Skip to content

Commit 2847345

Browse files
kyrtapzkyrtapz
committed
advertised network isolation: use network ID as one of the ACL DB keys
Use network ID as one of the ACL DB keys to avoid any potential conflicts for networks with the same name. Signed-off-by: Patryk Diak <[email protected]>
1 parent b797696 commit 2847345

File tree

4 files changed

+11
-7
lines changed

4 files changed

+11
-7
lines changed

go-controller/pkg/libovsdb/ops/db_object_types.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,8 @@ var AddressSetAdvertisedNetwork = newObjectIDsType(addressSet, AdvertisedNetwork
161161
var ACLAdvertisedNetwork = newObjectIDsType(acl, AdvertisedNetworkOwnerType, []ExternalIDKey{
162162
// ACL name
163163
ObjectNameKey,
164+
// NetworkID
165+
NetworkKey,
164166
})
165167

166168
var ACLAdminNetworkPolicy = newObjectIDsType(acl, AdminNetworkPolicyOwnerType, []ExternalIDKey{

go-controller/pkg/ovn/base_network_controller.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1200,13 +1200,15 @@ func GetAdvertisedNetworkSubnetsDropACLdbIDs() *libovsdbops.DbObjectIDs {
12001200
return libovsdbops.NewDbObjectIDs(libovsdbops.ACLAdvertisedNetwork, advertisedNetworkIsolationACLID,
12011201
map[libovsdbops.ExternalIDKey]string{
12021202
libovsdbops.ObjectNameKey: advertisedNetworkSubnetsCtrl,
1203+
libovsdbops.NetworkKey: "",
12031204
})
12041205
}
12051206

1206-
func GetAdvertisedNetworkSubnetsPassACLdbIDs(networkName string) *libovsdbops.DbObjectIDs {
1207+
func GetAdvertisedNetworkSubnetsPassACLdbIDs(networkName string, networkID int) *libovsdbops.DbObjectIDs {
12071208
return libovsdbops.NewDbObjectIDs(libovsdbops.ACLAdvertisedNetwork, advertisedNetworkIsolationACLID,
12081209
map[libovsdbops.ExternalIDKey]string{
12091210
libovsdbops.ObjectNameKey: networkName,
1211+
libovsdbops.NetworkKey: strconv.Itoa(networkID),
12101212
})
12111213
}
12121214

@@ -1258,7 +1260,7 @@ func (bnc *BaseNetworkController) addAdvertisedNetworkIsolation(nodeName string)
12581260

12591261
if len(passMatches) > 0 {
12601262
passACL := libovsdbutil.BuildACL(
1261-
GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.GetNetworkName()),
1263+
GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.GetNetworkName(), bnc.GetNetworkID()),
12621264
types.AdvertisedNetworkPassPriority,
12631265
strings.Join(passMatches, " || "),
12641266
nbdb.ACLActionPass,
@@ -1268,7 +1270,7 @@ func (bnc *BaseNetworkController) addAdvertisedNetworkIsolation(nodeName string)
12681270

12691271
ops, err = libovsdbops.CreateOrUpdateACLsOps(bnc.nbClient, ops, nil, passACL)
12701272
if err != nil {
1271-
return fmt.Errorf("failed to create or update network isolation pass ACL %s for network %s: %w", GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.GetNetworkName()), bnc.GetNetworkName(), err)
1273+
return fmt.Errorf("failed to create or update network isolation pass ACL %s for network %s: %w", GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.GetNetworkName(), bnc.GetNetworkID()), bnc.GetNetworkName(), err)
12721274
}
12731275
ops, err = libovsdbops.AddACLsToLogicalSwitchOps(bnc.nbClient, ops, bnc.GetNetworkScopedSwitchName(nodeName), passACL)
12741276
if err != nil {
@@ -1307,7 +1309,7 @@ func (bnc *BaseNetworkController) deleteAdvertisedNetworkIsolation(nodeName stri
13071309
return err
13081310
}
13091311

1310-
passACLIDs := GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.GetNetworkName())
1312+
passACLIDs := GetAdvertisedNetworkSubnetsPassACLdbIDs(bnc.GetNetworkName(), bnc.GetNetworkID())
13111313
passACLPredicate := libovsdbops.GetPredicate[*nbdb.ACL](passACLIDs, nil)
13121314
passACLs, err := libovsdbops.FindACLsWithPredicate(bnc.nbClient, passACLPredicate)
13131315
if err != nil {

go-controller/pkg/ovn/gateway_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ func init() {
3333
format.MaxLength = 0
3434
}
3535

36-
func generateAdvertisedUDNIsolationExpectedNB(testData []libovsdbtest.TestData, networkName string, clusterIPSubnets []*net.IPNet, nodeSwitch *nbdb.LogicalSwitch, addrSet addressset.AddressSet) []libovsdbtest.TestData {
36+
func generateAdvertisedUDNIsolationExpectedNB(testData []libovsdbtest.TestData, networkName string, networkID int, clusterIPSubnets []*net.IPNet, nodeSwitch *nbdb.LogicalSwitch, addrSet addressset.AddressSet) []libovsdbtest.TestData {
3737
var passMatches []string
3838
for _, subnet := range clusterIPSubnets {
3939
ipPrefix := "ip4"
@@ -44,7 +44,7 @@ func generateAdvertisedUDNIsolationExpectedNB(testData []libovsdbtest.TestData,
4444

4545
}
4646
passACL := libovsdbutil.BuildACL(
47-
GetAdvertisedNetworkSubnetsPassACLdbIDs(networkName),
47+
GetAdvertisedNetworkSubnetsPassACLdbIDs(networkName, networkID),
4848
types.AdvertisedNetworkPassPriority,
4949
strings.Join(passMatches, " || "),
5050
nbdb.ACLActionPass,

go-controller/pkg/ovn/master_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1276,7 +1276,7 @@ var _ = ginkgo.Describe("Default network controller operations", func() {
12761276
if oc.isPodNetworkAdvertisedAtNode(node1.Name) {
12771277
addrSet, err := oc.addressSetFactory.GetAddressSet(GetAdvertisedNetworkSubnetsAddressSetDBIDs())
12781278
gomega.Expect(err).NotTo(gomega.HaveOccurred())
1279-
expectedNBDatabaseState = generateAdvertisedUDNIsolationExpectedNB(expectedNBDatabaseState, oc.GetNetworkName(), clusterSubnets, expectedNodeSwitch, addrSet)
1279+
expectedNBDatabaseState = generateAdvertisedUDNIsolationExpectedNB(expectedNBDatabaseState, oc.GetNetworkName(), oc.GetNetworkID(), clusterSubnets, expectedNodeSwitch, addrSet)
12801280
}
12811281
GR = nil
12821282
for _, testObj := range expectedNBDatabaseState {

0 commit comments

Comments
 (0)