Home Explore Help
Register Sign In
zhouyuhuan
/
Cloudpods
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: main
Branches Tags
Cloudpods
/
backend
/
vendor
/
yunion.io
/
x
/
cloudmux
/
pkg
/
multicloud
/
google
/
secgrouprules.go

secgrouprules.go 4.1 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155 
  1. // Copyright 2019 Yunion
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package google
    16. 

  16. 

  17. import (
    18. 

  18. 	"fmt"
    19. 

  19. 	"strings"
    20. 

  20. 	"time"
    21. 

  21. 

  22. 	"yunion.io/x/cloudmux/pkg/cloudprovider"
    23. 

  23. 	"yunion.io/x/jsonutils"
    24. 

  24. 	"yunion.io/x/pkg/util/secrules"
    25. 

  25. 	"yunion.io/x/pkg/util/stringutils"
    26. 

  26. )
    27. 

  27. 

  28. type SFirewallAction struct {
    29. 

  29. 	IPProtocol string
    30. 

  30. 	Ports      []string
    31. 

  31. }
    32. 

  32. 

  33. type SFirewall struct {
    34. 

  34. 	secgroup *SSecurityGroup
    35. 

  35. 

  36. 	Id                    string
    37. 

  37. 	CreationTimestamp     time.Time
    38. 

  38. 	Name                  string
    39. 

  39. 	Description           string
    40. 

  40. 	Network               string
    41. 

  41. 	Priority              int
    42. 

  42. 	SourceRanges          []string
    43. 

  43. 	DestinationRanges     []string
    44. 

  44. 	TargetServiceAccounts []string
    45. 

  45. 	TargetTags            []string
    46. 

  46. 	Allowed               []SFirewallAction `json:",allowempty"`
    47. 

  47. 	Denied                []SFirewallAction `json:",allowempty"`
    48. 

  48. 	Direction             string
    49. 

  49. 	Disabled              bool
    50. 

  50. 	SelfLink              string
    51. 

  51. 	Kind                  string
    52. 

  52. }
    53. 

  53. 

  54. func (self *SFirewall) GetGlobalId() string {
    55. 

  55. 	return self.Id
    56. 

  56. }
    57. 

  57. 

  58. func (self *SFirewall) GetAction() secrules.TSecurityRuleAction {
    59. 

  59. 	if len(self.Allowed) > 0 {
    60. 

  60. 		return secrules.SecurityRuleAllow
    61. 

  61. 	}
    62. 

  62. 	return secrules.SecurityRuleDeny
    63. 

  63. }
    64. 

  64. 

  65. func (self *SFirewall) GetDescription() string {
    66. 

  66. 	return self.Description
    67. 

  67. }
    68. 

  68. 

  69. func (self *SFirewall) GetDirection() secrules.TSecurityRuleDirection {
    70. 

  70. 	if strings.ToLower(self.Direction) == "ingress" {
    71. 

  71. 		return secrules.DIR_IN
    72. 

  72. 	}
    73. 

  73. 	return secrules.DIR_OUT
    74. 

  74. }
    75. 

  75. 

  76. func (self *SFirewall) GetCIDRs() []string {
    77. 

  77. 	return append(self.SourceRanges, self.DestinationRanges...)
    78. 

  78. }
    79. 

  79. 

  80. func (self *SFirewall) GetProtocol() string {
    81. 

  81. 	ret := func() string {
    82. 

  82. 		if len(self.Allowed)+len(self.Denied) == 1 {
    83. 

  83. 			for _, r := range append(self.Allowed, self.Denied...) {
    84. 

  84. 				return r.IPProtocol
    85. 

  85. 			}
    86. 

  86. 		}
    87. 

  87. 		ret := []string{}
    88. 

  88. 		for _, r := range append(self.Allowed, self.Denied...) {
    89. 

  89. 			ret = append(ret, fmt.Sprintf("%s:%s", r.IPProtocol, strings.Join(r.Ports, ",")))
    90. 

  90. 		}
    91. 

  91. 		return strings.Join(ret, "|")
    92. 

  92. 	}()
    93. 

  93. 	if ret == "all" {
    94. 

  94. 		return secrules.PROTO_ANY
    95. 

  95. 	}
    96. 

  96. 	return ret
    97. 

  97. }
    98. 

  98. 

  99. func (self *SFirewall) GetPorts() string {
    100. 

  100. 	if len(self.Allowed)+len(self.Denied) == 1 {
    101. 

  101. 		for _, r := range append(self.Allowed, self.Denied...) {
    102. 

  102. 			return strings.Join(r.Ports, ",")
    103. 

  103. 		}
    104. 

  104. 	}
    105. 

  105. 	ret := []string{}
    106. 

  106. 	for _, r := range append(self.Allowed, self.Denied...) {
    107. 

  107. 		ret = append(ret, fmt.Sprintf("%s:%s", r.IPProtocol, strings.Join(r.Ports, ",")))
    108. 

  108. 	}
    109. 

  109. 	return strings.Join(ret, "|")
    110. 

  110. }
    111. 

  111. 

  112. func (self *SFirewall) GetPriority() int {
    113. 

  113. 	return self.Priority
    114. 

  114. }
    115. 

  115. 

  116. func (self *SFirewall) Delete() error {
    117. 

  117. 	return self.secgroup.gvpc.client.ecsDelete(self.SelfLink, nil)
    118. 

  118. }
    119. 

  119. 

  120. func (self *SFirewall) Update(opts *cloudprovider.SecurityGroupRuleUpdateOptions) error {
    121. 

  121. 	params := map[string]string{
    122. 

  122. 		"requestId": stringutils.UUID4(),
    123. 

  123. 	}
    124. 

  124. 	if len(self.SourceRanges) > 0 {
    125. 

  125. 		self.SourceRanges = []string{opts.CIDR}
    126. 

  126. 	}
    127. 

  127. 	if len(self.DestinationRanges) > 0 {
    128. 

  128. 		self.DestinationRanges = []string{opts.CIDR}
    129. 

  129. 	}
    130. 

  130. 	self.Priority = opts.Priority
    131. 

  131. 	if len(opts.Desc) > 0 {
    132. 

  132. 		self.Description = opts.Desc
    133. 

  133. 	}
    134. 

  134. 	action := SFirewallAction{}
    135. 

  135. 	action.IPProtocol = opts.Protocol
    136. 

  136. 	switch opts.Protocol {
    137. 

  137. 	case secrules.PROTO_TCP, secrules.PROTO_UDP:
    138. 

  138. 		if len(opts.Ports) > 0 {
    139. 

  139. 			action.Ports = []string{opts.Ports}
    140. 

  140. 		}
    141. 

  141. 	case secrules.PROTO_ANY:
    142. 

  142. 		action.IPProtocol = "all"
    143. 

  143. 	}
    144. 

  144. 	switch opts.Action {
    145. 

  145. 	case secrules.SecurityRuleAllow:
    146. 

  146. 		self.Denied = []SFirewallAction{}
    147. 

  147. 		self.Allowed = []SFirewallAction{action}
    148. 

  148. 	case secrules.SecurityRuleDeny:
    149. 

  149. 		self.Allowed = []SFirewallAction{}
    150. 

  150. 		self.Denied = []SFirewallAction{action}
    151. 

  151. 	}
    152. 

  152. 	resource := fmt.Sprintf("projects/%s/global/firewalls/%s", self.secgroup.gvpc.client.projectId, self.Name)
    153. 

  153. 	_, err := self.secgroup.gvpc.client.ecsPatch(resource, "", params, jsonutils.Marshal(self))
    154. 

  154. 	return err
    155. 

  155. }
    156.