github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/orbiter/kinds/providers/gce/firewall.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/orbiter/kinds/providers/gce/firewall.go (about)

     1  package gce
     2  
     3  import (
     4  	"fmt"
     5  	"sort"
     6  
     7  	uuid "github.com/satori/go.uuid"
     8  )
     9  
    10  var _ ensureFWFunc = queryFirewall
    11  
    12  func queryFirewall(context *context, firewalls []*firewall) ([]func() error, []func() error, error) {
    13  	gceFirewalls, err := context.client.Firewalls.
    14  		List(context.projectID).
    15  		Filter(fmt.Sprintf(`network = "https://www.googleapis.com/compute/v1/%s"`, context.networkURL)).
    16  		Fields("items(network,name,description,allowed,targetTags,sourceRanges)").
    17  		Do()
    18  	if err != nil {
    19  		return nil, nil, err
    20  	}
    21  
    22  	var ensure []func() error
    23  createLoop:
    24  	for _, fw := range firewalls {
    25  		for _, gceFW := range gceFirewalls.Items {
    26  			if fw.gce.Description == gceFW.Description {
    27  				if gceFW.Allowed[0].Ports[0] != fw.gce.Allowed[0].Ports[0] ||
    28  					!stringsEqual(gceFW.TargetTags, fw.gce.TargetTags) ||
    29  					!stringsEqual(gceFW.SourceRanges, fw.gce.SourceRanges) {
    30  					ensure = append(ensure, operateFunc(
    31  						fw.log("Patching firewall", true),
    32  						computeOpCall(context.client.Firewalls.Patch(context.projectID, gceFW.Name, fw.gce).RequestId(uuid.NewV1().String()).Do),
    33  						toErrFunc(fw.log("Firewall patched", false)),
    34  					))
    35  				}
    36  				continue createLoop
    37  			}
    38  		}
    39  		fw.gce.Name = newName()
    40  		ensure = append(ensure, operateFunc(
    41  			fw.log("Creating firewall", true),
    42  			computeOpCall(context.client.Firewalls.
    43  				Insert(context.projectID, fw.gce).
    44  				RequestId(uuid.NewV1().String()).
    45  				Do),
    46  			toErrFunc(fw.log("Firewall created", false)),
    47  		))
    48  	}
    49  
    50  	var remove []func() error
    51  removeLoop:
    52  	for _, gceTp := range gceFirewalls.Items {
    53  		for _, fw := range firewalls {
    54  			if gceTp.Description == fw.gce.Description {
    55  				continue removeLoop
    56  			}
    57  		}
    58  		remove = append(remove, removeResourceFunc(context.monitor, "firewall", gceTp.Name, context.client.Firewalls.
    59  			Delete(context.projectID, gceTp.Name).
    60  			RequestId(uuid.NewV1().String()).
    61  			Do))
    62  	}
    63  	return ensure, remove, nil
    64  }
    65  
    66  func stringsEqual(first, second []string) bool {
    67  	if len(first) != len(second) {
    68  		return false
    69  	}
    70  	sort.Strings(first)
    71  	sort.Strings(second)
    72  	for idx, f := range first {
    73  		if second[idx] != f {
    74  			return false
    75  		}
    76  	}
    77  	return true
    78  }