address pod modify problem

Signed-off-by: Petr Fedchenkov <[email protected]>
lf-edge · Apr 23, 2021 · e22daae · e22daae
1 parent 31f4206
commit e22daae
Show file tree

Hide file tree

Showing 6 changed files with 98 additions and 22 deletions.
diff --git a/cmd/edenPod.go b/cmd/edenPod.go
@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/dustin/go-humanize"
 	"github.com/lf-edge/eden/pkg/controller/eapps"
@@ -53,6 +54,19 @@ var podCmd = &cobra.Command{
 	Use: "pod",
 }
 
+func processAcls(acls []string) map[string][]string {
+	m := map[string][]string{}
+	for _, el := range acls {
+		parsed := strings.SplitN(el, ":", 2)
+		if len(parsed) > 1 {
+			m[parsed[0]] = append(m[parsed[0]], parsed[1])
+		} else {
+			m[""] = append(m[""], parsed[0])
+		}
+	}
+	return m
+}
+
 //podDeployCmd is command for deploy application on EVE
 var podDeployCmd = &cobra.Command{
 	Use:   "deploy (docker|http(s)|file)://(<TAG>[:<VERSION>] | <URL for qcow2 image> | <path to qcow2 image>)",
@@ -105,9 +119,9 @@ var podDeployCmd = &cobra.Command{
 		opts = append(opts, expect.WithResources(appCpus, uint32(appMemoryParsed/1000)))
 		opts = append(opts, expect.WithImageFormat(imageFormat))
 		if aclOnlyHost {
-			opts = append(opts, expect.WithACL([]string{""}))
+			opts = append(opts, expect.WithACL(map[string][]string{"": {""}}))
 		} else {
-			opts = append(opts, expect.WithACL(acl))
+			opts = append(opts, expect.WithACL(processAcls(acl)))
 		}
 		opts = append(opts, expect.WithSFTPLoad(sftpLoad))
 		if !sftpLoad {
@@ -449,7 +463,9 @@ func podInit() {
 	podDeployCmd.Flags().BoolVar(&directLoad, "direct", true, "Use direct download for image instead of eserver")
 	podDeployCmd.Flags().BoolVar(&sftpLoad, "sftp", false, "Force use of sftp to load http/file image from eserver")
 	podDeployCmd.Flags().StringSliceVar(&disks, "disks", nil, "Additional disks to use")
-	podDeployCmd.Flags().StringSliceVar(&acl, "acl", nil, "Allow access only to defined hosts/ips/subnets")
+	podDeployCmd.Flags().StringSliceVar(&acl, "acl", nil, `Allow access only to defined hosts/ips/subnets
+You can set acl for particular network in format '<network_name:acl>'
+To remove acls you can set empty line '<network_name>:'`)
 	podCmd.AddCommand(podPsCmd)
 	podCmd.AddCommand(podStopCmd)
 	podCmd.AddCommand(podStartCmd)

diff --git a/cmd/podModify.go b/cmd/podModify.go
@@ -31,26 +31,51 @@ var podModifyCmd = &cobra.Command{
 		if err != nil {
 			log.Fatalf("getControllerAndDev: %s", err)
 		}
-		for _, el := range dev.GetApplicationInstances() {
-			app, err := ctrl.GetApplicationInstanceConfig(el)
+		for _, appID := range dev.GetApplicationInstances() {
+			app, err := ctrl.GetApplicationInstanceConfig(appID)
 			if err != nil {
-				log.Fatalf("no app in cloud %s: %s", el, err)
+				log.Fatalf("no app in cloud %s: %s", appID, err)
 			}
 			if app.Displayname == appName {
+				portPublishCombined := portPublish
+				if !cmd.Flags().Changed("publish") {
+					portPublishCombined = []string{}
+					for _, intf := range app.Interfaces {
+						for _, acls := range intf.Acls {
+							lport := ""
+							var appPort uint32
+							for _, match := range acls.Matches {
+								if match.Type == "lport" {
+									lport = match.Value
+									break
+								}
+							}
+							for _, action := range acls.Actions {
+								if action.Portmap {
+									appPort = action.AppPort
+									break
+								}
+							}
+							if lport != "" && appPort != 0 {
+								portPublishCombined = append(portPublishCombined, fmt.Sprintf("%s:%d", lport, appPort))
+							}
+						}
+					}
+				}
 				var opts []expect.ExpectationOption
 				if len(podNetworks) > 0 {
 					for i, el := range podNetworks {
 						if i == 0 {
 							//allocate ports on first network
-							opts = append(opts, expect.AddNetInstanceNameAndPortPublish(el, portPublish))
+							opts = append(opts, expect.AddNetInstanceNameAndPortPublish(el, portPublishCombined))
 						} else {
 							opts = append(opts, expect.AddNetInstanceNameAndPortPublish(el, nil))
 						}
 					}
 				} else {
-					opts = append(opts, expect.WithPortsPublish(portPublish))
+					opts = append(opts, expect.WithPortsPublish(portPublishCombined))
 				}
-				opts = append(opts, expect.WithACL(acl))
+				opts = append(opts, expect.WithACL(processAcls(acl)))
 				opts = append(opts, expect.WithOldApp(appName))
 				expectation := expect.AppExpectationFromURL(ctrl, dev, defaults.DefaultDummyExpect, appName, opts...)
 				appInstanceConfig := expectation.Application()
@@ -59,7 +84,11 @@ var podModifyCmd = &cobra.Command{
 					needPurge = true
 				} else {
 					for ind, el := range app.Interfaces {
-						if el.NetworkId != appInstanceConfig.Interfaces[ind].NetworkId {
+						equals, err := utils.CompareProtoMessages(el, appInstanceConfig.Interfaces[ind])
+						if err != nil {
+							log.Fatalf("CompareMessages: %v", err)
+						}
+						if !equals {
 							needPurge = true
 							break
 						}
@@ -89,5 +118,7 @@ func podModifyInit() {
 	podModifyCmd.Flags().StringSliceVarP(&portPublish, "publish", "p", nil, "Ports to publish in format EXTERNAL_PORT:INTERNAL_PORT")
 	podModifyCmd.Flags().BoolVar(&aclOnlyHost, "only-host", false, "Allow access only to host and external networks")
 	podModifyCmd.Flags().StringSliceVar(&podNetworks, "networks", nil, "Networks to connect to app (ports will be mapped to first network)")
-	podModifyCmd.Flags().StringSliceVar(&acl, "acl", nil, "Allow access only to defined hosts/ips/subnets")
+	podModifyCmd.Flags().StringSliceVar(&acl, "acl", nil, `Allow access only to defined hosts/ips/subnets
+You can set acl for particular network in format '<network_name:acl>'
+To remove acls you can set empty line '<network_name>:'`)
 }
diff --git a/pkg/expect/expectation.go b/pkg/expect/expectation.go
@@ -63,7 +63,7 @@ type AppExpectation struct {
 	sftpLoad       bool
 
 	disks []string
-	acl   []string
+	acl   map[string][]string // networkInstanceName -> acls
 }
 
 //AppExpectationFromURL init AppExpectation with defined:
@@ -137,7 +137,7 @@ func AppExpectationFromURL(ctrl controller.Cloud, device *device.Ctx, appLink st
 					if err != nil {
 						log.Fatalf("Port map port %s could not be converted to Integer", qv)
 					}
-					if portNum == extPort || (portNum + defaults.DefaultPortMapOffset) == extPort {
+					if portNum == extPort || (portNum+defaults.DefaultPortMapOffset) == extPort {
 						ni.ports[extPort] = intPort
 						continue exit
 					}

diff --git a/pkg/expect/networkInstance.go b/pkg/expect/networkInstance.go
@@ -29,7 +29,7 @@ func (exp *AppExpectation) checkNetworkInstance(netInst *config.NetworkInstanceC
 	if netInst == nil {
 		return false
 	}
-	if netInst.Ip.Subnet == instanceExpect.subnet || //if subnet defined and the same
+	if (netInst.Ip.Subnet != "" && netInst.Ip.Subnet == instanceExpect.subnet) || //if subnet defined and the same
 		(instanceExpect.name != "" && netInst.Displayname == instanceExpect.name) || //if name defined and the same
 		(instanceExpect.netInstType == "switch" && netInst.InstType == config.ZNetworkInstType_ZnetInstSwitch) { //only one switch for now
 		return true
@@ -145,14 +145,22 @@ func parseACE(inp string) *config.ACE {
 func (exp *AppExpectation) getAcls(ni *NetInstanceExpectation) []*config.ACE {
 	var acls []*config.ACE
 	var aclID int32 = 1
-	if exp.acl != nil {
+	if exp.acl != nil && len(exp.acl[ni.name]) > 0 {
 		// in case of defined acl allow access only to them
-		for _, el := range exp.acl {
-			acl := parseACE(el)
-			if acl != nil {
-				acl.Id = aclID
-				acls = append(acls, acl)
-				aclID++
+		for netName, acl := range exp.acl {
+			if netName != "" && netName != ni.name {
+				continue
+			}
+			for _, el := range acl {
+				if el == "" {
+					continue
+				}
+				acl := parseACE(el)
+				if acl != nil {
+					acl.Id = aclID
+					acls = append(acls, acl)
+					aclID++
+				}
 			}
 		}
 	} else {

diff --git a/pkg/expect/options.go b/pkg/expect/options.go
@@ -159,7 +159,7 @@ func WithVolumeType(volumesType VolumeType) ExpectationOption {
 }
 
 //WithACL sets access only for defined hosts
-func WithACL(acl []string) ExpectationOption {
+func WithACL(acl map[string][]string) ExpectationOption {
 	return func(expectation *AppExpectation) {
 		expectation.acl = acl
 	}

diff --git a/pkg/utils/proto.go b/pkg/utils/proto.go
@@ -0,0 +1,21 @@
+package utils
+
+import (
+	"bytes"
+	"fmt"
+
+	"google.golang.org/protobuf/proto"
+)
+
+//CompareProtoMessages returns true if messages are equal
+func CompareProtoMessages(m1, m2 proto.Message) (bool, error) {
+	m1Data, err := proto.Marshal(m1)
+	if err != nil {
+		return false, fmt.Errorf("cannot marshal interface: %v", err)
+	}
+	m2Data, err := proto.Marshal(m2)
+	if err != nil {
+		return false, fmt.Errorf("cannot marshal interface: %v", err)
+	}
+	return bytes.Equal(m1Data, m2Data), nil
+}