github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/nsxt_firewall.go

github.com/vmware/go-vcloud-director/v2@v2.24.0/govcd/nsxt_firewall.go (about)

     1  /*
     2   * Copyright 2021 VMware, Inc.  All rights reserved.  Licensed under the Apache v2 License.
     3   */
     4  
     5  package govcd
     6  
     7  import (
     8  	"fmt"
     9  
    10  	"github.com/vmware/go-vcloud-director/v2/types/v56"
    11  )
    12  
    13  // NsxtFirewall contains a types.NsxtFirewallRuleContainer which encloses three types of rules -
    14  // system, default and user defined rules. User defined rules are the only ones that can be modified, others are
    15  // read-only.
    16  type NsxtFirewall struct {
    17  	NsxtFirewallRuleContainer *types.NsxtFirewallRuleContainer
    18  	client                    *Client
    19  	// edgeGatewayId is stored for usage in NsxtFirewall receiver functions
    20  	edgeGatewayId string
    21  }
    22  
    23  // UpdateNsxtFirewall allows user to set new firewall rules or update existing ones. The API does not have POST endpoint
    24  // and always uses PUT endpoint for creating and updating.
    25  func (egw *NsxtEdgeGateway) UpdateNsxtFirewall(firewallRules *types.NsxtFirewallRuleContainer) (*NsxtFirewall, error) {
    26  	client := egw.client
    27  	endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
    28  	minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
    29  	if err != nil {
    30  		return nil, err
    31  	}
    32  
    33  	// Insert Edge Gateway ID into endpoint path edgeGateways/%s/firewall/rules
    34  	urlRef, err := client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, egw.EdgeGateway.ID))
    35  	if err != nil {
    36  		return nil, err
    37  	}
    38  
    39  	returnObject := &NsxtFirewall{
    40  		NsxtFirewallRuleContainer: &types.NsxtFirewallRuleContainer{},
    41  		client:                    client,
    42  		edgeGatewayId:             egw.EdgeGateway.ID,
    43  	}
    44  
    45  	err = client.OpenApiPutItem(minimumApiVersion, urlRef, nil, firewallRules, returnObject.NsxtFirewallRuleContainer, nil)
    46  	if err != nil {
    47  		return nil, fmt.Errorf("error setting NSX-T Firewall: %s", err)
    48  	}
    49  
    50  	return returnObject, nil
    51  }
    52  
    53  // GetNsxtFirewall retrieves all firewall rules system, default and user defined rules
    54  func (egw *NsxtEdgeGateway) GetNsxtFirewall() (*NsxtFirewall, error) {
    55  	client := egw.client
    56  	endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
    57  	minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
    58  	if err != nil {
    59  		return nil, err
    60  	}
    61  
    62  	// Insert Edge Gateway ID into endpoint path edgeGateways/%s/firewall/rules
    63  	urlRef, err := client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, egw.EdgeGateway.ID))
    64  	if err != nil {
    65  		return nil, err
    66  	}
    67  
    68  	returnObject := &NsxtFirewall{
    69  		NsxtFirewallRuleContainer: &types.NsxtFirewallRuleContainer{},
    70  		client:                    client,
    71  		edgeGatewayId:             egw.EdgeGateway.ID,
    72  	}
    73  
    74  	err = client.OpenApiGetItem(minimumApiVersion, urlRef, nil, returnObject.NsxtFirewallRuleContainer, nil)
    75  	if err != nil {
    76  		return nil, fmt.Errorf("error retrieving NSX-T Firewall rules: %s", err)
    77  	}
    78  
    79  	// Store Edge Gateway ID for later operations
    80  	returnObject.edgeGatewayId = egw.EdgeGateway.ID
    81  
    82  	return returnObject, nil
    83  }
    84  
    85  // DeleteAllRules allows users to delete all NSX-T Firewall rules in a particular Edge Gateway
    86  func (firewall *NsxtFirewall) DeleteAllRules() error {
    87  
    88  	if firewall.edgeGatewayId == "" {
    89  		return fmt.Errorf("missing Edge Gateway ID")
    90  	}
    91  
    92  	endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
    93  	minimumApiVersion, err := firewall.client.checkOpenApiEndpointCompatibility(endpoint)
    94  	if err != nil {
    95  		return err
    96  	}
    97  
    98  	urlRef, err := firewall.client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, firewall.edgeGatewayId))
    99  	if err != nil {
   100  		return err
   101  	}
   102  
   103  	err = firewall.client.OpenApiDeleteItem(minimumApiVersion, urlRef, nil, nil)
   104  
   105  	if err != nil {
   106  		return fmt.Errorf("error deleting all NSX-T Firewall Rules: %s", err)
   107  	}
   108  
   109  	return nil
   110  }
   111  
   112  // DeleteRuleById allows users to delete NSX-T Firewall Rule By ID
   113  func (firewall *NsxtFirewall) DeleteRuleById(id string) error {
   114  	if id == "" {
   115  		return fmt.Errorf("empty ID specified")
   116  	}
   117  
   118  	endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
   119  	minimumApiVersion, err := firewall.client.checkOpenApiEndpointCompatibility(endpoint)
   120  	if err != nil {
   121  		return err
   122  	}
   123  
   124  	urlRef, err := firewall.client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, firewall.edgeGatewayId), "/", id)
   125  	if err != nil {
   126  		return err
   127  	}
   128  
   129  	err = firewall.client.OpenApiDeleteItem(minimumApiVersion, urlRef, nil, nil)
   130  
   131  	if err != nil {
   132  		return fmt.Errorf("error deleting NSX-T Firewall Rule with ID '%s': %s", id, err)
   133  	}
   134  
   135  	return nil
   136  }