github.com/niedbalski/juju@v0.0.0-20190215020005-8ff100488e47/apiserver/facades/client/firewallrules/firewallrules.go (about) 1 // Copyright 2017 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package firewallrules 5 6 import ( 7 "github.com/juju/errors" 8 "github.com/juju/loggo" 9 "gopkg.in/juju/names.v2" 10 11 "github.com/juju/juju/apiserver/common" 12 "github.com/juju/juju/apiserver/facade" 13 "github.com/juju/juju/apiserver/params" 14 "github.com/juju/juju/permission" 15 "github.com/juju/juju/state" 16 ) 17 18 var logger = loggo.GetLogger("juju.apiserver.firewallrules") 19 20 // API provides the firewallrules facade APIs for v1. 21 type API struct { 22 backend Backend 23 authorizer facade.Authorizer 24 check BlockChecker 25 } 26 27 // NewFacade provides the signature required for facade registration. 28 func NewFacade(ctx facade.Context) (*API, error) { 29 backend, err := NewStateBackend(ctx.State()) 30 if err != nil { 31 return nil, errors.Annotate(err, "getting state") 32 } 33 blockChecker := common.NewBlockChecker(ctx.State()) 34 return NewAPI( 35 backend, 36 ctx.Auth(), 37 blockChecker, 38 ) 39 } 40 41 // NewAPI returns a new firewallrules API facade. 42 func NewAPI( 43 backend Backend, 44 authorizer facade.Authorizer, 45 blockChecker BlockChecker, 46 ) (*API, error) { 47 if !authorizer.AuthClient() { 48 return nil, common.ErrPerm 49 } 50 return &API{ 51 backend: backend, 52 authorizer: authorizer, 53 check: blockChecker, 54 }, nil 55 } 56 57 func (api *API) checkPermission(tag names.Tag, perm permission.Access) error { 58 allowed, err := api.authorizer.HasPermission(perm, tag) 59 if err != nil { 60 return errors.Trace(err) 61 } 62 if !allowed { 63 return common.ErrPerm 64 } 65 return nil 66 } 67 68 func (api *API) checkAdmin() error { 69 return api.checkPermission(api.backend.ModelTag(), permission.AdminAccess) 70 } 71 72 func (api *API) checkCanRead() error { 73 return api.checkPermission(api.backend.ModelTag(), permission.ReadAccess) 74 } 75 76 // SetFirewallRules creates or updates the specified firewall rules. 77 func (api *API) SetFirewallRules(args params.FirewallRuleArgs) (params.ErrorResults, error) { 78 var errResults params.ErrorResults 79 if err := api.checkAdmin(); err != nil { 80 return errResults, errors.Trace(err) 81 } 82 if err := api.check.ChangeAllowed(); err != nil { 83 return errResults, errors.Trace(err) 84 } 85 86 results := make([]params.ErrorResult, len(args.Args)) 87 for i, arg := range args.Args { 88 logger.Debugf("saving firewall rule %+v", arg) 89 err := api.backend.SaveFirewallRule(state.FirewallRule{ 90 WellKnownService: state.WellKnownServiceType(arg.KnownService), 91 WhitelistCIDRs: arg.WhitelistCIDRS, 92 }) 93 results[i].Error = common.ServerError(err) 94 } 95 errResults.Results = results 96 return errResults, nil 97 } 98 99 // ListFirewallRules returns all the firewall rules. 100 func (api *API) ListFirewallRules() (params.ListFirewallRulesResults, error) { 101 var listResults params.ListFirewallRulesResults 102 if err := api.checkCanRead(); err != nil { 103 return listResults, errors.Trace(err) 104 } 105 rules, err := api.backend.ListFirewallRules() 106 if err != nil { 107 return listResults, errors.Trace(err) 108 } 109 listResults.Rules = make([]params.FirewallRule, len(rules)) 110 for i, r := range rules { 111 listResults.Rules[i] = params.FirewallRule{ 112 KnownService: params.KnownServiceValue(r.WellKnownService), 113 WhitelistCIDRS: r.WhitelistCIDRs, 114 } 115 } 116 return listResults, nil 117 }