Create network policy handler and driver

This patch adds a base driver and handler for network policy events. Follow up
patches will implement the driver and actions on network policies crud
actions, as well as tempest tests.

Partially Implements: blueprint k8s-network-policies
Co-Authored-By: Eyal Leshem <eyal.leshem@toganetworks.com>

Change-Id: I26969f2597c112259ca90724ff8b357bd8bb376e

kuryr_kubernetes/constants.py

@@ -16,11 +16,13 @@
 K8S_API_BASE = '/api/v1'
 K8S_API_NAMESPACES = K8S_API_BASE + '/namespaces'
 K8S_API_CRD = '/apis/openstack.org/v1'
+K8S_API_POLICIES = '/apis/networking.k8s.io/v1/networkpolicies'
 
 K8S_OBJ_NAMESPACE = 'Namespace'
 K8S_OBJ_POD = 'Pod'
 K8S_OBJ_SERVICE = 'Service'
 K8S_OBJ_ENDPOINTS = 'Endpoints'
+K8S_OBJ_POLICY = 'NetworkPolicy'
 
 K8S_OBJ_KURYRNET = 'KuryrNet'
 

kuryr_kubernetes/controller/drivers/base.py

@@ -616,3 +616,44 @@ class ServicePubIpDriver(DriverBase):
         :param service_pub_ip_info: service loadbalancer IP info
 
         """
+
+
+@six.add_metaclass(abc.ABCMeta)
+class NetworkPolicyDriver(DriverBase):
+    """Provide network-policy for pods"""
+
+    ALIAS = 'network_policy'
+
+    @abc.abstractmethod
+    def ensure_network_policy(self, policy, project_id):
+        """Policy created or updated
+
+        :param policy: dict containing Kubernetes NP object
+        :param project_id: openstack project_id
+        """
+        raise NotImplementedError()
+
+    @abc.abstractmethod
+    def release_network_policy(self, policy, project_id):
+        """Delete a network policy
+
+        :param policy: dict containing Kubernetes NP object
+        :param project_id
+        """
+        raise NotImplementedError()
+
+
+@six.add_metaclass(abc.ABCMeta)
+class NetworkPolicyProjectDriver(DriverBase):
+    """Get an OpenStack project id for K8s network policies"""
+
+    ALIAS = 'policy_project'
+
+    @abc.abstractmethod
+    def get_project(self, policy):
+        """Get an OpenStack project id for K8s pod ports.
+
+        :param policy: dict containing Kubernetes NP object
+        :returns: OpenStack project_id
+        """
+        raise NotImplementedError()

kuryr_kubernetes/controller/handlers/policy.py

@@ -0,0 +1,36 @@
+# Copyright 2018 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from oslo_log import log as logging
+
+from kuryr_kubernetes import constants as k_const
+from kuryr_kubernetes.handlers import k8s_base
+
+LOG = logging.getLogger(__name__)
+
+
+class NetworkPolicyHandler(k8s_base.ResourceEventHandler):
+    """NetworkPolicyHandler handles k8s Network Policies events"""
+
+    OBJECT_KIND = k_const.K8S_OBJ_POLICY
+    OBJECT_WATCH_PATH = k_const.K8S_API_POLICIES
+
+    def __init__(self):
+        super(NetworkPolicyHandler, self).__init__()
+
+    def on_present(self, policy):
+        LOG.debug("Received event notification on network policy: %s", policy)
+
+    def on_deleted(self, policy):
+        LOG.debug("Received event notification on network policy: %s", policy)

setup.cfg

@@ -83,6 +83,7 @@ kuryr_kubernetes.controller.handlers =
     namespace = kuryr_kubernetes.controller.handlers.namespace:NamespaceHandler
     ingresslb = kuryr_kubernetes.controller.handlers.ingress_lbaas:IngressLoadBalancerHandler
     ocproute  = kuryr_kubernetes.platform.ocp.controller.handlers.route:OcpRouteHandler
+    policy = kuryr_kubernetes.controller.handlers.policy:NetworkPolicyHandler
     test_handler = kuryr_kubernetes.tests.unit.controller.handlers.test_fake_handler:TestHandler
 
 [files]