secgrouprule.go 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. // Copyright 2019 Yunion
  2. //
  3. // Licensed under the Apache License, Version 2.0 (the "License");
  4. // you may not use this file except in compliance with the License.
  5. // You may obtain a copy of the License at
  6. //
  7. // http://www.apache.org/licenses/LICENSE-2.0
  8. //
  9. // Unless required by applicable law or agreed to in writing, software
  10. // distributed under the License is distributed on an "AS IS" BASIS,
  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12. // See the License for the specific language governing permissions and
  13. // limitations under the License.
  14. package baidu
  15. import (
  16. "fmt"
  17. "net/url"
  18. "strings"
  19. "time"
  20. "yunion.io/x/cloudmux/pkg/cloudprovider"
  21. "yunion.io/x/pkg/util/secrules"
  22. )
  23. type SSecurityGroupRule struct {
  24. region *SRegion
  25. Remark string
  26. Direction string
  27. Ethertype string
  28. PortRange string
  29. DestGroupId string
  30. DestIp string
  31. SourceIp string
  32. SourceGroupId string
  33. SecurityGroupId string
  34. SecurityGroupRuleId string
  35. CreatedTime time.Time
  36. UpdatedTime time.Time
  37. Protocol string
  38. }
  39. func (self *SSecurityGroupRule) GetGlobalId() string {
  40. return self.SecurityGroupRuleId
  41. }
  42. func (self *SSecurityGroupRule) GetAction() secrules.TSecurityRuleAction {
  43. return secrules.SecurityRuleAllow
  44. }
  45. func (self *SSecurityGroupRule) GetDescription() string {
  46. return self.Remark
  47. }
  48. func (self *SSecurityGroupRule) GetDirection() secrules.TSecurityRuleDirection {
  49. if self.Direction == "ingress" {
  50. return secrules.DIR_IN
  51. }
  52. return secrules.DIR_OUT
  53. }
  54. func getCidr(ip string, version string) string {
  55. switch version {
  56. case "IPv6":
  57. if ip == "all" {
  58. return "::/0"
  59. }
  60. return ip
  61. case "IPv4":
  62. if ip == "all" {
  63. return "0.0.0.0/0"
  64. }
  65. return ip
  66. default:
  67. return ip
  68. }
  69. }
  70. func (self *SSecurityGroupRule) GetCIDRs() []string {
  71. ret := []string{}
  72. if len(self.DestGroupId) > 0 {
  73. ret = append(ret, self.DestGroupId)
  74. }
  75. if len(self.DestIp) > 0 {
  76. ret = append(ret, getCidr(self.DestIp, self.Ethertype))
  77. }
  78. if len(self.SourceIp) > 0 {
  79. ret = append(ret, getCidr(self.SourceIp, self.Ethertype))
  80. }
  81. if len(self.SourceGroupId) > 0 {
  82. ret = append(ret, self.SourceGroupId)
  83. }
  84. return ret
  85. }
  86. func (self *SSecurityGroupRule) GetProtocol() string {
  87. if strings.ToLower(self.Protocol) == "all" || len(self.Protocol) == 0 {
  88. return secrules.PROTO_ANY
  89. }
  90. return strings.ToLower(self.Protocol)
  91. }
  92. func (self *SSecurityGroupRule) GetPorts() string {
  93. if self.PortRange == "1-65535" || self.PortRange == "" {
  94. return ""
  95. }
  96. return self.PortRange
  97. }
  98. func (self *SSecurityGroupRule) GetPriority() int {
  99. return 1
  100. }
  101. func (self *SSecurityGroupRule) Delete() error {
  102. return self.region.DeleteSecurityGroupRule(self.SecurityGroupRuleId)
  103. }
  104. func (region *SRegion) DeleteSecurityGroupRule(id string) error {
  105. _, err := region.bccDelete(fmt.Sprintf("v2/securityGroup/rule/%s", id), nil)
  106. return err
  107. }
  108. func (self *SSecurityGroupRule) Update(opts *cloudprovider.SecurityGroupRuleUpdateOptions) error {
  109. return self.region.UpdateSecurityGroupRule(self.GetGlobalId(), self.Direction, opts)
  110. }
  111. func (region *SRegion) UpdateSecurityGroupRule(ruleId string, direction string, opts *cloudprovider.SecurityGroupRuleUpdateOptions) error {
  112. params := url.Values{}
  113. body := map[string]interface{}{
  114. "remark": opts.Desc,
  115. "protocol": opts.Protocol,
  116. "portRange": opts.Ports,
  117. "securityGroupRuleId": ruleId,
  118. }
  119. if len(opts.CIDR) > 0 {
  120. if direction == "egress" {
  121. body["destIp"] = opts.CIDR
  122. } else {
  123. body["sourceIp"] = opts.CIDR
  124. }
  125. }
  126. _, err := region.bccUpdate("v2/securityGroup/rule/update", params, body)
  127. return err
  128. }