|
|
|
@@ -125,72 +125,70 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name)
|
|
|
|
log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name)
|
|
|
|
|
|
|
|
|
|
|
|
if firewallPolicy.Status.ResourcesManaged != nil {
|
|
|
|
if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
|
|
|
|
if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
|
|
|
|
for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
|
|
|
|
for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
|
|
|
|
log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
|
|
|
|
log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
|
|
|
|
if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
|
|
|
|
if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
|
|
|
|
}
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
|
|
|
|
if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
|
|
|
|
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
|
|
|
|
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
} else {
|
|
|
|
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
|
|
|
|
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
|
|
|
|
}
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
|
|
|
|
if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
|
|
|
|
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
|
|
|
|
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
} else {
|
|
|
|
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
|
|
|
|
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
|
|
|
|
}
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
|
|
|
|
if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
|
|
|
|
|
|
|
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
|
|
|
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
|
|
|
|
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
} else {
|
|
|
|
|
|
|
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
|
|
|
|
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
|
|
|
|
if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
|
|
|
|
for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
|
|
|
|
for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
|
|
|
|
var firewallGroupCRD unifiv1beta1.FirewallGroup
|
|
|
|
var firewallGroupCRD unifiv1beta1.FirewallGroup
|
|
|
|
if firewallGroup.Name != "" {
|
|
|
|
if firewallGroup.Name != "" {
|
|
|
|
if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
|
|
|
|
if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
|
|
|
|
if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
|
|
|
|
log.Error(err, "Could not delete firewall group")
|
|
|
|
log.Error(err, "Could not delete firewall group")
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
|
|
|
|
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
|
|
|
|
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
|
|
|
|
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@@ -287,14 +285,14 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
// This will be used when running through all firewall groups and servics known, to see if a rule should be added.
|
|
|
|
// This will be used when running through all firewall groups and servics known, to see if a rule should be added.
|
|
|
|
|
|
|
|
|
|
|
|
for _, dest_group := range firewallPolicy.Spec.Destination.FirewallGroups {
|
|
|
|
for _, dest_group := range firewallPolicy.Spec.Destination.FirewallGroups {
|
|
|
|
namespace := firewallPolicy.Namespace
|
|
|
|
namespace := defaultNs
|
|
|
|
if len(dest_group.Namespace) > 0 {
|
|
|
|
if len(dest_group.Namespace) > 0 {
|
|
|
|
namespace = dest_group.Namespace
|
|
|
|
namespace = dest_group.Namespace
|
|
|
|
}
|
|
|
|
}
|
|
|
|
destination_groups[namespace+"/"+dest_group.Name] = struct{}{}
|
|
|
|
destination_groups[namespace+"/"+dest_group.Name] = struct{}{}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for _, dest_service := range firewallPolicy.Spec.Destination.Services {
|
|
|
|
for _, dest_service := range firewallPolicy.Spec.Destination.Services {
|
|
|
|
namespace := firewallPolicy.Namespace
|
|
|
|
namespace := defaultNs
|
|
|
|
if len(dest_service.Namespace) > 0 {
|
|
|
|
if len(dest_service.Namespace) > 0 {
|
|
|
|
namespace = dest_service.Namespace
|
|
|
|
namespace = dest_service.Namespace
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@@ -312,7 +310,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
|
|
|
|
// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
|
|
|
|
|
|
|
|
|
|
|
|
for _, firewallGroup := range firewallGroupCRDs.Items {
|
|
|
|
for _, firewallGroup := range firewallGroupCRDs.Items {
|
|
|
|
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == firewallGroup.Namespace)) {
|
|
|
|
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) {
|
|
|
|
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
|
|
|
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
|
|
|
} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
|
|
|
|
} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
|
|
|
|
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
|
|
|
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
|
|
|
@@ -342,7 +340,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
skipService = true
|
|
|
|
skipService = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == service.Namespace)) && !skipService {
|
|
|
|
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) && !skipService {
|
|
|
|
myServices = append(myServices, service)
|
|
|
|
myServices = append(myServices, service)
|
|
|
|
} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
|
|
|
|
} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
|
|
|
|
myServices = append(myServices, service)
|
|
|
|
myServices = append(myServices, service)
|
|
|
|
@@ -470,7 +468,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
|
|
|
|
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -505,7 +503,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -543,7 +541,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -579,7 +577,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -642,7 +640,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -679,7 +677,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -718,7 +716,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
@@ -755,7 +753,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
|
|
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
unifiFirewallPolicy := fillDefaultPolicy()
|
|
|
|
|
