Created
September 1, 2021 00:36
-
-
Save tpbrisco/d031f1b0ba4993d12909c39285d2db58 to your computer and use it in GitHub Desktop.
Demonstrate Dynamic Egress policies and destinations APIs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| # Notes: | |
| # A policy can have multiple destinations. | |
| # Destinations that are updated (new rules added) are reflected quickly on the system | |
| # A policy with added destinations will not be reflected - it must be deleted re-added | |
| # API endpoints gleaned from | |
| # https://github.com/cloudfoundry/cf-networking-release/blob/f8c6b47ffe60e1f6c0740b85054a75dc52e16466/docs/dynamic_egress_api.md | |
| # | |
| # See below to enable this feature | |
| # https://github.com/cloudfoundry/cf-networking-release/blob/f8c6b47ffe60e1f6c0740b85054a75dc52e16466/jobs/policy-server-internal/spec | |
| # APP_NAME to target in your current org/space | |
| APP_NAME=${APP_NAME:-"echo"} | |
| # URLs for managing destinations and policies | |
| DASG_DEST_URL="/networking/v1/external/destinations" | |
| DASG_POL_URL="/networking/v1/external/egress_policies" | |
| # yaml2json "filename.yaml" "filename.json" | |
| # Convert a YAML file to JSON, with rudimentary checking | |
| function yaml2json () { | |
| yamlfn=$1 | |
| if [[ -z "$yamlfn" ]]; then | |
| echo yaml2json expects a filename as a parameter | |
| exit 1 | |
| fi | |
| jsonfn=$2 | |
| if [[ -z "$jsonfn" ]]; then | |
| jsonfn=${yamlfn%%.*} | |
| jsonfn=${jsonfn}".json" | |
| fi | |
| python -c 'import sys, yaml, json; y=yaml.safe_load(sys.stdin.read());print(json.dumps(y, indent=2))' < $yamlfn > $jsonfn | |
| jq -e . $jsonfn > /dev/null | |
| if [[ $? -ne 0 ]]; then | |
| echo "yaml $yamlfn generated bad json in $jsonfn ($?)" | |
| exit 1 | |
| fi | |
| } | |
| ## | |
| ## create, demonstrate and destroy sample destination | |
| ## | |
| cat > /tmp/mysql-sample-dest.yaml <<EOF | |
| destinations: | |
| - name: "MySQL" | |
| description: "Demo" | |
| rules: | |
| - ips: "10.10.10.10-10.10.10.12" | |
| ports: "8000-8001" | |
| protocol: "tcp" | |
| description: "fakey dest" | |
| EOF | |
| yaml2json "/tmp/mysql-sample-dest.yaml" "/tmp/mysql-sample-dest.json" | |
| # create basic destination | |
| cf curl -X POST $DASG_DEST_URL -d /tmp/mysql-sample-dest.json > /tmp/mysql-sample-dest.output | |
| # and capture the GUID for it | |
| MYSQL_GUID=$(jq -r '.destinations[0].id' < /tmp/mysql-sample-dest.output) | |
| echo Created basic destination \"MySQL\" with guid $MYSQL_GUID | |
| # demonstrate destination | |
| cf curl -X GET $DASG_DEST_URL | jq . | |
| # delete the destination | |
| echo Deleting basic destination \"MySQL\" | |
| cf curl -X DELETE $DASG_DEST_URL/$MYSQL_GUID | jq . | |
| # show empty destination | |
| echo Deleted basic destination \"MySQL\" | |
| cf curl -X GET $DASG_DEST_URL | jq . | |
| # add destination back for demo, and get it's GUID | |
| cf curl -X POST $DASG_DEST_URL -d /tmp/mysql-sample-dest.json > /tmp/mysql-sample-dest.output | |
| MYSQL_GUID=$(jq -r '.destinations[0].id' < /tmp/mysql-sample-dest.output) | |
| echo Re-created DASG destination with guid $MYSQL_GUID | |
| ## | |
| ## Get the space GUID of $APP_NAME for the demo | |
| ## | |
| APP_GUID=$(cf app $APP_NAME --guid) | |
| SPACE_URL=$(cf curl /v2/apps/$APP_GUID | jq -r '.entity.space_url') | |
| SPACE_GUID=$(cf curl $SPACE_URL | jq -r '.metadata.guid') | |
| echo Adding policy for $APP_NAME in space $SPACE_GUID | |
| ## | |
| ## create, demonstrate and destroy sample policy | |
| ## | |
| cat > /tmp/mysql-sample-policy.yaml <<EOF | |
| egress_policies: | |
| - name: "policy sample" | |
| source: | |
| type: "space" | |
| id: "$SPACE_GUID" | |
| destination: | |
| id: "$MYSQL_GUID" | |
| app_lifecycle: "running" | |
| EOF | |
| yaml2json "/tmp/mysql-sample-policy.yaml" "/tmp/mysql-sample-policy.json" | |
| # create basic egress policy | |
| echo Create basic policy | |
| cf curl -X POST $DASG_POL_URL -d /tmp/mysql-sample-policy.json | jq . | |
| # get the GUID(s) we created | |
| echo Created egress policies with GUIDs: | |
| cf curl -X GET $DASG_POL_URL | jq -r '.egress_policies[].id' | sed -e 's/^/ /g' | |
| # show the egress policy now | |
| cf curl -X GET $DASG_POL_URL | jq . | |
| POL_GUID=$(cf curl -X GET $DASG_POL_URL | jq -r .egress_policies[0].id) | |
| ## | |
| ## generate an update to the MYSQL destination | |
| ## | |
| cat >> /tmp/updated-sample-dest.yaml <<EOF | |
| destinations: | |
| - id: "$MYSQL_GUID" | |
| name: "MySQL" | |
| description: "Demo" | |
| rules: | |
| - ips: "10.10.10.10-10.10.10.12" | |
| ports: "8000-8001" | |
| protocol: "tcp" | |
| description: "fakey dest" | |
| - ips: "10.10.10.100-10.10.10.112" | |
| ports: "9000-9001" | |
| protocol: "tcp" | |
| description: "fakey dest 2" | |
| EOF | |
| yaml2json /tmp/updated-sample-dest.yaml /tmp/updated-sample-dest.json | |
| # update destinations | |
| cf curl -X PUT $DASG_DEST_URL -d /tmp/updated-sample-dest.json > /tmp/updated-sample-dest.output | |
| # demonstrate destinations | |
| echo Display updated destinations | |
| cf curl -X GET $DASG_DEST_URL | jq . | |
| # demonstrate updated policy | |
| echo Display updated policy | |
| cf curl -X GET $DASG_POL_URL | jq . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment