yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/bingocloud/secgroup.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package bingocloud 16 17 import ( 18 "yunion.io/x/pkg/errors" 19 "yunion.io/x/pkg/util/secrules" 20 21 api "yunion.io/x/cloudmux/pkg/apis/compute" 22 "yunion.io/x/cloudmux/pkg/cloudprovider" 23 "yunion.io/x/cloudmux/pkg/multicloud" 24 ) 25 26 type SSecurityGroup struct { 27 multicloud.SResourceBase 28 BingoTags 29 region *SRegion 30 31 ComplexIPPermissions string `json:"complexIpPermissions"` 32 ComplexIPPermissionsEgress string `json:"complexIpPermissionsEgress"` 33 DisplayName string `json:"displayName"` 34 GroupDescription string `json:"groupDescription"` 35 GroupId string `json:"groupId"` 36 GroupName string `json:"groupName"` 37 IPPermissionType string `json:"ipPermissionType"` 38 IPPermissions string `json:"ipPermissions"` 39 IPPermissionsEgress []IPPermissionsEgress `json:"ipPermissionsEgress"` 40 OwnerId string `json:"ownerId"` 41 } 42 43 type IPPermissionsEgress struct { 44 BoundType string `json:"boundType"` 45 Description string `json:"description"` 46 FromPort int `json:"fromPort"` 47 IPProtocol string `json:"ipProtocol"` 48 Groups []struct { 49 GroupId string 50 GroupName string 51 } `json:"groups"` 52 IPRanges []struct { 53 CIdRIP string `json:"cidrIp"` 54 } `json:"ipRanges"` 55 L2Accept string `json:"l2Accept"` 56 PermissionId string `json:"permissionId"` 57 Policy string `json:"policy"` 58 ToPort int `json:"toPort"` 59 } 60 61 func (self *SSecurityGroup) GetId() string { 62 return self.GroupId 63 } 64 65 func (self *SSecurityGroup) GetGlobalId() string { 66 return self.GetId() 67 } 68 69 func (self *SSecurityGroup) GetName() string { 70 return self.GroupName 71 } 72 73 func (self *SSecurityGroup) Delete() error { 74 return cloudprovider.ErrNotImplemented 75 } 76 77 func (self *SSecurityGroup) GetDescription() string { 78 return self.GroupDescription 79 } 80 81 func (self *SSecurityGroup) GetProjectId() string { 82 return "" 83 } 84 85 func (self *SSecurityGroup) GetReferences() ([]cloudprovider.SecurityGroupReference, error) { 86 return []cloudprovider.SecurityGroupReference{}, nil 87 } 88 89 func (self *SSecurityGroup) GetRules() ([]cloudprovider.SecurityRule, error) { 90 ret := []cloudprovider.SecurityRule{} 91 for _, _rule := range self.IPPermissionsEgress { 92 if len(_rule.Groups) > 0 { 93 continue 94 } 95 rule := cloudprovider.SecurityRule{} 96 rule.Direction = secrules.DIR_IN 97 rule.Priority = 1 98 rule.Action = secrules.SecurityRuleAllow 99 rule.Protocol = secrules.PROTO_ANY 100 rule.Description = _rule.Description 101 if _rule.BoundType == "Out" { 102 rule.Direction = secrules.DIR_OUT 103 } 104 if _rule.Policy == "DROP" { 105 rule.Action = secrules.SecurityRuleDeny 106 } 107 if _rule.IPProtocol != "all" { 108 rule.Protocol = _rule.IPProtocol 109 } 110 if rule.Protocol == secrules.PROTO_TCP || rule.Protocol == secrules.PROTO_UDP { 111 rule.PortStart, rule.PortEnd = _rule.FromPort, _rule.ToPort 112 } 113 114 for _, ip := range _rule.IPRanges { 115 if ip.CIdRIP == "::/0" { 116 ip.CIdRIP = "0.0.0.0/0" 117 } 118 rule.ParseCIDR(ip.CIdRIP) 119 err := rule.ValidateRule() 120 if err != nil { 121 return nil, err 122 } 123 ret = append(ret, rule) 124 } 125 } 126 return ret, nil 127 } 128 129 func (self *SSecurityGroup) GetVpcId() string { 130 return api.NORMAL_VPC_ID 131 } 132 133 func (self *SSecurityGroup) GetStatus() string { 134 return api.SECGROUP_STATUS_READY 135 } 136 137 func (self *SSecurityGroup) SyncRules(common, inAdds, outAdds, inDels, outDels []cloudprovider.SecurityRule) error { 138 return cloudprovider.ErrNotImplemented 139 } 140 141 func (self *SRegion) GetSecurityGroups(id, name, nextToken string) ([]SSecurityGroup, string, error) { 142 params := map[string]string{} 143 if len(id) > 0 { 144 params["groupId"] = id 145 } 146 if len(name) > 0 { 147 params["groupName"] = name 148 } 149 if len(nextToken) > 0 { 150 params["nextToken"] = nextToken 151 } 152 resp, err := self.invoke("DescribeSecurityGroups", params) 153 if err != nil { 154 return nil, "", err 155 } 156 ret := struct { 157 SecurityGroupInfo []SSecurityGroup 158 NextToken string 159 }{} 160 resp.Unmarshal(&ret) 161 return ret.SecurityGroupInfo, ret.NextToken, nil 162 } 163 164 func (self *SRegion) GetISecurityGroupById(id string) (cloudprovider.ICloudSecurityGroup, error) { 165 groups, _, err := self.GetSecurityGroups(id, "", "") 166 if err != nil { 167 return nil, err 168 } 169 for i := range groups { 170 if groups[i].GetGlobalId() == id { 171 groups[i].region = self 172 return &groups[i], nil 173 } 174 } 175 return nil, errors.Wrapf(cloudprovider.ErrNotFound, id) 176 } 177 178 func (self *SRegion) GetISecurityGroupByName(opts *cloudprovider.SecurityGroupFilterOptions) (cloudprovider.ICloudSecurityGroup, error) { 179 groups, _, err := self.GetSecurityGroups("", opts.Name, "") 180 if err != nil { 181 return nil, err 182 } 183 for i := range groups { 184 if groups[i].GetName() == opts.Name { 185 groups[i].region = self 186 return &groups[i], nil 187 } 188 } 189 return nil, cloudprovider.ErrNotFound 190 }