yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/jdcloud/securitygroup.go (about)

     1  // Copyright 2019 Yunion
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package jdcloud
    16  
    17  import (
    18  	"fmt"
    19  	"net"
    20  
    21  	commodels "github.com/jdcloud-api/jdcloud-sdk-go/services/common/models"
    22  	"github.com/jdcloud-api/jdcloud-sdk-go/services/vpc/apis"
    23  	"github.com/jdcloud-api/jdcloud-sdk-go/services/vpc/client"
    24  	"github.com/jdcloud-api/jdcloud-sdk-go/services/vpc/models"
    25  
    26  	"yunion.io/x/pkg/util/secrules"
    27  
    28  	"yunion.io/x/cloudmux/pkg/cloudprovider"
    29  	"yunion.io/x/cloudmux/pkg/multicloud"
    30  )
    31  
    32  type SSecurityGroup struct {
    33  	multicloud.SSecurityGroup
    34  	JdcloudTags
    35  
    36  	vpc *SVpc
    37  	models.NetworkSecurityGroup
    38  }
    39  
    40  func (sg *SSecurityGroup) GetVpcId() string {
    41  	return sg.VpcId
    42  }
    43  
    44  func (sg *SSecurityGroup) GetId() string {
    45  	return sg.NetworkSecurityGroupId
    46  }
    47  
    48  func (sg *SSecurityGroup) GetGlobalId() string {
    49  	return sg.GetId()
    50  }
    51  
    52  func (sg *SSecurityGroup) GetName() string {
    53  	return sg.NetworkSecurityGroupName
    54  }
    55  
    56  func (sg *SSecurityGroup) GetDescription() string {
    57  	return sg.Description
    58  }
    59  
    60  func (sg *SSecurityGroup) GetRules() ([]cloudprovider.SecurityRule, error) {
    61  	rules := sg.SecurityGroupRules
    62  	srs := make([]cloudprovider.SecurityRule, 0, len(rules))
    63  	for i := range rules {
    64  		rule := secrules.SecurityRule{
    65  			Priority: 1,
    66  		}
    67  
    68  		if rules[i].Direction == 0 {
    69  			rule.Direction = secrules.SecurityRuleIngress
    70  		} else {
    71  			rule.Direction = secrules.SecurityRuleEgress
    72  		}
    73  
    74  		switch rules[i].Protocol {
    75  		case 6:
    76  			rule.Protocol = secrules.PROTO_TCP
    77  		case 17:
    78  			rule.Protocol = secrules.PROTO_UDP
    79  		case 1:
    80  			rule.Protocol = secrules.PROTO_ICMP
    81  		case 300:
    82  			rule.Protocol = secrules.PROTO_ANY
    83  		}
    84  
    85  		_, rule.IPNet, _ = net.ParseCIDR(rules[i].AddressPrefix)
    86  		rule.Description = rules[i].Description
    87  		rule.PortStart = rules[i].FromPort
    88  		rule.PortEnd = rules[i].ToPort
    89  		rule.Action = secrules.SecurityRuleAllow
    90  
    91  		if rules[i].RuleType == "default" && rules[i].FromPort == 0 && rules[i].ToPort == 0 {
    92  			rule.Action = secrules.SecurityRuleDeny
    93  		}
    94  
    95  		sr := cloudprovider.SecurityRule{
    96  			Id:           rules[i].RuleId,
    97  			ExternalId:   rules[i].RuleId,
    98  			SecurityRule: rule,
    99  		}
   100  		srs = append(srs, sr)
   101  	}
   102  	return srs, nil
   103  }
   104  
   105  func (sg *SSecurityGroup) GetStatus() string {
   106  	return ""
   107  }
   108  
   109  func (sg *SSecurityGroup) IsEmulated() bool {
   110  	return false
   111  }
   112  
   113  func (sg *SSecurityGroup) Refresh() error {
   114  	return nil
   115  }
   116  
   117  func (sg *SSecurityGroup) Delete() error {
   118  	return cloudprovider.ErrNotImplemented
   119  }
   120  
   121  func (sg *SSecurityGroup) GetProjectId() string {
   122  	return ""
   123  }
   124  
   125  func (sg *SSecurityGroup) SyncRules(common, inAdds, outAdds, inDels, outDels []cloudprovider.SecurityRule) error {
   126  	return nil
   127  }
   128  
   129  func (r *SRegion) GetSecurityGroups(vpcId string, securityGroupIds []string, pageNumber int, pageSize int) ([]SSecurityGroup, int, error) {
   130  	filters := []commodels.Filter{}
   131  	if vpcId != "" {
   132  		filters = append(filters, commodels.Filter{
   133  			Name:   "vpcId",
   134  			Values: []string{vpcId},
   135  		})
   136  	}
   137  	if len(securityGroupIds) > 0 {
   138  		filters = append(filters, commodels.Filter{
   139  			Name:   "networkSecurityGroupIds",
   140  			Values: securityGroupIds,
   141  		})
   142  	}
   143  	req := apis.NewDescribeNetworkSecurityGroupsRequestWithAllParams(r.ID, &pageNumber, &pageSize, filters)
   144  	client := client.NewVpcClient(r.getCredential())
   145  	client.Logger = Logger{debug: r.client.debug}
   146  	resp, err := client.DescribeNetworkSecurityGroups(req)
   147  	if err != nil {
   148  		return nil, 0, err
   149  	}
   150  	if resp.Error.Code >= 400 {
   151  		err = fmt.Errorf(resp.Error.Message)
   152  		return nil, 0, err
   153  	}
   154  	total := resp.Result.TotalCount
   155  	sgs := make([]SSecurityGroup, 0, len(resp.Result.NetworkSecurityGroups))
   156  	for i := range resp.Result.NetworkSecurityGroups {
   157  		sgs = append(sgs, SSecurityGroup{
   158  			NetworkSecurityGroup: resp.Result.NetworkSecurityGroups[i],
   159  		})
   160  	}
   161  	return sgs, total, nil
   162  }