mirror of https://github.com/hashicorp/consul
182 lines
4.4 KiB
Go
182 lines
4.4 KiB
Go
|
/*
|
||
|
Copyright (c) 2015 VMware, Inc. All Rights Reserved.
|
||
|
|
||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||
|
you may not use this file except in compliance with the License.
|
||
|
You may obtain a copy of the License at
|
||
|
|
||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||
|
|
||
|
Unless required by applicable law or agreed to in writing, software
|
||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
|
See the License for the specific language governing permissions and
|
||
|
limitations under the License.
|
||
|
*/
|
||
|
|
||
|
package object
|
||
|
|
||
|
import (
|
||
|
"context"
|
||
|
"errors"
|
||
|
"fmt"
|
||
|
"strings"
|
||
|
|
||
|
"github.com/vmware/govmomi/vim25"
|
||
|
"github.com/vmware/govmomi/vim25/methods"
|
||
|
"github.com/vmware/govmomi/vim25/mo"
|
||
|
"github.com/vmware/govmomi/vim25/types"
|
||
|
)
|
||
|
|
||
|
type HostFirewallSystem struct {
|
||
|
Common
|
||
|
}
|
||
|
|
||
|
func NewHostFirewallSystem(c *vim25.Client, ref types.ManagedObjectReference) *HostFirewallSystem {
|
||
|
return &HostFirewallSystem{
|
||
|
Common: NewCommon(c, ref),
|
||
|
}
|
||
|
}
|
||
|
|
||
|
func (s HostFirewallSystem) DisableRuleset(ctx context.Context, id string) error {
|
||
|
req := types.DisableRuleset{
|
||
|
This: s.Reference(),
|
||
|
Id: id,
|
||
|
}
|
||
|
|
||
|
_, err := methods.DisableRuleset(ctx, s.c, &req)
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
func (s HostFirewallSystem) EnableRuleset(ctx context.Context, id string) error {
|
||
|
req := types.EnableRuleset{
|
||
|
This: s.Reference(),
|
||
|
Id: id,
|
||
|
}
|
||
|
|
||
|
_, err := methods.EnableRuleset(ctx, s.c, &req)
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
func (s HostFirewallSystem) Refresh(ctx context.Context) error {
|
||
|
req := types.RefreshFirewall{
|
||
|
This: s.Reference(),
|
||
|
}
|
||
|
|
||
|
_, err := methods.RefreshFirewall(ctx, s.c, &req)
|
||
|
return err
|
||
|
}
|
||
|
|
||
|
func (s HostFirewallSystem) Info(ctx context.Context) (*types.HostFirewallInfo, error) {
|
||
|
var fs mo.HostFirewallSystem
|
||
|
|
||
|
err := s.Properties(ctx, s.Reference(), []string{"firewallInfo"}, &fs)
|
||
|
if err != nil {
|
||
|
return nil, err
|
||
|
}
|
||
|
|
||
|
return fs.FirewallInfo, nil
|
||
|
}
|
||
|
|
||
|
// HostFirewallRulesetList provides helpers for a slice of types.HostFirewallRuleset
|
||
|
type HostFirewallRulesetList []types.HostFirewallRuleset
|
||
|
|
||
|
// ByRule returns a HostFirewallRulesetList where Direction, PortType and Protocol are equal and Port is within range
|
||
|
func (l HostFirewallRulesetList) ByRule(rule types.HostFirewallRule) HostFirewallRulesetList {
|
||
|
var matches HostFirewallRulesetList
|
||
|
|
||
|
for _, rs := range l {
|
||
|
for _, r := range rs.Rule {
|
||
|
if r.PortType != rule.PortType ||
|
||
|
r.Protocol != rule.Protocol ||
|
||
|
r.Direction != rule.Direction {
|
||
|
continue
|
||
|
}
|
||
|
|
||
|
if r.EndPort == 0 && rule.Port == r.Port ||
|
||
|
rule.Port >= r.Port && rule.Port <= r.EndPort {
|
||
|
matches = append(matches, rs)
|
||
|
break
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return matches
|
||
|
}
|
||
|
|
||
|
// EnabledByRule returns a HostFirewallRulesetList with Match(rule) applied and filtered via Enabled()
|
||
|
// if enabled param is true, otherwise filtered via Disabled().
|
||
|
// An error is returned if the resulting list is empty.
|
||
|
func (l HostFirewallRulesetList) EnabledByRule(rule types.HostFirewallRule, enabled bool) (HostFirewallRulesetList, error) {
|
||
|
var matched, skipped HostFirewallRulesetList
|
||
|
var matchedKind, skippedKind string
|
||
|
|
||
|
l = l.ByRule(rule)
|
||
|
|
||
|
if enabled {
|
||
|
matched = l.Enabled()
|
||
|
matchedKind = "enabled"
|
||
|
|
||
|
skipped = l.Disabled()
|
||
|
skippedKind = "disabled"
|
||
|
} else {
|
||
|
matched = l.Disabled()
|
||
|
matchedKind = "disabled"
|
||
|
|
||
|
skipped = l.Enabled()
|
||
|
skippedKind = "enabled"
|
||
|
}
|
||
|
|
||
|
if len(matched) == 0 {
|
||
|
msg := fmt.Sprintf("%d %s firewall rulesets match %s %s %s %d, %d %s rulesets match",
|
||
|
len(matched), matchedKind,
|
||
|
rule.Direction, rule.Protocol, rule.PortType, rule.Port,
|
||
|
len(skipped), skippedKind)
|
||
|
|
||
|
if len(skipped) != 0 {
|
||
|
msg += fmt.Sprintf(": %s", strings.Join(skipped.Keys(), ", "))
|
||
|
}
|
||
|
|
||
|
return nil, errors.New(msg)
|
||
|
}
|
||
|
|
||
|
return matched, nil
|
||
|
}
|
||
|
|
||
|
// Enabled returns a HostFirewallRulesetList with enabled rules
|
||
|
func (l HostFirewallRulesetList) Enabled() HostFirewallRulesetList {
|
||
|
var matches HostFirewallRulesetList
|
||
|
|
||
|
for _, rs := range l {
|
||
|
if rs.Enabled {
|
||
|
matches = append(matches, rs)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return matches
|
||
|
}
|
||
|
|
||
|
// Disabled returns a HostFirewallRulesetList with disabled rules
|
||
|
func (l HostFirewallRulesetList) Disabled() HostFirewallRulesetList {
|
||
|
var matches HostFirewallRulesetList
|
||
|
|
||
|
for _, rs := range l {
|
||
|
if !rs.Enabled {
|
||
|
matches = append(matches, rs)
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return matches
|
||
|
}
|
||
|
|
||
|
// Keys returns the HostFirewallRuleset.Key for each ruleset in the list
|
||
|
func (l HostFirewallRulesetList) Keys() []string {
|
||
|
var keys []string
|
||
|
|
||
|
for _, rs := range l {
|
||
|
keys = append(keys, rs.Key)
|
||
|
}
|
||
|
|
||
|
return keys
|
||
|
}
|