github.com/vmware/govmomi@v0.51.0/cli/host/firewall/find.go (about) 1 // © Broadcom. All Rights Reserved. 2 // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. 3 // SPDX-License-Identifier: Apache-2.0 4 5 package firewall 6 7 import ( 8 "context" 9 "flag" 10 "fmt" 11 "os" 12 13 "github.com/vmware/govmomi/cli" 14 "github.com/vmware/govmomi/cli/esx" 15 "github.com/vmware/govmomi/cli/flags" 16 "github.com/vmware/govmomi/object" 17 "github.com/vmware/govmomi/vim25/types" 18 ) 19 20 type find struct { 21 *flags.ClientFlag 22 *flags.OutputFlag 23 *flags.HostSystemFlag 24 25 enabled bool 26 check bool 27 28 types.HostFirewallRule 29 } 30 31 func init() { 32 cli.Register("firewall.ruleset.find", &find{}) 33 } 34 35 func (cmd *find) Register(ctx context.Context, f *flag.FlagSet) { 36 cmd.ClientFlag, ctx = flags.NewClientFlag(ctx) 37 cmd.ClientFlag.Register(ctx, f) 38 cmd.OutputFlag, ctx = flags.NewOutputFlag(ctx) 39 cmd.OutputFlag.Register(ctx, f) 40 cmd.HostSystemFlag, ctx = flags.NewHostSystemFlag(ctx) 41 cmd.HostSystemFlag.Register(ctx, f) 42 43 f.BoolVar(&cmd.check, "c", true, "Check if esx firewall is enabled") 44 f.BoolVar(&cmd.enabled, "enabled", true, "Find enabled rule sets if true, disabled if false") 45 f.StringVar((*string)(&cmd.Direction), "direction", string(types.HostFirewallRuleDirectionOutbound), "Direction") 46 f.StringVar((*string)(&cmd.PortType), "type", string(types.HostFirewallRulePortTypeDst), "Port type") 47 f.StringVar((*string)(&cmd.Protocol), "proto", string(types.HostFirewallRuleProtocolTcp), "Protocol") 48 f.Var(flags.NewInt32(&cmd.Port), "port", "Port") 49 } 50 51 func (cmd *find) Process(ctx context.Context) error { 52 if err := cmd.ClientFlag.Process(ctx); err != nil { 53 return err 54 } 55 if err := cmd.OutputFlag.Process(ctx); err != nil { 56 return err 57 } 58 if err := cmd.HostSystemFlag.Process(ctx); err != nil { 59 return err 60 } 61 return nil 62 } 63 64 func (cmd *find) Description() string { 65 return `Find firewall rulesets matching the given rule. 66 67 For a complete list of rulesets: govc host.esxcli network firewall ruleset list 68 For a complete list of rules: govc host.esxcli network firewall ruleset rule list 69 70 Examples: 71 govc firewall.ruleset.find -direction inbound -port 22 72 govc firewall.ruleset.find -direction outbound -port 2377` 73 } 74 75 func (cmd *find) Run(ctx context.Context, f *flag.FlagSet) error { 76 host, err := cmd.HostSystem() 77 if err != nil { 78 return err 79 } 80 81 fs, err := host.ConfigManager().FirewallSystem(ctx) 82 if err != nil { 83 return err 84 } 85 86 if cmd.check { 87 x, err := esx.NewExecutor(ctx, host.Client(), host) 88 if err != nil { 89 return err 90 } 91 92 esxfw, err := x.GetFirewallInfo(ctx) 93 if err != nil { 94 return err 95 } 96 97 if !esxfw.Enabled { 98 fmt.Fprintln(os.Stderr, "host firewall is disabled") 99 } 100 } 101 102 info, err := fs.Info(ctx) 103 if err != nil { 104 return err 105 } 106 107 if f.NArg() != 0 { 108 // TODO: f.Args() -> types.HostFirewallRulesetIpList 109 return flag.ErrHelp 110 } 111 112 rs := object.HostFirewallRulesetList(info.Ruleset) 113 matched, err := rs.EnabledByRule(cmd.HostFirewallRule, cmd.enabled) 114 115 if err != nil { 116 return err 117 } 118 119 for _, r := range matched { 120 fmt.Println(r.Key) 121 } 122 123 return nil 124 }