yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/cloudpods/secgroup.go

yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/cloudpods/secgroup.go (about)

     1  // Copyright 2019 Yunion
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package cloudpods
    16  
    17  import (
    18  	"fmt"
    19  	"strings"
    20  
    21  	"yunion.io/x/pkg/errors"
    22  	"yunion.io/x/pkg/util/secrules"
    23  
    24  	api "yunion.io/x/onecloud/pkg/apis/compute"
    25  	modules "yunion.io/x/onecloud/pkg/mcclient/modules/compute"
    26  
    27  	"yunion.io/x/cloudmux/pkg/cloudprovider"
    28  	"yunion.io/x/cloudmux/pkg/multicloud"
    29  )
    30  
    31  type SSecurityGroup struct {
    32  	multicloud.SResourceBase
    33  	CloudpodsTags
    34  	region *SRegion
    35  
    36  	api.SecgroupDetails
    37  }
    38  
    39  func (self *SSecurityGroup) GetName() string {
    40  	return self.Name
    41  }
    42  
    43  func (self *SSecurityGroup) GetDescription() string {
    44  	return self.Description
    45  }
    46  
    47  func (self *SSecurityGroup) GetId() string {
    48  	return self.Id
    49  }
    50  
    51  func (self *SSecurityGroup) GetGlobalId() string {
    52  	return self.Id
    53  }
    54  
    55  func (self *SSecurityGroup) GetStatus() string {
    56  	return self.Status
    57  }
    58  
    59  func (self *SSecurityGroup) GetProjectId() string {
    60  	return self.TenantId
    61  }
    62  
    63  func (self *SSecurityGroup) GetRules() ([]cloudprovider.SecurityRule, error) {
    64  	ret := []cloudprovider.SecurityRule{}
    65  	for _, r := range self.Rules {
    66  		if len(r.PeerSecgroupId) > 0 {
    67  			continue
    68  		}
    69  		rule := cloudprovider.SecurityRule{ExternalId: r.Id}
    70  		rule.Action = secrules.TSecurityRuleAction(r.Action)
    71  		rule.Priority = int(r.Priority)
    72  		rule.Protocol = r.Protocol
    73  		rule.Description = r.Description
    74  		rule.Direction = secrules.TSecurityRuleDirection(r.Direction)
    75  		rule.ParseCIDR(r.CIDR)
    76  		rule.ParsePorts(r.Ports)
    77  		ret = append(ret, rule)
    78  	}
    79  	return ret, nil
    80  }
    81  
    82  func (self *SSecurityGroup) GetVpcId() string {
    83  	return api.NORMAL_VPC_ID
    84  }
    85  
    86  func (self *SSecurityGroup) GetReferences() ([]cloudprovider.SecurityGroupReference, error) {
    87  	params := map[string]interface{}{
    88  		"secgroup_id": self.Id,
    89  	}
    90  	servers := []SInstance{}
    91  	err := self.region.list(&modules.Servers, params, &servers)
    92  	if err != nil {
    93  		return nil, err
    94  	}
    95  	ret := []cloudprovider.SecurityGroupReference{}
    96  	for i := range servers {
    97  		ret = append(ret, cloudprovider.SecurityGroupReference{
    98  			Id:   servers[i].Id,
    99  			Name: servers[i].Name,
   100  		})
   101  	}
   102  	return ret, nil
   103  }
   104  
   105  func (self *SRegion) DeleteSecRule(id string) error {
   106  	return self.cli.delete(&modules.SecGroupRules, id)
   107  }
   108  
   109  func (self *SRegion) CreateSecRule(secId string, rule cloudprovider.SecurityRule) error {
   110  	input := api.SSecgroupRuleCreateInput{}
   111  	input.SecgroupId = secId
   112  	input.Priority = &rule.Priority
   113  	input.Action = string(rule.Action)
   114  	input.Protocol = rule.Protocol
   115  	input.Direction = string(rule.Direction)
   116  	input.Description = rule.Description
   117  	if rule.IPNet != nil {
   118  		input.CIDR = rule.IPNet.String()
   119  	}
   120  
   121  	if len(rule.Ports) > 0 {
   122  		ports := []string{}
   123  		for _, port := range rule.Ports {
   124  			ports = append(ports, fmt.Sprintf("%d", port))
   125  		}
   126  		input.Ports = strings.Join(ports, ",")
   127  	} else if rule.PortStart > 0 && rule.PortEnd > 0 {
   128  		input.Ports = fmt.Sprintf("%d-%d", rule.PortStart, rule.PortEnd)
   129  	}
   130  	ret := struct{}{}
   131  	return self.create(&modules.SecGroupRules, input, &ret)
   132  }
   133  
   134  func (self *SSecurityGroup) SyncRules(common, inAdds, outAdds, inDels, outDels []cloudprovider.SecurityRule) error {
   135  	for _, r := range append(inDels, outDels...) {
   136  		err := self.region.DeleteSecRule(r.Id)
   137  		if err != nil {
   138  			return errors.Wrapf(err, "delete rule %s", r.Id)
   139  		}
   140  	}
   141  	for _, r := range append(inAdds, outAdds...) {
   142  		err := self.region.CreateSecRule(self.Id, r)
   143  		if err != nil {
   144  			return errors.Wrapf(err, "create rule %s", r)
   145  		}
   146  	}
   147  	return nil
   148  }
   149  
   150  func (self *SSecurityGroup) Delete() error {
   151  	return self.region.cli.delete(&modules.SecGroups, self.Id)
   152  }
   153  
   154  func (self *SRegion) GetSecurityGroups() ([]SSecurityGroup, error) {
   155  	params := map[string]interface{}{
   156  		"cloud_env": "onpremise",
   157  	}
   158  	ret := []SSecurityGroup{}
   159  	return ret, self.cli.list(&modules.SecGroups, params, &ret)
   160  }
   161  
   162  func (self *SRegion) GetSecurityGroup(id string) (*SSecurityGroup, error) {
   163  	secgroup := &SSecurityGroup{region: self}
   164  	return secgroup, self.cli.get(&modules.SecGroups, id, nil, secgroup)
   165  }
   166  
   167  func (self *SRegion) CreateISecurityGroup(opts *cloudprovider.SecurityGroupCreateInput) (cloudprovider.ICloudSecurityGroup, error) {
   168  	params := map[string]interface{}{
   169  		"name":        opts.Name,
   170  		"description": opts.Desc,
   171  		"rules":       opts.Rules,
   172  	}
   173  	if len(opts.ProjectId) > 0 {
   174  		params["project_id"] = opts.ProjectId
   175  	}
   176  	secgroup := &SSecurityGroup{region: self}
   177  	return secgroup, self.create(&modules.SecGroups, params, secgroup)
   178  }
   179  
   180  func (self *SVpc) GetISecurityGroups() ([]cloudprovider.ICloudSecurityGroup, error) {
   181  	secgroups, err := self.region.GetSecurityGroups()
   182  	if err != nil {
   183  		return nil, err
   184  	}
   185  	ret := []cloudprovider.ICloudSecurityGroup{}
   186  	for i := range secgroups {
   187  		secgroups[i].region = self.region
   188  		ret = append(ret, &secgroups[i])
   189  	}
   190  	return ret, nil
   191  }
   192  
   193  func (self *SRegion) GetISecurityGroupById(secgroupId string) (cloudprovider.ICloudSecurityGroup, error) {
   194  	secgroup, err := self.GetSecurityGroup(secgroupId)
   195  	if err != nil {
   196  		return nil, err
   197  	}
   198  	return secgroup, nil
   199  }
   200  
   201  func (self *SRegion) GetISecurityGroupByName(opts *cloudprovider.SecurityGroupFilterOptions) (cloudprovider.ICloudSecurityGroup, error) {
   202  	secgroup, err := self.GetSecurityGroup(opts.Name)
   203  	if err != nil {
   204  		return nil, err
   205  	}
   206  	return secgroup, nil
   207  }