The networking_cisco.apps.saf.server.services.firewall.native.fw_mgr
Module¶
-
class
networking_cisco.apps.saf.server.services.firewall.native.fw_mgr.
FwMapAttr
(tenant_id)¶ Bases:
object
Firewall Attributes. This class is instantiated per tenant.
-
create_fw
(proj_name, pol_id, fw_id, fw_name, fw_type, rtr_id)¶ Fills up the local attributes when FW is created.
-
delete_fw
(fw_id)¶ Deletes the FW local attributes.
-
delete_policy
(pol_id)¶ Deletes the policy from the local dictionary.
-
delete_rule
(rule_id)¶ Delete the specific Rule from dictionary indexed by rule id.
-
fw_drvr_created
(status)¶ This stores the status of the driver init.
This API assumes only one FW driver.
-
get_fw_dict
()¶ This API creates a FW dictionary from the local attributes.
-
is_fw_complete
()¶ This API returns the completion status of FW.
This returns True if a FW is created with a active policy that has more than one rule associated with it and if a driver init is done successfully.
-
is_fw_drvr_create_needed
()¶ This API returns True if a driver init needs to be performed.
This returns True if a FW is created with a active policy that has more than one rule associated with it and if a driver init is NOT done.
-
is_fw_drvr_created
()¶ This returns the status of the driver creation.
This API assumes only one FW driver.
-
is_fw_present
(fw_id)¶ Returns if firewall index by ID is present in dictionary.
-
is_policy_present
(pol_id)¶ Returns if policy specified by ID is present in the dictionary.
-
is_rule_present
(rule_id)¶ Returns if rule specified by rule id is present in dictionary.
-
one_rule_present
(pol_id)¶ Returns if atleast one rule is present in the policy.
-
rule_update
(rule_id, rule)¶ Update the rule.
-
store_policy
(pol_id, policy)¶ Store the policy.
Policy is maintained as a dictionary of pol ID.
-
store_rule
(rule_id, rule)¶ Store the rules.
Policy is maintained as a dictionary of Rule ID.
-
update_fw_params
(rtr_id=-1, fw_type=-1)¶ Updates the FW parameters.
-
-
class
networking_cisco.apps.saf.server.services.firewall.native.fw_mgr.
FwMgr
(cfg)¶ Bases:
networking_cisco.apps.saf.server.services.firewall.native.drivers.dev_mgr.DeviceMgr
Firewall Native Manager
-
convert_fwdb
(tenant_id, name, policy_id, fw_id)¶ Convert the Firewall DB to a query response.
From FWDB inputs, this will create a FW message that resembles the actual data from Openstack, when a query for FW is done.
-
convert_fwdb_event_msg
(rule, tenant_id, rule_id, policy_id)¶ Convert the Firewall DB to a event message format.
From inputs from DB, this will create a FW rule dictionary that resembles the actual data from Openstack when a rule is created. This is usually called after restart, in order to populate local cache.
-
fill_fw_dict_from_db
(fw_data)¶ This routine is called to create a local fw_dict with data from DB.
-
fw_create
(data, fw_name=None, cache=False)¶ Top level FW create function.
-
fw_delete
(data, fw_name=None)¶ Top level FW delete function.
-
fw_handler_decorator
(fw_func)¶
-
fw_policy_create
(data, fw_name=None, cache=False)¶ Top level policy create routine.
-
fw_policy_delete
(data, fw_name=None)¶ Top level policy delete routine.
-
fw_retry_failures
()¶ Top level retry routine called.
-
fw_retry_failures_create
()¶ This module is called for retrying the create cases.
-
fw_retry_failures_delete
()¶ This routine is called for retrying the delete cases.
-
fw_rule_create
(data, fw_name=None, cache=False)¶ Top level rule creation routine.
-
fw_rule_delete
(data, fw_name=None)¶ Top level rule delete function.
-
fw_rule_update
(data, fw_name=None)¶ Top level rule update routine.
-
fw_update
(data, fw_name=None)¶ Top level FW update function.
-
network_del_notif
(tenant_id, tenant_name, net_id)¶ Network delete notification.
-
network_sub_create_notif
(tenant_id, tenant_name, cidr)¶ Network create notification.
-
populate_cfg_dcnm
(cfg, dcnm_obj)¶ This routine stores the DCNM object.
-
populate_event_queue
(cfg, que_obj)¶ This routine is for storing the Event Queue obj.
-
populate_local_cache
()¶ This populates the local cache after reading the Database.
It calls the appropriate rule create, fw create routines. It doesn’t actually call the routine to prepare the fabric or cfg the device since it will be handled by retry module.
-
project_create_notif
(tenant_id, tenant_name)¶ Tenant Create notification.
-
project_delete_notif
(tenant_id, tenant_name)¶ Tenant Delete notification.
-
retry_failure_fab_dev_create
(tenant_id, fw_data, fw_dict)¶ This module calls routine in fabric to retry the failure cases.
If device is not successfully cfg/uncfg, it calls the device manager routine to cfg/uncfg the device.
-
retry_failure_fab_dev_delete
(tenant_id, fw_data, fw_dict)¶ Retry the failure cases for delete.
This module calls routine in fabric to retry the failure cases for delete. If device is not successfully cfg/uncfg, it calls the device manager routine to cfg/uncfg the device.
-
-
class
networking_cisco.apps.saf.server.services.firewall.native.fw_mgr.
FwTenant
¶ Bases:
object
Class to hold Tenant specific attributes.
This class maintains a mapping of rule, policies, FW IDs with its associated tenant ID. It’s assumed that a Rule, policy or FW signified by their unique ID can only be associated with one Tenant.
-
del_fw_tenant
(fw_id)¶ Deletes the FW Tenant mapping.
-
del_policy_tenant
(pol_id)¶ Deletes the Tenant policy mapping.
-
del_rule_tenant
(rule_id)¶ Deletes the Tenant policy mapping.
-
get_fw_tenant
(fw_id)¶ Retrieves the tenant ID corresponding to the firewall.
-
get_policy_tenant
(policy_id)¶ Retrieves the tenant ID corresponding to the policy.
-
get_rule_tenant
(rule_id)¶ Retrieves the tenant ID corresponding to the rule.
-
store_fw_tenant
(fw_id, tenant_id)¶ Stores the tenant ID corresponding to the firewall.
-
store_policy_tenant
(policy_id, tenant_id)¶ Stores the tenant ID corresponding to the policy.
-
store_rule_tenant
(rule_id, tenant_id)¶ Stores the tenant ID corresponding to the rule.
-