "", nil); err != nil {
+		klog.Errorf("clear logical switch %s acls: %v", key, err)
 		return err
 	}
 
@@ -2389,26 +2393,27 @@ func (c *Controller) addPolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet) err
 
 	u2oExcludeIp4Ag := strings.Replace(fmt.Sprintf(util.U2OExcludeIPAg, subnet.Name, "ip4"), "-", ".", -1)
 	u2oExcludeIp6Ag := strings.Replace(fmt.Sprintf(util.U2OExcludeIPAg, subnet.Name, "ip6"), "-", ".", -1)
-	if err := c.ovnLegacyClient.CreateAddressSet(u2oExcludeIp4Ag); err != nil {
-		klog.Errorf("failed to create address set %s %v", u2oExcludeIp4Ag, err)
+
+	if err := c.ovnClient.CreateAddressSet(u2oExcludeIp4Ag, externalIDs); err != nil {
+		klog.Errorf("create address set %s: %v", u2oExcludeIp4Ag, err)
 		return err
 	}
 
-	if err := c.ovnLegacyClient.CreateAddressSet(u2oExcludeIp6Ag); err != nil {
-		klog.Errorf("failed to create address set %s %v", u2oExcludeIp6Ag, err)
+	if err := c.ovnClient.CreateAddressSet(u2oExcludeIp6Ag, externalIDs); err != nil {
+		klog.Errorf("create address set %s: %v", u2oExcludeIp6Ag, err)
 		return err
 	}
 
 	if len(nodesIPv4) > 0 {
-		if err := c.ovnLegacyClient.SetAddressesToAddressSet(nodesIPv4, u2oExcludeIp4Ag); err != nil {
-			klog.Errorf("failed to set v4 address set %s with address %v err %v", u2oExcludeIp4Ag, nodesIPv4, err)
+		if err := c.ovnClient.AddressSetUpdateAddress(u2oExcludeIp4Ag, nodesIPv4...); err != nil {
+			klog.Errorf("set v4 address set %s with address %v: %v", u2oExcludeIp4Ag, nodesIPv4, err)
 			return err
 		}
 	}
 
 	if len(nodesIPv6) > 0 {
-		if err := c.ovnLegacyClient.SetAddressesToAddressSet(nodesIPv6, u2oExcludeIp6Ag); err != nil {
-			klog.Errorf("failed to set v6 address set %s with address %v err %v", u2oExcludeIp6Ag, nodesIPv6, err)
+		if err := c.ovnClient.AddressSetUpdateAddress(u2oExcludeIp6Ag, nodesIPv6...); err != nil {
+			klog.Errorf("set v6 address set %s with address %v: %v", u2oExcludeIp6Ag, nodesIPv6, err)
 			return err
 		}
 	}
@@ -2491,13 +2496,13 @@ func (c *Controller) deletePolicyRouteForU2OInterconn(subnet *kubeovnv1.Subnet)
 	u2oExcludeIp4Ag := strings.Replace(fmt.Sprintf(util.U2OExcludeIPAg, subnet.Name, "ip4"), "-", ".", -1)
 	u2oExcludeIp6Ag := strings.Replace(fmt.Sprintf(util.U2OExcludeIPAg, subnet.Name, "ip6"), "-", ".", -1)
 
-	if err := c.ovnLegacyClient.DeleteAddressSet(u2oExcludeIp4Ag); err != nil {
-		klog.Errorf("failed to delete address set %s %v", u2oExcludeIp4Ag, err)
+	if err := c.ovnClient.DeleteAddressSet(u2oExcludeIp4Ag); err != nil {
+		klog.Errorf("delete address set %s: %v", u2oExcludeIp4Ag, err)
 		return err
 	}
 
-	if err := c.ovnLegacyClient.DeleteAddressSet(u2oExcludeIp6Ag); err != nil {
-		klog.Errorf("failed to delete address set %s %v", u2oExcludeIp6Ag, err)
+	if err := c.ovnClient.DeleteAddressSet(u2oExcludeIp6Ag); err != nil {
+		klog.Errorf("delete address set %s: %v", u2oExcludeIp6Ag, err)
 		return err
 	}
 

diff --git a/pkg/ovs/interface.go b/pkg/ovs/interface.go
@@ -7,6 +7,7 @@ import (
 
 	kubeovnv1 "github.com/kubeovn/kube-ovn/pkg/apis/kubeovn/v1"
 	"github.com/kubeovn/kube-ovn/pkg/ovsdb/ovnnb"
+	"github.com/kubeovn/kube-ovn/pkg/util"
 )
 
 type NbGlobal interface {
@@ -58,7 +59,6 @@ type LogicalSwitchPort interface {
 	SetLogicalSwitchPortExternalIds(lspName string, externalIds map[string]string) error
 	SetLogicalSwitchPortVlanTag(lspName string, vlanID int) error
 	SetLogicalSwitchPortsSecurityGroup(sgName string, op string) error
-	UpdateLogicalSwitchAcl(lsName string, subnetAcls []kubeovnv1.Acl) error
 	EnablePortLayer2forward(lspName string) error
 	DeleteLogicalSwitchPort(lspName string) error
 	ListLogicalSwitchPorts(needVendorFilter bool, externalIDs map[string]string, filter func(lsp *ovnnb.LogicalSwitchPort) bool) ([]ovnnb.LogicalSwitchPort, error)
@@ -91,15 +91,18 @@ type PortGroup interface {
 }
 
 type ACL interface {
-	CreateIngressAcl(pgName, asIngressName, asExceptName, protocol string, npp []netv1.NetworkPolicyPort) error
-	CreateEgressAcl(pgName, asEgressName, asExceptName, protocol string, npp []netv1.NetworkPolicyPort) error
-	CreateGatewayAcl(pgName, gateway string) error
-	CreateNodeAcl(pgName, nodeIp string) error
+	UpdateIngressAclOps(pgName, asIngressName, asExceptName, protocol string, npp []netv1.NetworkPolicyPort, logEnable bool, namedPortMap map[string]*util.NamedPortInfo) ([]ovsdb.Operation, error)
+	UpdateEgressAclOps(pgName, asEgressName, asExceptName, protocol string, npp []netv1.NetworkPolicyPort, logEnable bool, namedPortMap map[string]*util.NamedPortInfo) ([]ovsdb.Operation, error)
+	CreateGatewayAcl(lsName, pgName, gateway string) error
+	CreateNodeAcl(pgName, nodeIpStr, joinIpStr string) error
 	CreateSgDenyAllAcl(sgName string) error
+	CreateSgBaseACL(sgName string, direction string) error
 	UpdateSgAcl(sg *kubeovnv1.SecurityGroup, direction string) error
-	SetAclLog(pgName string, logEnable, isIngress bool) error
+	UpdateLogicalSwitchAcl(lsName string, subnetAcls []kubeovnv1.Acl) error
+	SetAclLog(pgName, protocol string, logEnable, isIngress bool) error
 	SetLogicalSwitchPrivate(lsName, cidrBlock string, allowSubnets []string) error
-	DeleteAcls(parentName, parentType string, direction string) error
+	DeleteAcls(parentName, parentType string, direction string, externalIDs map[string]string) error
+	DeleteAclsOps(parentName, parentType string, direction string, externalIDs map[string]string) ([]ovsdb.Operation, error)
 }
 
 type AddressSet interface {
@@ -165,4 +168,5 @@ type OvnClient interface {
 	DeleteLogicalGatewaySwitch(lsName, lrName string) error
 	DeleteSecurityGroup(sgName string) error
 	GetEntityInfo(entity interface{}) error
+	Transact(method string, operations []ovsdb.Operation) error
 }