github.com/vmware/govmomi@v0.51.0/object/host_firewall_system.go (about)

     1  // © Broadcom. All Rights Reserved.
     2  // The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
     3  // SPDX-License-Identifier: Apache-2.0
     4  
     5  package object
     6  
     7  import (
     8  	"context"
     9  	"errors"
    10  	"fmt"
    11  	"strings"
    12  
    13  	"github.com/vmware/govmomi/vim25"
    14  	"github.com/vmware/govmomi/vim25/methods"
    15  	"github.com/vmware/govmomi/vim25/mo"
    16  	"github.com/vmware/govmomi/vim25/types"
    17  )
    18  
    19  type HostFirewallSystem struct {
    20  	Common
    21  }
    22  
    23  func NewHostFirewallSystem(c *vim25.Client, ref types.ManagedObjectReference) *HostFirewallSystem {
    24  	return &HostFirewallSystem{
    25  		Common: NewCommon(c, ref),
    26  	}
    27  }
    28  
    29  func (s HostFirewallSystem) DisableRuleset(ctx context.Context, id string) error {
    30  	req := types.DisableRuleset{
    31  		This: s.Reference(),
    32  		Id:   id,
    33  	}
    34  
    35  	_, err := methods.DisableRuleset(ctx, s.c, &req)
    36  	return err
    37  }
    38  
    39  func (s HostFirewallSystem) EnableRuleset(ctx context.Context, id string) error {
    40  	req := types.EnableRuleset{
    41  		This: s.Reference(),
    42  		Id:   id,
    43  	}
    44  
    45  	_, err := methods.EnableRuleset(ctx, s.c, &req)
    46  	return err
    47  }
    48  
    49  func (s HostFirewallSystem) Refresh(ctx context.Context) error {
    50  	req := types.RefreshFirewall{
    51  		This: s.Reference(),
    52  	}
    53  
    54  	_, err := methods.RefreshFirewall(ctx, s.c, &req)
    55  	return err
    56  }
    57  
    58  func (s HostFirewallSystem) Info(ctx context.Context) (*types.HostFirewallInfo, error) {
    59  	var fs mo.HostFirewallSystem
    60  
    61  	err := s.Properties(ctx, s.Reference(), []string{"firewallInfo"}, &fs)
    62  	if err != nil {
    63  		return nil, err
    64  	}
    65  
    66  	return fs.FirewallInfo, nil
    67  }
    68  
    69  // HostFirewallRulesetList provides helpers for a slice of types.HostFirewallRuleset
    70  type HostFirewallRulesetList []types.HostFirewallRuleset
    71  
    72  // ByRule returns a HostFirewallRulesetList where Direction, PortType and Protocol are equal and Port is within range
    73  func (l HostFirewallRulesetList) ByRule(rule types.HostFirewallRule) HostFirewallRulesetList {
    74  	var matches HostFirewallRulesetList
    75  
    76  	for _, rs := range l {
    77  		for _, r := range rs.Rule {
    78  			if r.PortType != rule.PortType ||
    79  				r.Protocol != rule.Protocol ||
    80  				r.Direction != rule.Direction {
    81  				continue
    82  			}
    83  
    84  			if r.EndPort == 0 && rule.Port == r.Port ||
    85  				rule.Port >= r.Port && rule.Port <= r.EndPort {
    86  				matches = append(matches, rs)
    87  				break
    88  			}
    89  		}
    90  	}
    91  
    92  	return matches
    93  }
    94  
    95  // EnabledByRule returns a HostFirewallRulesetList with Match(rule) applied and filtered via Enabled()
    96  // if enabled param is true, otherwise filtered via Disabled().
    97  // An error is returned if the resulting list is empty.
    98  func (l HostFirewallRulesetList) EnabledByRule(rule types.HostFirewallRule, enabled bool) (HostFirewallRulesetList, error) {
    99  	var matched, skipped HostFirewallRulesetList
   100  	var matchedKind, skippedKind string
   101  
   102  	l = l.ByRule(rule)
   103  
   104  	if enabled {
   105  		matched = l.Enabled()
   106  		matchedKind = "enabled"
   107  
   108  		skipped = l.Disabled()
   109  		skippedKind = "disabled"
   110  	} else {
   111  		matched = l.Disabled()
   112  		matchedKind = "disabled"
   113  
   114  		skipped = l.Enabled()
   115  		skippedKind = "enabled"
   116  	}
   117  
   118  	if len(matched) == 0 {
   119  		msg := fmt.Sprintf("%d %s firewall rulesets match %s %s %s %d, %d %s rulesets match",
   120  			len(matched), matchedKind,
   121  			rule.Direction, rule.Protocol, rule.PortType, rule.Port,
   122  			len(skipped), skippedKind)
   123  
   124  		if len(skipped) != 0 {
   125  			msg += fmt.Sprintf(": %s", strings.Join(skipped.Keys(), ", "))
   126  		}
   127  
   128  		return nil, errors.New(msg)
   129  	}
   130  
   131  	return matched, nil
   132  }
   133  
   134  // Enabled returns a HostFirewallRulesetList with enabled rules
   135  func (l HostFirewallRulesetList) Enabled() HostFirewallRulesetList {
   136  	var matches HostFirewallRulesetList
   137  
   138  	for _, rs := range l {
   139  		if rs.Enabled {
   140  			matches = append(matches, rs)
   141  		}
   142  	}
   143  
   144  	return matches
   145  }
   146  
   147  // Disabled returns a HostFirewallRulesetList with disabled rules
   148  func (l HostFirewallRulesetList) Disabled() HostFirewallRulesetList {
   149  	var matches HostFirewallRulesetList
   150  
   151  	for _, rs := range l {
   152  		if !rs.Enabled {
   153  			matches = append(matches, rs)
   154  		}
   155  	}
   156  
   157  	return matches
   158  }
   159  
   160  // Keys returns the HostFirewallRuleset.Key for each ruleset in the list
   161  func (l HostFirewallRulesetList) Keys() []string {
   162  	var keys []string
   163  
   164  	for _, rs := range l {
   165  		keys = append(keys, rs.Key)
   166  	}
   167  
   168  	return keys
   169  }