Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / debian / gophercloud / c530ba1ac117c3a2c381e9aedc31f687480f6e79 / . / openstack / compute / v2 / extensions / secgroups / requests.go
blob: f8d88d3d48708dd617bdd038ccc1204e9a324e74 [file] [log] [blame]
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]1package secgroups
2
3import (
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]4 "errors"
5
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]6 "github.com/rackspace/gophercloud"
7 "github.com/rackspace/gophercloud/pagination"
8)
9
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]10func commonList(client *gophercloud.ServiceClient, url string) pagination.Pager {
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]11 createPage := func(r pagination.PageResult) pagination.Page {
12 return SecurityGroupPage{pagination.SinglePageBase(r)}
13 }
14
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]15 return pagination.NewPager(client, url, createPage)
16}
17
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]18// List will return a collection of all the security groups for a particular
19// tenant.
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]20func List(client *gophercloud.ServiceClient) pagination.Pager {
21 return commonList(client, rootURL(client))
22}
23
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]24// ListByServer will return a collection of all the security groups which are
25// associated with a particular server.
Jamie Hannaford19151792014-11-19 12:46:47 +0100[diff] [blame]26func ListByServer(client *gophercloud.ServiceClient, serverID string) pagination.Pager {
27 return commonList(client, listByServerURL(client, serverID))
Jamie Hannaford924c09d2014-11-19 12:05:38 +0100[diff] [blame]28}
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]29
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]30// GroupOpts is the underlying struct responsible for creating or updating
31// security groups. It therefore represents the mutable attributes of a
32// security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]33type GroupOpts struct {
Jamie Hannaford415ff942014-11-25 15:25:57 +0100[diff] [blame]34 // Required - the name of your security group.
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]35 Name string `json:"name"`
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]36
Jamie Hannaford415ff942014-11-25 15:25:57 +0100[diff] [blame]37 // Required - the description of your security group.
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]38 Description string `json:"description"`
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]39}
40
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]41// CreateOpts is the struct responsible for creating a security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]42type CreateOpts GroupOpts
43
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]44// CreateOptsBuilder builds the create options into a serializable format.
45type CreateOptsBuilder interface {
46 ToSecGroupCreateMap() (map[string]interface{}, error)
47}
48
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]49var (
50 errName = errors.New("Name is a required field")
51 errDesc = errors.New("Description is a required field")
52)
53
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]54// ToSecGroupCreateMap builds the create options into a serializable format.
55func (opts CreateOpts) ToSecGroupCreateMap() (map[string]interface{}, error) {
56 sg := make(map[string]interface{})
57
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]58 if opts.Name == "" {
59 return sg, errName
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]60 }
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]61 if opts.Description == "" {
62 return sg, errDesc
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]63 }
64
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]65 sg["name"] = opts.Name
66 sg["description"] = opts.Description
67
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]68 return map[string]interface{}{"security_group": sg}, nil
69}
70
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]71// Create will create a new security group.
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]72func Create(client *gophercloud.ServiceClient, opts CreateOptsBuilder) CreateResult {
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]73 var result CreateResult
74
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]75 reqBody, err := opts.ToSecGroupCreateMap()
76 if err != nil {
77 result.Err = err
78 return result
79 }
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]80
Ash Wilson4bf41a32015-02-12 15:52:44 -0500[diff] [blame]81 _, result.Err = client.Request("POST", rootURL(client), gophercloud.RequestOpts{
82 JSONResponse: &result.Body,
83 JSONBody: &reqBody,
84 OkCodes: []int{200},
Jamie Hannaforda493e642014-11-19 12:40:30 +0100[diff] [blame]85 })
86
87 return result
88}
Jamie Hannafordb38dd312014-11-19 13:02:11 +0100[diff] [blame]89
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]90// UpdateOpts is the struct responsible for updating an existing security group.
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]91type UpdateOpts GroupOpts
92
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]93// UpdateOptsBuilder builds the update options into a serializable format.
94type UpdateOptsBuilder interface {
95 ToSecGroupUpdateMap() (map[string]interface{}, error)
96}
97
98// ToSecGroupUpdateMap builds the update options into a serializable format.
99func (opts UpdateOpts) ToSecGroupUpdateMap() (map[string]interface{}, error) {
100 sg := make(map[string]interface{})
101
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]102 if opts.Name == "" {
103 return sg, errName
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]104 }
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]105 if opts.Description == "" {
106 return sg, errDesc
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]107 }
108
Jamie Hannaford0e750962014-11-24 16:04:38 +0100[diff] [blame]109 sg["name"] = opts.Name
110 sg["description"] = opts.Description
111
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]112 return map[string]interface{}{"security_group": sg}, nil
113}
114
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]115// Update will modify the mutable properties of a security group, notably its
116// name and description.
Jamie Hannaford2f226172014-11-25 11:52:25 +0100[diff] [blame]117func Update(client *gophercloud.ServiceClient, id string, opts UpdateOptsBuilder) UpdateResult {
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]118 var result UpdateResult
119
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]120 reqBody, err := opts.ToSecGroupUpdateMap()
121 if err != nil {
122 result.Err = err
123 return result
124 }
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]125
Ash Wilson59fb6c42015-02-12 16:21:13 -0500[diff] [blame]126 _, result.Err = client.Request("PUT", resourceURL(client, id), gophercloud.RequestOpts{
127 JSONResponse: &result.Body,
128 JSONBody: &reqBody,
129 OkCodes: []int{200},
Jamie Hannaford30c74662014-11-19 15:37:34 +0100[diff] [blame]130 })
131
132 return result
133}
134
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]135// Get will return details for a particular security group.
Jamie Hannaford2f226172014-11-25 11:52:25 +0100[diff] [blame]136func Get(client *gophercloud.ServiceClient, id string) GetResult {
Jamie Hannafordb38dd312014-11-19 13:02:11 +0100[diff] [blame]137 var result GetResult
138
Ash Wilson59fb6c42015-02-12 16:21:13 -0500[diff] [blame]139 _, result.Err = client.Request("GET", resourceURL(client, id), gophercloud.RequestOpts{
140 JSONResponse: &result.Body,
Jamie Hannafordb38dd312014-11-19 13:02:11 +0100[diff] [blame]141 })
142
143 return result
144}
Jamie Hannafordd276e612014-11-19 13:56:28 +0100[diff] [blame]145
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]146// Delete will permanently delete a security group from the project.
Jamie Hannaford2f226172014-11-25 11:52:25 +0100[diff] [blame]147func Delete(client *gophercloud.ServiceClient, id string) gophercloud.ErrResult {
Jamie Hannafordd276e612014-11-19 13:56:28 +0100[diff] [blame]148 var result gophercloud.ErrResult
149
Jamie Hannafordc530ba12015-03-23 17:50:46 +0100[diff] [blame^]150 _, result.Err = client.Request("DELETE", resourceURL(client, id), gophercloud.RequestOpts{})
Jamie Hannafordd276e612014-11-19 13:56:28 +0100[diff] [blame]151
152 return result
153}
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]154
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]155// CreateRuleOpts represents the configuration for adding a new rule to an
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]156// existing security group.
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]157type CreateRuleOpts struct {
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]158 // Required - the ID of the group that this rule will be added to.
Jamie Hannaford2f226172014-11-25 11:52:25 +0100[diff] [blame]159 ParentGroupID string `json:"parent_group_id"`
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]160
161 // Required - the lower bound of the port range that will be opened.
162 FromPort int `json:"from_port"`
163
164 // Required - the upper bound of the port range that will be opened.
165 ToPort int `json:"to_port"`
166
167 // Required - the protocol type that will be allowed, e.g. TCP.
168 IPProtocol string `json:"ip_protocol"`
169
170 // ONLY required if FromGroupID is blank. This represents the IP range that
171 // will be the source of network traffic to your security group. Use
172 // 0.0.0.0/0 to allow all IP addresses.
173 CIDR string `json:"cidr,omitempty"`
174
175 // ONLY required if CIDR is blank. This value represents the ID of a group
176 // that forwards traffic to the parent group. So, instead of accepting
177 // network traffic from an entire IP range, you can instead refine the
178 // inbound source by an existing security group.
179 FromGroupID string `json:"group_id,omitempty"`
180}
181
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]182// CreateRuleOptsBuilder builds the create rule options into a serializable format.
183type CreateRuleOptsBuilder interface {
184 ToRuleCreateMap() (map[string]interface{}, error)
185}
186
187// ToRuleCreateMap builds the create rule options into a serializable format.
188func (opts CreateRuleOpts) ToRuleCreateMap() (map[string]interface{}, error) {
189 rule := make(map[string]interface{})
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]190
Jamie Hannaford2f226172014-11-25 11:52:25 +0100[diff] [blame]191 if opts.ParentGroupID == "" {
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]192 return rule, errors.New("A ParentGroupID must be set")
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]193 }
194 if opts.FromPort == 0 {
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]195 return rule, errors.New("A FromPort must be set")
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]196 }
197 if opts.ToPort == 0 {
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]198 return rule, errors.New("A ToPort must be set")
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]199 }
200 if opts.IPProtocol == "" {
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]201 return rule, errors.New("A IPProtocol must be set")
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]202 }
203 if opts.CIDR == "" && opts.FromGroupID == "" {
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]204 return rule, errors.New("A CIDR or FromGroupID must be set")
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]205 }
206
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]207 rule["parent_group_id"] = opts.ParentGroupID
208 rule["from_port"] = opts.FromPort
209 rule["to_port"] = opts.ToPort
210 rule["ip_protocol"] = opts.IPProtocol
211
212 if opts.CIDR != "" {
213 rule["cidr"] = opts.CIDR
214 }
215 if opts.FromGroupID != "" {
Long Nguyenca51f012015-02-16 15:52:22 -0500[diff] [blame]216 rule["group_id"] = opts.FromGroupID
Jamie Hannaford04abbc72014-11-21 11:27:57 +0100[diff] [blame]217 }
218
219 return map[string]interface{}{"security_group_rule": rule}, nil
220}
221
222// CreateRule will add a new rule to an existing security group (whose ID is
223// specified in CreateRuleOpts). You have the option of controlling inbound
224// traffic from either an IP range (CIDR) or from another security group.
225func CreateRule(client *gophercloud.ServiceClient, opts CreateRuleOptsBuilder) CreateRuleResult {
226 var result CreateRuleResult
227
228 reqBody, err := opts.ToRuleCreateMap()
229 if err != nil {
230 result.Err = err
231 return result
232 }
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]233
Ash Wilson4bf41a32015-02-12 15:52:44 -0500[diff] [blame]234 _, result.Err = client.Request("POST", rootRuleURL(client), gophercloud.RequestOpts{
235 JSONResponse: &result.Body,
236 JSONBody: &reqBody,
237 OkCodes: []int{200},
Jamie Hannaford8badf1e2014-11-19 14:39:26 +0100[diff] [blame]238 })
239
240 return result
241}
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100[diff] [blame]242
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]243// DeleteRule will permanently delete a rule from a security group.
Jamie Hannaford2f226172014-11-25 11:52:25 +0100[diff] [blame]244func DeleteRule(client *gophercloud.ServiceClient, id string) gophercloud.ErrResult {
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100[diff] [blame]245 var result gophercloud.ErrResult
246
Jamie Hannafordc530ba12015-03-23 17:50:46 +0100[diff] [blame^]247 _, result.Err = client.Request("DELETE", resourceRuleURL(client, id), gophercloud.RequestOpts{})
Jamie Hannaford61f81ca2014-11-19 14:44:33 +0100[diff] [blame]248
249 return result
250}
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]251
252func actionMap(prefix, groupName string) map[string]map[string]string {
253 return map[string]map[string]string{
254 prefix + "SecurityGroup": map[string]string{"name": groupName},
255 }
256}
257
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]258// AddServerToGroup will associate a server and a security group, enforcing the
259// rules of the group on the server.
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]260func AddServerToGroup(client *gophercloud.ServiceClient, serverID, groupName string) gophercloud.ErrResult {
261 var result gophercloud.ErrResult
262
Ash Wilson59fb6c42015-02-12 16:21:13 -0500[diff] [blame]263 _, result.Err = client.Request("POST", serverActionURL(client, serverID), gophercloud.RequestOpts{
264 JSONResponse: &result.Body,
265 JSONBody: actionMap("add", groupName),
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]266 })
267
268 return result
269}
270
Jamie Hannaford7f34d8e2014-11-20 12:24:55 +0100[diff] [blame]271// RemoveServerFromGroup will disassociate a server from a security group.
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]272func RemoveServerFromGroup(client *gophercloud.ServiceClient, serverID, groupName string) gophercloud.ErrResult {
273 var result gophercloud.ErrResult
274
Ash Wilson59fb6c42015-02-12 16:21:13 -0500[diff] [blame]275 _, result.Err = client.Request("POST", serverActionURL(client, serverID), gophercloud.RequestOpts{
276 JSONResponse: &result.Body,
277 JSONBody: actionMap("remove", groupName),
Jamie Hannaford740e4a32014-11-19 16:13:30 +0100[diff] [blame]278 })
279
280 return result
281}