blob: 5e384e5a09cf3be56d066792dfa3c53f19a67681 [file] [log] [blame]
Yi Tseng99e30302016-08-03 17:46:16 +08001#!/bin/bash
2# -------------------------------------------------------------------------------------------------
3# ONOS ACL tool.
4# Usage:
5# onos-acl node_ip [allow|deny|del] [--srcIp srcIp] [--dstIp dstIp] [--ipProto ipProto] [--dstTpPort dstTpPort] [--alcId aclId]
6# onos-acl node_ip --json acl-config.json
7# -------------------------------------------------------------------------------------------------
8
9[ ! -d "$ONOS_ROOT" ] && echo "ONOS_ROOT is not defined" >&2 && exit 1
10. $ONOS_ROOT/tools/build/envDefaults
11. $ONOS_ROOT/tools/test/bin/find-node.sh
12
13fail="--fail"
14[ "$1" == "-v" ] && shift && fail=""
15
16node=$(find_node $1)
17
18if [ "$2" == "--json" ]; then
19 shift
20 file=$2
21 curl $fail -sSL --user $ONOS_WEB_USER:$ONOS_WEB_PASS \
22 -X POST -H 'Content-Type:application/json' \
23 http://$node:8181/onos/v1/acl/rules -d@$file
24
25else
26 policy="${2:deny}"
27 srcIp=""
28 dstIp=""
29 ipProto=""
30 dstTpPort=""
31 aclId=""
32
33 while [ "$#" -gt 3 ]; do
34 if [ "$3" == "--srcIp" ]; then
35 shift && srcIp="$3" && shift
36 elif [ "$3" == "--dstIp" ]; then
37 shift && dstIp="$3" && shift
38 elif [ "$3" == "--ipProto" ]; then
39 shift && ipProto="$3" && shift
40 elif [ "$3" == "--dstTpPort" ]; then
41 shift && dstTpPort="$3" && shift
42 elif [ "$3" == "--aclId" ]; then
43 shift && aclId="$3" && shift
44 else
45 shift
46 fi
47 done
48
49 if [ "$policy" == "del" ]; then
50 curl $fail -sSL --user $ONOS_WEB_USER:$ONOS_WEB_PASS \
51 -X DELETE http://$node:8181/onos/v1/acl/rules/$aclId
52
53 else
54
55 aclRule="{\"action\": \"$policy\""
56 [ "$srcIp" != "" ] && aclRule="$aclRule, \"srcIp\":\"$srcIp\""
57 [ "$dstIp" != "" ] && aclRule="$aclRule, \"dstIp\":\"$dstIp\""
58 [ "$ipProto" != "" ] && aclRule="$aclRule, \"ipProto\":\"$ipProto\""
59 [ "$dstTpPort" != "" ] && aclRule="$aclRule, \"dstTpPort\":\"$dstTpPort\""
60 aclRule="$aclRule}"
61
62 curl $fail -sSL --user $ONOS_WEB_USER:$ONOS_WEB_PASS \
63 -X POST -H 'Content-Type:application/json' \
64 http://$node:8181/onos/v1/acl/rules -d "$aclRule"
65 fi
66
67fi