Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / debian / gophercloud / 7f34d8e7baf6f9632a5139ca6b1fb6f574e32584 / . / openstack / compute / v2 / extensions / secgroups / requests.go
blob: 58ec6a8ff8c7c8137bba2a58964e93db51b0d0fe [file] [log] [blame]
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]1package secgroups
2
3import (
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]4 "errors"
5
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]6 "github.com/racker/perigee"
7
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]8 "github.com/rackspace/gophercloud"
9 "github.com/rackspace/gophercloud/pagination"
10)
11
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]12func commonList(client *gophercloud.ServiceClient, url string) pagination.Pager {
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]13 createPage := func(r pagination.PageResult) pagination.Page {
14 return SecurityGroupPage{pagination.SinglePageBase(r)}
15 }
16
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]17 return pagination.NewPager(client, url, createPage)
18}
19
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]20// List will return a collection of all the security groups for a particular
21// tenant.
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]22func List(client *gophercloud.ServiceClient) pagination.Pager {
23 return commonList(client, rootURL(client))
24}
25
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]26// ListByServer will return a collection of all the security groups which are
27// associated with a particular server.
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]28func ListByServer(client *gophercloud.ServiceClient, serverID string) pagination.Pager {
29 return commonList(client, listByServerURL(client, serverID))
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]30}
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]31
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]32// GroupOpts is the underlying struct responsible for creating or updating
33// security groups. It therefore represents the mutable attributes of a
34// security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]35type GroupOpts struct {
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]36 // Optional - the name of your security group. If no value provided, null
37 // will be set.
38 Name string `json:"name,omitempty"`
39
40 // Optional - the description of your security group. If no value provided,
41 // null will be set.
42 Description string `json:"description,omitempty"`
43}
44
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]45// CreateOpts is the struct responsible for creating a security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]46type CreateOpts GroupOpts
47
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]48// Create will create a new security group.
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]49func Create(client *gophercloud.ServiceClient, opts CreateOpts) CreateResult {
50 var result CreateResult
51
52 reqBody := struct {
53 CreateOpts `json:"security_group"`
54 }{opts}
55
56 _, result.Err = perigee.Request("POST", rootURL(client), perigee.Options{
57 Results: &result.Body,
58 ReqBody: &reqBody,
59 MoreHeaders: client.AuthenticatedHeaders(),
60 OkCodes: []int{200},
61 })
62
63 return result
64}
Jamie Hannafordb38dd312014-11-19 13:02:11 +0100[diff] [blame]65
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]66// UpdateOpts is the struct responsible for updating an existing security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]67type UpdateOpts GroupOpts
68
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]69// Update will modify the mutable properties of a security group, notably its
70// name and description.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]71func Update(client *gophercloud.ServiceClient, id string, opts UpdateOpts) UpdateResult {
72 var result UpdateResult
73
74 reqBody := struct {
75 UpdateOpts `json:"security_group"`
76 }{opts}
77
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]78 _, result.Err = perigee.Request("PUT", resourceURL(client, id), perigee.Options{
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]79 Results: &result.Body,
80 ReqBody: &reqBody,
81 MoreHeaders: client.AuthenticatedHeaders(),
82 OkCodes: []int{200},
83 })
84
85 return result
86}
87
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]88// Get will return details for a particular security group.
Jamie Hannafordb38dd312014-11-19 13:02:11 +0100[diff] [blame]89func Get(client *gophercloud.ServiceClient, id string) GetResult {
90 var result GetResult
91
92 _, result.Err = perigee.Request("GET", resourceURL(client, id), perigee.Options{
93 Results: &result.Body,
94 MoreHeaders: client.AuthenticatedHeaders(),
95 OkCodes: []int{200},
96 })
97
98 return result
99}
Jamie Hannafordd276e612014-11-19 13:56:28 +0100[diff] [blame]100
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]101// Delete will permanently delete a security group from the project.
Jamie Hannafordd276e612014-11-19 13:56:28 +0100[diff] [blame]102func Delete(client *gophercloud.ServiceClient, id string) gophercloud.ErrResult {
103 var result gophercloud.ErrResult
104
105 _, result.Err = perigee.Request("DELETE", resourceURL(client, id), perigee.Options{
106 MoreHeaders: client.AuthenticatedHeaders(),
107 OkCodes: []int{202},
108 })
109
110 return result
111}
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]112
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]113// AddRuleOpts represents the configuration for adding a new rule to an
114// existing security group.
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]115type AddRuleOpts struct {
116 // Required - the ID of the group that this rule will be added to.
117 ParentGroupID string `json:"parent_group_id"`
118
119 // Required - the lower bound of the port range that will be opened.
120 FromPort int `json:"from_port"`
121
122 // Required - the upper bound of the port range that will be opened.
123 ToPort int `json:"to_port"`
124
125 // Required - the protocol type that will be allowed, e.g. TCP.
126 IPProtocol string `json:"ip_protocol"`
127
128 // ONLY required if FromGroupID is blank. This represents the IP range that
129 // will be the source of network traffic to your security group. Use
130 // 0.0.0.0/0 to allow all IP addresses.
131 CIDR string `json:"cidr,omitempty"`
132
133 // ONLY required if CIDR is blank. This value represents the ID of a group
134 // that forwards traffic to the parent group. So, instead of accepting
135 // network traffic from an entire IP range, you can instead refine the
136 // inbound source by an existing security group.
137 FromGroupID string `json:"group_id,omitempty"`
138}
139
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]140// AddRule will add a new rule to an existing security group (whose ID is
141// specified in AddRuleOpts). You have the option of controlling inbound
142// traffic from both an IP range (CIDR) or from another security group.
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]143func AddRule(client *gophercloud.ServiceClient, opts AddRuleOpts) AddRuleResult {
144 var result AddRuleResult
145
146 if opts.ParentGroupID == "" {
147 result.Err = errors.New("A ParentGroupID must be set")
148 return result
149 }
150 if opts.FromPort == 0 {
151 result.Err = errors.New("A FromPort must be set")
152 return result
153 }
154 if opts.ToPort == 0 {
155 result.Err = errors.New("A ToPort must be set")
156 return result
157 }
158 if opts.IPProtocol == "" {
159 result.Err = errors.New("A IPProtocol must be set")
160 return result
161 }
162 if opts.CIDR == "" && opts.FromGroupID == "" {
163 result.Err = errors.New("A CIDR or FromGroupID must be set")
164 return result
165 }
166
167 reqBody := struct {
168 AddRuleOpts `json:"security_group_rule"`
169 }{opts}
170
171 _, result.Err = perigee.Request("POST", rootRuleURL(client), perigee.Options{
172 Results: &result.Body,
173 ReqBody: &reqBody,
174 MoreHeaders: client.AuthenticatedHeaders(),
175 OkCodes: []int{200},
176 })
177
178 return result
179}
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100[diff] [blame]180
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]181// DeleteRule will permanently delete a rule from a security group.
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100[diff] [blame]182func DeleteRule(client *gophercloud.ServiceClient, id string) gophercloud.ErrResult {
183 var result gophercloud.ErrResult
184
185 _, result.Err = perigee.Request("DELETE", resourceRuleURL(client, id), perigee.Options{
186 MoreHeaders: client.AuthenticatedHeaders(),
187 OkCodes: []int{202},
188 })
189
190 return result
191}
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]192
193func actionMap(prefix, groupName string) map[string]map[string]string {
194 return map[string]map[string]string{
195 prefix + "SecurityGroup": map[string]string{"name": groupName},
196 }
197}
198
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]199// AddServerToGroup will associate a server and a security group, enforcing the
200// rules of the group on the server.
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]201func AddServerToGroup(client *gophercloud.ServiceClient, serverID, groupName string) gophercloud.ErrResult {
202 var result gophercloud.ErrResult
203
204 _, result.Err = perigee.Request("POST", serverActionURL(client, serverID), perigee.Options{
205 Results: &result.Body,
206 ReqBody: actionMap("add", groupName),
207 MoreHeaders: client.AuthenticatedHeaders(),
Jamie Hannafordd8ac5bb2014-11-20 12:01:37 +0100[diff] [blame]208 OkCodes: []int{202},
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]209 })
210
211 return result
212}
213
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame^]214// RemoveServerFromGroup will disassociate a server from a security group.
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]215func RemoveServerFromGroup(client *gophercloud.ServiceClient, serverID, groupName string) gophercloud.ErrResult {
216 var result gophercloud.ErrResult
217
218 _, result.Err = perigee.Request("POST", serverActionURL(client, serverID), perigee.Options{
219 Results: &result.Body,
220 ReqBody: actionMap("remove", groupName),
221 MoreHeaders: client.AuthenticatedHeaders(),
Jamie Hannafordd8ac5bb2014-11-20 12:01:37 +0100[diff] [blame]222 OkCodes: []int{202},
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]223 })
224
225 return result
226}