Trang chủ Khám phá Trợ giúp
Đăng ký Đăng nhập
zhouyuhuan
/
Cloudpods
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Branch: main
Branches Tags
Cloudpods
/
backend
/
vendor
/
yunion.io
/
x
/
cloudmux
/
pkg
/
multicloud
/
hcso
/
secgrouprules.go

secgrouprules.go 4.3 KB
Permalink Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 
  1. // Copyright 2019 Yunion
    2. 

  2. //
    3. 

  3. // Licensed under the Apache License, Version 2.0 (the "License");
    4. 

  4. // you may not use this file except in compliance with the License.
    5. 

  5. // You may obtain a copy of the License at
    6. 

  6. //
    7. 

  7. //     http://www.apache.org/licenses/LICENSE-2.0
    8. 

  8. //
    9. 

  9. // Unless required by applicable law or agreed to in writing, software
    10. 

  10. // distributed under the License is distributed on an "AS IS" BASIS,
    11. 

  11. // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12. 

  12. // See the License for the specific language governing permissions and
    13. 

  13. // limitations under the License.
    14. 

  14. 

  15. package hcso
    16. 

  16. 

  17. import (
    18. 

  18. 	"fmt"
    19. 

  19. 	"net/url"
    20. 

  20. 	"strings"
    21. 

  21. 

  22. 	"yunion.io/x/cloudmux/pkg/cloudprovider"
    23. 

  23. 	"yunion.io/x/pkg/errors"
    24. 

  24. 	"yunion.io/x/pkg/util/secrules"
    25. 

  25. )
    26. 

  26. 

  27. type SecurityGroupRule struct {
    28. 

  28. 	secgroup *SSecurityGroup
    29. 

  29. 

  30. 	Direction       string
    31. 

  31. 	Ethertype       string
    32. 

  32. 	Id              string
    33. 

  33. 	Description     string
    34. 

  34. 	PortRangeMax    int64
    35. 

  35. 	PortRangeMin    int64
    36. 

  36. 	Protocol        string
    37. 

  37. 	RemoteGroupId   string
    38. 

  38. 	RemoteIPPrefix  string
    39. 

  39. 	SecurityGroupId string
    40. 

  40. 	TenantId        string
    41. 

  41. }
    42. 

  42. 

  43. func (self *SecurityGroupRule) GetGlobalId() string {
    44. 

  44. 	return self.Id
    45. 

  45. }
    46. 

  46. 

  47. func (self *SecurityGroupRule) GetDescription() string {
    48. 

  48. 	return self.Description
    49. 

  49. }
    50. 

  50. 

  51. func (self *SecurityGroupRule) GetDirection() secrules.TSecurityRuleDirection {
    52. 

  52. 	if self.Direction == "egress" {
    53. 

  53. 		return secrules.DIR_OUT
    54. 

  54. 	}
    55. 

  55. 	return secrules.DIR_IN
    56. 

  56. }
    57. 

  57. 

  58. func (self *SecurityGroupRule) GetPriority() int {
    59. 

  59. 	return 0
    60. 

  60. }
    61. 

  61. 

  62. func (self *SecurityGroupRule) GetAction() secrules.TSecurityRuleAction {
    63. 

  63. 	return secrules.SecurityRuleAllow
    64. 

  64. }
    65. 

  65. 

  66. func (self *SecurityGroupRule) GetProtocol() string {
    67. 

  67. 	if len(self.Protocol) == 0 {
    68. 

  68. 		self.Protocol = secrules.PROTO_ANY
    69. 

  69. 	}
    70. 

  70. 	return strings.ToLower(self.Protocol)
    71. 

  71. }
    72. 

  72. 

  73. func (self *SecurityGroupRule) GetPorts() string {
    74. 

  74. 	if self.PortRangeMax > 0 && self.PortRangeMin > 0 {
    75. 

  75. 		if self.PortRangeMax == self.PortRangeMin {
    76. 

  76. 			return fmt.Sprintf("%d", self.PortRangeMax)
    77. 

  77. 		}
    78. 

  78. 		return fmt.Sprintf("%d-%d", self.PortRangeMin, self.PortRangeMax)
    79. 

  79. 	}
    80. 

  80. 	return ""
    81. 

  81. }
    82. 

  82. 

  83. type SPageInfo struct {
    84. 

  84. 	NextMarker string
    85. 

  85. }
    86. 

  86. 

  87. func (self *SecurityGroupRule) GetCIDRs() []string {
    88. 

  88. 	ret := []string{self.RemoteIPPrefix + self.RemoteGroupId}
    89. 

  89. 	return ret
    90. 

  90. }
    91. 

  91. 

  92. func (self *SecurityGroupRule) Delete() error {
    93. 

  93. 	return self.secgroup.region.DeleteSecurityGroupRule(self.Id)
    94. 

  94. }
    95. 

  95. 

  96. func (self *SRegion) DeleteSecurityGroupRule(id string) error {
    97. 

  97. 	_, err := self.delete(SERVICE_VPC, "vpc/security-group-rules/"+id)
    98. 

  98. 	return err
    99. 

  99. }
    100. 

  100. 

  101. func (self *SRegion) GetSecurityGroupRules(groupId string) ([]SecurityGroupRule, error) {
    102. 

  102. 	params := url.Values{}
    103. 

  103. 	params.Set("security_group_id", groupId)
    104. 

  104. 

  105. 	ret := []SecurityGroupRule{}
    106. 

  106. 	for {
    107. 

  107. 		resp, err := self.list(SERVICE_VPC, "vpc/security-group-rules", params)
    108. 

  108. 		if err != nil {
    109. 

  109. 			return nil, err
    110. 

  110. 		}
    111. 

  111. 		part := struct {
    112. 

  112. 			SecurityGroupRules []SecurityGroupRule
    113. 

  113. 			PageInfo           SPageInfo
    114. 

  114. 		}{}
    115. 

  115. 		err = resp.Unmarshal(&part)
    116. 

  116. 		if err != nil {
    117. 

  117. 			return nil, errors.Wrapf(err, "Unmarshal")
    118. 

  118. 		}
    119. 

  119. 		ret = append(ret, part.SecurityGroupRules...)
    120. 

  120. 		if len(part.PageInfo.NextMarker) == 0 || len(part.SecurityGroupRules) == 0 {
    121. 

  121. 			break
    122. 

  122. 		}
    123. 

  123. 		params.Set("marker", part.PageInfo.NextMarker)
    124. 

  124. 	}
    125. 

  125. 	return ret, nil
    126. 

  126. }
    127. 

  127. 

  128. func (self *SRegion) CreateSecurityGroupRule(groupId string, opts *cloudprovider.SecurityGroupRuleCreateOptions) (*SecurityGroupRule, error) {
    129. 

  129. 	rule := map[string]interface{}{
    130. 

  130. 		"security_group_id": groupId,
    131. 

  131. 		"description":       opts.Desc,
    132. 

  132. 		"direction":         "ingress",
    133. 

  133. 		"ethertype":         "IPv4",
    134. 

  134. 		"protocol":          strings.ToLower(opts.Protocol),
    135. 

  135. 		"action":            "allow",
    136. 

  136. 		"priority":          opts.Priority,
    137. 

  137. 	}
    138. 

  138. 	if len(opts.CIDR) > 0 {
    139. 

  139. 		rule["remote_ip_prefix"] = opts.CIDR
    140. 

  140. 	}
    141. 

  141. 	if opts.Action == secrules.SecurityRuleDeny {
    142. 

  142. 		rule["action"] = "deny"
    143. 

  143. 	}
    144. 

  144. 	if opts.Protocol == secrules.PROTO_ANY {
    145. 

  145. 		delete(rule, "protocol")
    146. 

  146. 	}
    147. 

  147. 	if len(opts.Ports) > 0 {
    148. 

  148. 		rule["multiport"] = opts.Ports
    149. 

  149. 	}
    150. 

  150. 	if opts.Direction == secrules.DIR_OUT {
    151. 

  151. 		rule["direction"] = "egress"
    152. 

  152. 	}
    153. 

  153. 	params := map[string]interface{}{
    154. 

  154. 		"security_group_rule": rule,
    155. 

  155. 	}
    156. 

  156. 	resp, err := self.post(SERVICE_VPC, "vpc/security-group-rules", params)
    157. 

  157. 	if err != nil {
    158. 

  158. 		return nil, errors.Wrapf(err, "create rule")
    159. 

  159. 	}
    160. 

  160. 	ret := &SecurityGroupRule{}
    161. 

  161. 	return ret, resp.Unmarshal(ret)
    162. 

  162. }
    163. 

  163. 

  164. func (self *SecurityGroupRule) Update(opts *cloudprovider.SecurityGroupRuleUpdateOptions) error {
    165. 

  165. 	return cloudprovider.ErrNotImplemented
    166. 

  166. }
    167.