Skip to content

Commit

Permalink
Merge pull request #47 from heypnus/security_policy/block
Browse files Browse the repository at this point in the history 
Support CIDR in group for security policy
  • Loading branch information
@heypnus
heypnus authored Jan 26, 2022
2 parents 85215b0 + c7e9085 commit 23cd9f5
Showing 1 changed file with 21 additions and 0 deletions.
21 changes: 21 additions & 0 deletions pkg/nsx/services/firewall.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,27 @@ func (service *SecurityPolicyService) buildRuleSrcGroup(obj *v1alpha1.SecurityPo
}

func (service *SecurityPolicyService) updatePeerExpressions(obj *v1alpha1.SecurityPolicy, peer *v1alpha1.SecurityPolicyPeer, group *model.Group, idx int) {
if len(peer.IPBlocks) > 0 {
addresses := data.NewListValue()
for _, block := range peer.IPBlocks {
addresses.Add(data.NewStringValue(block.CIDR))
}
service.appendOperatorIfNeeded(&group.Expression, "OR")

blockExpression := data.NewStructValue(
"",
map[string]data.DataValue{
"resource_type": data.NewStringValue("IPAddressExpression"),
"ip_addresses": addresses,
},
)
group.Expression = append(group.Expression, blockExpression)
}

if peer.PodSelector == nil && peer.VMSelector == nil && peer.NamespaceSelector == nil {
return
}

service.appendOperatorIfNeeded(&group.Expression, "OR")
expressions := data.NewListValue()
expressionFrame := data.NewStructValue(
Expand Down

0 comments on commit 23cd9f5

Please sign in to comment.