github.com/gravitational/teleport/api@v0.0.0-20240507183017-3110591cbafc/types/restrictions.go (about) 1 /* 2 Copyright 2021 Gravitational, Inc. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package types 18 19 import ( 20 "time" 21 22 "github.com/gravitational/trace" 23 ) 24 25 // NetworkRestrictions defines network restrictions applied to SSH session. 26 type NetworkRestrictions interface { 27 Resource 28 // GetAllow returns a list of allowed network addresses 29 GetAllow() []AddressCondition 30 // SetAllow sets a list of allowed network addresses 31 SetAllow(allow []AddressCondition) 32 // GetDeny returns a list of denied network addresses (overrides Allow list) 33 GetDeny() []AddressCondition 34 // SetDeny sets a list of denied network addresses (overrides Allow list) 35 SetDeny(deny []AddressCondition) 36 } 37 38 // NewNetworkRestrictions creates a new NetworkRestrictions with the given name. 39 func NewNetworkRestrictions() NetworkRestrictions { 40 return &NetworkRestrictionsV4{ 41 Kind: KindNetworkRestrictions, 42 Version: V4, 43 Metadata: Metadata{ 44 Name: MetaNameNetworkRestrictions, 45 }, 46 } 47 } 48 49 func (r *NetworkRestrictionsV4) setStaticFields() { 50 if r.Version == "" { 51 r.Version = V4 52 } 53 if r.Kind == "" { 54 r.Kind = KindNetworkRestrictions 55 } 56 if r.Metadata.Name == "" { 57 r.Metadata.Name = MetaNameNetworkRestrictions 58 } 59 } 60 61 // CheckAndSetDefaults validates NetworkRestrictions fields and populates empty fields 62 // with default values. 63 func (r *NetworkRestrictionsV4) CheckAndSetDefaults() error { 64 r.setStaticFields() 65 66 if err := r.Metadata.CheckAndSetDefaults(); err != nil { 67 return trace.Wrap(err) 68 } 69 70 return nil 71 } 72 73 func (r *NetworkRestrictionsV4) GetKind() string { 74 return r.Kind 75 } 76 77 func (r *NetworkRestrictionsV4) GetSubKind() string { 78 return r.SubKind 79 } 80 81 func (r *NetworkRestrictionsV4) SetSubKind(sk string) { 82 r.SubKind = sk 83 } 84 85 func (r *NetworkRestrictionsV4) GetVersion() string { 86 return r.Version 87 } 88 89 func (r *NetworkRestrictionsV4) GetMetadata() Metadata { 90 return r.Metadata 91 } 92 93 func (r *NetworkRestrictionsV4) GetName() string { 94 return r.Metadata.GetName() 95 } 96 97 func (r *NetworkRestrictionsV4) SetName(n string) { 98 r.Metadata.SetName(n) 99 } 100 101 func (r *NetworkRestrictionsV4) GetResourceID() int64 { 102 return r.Metadata.ID 103 } 104 105 func (r *NetworkRestrictionsV4) SetResourceID(id int64) { 106 r.Metadata.SetID(id) 107 } 108 109 // GetRevision returns the revision 110 func (r *NetworkRestrictionsV4) GetRevision() string { 111 return r.Metadata.GetRevision() 112 } 113 114 // SetRevision sets the revision 115 func (r *NetworkRestrictionsV4) SetRevision(rev string) { 116 r.Metadata.SetRevision(rev) 117 } 118 119 func (r *NetworkRestrictionsV4) Expiry() time.Time { 120 return r.Metadata.Expiry() 121 } 122 123 func (r *NetworkRestrictionsV4) SetExpiry(exp time.Time) { 124 r.Metadata.SetExpiry(exp) 125 } 126 127 func (r *NetworkRestrictionsV4) GetAllow() []AddressCondition { 128 return r.Spec.Allow 129 } 130 131 func (r *NetworkRestrictionsV4) SetAllow(allow []AddressCondition) { 132 r.Spec.Allow = allow 133 } 134 135 func (r *NetworkRestrictionsV4) GetDeny() []AddressCondition { 136 return r.Spec.Deny 137 } 138 139 func (r *NetworkRestrictionsV4) SetDeny(deny []AddressCondition) { 140 r.Spec.Deny = deny 141 }