blob: ddec92dbf4cf92ea59fc26a818f656eb800a5c4e [file] [log] [blame]
Jamie Hannaford924c09d2014-11-19 12:05:38 +01001package secgroups
2
3import (
Jon Perritt27249f42016-02-18 10:35:59 -06004 "github.com/gophercloud/gophercloud"
Krzysztof Szukiełojć24a29ce2017-05-07 14:24:02 +02005 "gerrit.mcp.mirantis.net/debian/gophercloud.git/pagination"
Jamie Hannaford924c09d2014-11-19 12:05:38 +01006)
7
Jamie Hannaford19151792014-11-19 12:46:47 +01008func commonList(client *gophercloud.ServiceClient, url string) pagination.Pager {
Jon Perrittdb0ae142016-03-13 00:33:41 -06009 return pagination.NewPager(client, url, func(r pagination.PageResult) pagination.Page {
Jamie Hannaford924c09d2014-11-19 12:05:38 +010010 return SecurityGroupPage{pagination.SinglePageBase(r)}
Jon Perrittdb0ae142016-03-13 00:33:41 -060011 })
Jamie Hannaford19151792014-11-19 12:46:47 +010012}
13
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010014// List will return a collection of all the security groups for a particular
15// tenant.
Jamie Hannaford19151792014-11-19 12:46:47 +010016func List(client *gophercloud.ServiceClient) pagination.Pager {
17 return commonList(client, rootURL(client))
18}
19
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010020// ListByServer will return a collection of all the security groups which are
21// associated with a particular server.
Jamie Hannaford19151792014-11-19 12:46:47 +010022func ListByServer(client *gophercloud.ServiceClient, serverID string) pagination.Pager {
23 return commonList(client, listByServerURL(client, serverID))
Jamie Hannaford924c09d2014-11-19 12:05:38 +010024}
Jamie Hannaforda493e642014-11-19 12:40:30 +010025
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010026// GroupOpts is the underlying struct responsible for creating or updating
27// security groups. It therefore represents the mutable attributes of a
28// security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +010029type GroupOpts struct {
Jon Perrittdb0ae142016-03-13 00:33:41 -060030 // the name of your security group.
31 Name string `json:"name" required:"true"`
32 // the description of your security group.
33 Description string `json:"description" required:"true"`
Jamie Hannaforda493e642014-11-19 12:40:30 +010034}
35
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010036// CreateOpts is the struct responsible for creating a security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +010037type CreateOpts GroupOpts
38
Jamie Hannaford04abbc72014-11-21 11:27:57 +010039// CreateOptsBuilder builds the create options into a serializable format.
40type CreateOptsBuilder interface {
41 ToSecGroupCreateMap() (map[string]interface{}, error)
42}
43
44// ToSecGroupCreateMap builds the create options into a serializable format.
45func (opts CreateOpts) ToSecGroupCreateMap() (map[string]interface{}, error) {
Jon Perrittdb0ae142016-03-13 00:33:41 -060046 return gophercloud.BuildRequestBody(opts, "security_group")
Jamie Hannaford04abbc72014-11-21 11:27:57 +010047}
48
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010049// Create will create a new security group.
Jon Perritt3860b512016-03-29 12:01:48 -050050func Create(client *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -060051 b, err := opts.ToSecGroupCreateMap()
Jamie Hannaford04abbc72014-11-21 11:27:57 +010052 if err != nil {
Jon Perrittdb0ae142016-03-13 00:33:41 -060053 r.Err = err
Jon Perritt3860b512016-03-29 12:01:48 -050054 return
Jamie Hannaford04abbc72014-11-21 11:27:57 +010055 }
Jon Perrittdb0ae142016-03-13 00:33:41 -060056 _, r.Err = client.Post(rootURL(client), b, &r.Body, &gophercloud.RequestOpts{
Jamie Hannaford6a3a78f2015-03-24 14:56:12 +010057 OkCodes: []int{200},
Jamie Hannaforda493e642014-11-19 12:40:30 +010058 })
jrperritt29ae6b32016-04-13 12:59:37 -050059 return
Jamie Hannaforda493e642014-11-19 12:40:30 +010060}
Jamie Hannafordb38dd312014-11-19 13:02:11 +010061
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010062// UpdateOpts is the struct responsible for updating an existing security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +010063type UpdateOpts GroupOpts
64
Jamie Hannaford04abbc72014-11-21 11:27:57 +010065// UpdateOptsBuilder builds the update options into a serializable format.
66type UpdateOptsBuilder interface {
67 ToSecGroupUpdateMap() (map[string]interface{}, error)
68}
69
70// ToSecGroupUpdateMap builds the update options into a serializable format.
71func (opts UpdateOpts) ToSecGroupUpdateMap() (map[string]interface{}, error) {
Jon Perrittdb0ae142016-03-13 00:33:41 -060072 return gophercloud.BuildRequestBody(opts, "security_group")
Jamie Hannaford04abbc72014-11-21 11:27:57 +010073}
74
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010075// Update will modify the mutable properties of a security group, notably its
76// name and description.
Jon Perritt3860b512016-03-29 12:01:48 -050077func Update(client *gophercloud.ServiceClient, id string, opts UpdateOptsBuilder) (r UpdateResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -060078 b, err := opts.ToSecGroupUpdateMap()
Jamie Hannaford04abbc72014-11-21 11:27:57 +010079 if err != nil {
Jon Perrittdb0ae142016-03-13 00:33:41 -060080 r.Err = err
Jon Perritt3860b512016-03-29 12:01:48 -050081 return
Jamie Hannaford04abbc72014-11-21 11:27:57 +010082 }
Jon Perrittdb0ae142016-03-13 00:33:41 -060083 _, r.Err = client.Put(resourceURL(client, id), b, &r.Body, &gophercloud.RequestOpts{
Jamie Hannaford6a3a78f2015-03-24 14:56:12 +010084 OkCodes: []int{200},
Jamie Hannaford30c74662014-11-19 15:37:34 +010085 })
jrperritt29ae6b32016-04-13 12:59:37 -050086 return
Jamie Hannaford30c74662014-11-19 15:37:34 +010087}
88
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010089// Get will return details for a particular security group.
Jon Perritt3860b512016-03-29 12:01:48 -050090func Get(client *gophercloud.ServiceClient, id string) (r GetResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -060091 _, r.Err = client.Get(resourceURL(client, id), &r.Body, nil)
jrperritt29ae6b32016-04-13 12:59:37 -050092 return
Jamie Hannafordb38dd312014-11-19 13:02:11 +010093}
Jamie Hannafordd276e612014-11-19 13:56:28 +010094
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +010095// Delete will permanently delete a security group from the project.
Jon Perritt3860b512016-03-29 12:01:48 -050096func Delete(client *gophercloud.ServiceClient, id string) (r gophercloud.ErrResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -060097 _, r.Err = client.Delete(resourceURL(client, id), nil)
jrperritt29ae6b32016-04-13 12:59:37 -050098 return
Jamie Hannafordd276e612014-11-19 13:56:28 +010099}
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100100
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100101// CreateRuleOpts represents the configuration for adding a new rule to an
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100102// existing security group.
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100103type CreateRuleOpts struct {
jrperrittbc548612016-04-13 17:03:59 -0500104 // the ID of the group that this rule will be added to.
Jon Perrittdb0ae142016-03-13 00:33:41 -0600105 ParentGroupID string `json:"parent_group_id" required:"true"`
jrperrittbc548612016-04-13 17:03:59 -0500106 // the lower bound of the port range that will be opened.
jrperritte0ba1052016-04-13 17:19:54 -0500107 FromPort int `json:"from_port"`
jrperrittbc548612016-04-13 17:03:59 -0500108 // the upper bound of the port range that will be opened.
jrperritte0ba1052016-04-13 17:19:54 -0500109 ToPort int `json:"to_port"`
jrperrittbc548612016-04-13 17:03:59 -0500110 // the protocol type that will be allowed, e.g. TCP.
Jon Perrittdb0ae142016-03-13 00:33:41 -0600111 IPProtocol string `json:"ip_protocol" required:"true"`
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100112 // ONLY required if FromGroupID is blank. This represents the IP range that
113 // will be the source of network traffic to your security group. Use
114 // 0.0.0.0/0 to allow all IP addresses.
jrperrittbc548612016-04-13 17:03:59 -0500115 CIDR string `json:"cidr,omitempty" or:"FromGroupID"`
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100116 // ONLY required if CIDR is blank. This value represents the ID of a group
117 // that forwards traffic to the parent group. So, instead of accepting
118 // network traffic from an entire IP range, you can instead refine the
119 // inbound source by an existing security group.
jrperrittbc548612016-04-13 17:03:59 -0500120 FromGroupID string `json:"group_id,omitempty" or:"CIDR"`
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100121}
122
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100123// CreateRuleOptsBuilder builds the create rule options into a serializable format.
124type CreateRuleOptsBuilder interface {
125 ToRuleCreateMap() (map[string]interface{}, error)
126}
127
128// ToRuleCreateMap builds the create rule options into a serializable format.
129func (opts CreateRuleOpts) ToRuleCreateMap() (map[string]interface{}, error) {
Jon Perrittdb0ae142016-03-13 00:33:41 -0600130 return gophercloud.BuildRequestBody(opts, "security_group_rule")
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100131}
132
133// CreateRule will add a new rule to an existing security group (whose ID is
134// specified in CreateRuleOpts). You have the option of controlling inbound
135// traffic from either an IP range (CIDR) or from another security group.
Jon Perritt3860b512016-03-29 12:01:48 -0500136func CreateRule(client *gophercloud.ServiceClient, opts CreateRuleOptsBuilder) (r CreateRuleResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -0600137 b, err := opts.ToRuleCreateMap()
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100138 if err != nil {
Jon Perrittdb0ae142016-03-13 00:33:41 -0600139 r.Err = err
Jon Perritt3860b512016-03-29 12:01:48 -0500140 return
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100141 }
Jon Perrittdb0ae142016-03-13 00:33:41 -0600142 _, r.Err = client.Post(rootRuleURL(client), b, &r.Body, &gophercloud.RequestOpts{
Jamie Hannaford6a3a78f2015-03-24 14:56:12 +0100143 OkCodes: []int{200},
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100144 })
jrperritt29ae6b32016-04-13 12:59:37 -0500145 return
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100146}
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100147
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100148// DeleteRule will permanently delete a rule from a security group.
Jon Perritt3860b512016-03-29 12:01:48 -0500149func DeleteRule(client *gophercloud.ServiceClient, id string) (r gophercloud.ErrResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -0600150 _, r.Err = client.Delete(resourceRuleURL(client, id), nil)
jrperritt29ae6b32016-04-13 12:59:37 -0500151 return
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100152}
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100153
154func actionMap(prefix, groupName string) map[string]map[string]string {
155 return map[string]map[string]string{
156 prefix + "SecurityGroup": map[string]string{"name": groupName},
157 }
158}
159
Jon Perrittdb0ae142016-03-13 00:33:41 -0600160// AddServer will associate a server and a security group, enforcing the
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100161// rules of the group on the server.
Jon Perritt3860b512016-03-29 12:01:48 -0500162func AddServer(client *gophercloud.ServiceClient, serverID, groupName string) (r gophercloud.ErrResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -0600163 _, r.Err = client.Post(serverActionURL(client, serverID), actionMap("add", groupName), &r.Body, nil)
jrperritt29ae6b32016-04-13 12:59:37 -0500164 return
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100165}
166
Jon Perrittdb0ae142016-03-13 00:33:41 -0600167// RemoveServer will disassociate a server from a security group.
Jon Perritt3860b512016-03-29 12:01:48 -0500168func RemoveServer(client *gophercloud.ServiceClient, serverID, groupName string) (r gophercloud.ErrResult) {
Jon Perrittdb0ae142016-03-13 00:33:41 -0600169 _, r.Err = client.Post(serverActionURL(client, serverID), actionMap("remove", groupName), &r.Body, nil)
jrperritt29ae6b32016-04-13 12:59:37 -0500170 return
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100171}