Halaman utama Jelajahi Bantuan
Daftar Masuk
zhouyuhuan
/
Cloudpods
1
0
Fork 0
Berkas Masalah 0 Permintaan Tarik 0 Wiki
Pohon: 0d91f1698e
Ranting Tag
Cloudpods
/
backend
/
vendor
/
yunion.io
/
x
/
cloudmux
/
pkg
/
multicloud
/
aws
/
secgrouprule.go

secgrouprule.go 4.4 KB
Riwayat Mentahan

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 
  1. // Copyright 2019 Yunion
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package aws
    16. 

  16. 

  17. import (
    18. 

  18. 	"fmt"
    19. 

  19. 	"strings"
    20. 

  20. 

  21. 	"yunion.io/x/cloudmux/pkg/cloudprovider"
    22. 

  22. 	"yunion.io/x/pkg/util/secrules"
    23. 

  23. 	"yunion.io/x/pkg/utils"
    24. 

  24. )
    25. 

  25. 

  26. type SSecurityGroupRule struct {
    27. 

  27. 	group *SSecurityGroup
    28. 

  28. 

  29. 	FromPort            int    `xml:"fromPort"`
    30. 

  30. 	GroupId             string `xml:"groupId"`
    31. 

  31. 	IpProtocol          string `xml:"ipProtocol"`
    32. 

  32. 	GroupOwnerId        string `xml:"groupOwnerId"`
    33. 

  33. 	IsEgress            bool   `xml:"isEgress"`
    34. 

  34. 	SecurityGroupRuleId string `xml:"securityGroupRuleId"`
    35. 

  35. 	ReferencedGroupInfo struct {
    36. 

  36. 		GroupId string `xml:"groupId"`
    37. 

  37. 		UserId  string `xml:"userId"`
    38. 

  38. 	} `xml:"referencedGroupInfo"`
    39. 

  39. 	CidrIpv4     string `xml:"cidrIpv4"`
    40. 

  40. 	CidrIpv6     string `xml:"cidrIpv6"`
    41. 

  41. 	Description  string `xml:"description"`
    42. 

  42. 	PrefixListId string `xml:"prefixListId"`
    43. 

  43. 	ToPort       int    `xml:"toPort"`
    44. 

  44. }
    45. 

  45. 

  46. func (self *SSecurityGroupRule) GetGlobalId() string {
    47. 

  47. 	return self.SecurityGroupRuleId
    48. 

  48. }
    49. 

  49. 

  50. func (self *SSecurityGroupRule) GetAction() secrules.TSecurityRuleAction {
    51. 

  51. 	return secrules.SecurityRuleAllow
    52. 

  52. }
    53. 

  53. 

  54. func (self *SSecurityGroupRule) GetDescription() string {
    55. 

  55. 	return self.Description
    56. 

  56. }
    57. 

  57. 

  58. func (self *SSecurityGroupRule) GetDirection() secrules.TSecurityRuleDirection {
    59. 

  59. 	if self.IsEgress {
    60. 

  60. 		return secrules.DIR_OUT
    61. 

  61. 	}
    62. 

  62. 	return secrules.DIR_IN
    63. 

  63. }
    64. 

  64. 

  65. func (self *SSecurityGroupRule) GetCIDRs() []string {
    66. 

  66. 	ret := []string{self.CidrIpv4 + self.CidrIpv6 + self.PrefixListId}
    67. 

  67. 	return ret
    68. 

  68. }
    69. 

  69. 

  70. func (self *SSecurityGroupRule) GetProtocol() string {
    71. 

  71. 	if self.IpProtocol == "-1" {
    72. 

  72. 		return secrules.PROTO_ANY
    73. 

  73. 	}
    74. 

  74. 	return strings.ToLower(self.IpProtocol)
    75. 

  75. }
    76. 

  76. 

  77. func (self *SSecurityGroupRule) GetPorts() string {
    78. 

  78. 	if self.FromPort > 0 && self.ToPort > 0 {
    79. 

  79. 		if self.FromPort == self.ToPort {
    80. 

  80. 			return fmt.Sprintf("%d", self.FromPort)
    81. 

  81. 		}
    82. 

  82. 		return fmt.Sprintf("%d-%d", self.FromPort, self.ToPort)
    83. 

  83. 	}
    84. 

  84. 	return ""
    85. 

  85. }
    86. 

  86. 

  87. func (self *SSecurityGroupRule) GetPriority() int {
    88. 

  88. 	return 0
    89. 

  89. }
    90. 

  90. 

  91. func (self *SSecurityGroupRule) Delete() error {
    92. 

  92. 	return self.group.region.DeleteSecurityGroupRule(self.GroupId, string(self.GetDirection()), self.SecurityGroupRuleId)
    93. 

  93. }
    94. 

  94. 

  95. func (self *SRegion) GetSecurityGroupRules(id string) ([]SSecurityGroupRule, error) {
    96. 

  96. 	ret := []SSecurityGroupRule{}
    97. 

  97. 	params := map[string]string{
    98. 

  98. 		"Filter.1.Name":    "group-id",
    99. 

  99. 		"Filter.1.Value.1": id,
    100. 

  100. 	}
    101. 

  101. 	for {
    102. 

  102. 		part := struct {
    103. 

  103. 			NextToken            string               `xml:"nextToken"`
    104. 

  104. 			SecurityGroupRuleSet []SSecurityGroupRule `xml:"securityGroupRuleSet>item"`
    105. 

  105. 		}{}
    106. 

  106. 		err := self.ec2Request("DescribeSecurityGroupRules", params, &part)
    107. 

  107. 		if err != nil {
    108. 

  108. 			return nil, err
    109. 

  109. 		}
    110. 

  110. 		ret = append(ret, part.SecurityGroupRuleSet...)
    111. 

  111. 		if len(part.NextToken) == 0 || len(part.SecurityGroupRuleSet) == 0 {
    112. 

  112. 			break
    113. 

  113. 		}
    114. 

  114. 		params["NextToken"] = part.NextToken
    115. 

  115. 	}
    116. 

  116. 	return ret, nil
    117. 

  117. }
    118. 

  118. 

  119. func (self *SSecurityGroupRule) Update(opts *cloudprovider.SecurityGroupRuleUpdateOptions) error {
    120. 

  120. 	return self.group.region.UpdateSecurityGroupRule(self.group.GroupId, self.SecurityGroupRuleId, opts)
    121. 

  121. }
    122. 

  122. 

  123. func (self *SRegion) UpdateSecurityGroupRule(secgroupId, ruleId string, opts *cloudprovider.SecurityGroupRuleUpdateOptions) error {
    124. 

  124. 	if opts.Protocol == secrules.PROTO_ANY {
    125. 

  125. 		opts.Protocol = "-1"
    126. 

  126. 	}
    127. 

  127. 	from, to := "-1", "-1"
    128. 

  128. 	if len(opts.Ports) > 0 && utils.IsInStringArray(opts.Protocol, []string{secrules.PROTO_TCP, secrules.PROTO_UDP}) {
    129. 

  129. 		r := secrules.SecurityRule{}
    130. 

  130. 		r.ParsePorts(opts.Ports)
    131. 

  131. 		if r.PortStart > 0 && r.PortEnd > 0 {
    132. 

  132. 			from, to = fmt.Sprintf("%d", r.PortStart), fmt.Sprintf("%d", r.PortEnd)
    133. 

  133. 		}
    134. 

  134. 	}
    135. 

  135. 	params := map[string]string{
    136. 

  136. 		"GroupId": secgroupId,
    137. 

  137. 		"SecurityGroupRule.1.SecurityGroupRuleId":           ruleId,
    138. 

  138. 		"SecurityGroupRule.1.SecurityGroupRule.CidrIpv4":    opts.CIDR,
    139. 

  139. 		"SecurityGroupRule.1.SecurityGroupRule.Description": opts.Desc,
    140. 

  140. 		"SecurityGroupRule.1.SecurityGroupRule.IpProtocol":  opts.Protocol,
    141. 

  141. 		"SecurityGroupRule.1.SecurityGroupRule.FromPort":    from,
    142. 

  142. 		"SecurityGroupRule.1.SecurityGroupRule.ToPort":      to,
    143. 

  143. 	}
    144. 

  144. 	return self.ec2Request("ModifySecurityGroupRules", params, nil)
    145. 

  145. }
    146.