-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove rule index from rule/group ID/name for VPC and unify NSX resource name for VPC and T1 #785
Remove rule index from rule/group ID/name for VPC and unify NSX resource name for VPC and T1 #785
Conversation
7975902
to
129fd18
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #785 +/- ##
=======================================
Coverage ? 48.61%
=======================================
Files ? 94
Lines ? 12047
Branches ? 0
=======================================
Hits ? 5857
Misses ? 5705
Partials ? 485
|
129fd18
to
d1eef01
Compare
d1eef01
to
91fd791
Compare
91fd791
to
cd8ac8e
Compare
cd8ac8e
to
5682e9a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most of the code looks good to me. The only left comment is the current implementation related with named port is complicated. Because that logic is not introduced by this change, having offline sync with Yun, we would use another change to refine the functions.
5682e9a
to
8f0d2e0
Compare
The issue is open to track refactor work. |
06dac12
to
9cadcf1
Compare
This patch is to: 1. Remove SecurityPolicy rule index from rule ID and for VPC mode, and keep T1 mode rule ID unchanged with rule index. 2. Remove SecurityPolicy rule index from group ID for VPC mode, and keep T1 mode group ID unchanged with rule index. 3. Remove rule index from NSX group/rule name, and unify the NSX resource name for VPC and T1 network, including SecurityPolicy, rule, and group. 4. Reduce length of rule hash string to 8 chars for VPC mode.
9cadcf1
to
06cfe91
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This patch is to:
and keep T1 mode rule ID unchanged with rule index.
and keep T1 mode group ID unchanged with rule index.
including SecurityPolicy, rule, and group.
Test Done:
The SecurityPolicy CR name is: sp-app-access-policy-vpc
The generated NSX SecurityPolicy:
Policy appliedTo group:
For the rule with any ports:
The build NSX Rule:
For rule:
The build NSX rule:
The rule appliedTo group:
Rule with user defined name:
The source peer group for the this rule:
The NSX Share for this source group:
The generated allow section SecurityPolicy:
The generated isolation section SecurityPolicy:
Create SecurityPolicy in VPC mode, and do GC
Create NetworkPolicy in VPC mode, and do GC
Create SecurityPolicy with namedport in VPC mode
The rule with namedport:
The db-port will map to two ports number: 80 and 3366, so, the generated IPSet groups:
For the same named port in the aforementioned, the generated IPSet groups:
Create SecurityPolicy in T1 mode, and do CRUD.
Create SecurityPolicy in T1 mode, and do GC.
T1 upgrade case:
Create a SecurityPolicy in v4.1.2 code, and start NSX operator with this patch to see if SecurityPolicy Name, group and rule name are changed as expected.
For the rule created in V4.1.2
Before upgrade in V4.1.2
After upgrade, ID is not changed.