github.com/vmware/govmomi@v0.43.0/object/host_firewall_system.go (about)

     1  /*
     2  Copyright (c) 2015 VMware, Inc. All Rights Reserved.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package object
    18  
    19  import (
    20  	"context"
    21  	"errors"
    22  	"fmt"
    23  	"strings"
    24  
    25  	"github.com/vmware/govmomi/vim25"
    26  	"github.com/vmware/govmomi/vim25/methods"
    27  	"github.com/vmware/govmomi/vim25/mo"
    28  	"github.com/vmware/govmomi/vim25/types"
    29  )
    30  
    31  type HostFirewallSystem struct {
    32  	Common
    33  }
    34  
    35  func NewHostFirewallSystem(c *vim25.Client, ref types.ManagedObjectReference) *HostFirewallSystem {
    36  	return &HostFirewallSystem{
    37  		Common: NewCommon(c, ref),
    38  	}
    39  }
    40  
    41  func (s HostFirewallSystem) DisableRuleset(ctx context.Context, id string) error {
    42  	req := types.DisableRuleset{
    43  		This: s.Reference(),
    44  		Id:   id,
    45  	}
    46  
    47  	_, err := methods.DisableRuleset(ctx, s.c, &req)
    48  	return err
    49  }
    50  
    51  func (s HostFirewallSystem) EnableRuleset(ctx context.Context, id string) error {
    52  	req := types.EnableRuleset{
    53  		This: s.Reference(),
    54  		Id:   id,
    55  	}
    56  
    57  	_, err := methods.EnableRuleset(ctx, s.c, &req)
    58  	return err
    59  }
    60  
    61  func (s HostFirewallSystem) Refresh(ctx context.Context) error {
    62  	req := types.RefreshFirewall{
    63  		This: s.Reference(),
    64  	}
    65  
    66  	_, err := methods.RefreshFirewall(ctx, s.c, &req)
    67  	return err
    68  }
    69  
    70  func (s HostFirewallSystem) Info(ctx context.Context) (*types.HostFirewallInfo, error) {
    71  	var fs mo.HostFirewallSystem
    72  
    73  	err := s.Properties(ctx, s.Reference(), []string{"firewallInfo"}, &fs)
    74  	if err != nil {
    75  		return nil, err
    76  	}
    77  
    78  	return fs.FirewallInfo, nil
    79  }
    80  
    81  // HostFirewallRulesetList provides helpers for a slice of types.HostFirewallRuleset
    82  type HostFirewallRulesetList []types.HostFirewallRuleset
    83  
    84  // ByRule returns a HostFirewallRulesetList where Direction, PortType and Protocol are equal and Port is within range
    85  func (l HostFirewallRulesetList) ByRule(rule types.HostFirewallRule) HostFirewallRulesetList {
    86  	var matches HostFirewallRulesetList
    87  
    88  	for _, rs := range l {
    89  		for _, r := range rs.Rule {
    90  			if r.PortType != rule.PortType ||
    91  				r.Protocol != rule.Protocol ||
    92  				r.Direction != rule.Direction {
    93  				continue
    94  			}
    95  
    96  			if r.EndPort == 0 && rule.Port == r.Port ||
    97  				rule.Port >= r.Port && rule.Port <= r.EndPort {
    98  				matches = append(matches, rs)
    99  				break
   100  			}
   101  		}
   102  	}
   103  
   104  	return matches
   105  }
   106  
   107  // EnabledByRule returns a HostFirewallRulesetList with Match(rule) applied and filtered via Enabled()
   108  // if enabled param is true, otherwise filtered via Disabled().
   109  // An error is returned if the resulting list is empty.
   110  func (l HostFirewallRulesetList) EnabledByRule(rule types.HostFirewallRule, enabled bool) (HostFirewallRulesetList, error) {
   111  	var matched, skipped HostFirewallRulesetList
   112  	var matchedKind, skippedKind string
   113  
   114  	l = l.ByRule(rule)
   115  
   116  	if enabled {
   117  		matched = l.Enabled()
   118  		matchedKind = "enabled"
   119  
   120  		skipped = l.Disabled()
   121  		skippedKind = "disabled"
   122  	} else {
   123  		matched = l.Disabled()
   124  		matchedKind = "disabled"
   125  
   126  		skipped = l.Enabled()
   127  		skippedKind = "enabled"
   128  	}
   129  
   130  	if len(matched) == 0 {
   131  		msg := fmt.Sprintf("%d %s firewall rulesets match %s %s %s %d, %d %s rulesets match",
   132  			len(matched), matchedKind,
   133  			rule.Direction, rule.Protocol, rule.PortType, rule.Port,
   134  			len(skipped), skippedKind)
   135  
   136  		if len(skipped) != 0 {
   137  			msg += fmt.Sprintf(": %s", strings.Join(skipped.Keys(), ", "))
   138  		}
   139  
   140  		return nil, errors.New(msg)
   141  	}
   142  
   143  	return matched, nil
   144  }
   145  
   146  // Enabled returns a HostFirewallRulesetList with enabled rules
   147  func (l HostFirewallRulesetList) Enabled() HostFirewallRulesetList {
   148  	var matches HostFirewallRulesetList
   149  
   150  	for _, rs := range l {
   151  		if rs.Enabled {
   152  			matches = append(matches, rs)
   153  		}
   154  	}
   155  
   156  	return matches
   157  }
   158  
   159  // Disabled returns a HostFirewallRulesetList with disabled rules
   160  func (l HostFirewallRulesetList) Disabled() HostFirewallRulesetList {
   161  	var matches HostFirewallRulesetList
   162  
   163  	for _, rs := range l {
   164  		if !rs.Enabled {
   165  			matches = append(matches, rs)
   166  		}
   167  	}
   168  
   169  	return matches
   170  }
   171  
   172  // Keys returns the HostFirewallRuleset.Key for each ruleset in the list
   173  func (l HostFirewallRulesetList) Keys() []string {
   174  	var keys []string
   175  
   176  	for _, rs := range l {
   177  		keys = append(keys, rs.Key)
   178  	}
   179  
   180  	return keys
   181  }