ovn-nbctl.c: Add an optional way to delete router policy by uuid

We can delete router policy by specify lr and more parameters. If CMS want to delete it exactly, it must specify detailed "match" field. It's not an easy way, also maybe deleted by mistake. This change adds a way to specify lr and uuid, which is optional. You can still use the previous method to delete. usage: ovn-nbctl lr-policy-del lr0 [UUID0] Author: Tao YunXiang <taoyunxiang@cmss.chinamobile.com> Co-authored-by: Liu Chang <liuchang@cmss.chinamobile.com> Co-authored-by: Rong Yin <rongyin@cmss.chinamobile.com> Signed-off-by: Tao YunXiang <taoyunxiang@cmss.chinamobile.com> Signed-off-by: Liu Chang <liuchang@cmss.chinamobile.com> Signed-off-by: Rong Yin <rongyin@cmss.chinamobile.com> Signed-off-by: Numan Siddique <numans@ovn.org>
ovn-org · May 7, 2020 · 1b03087 · 1b03087
1 parent ded7c3f
commit 1b03087
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 11 deletions.
diff --git a/tests/ovn-nbctl.at b/tests/ovn-nbctl.at
@@ -1619,6 +1619,12 @@ Routing Policies
        100                              ip4.src == 1.1.2.0/24           allow
 ])
 
+
+dnl Delete policy by specified uuid
+AT_CHECK([ovn-nbctl lr-policy-del lr0 $(ovn-nbctl --bare --column _uuid list logical_router_policy)])
+AT_CHECK([ovn-nbctl list logical-router-policy], [0], [dnl
+])
+
 dnl Add policy with reroute action
 AT_CHECK([ovn-nbctl lr-policy-add lr0 102 "ip4.src == 3.1.2.0/24" reroute 3.3.3.3])
 

diff --git a/utilities/ovn-nbctl.8.xml b/utilities/ovn-nbctl.8.xml
@@ -710,6 +710,57 @@
       </dd>
     </dl>
 
+    <h1>Logical Router Policy Commands</h1>
+
+    <dl>
+      <dt><code>lr-policy-add</code> <var>router</var> <var>priority</var>
+          <var>match</var> <var>action</var> [<var>nexthop</var>]</dt>
+      <dd>
+        <p>
+          Add Policy to <var>router</var> which provides a way to configure
+          permit/deny and reroute policies on the router. Permit/deny policies
+          are similar to OVN ACLs, but exist on the logical-router. Reroute
+          policies are needed for service-insertion and service-chaining.
+          <var>nexthop</var> is an optional parameter. It needs to be provided
+          only when <var>action</var> is <var>reroute</var>. A policy is
+          uniquely identified by <var>priority</var> and <var>match</var>.
+          Multiple policies can have the same <var>priority</var>.
+        </p>
+
+          <p>
+          The following example shows a policy to lr1, which will drop packets
+          from<code>192.168.100.0/24</code>.
+          </p>
+
+          <p>
+          <code>lr-policy-add lr1 100 ip4.src == 192.168.100.0/24 drop</code>.
+          </p>
+
+      </dd>
+
+      <dt><code>lr-policy-del</code> <var>router</var> [<var>{priority | uuid}
+          [match]</var>]</dt>
+      <dd>
+        <p>
+          Deletes polices from <var>router</var>. If only <var>router</var>
+          is supplied, all the polices from the logical router are deleted. If
+          <var>priority</var> and/or <var>match</var> are also specified, then
+          all the polices that match the conditions will be deleted from the
+          logical router.
+        </p>
+
+        <p>
+          If <var>router</var> and <var>uuid</var> are supplied, then the
+          policy with sepcified uuid is deleted.
+        </p>
+      </dd>
+
+      <dt><code>lr-policy-list</code> <var>router</var></dt>
+      <dd>
+        Lists the polices on <var>router</var>.
+      </dd>
+    </dl>
+
     <h1>NAT Commands</h1>
 
     <dl>

diff --git a/utilities/ovn-nbctl.c b/utilities/ovn-nbctl.c
@@ -696,7 +696,7 @@ Route commands:\n\
 Policy commands:\n\
   lr-policy-add ROUTER PRIORITY MATCH ACTION [NEXTHOP]\n\
                             add a policy to router\n\
-  lr-policy-del ROUTER [PRIORITY [MATCH]]\n\
+  lr-policy-del ROUTER [{PRIORITY | UUID} [MATCH]]\n\
                             remove policies from ROUTER\n\
   lr-policy-list ROUTER     print policies for ROUTER\n\
 \n\
@@ -3594,21 +3594,40 @@ nbctl_lr_policy_del(struct ctl_context *ctx)
         return;
     }
 
-    error = parse_priority(ctx->argv[2], &priority);
-    if (error) {
-        ctx->error = error;
-        return;
+    const struct uuid *lr_policy_uuid = NULL;
+    struct uuid uuid_from_cmd;
+    if (uuid_from_string(&uuid_from_cmd, ctx->argv[2])) {
+        lr_policy_uuid = &uuid_from_cmd;
+    } else {
+        error = parse_priority(ctx->argv[2], &priority);
+        if (error) {
+            ctx->error = error;
+            return;
+        }
+
     }
-    /* If match is not specified, delete all routing policies with the
-     * specified priority. */
+    /* If uuid was specified, delete routing policy with the
+     * specified uuid. */
     if (ctx->argc == 3) {
         struct nbrec_logical_router_policy **new_policies
             = xmemdup(lr->policies,
                       sizeof *new_policies * lr->n_policies);
         int n_policies = 0;
-        for (int i = 0; i < lr->n_policies; i++) {
-            if (priority != lr->policies[i]->priority) {
-                new_policies[n_policies++] = lr->policies[i];
+
+        if (lr_policy_uuid) {
+            for (size_t i = 0; i < lr->n_policies; i++) {
+                if (!uuid_equals(lr_policy_uuid,
+                                 &(lr->policies[i]->header_.uuid))) {
+                    new_policies[n_policies++] = lr->policies[i];
+                }
+            }
+    /* If match is not specified, delete all routing policies with the
+     * specified priority. */
+        } else {
+            for (int i = 0; i < lr->n_policies; i++) {
+                if (priority != lr->policies[i]->priority) {
+                    new_policies[n_policies++] = lr->policies[i];
+                }
             }
         }
         nbrec_logical_router_verify_policies(lr);
@@ -6225,7 +6244,7 @@ static const struct ctl_command_syntax nbctl_commands[] = {
     /* Policy commands */
     { "lr-policy-add", 4, 5, "ROUTER PRIORITY MATCH ACTION [NEXTHOP]", NULL,
         nbctl_lr_policy_add, NULL, "", RW },
-    { "lr-policy-del", 1, 3, "ROUTER [PRIORITY [MATCH]]", NULL,
+    { "lr-policy-del", 1, 3, "ROUTER [{PRIORITY | UUID} [MATCH]]", NULL,
         nbctl_lr_policy_del, NULL, "", RW },
     { "lr-policy-list", 1, 1, "ROUTER", NULL, nbctl_lr_policy_list, NULL,
        "", RO },