2019-09-27 21:51:53 +00:00
|
|
|
// +build !providerless
|
|
|
|
|
2019-08-30 18:33:25 +00:00
|
|
|
/*
|
|
|
|
Copyright 2018 The Kubernetes Authors.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package gce
|
|
|
|
|
|
|
|
import (
|
|
|
|
computebeta "google.golang.org/api/compute/v0.beta"
|
|
|
|
|
|
|
|
"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud"
|
|
|
|
"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/filter"
|
|
|
|
"github.com/GoogleCloudPlatform/k8s-cloud-provider/pkg/cloud/meta"
|
|
|
|
)
|
|
|
|
|
|
|
|
func newSecurityPolicyMetricContextWithVersion(request, version string) *metricContext {
|
|
|
|
return newGenericMetricContext("securitypolicy", request, "", unusedMetricLabel, version)
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetBetaSecurityPolicy retrieves a security policy.
|
|
|
|
func (g *Cloud) GetBetaSecurityPolicy(name string) (*computebeta.SecurityPolicy, error) {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("get", computeBetaVersion)
|
|
|
|
v, err := g.c.BetaSecurityPolicies().Get(ctx, meta.GlobalKey(name))
|
|
|
|
return v, mc.Observe(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// ListBetaSecurityPolicy lists all security policies in the project.
|
|
|
|
func (g *Cloud) ListBetaSecurityPolicy() ([]*computebeta.SecurityPolicy, error) {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("list", computeBetaVersion)
|
|
|
|
v, err := g.c.BetaSecurityPolicies().List(ctx, filter.None)
|
|
|
|
return v, mc.Observe(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// CreateBetaSecurityPolicy creates the given security policy.
|
|
|
|
func (g *Cloud) CreateBetaSecurityPolicy(sp *computebeta.SecurityPolicy) error {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("create", computeBetaVersion)
|
|
|
|
return mc.Observe(g.c.BetaSecurityPolicies().Insert(ctx, meta.GlobalKey(sp.Name), sp))
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteBetaSecurityPolicy deletes the given security policy.
|
|
|
|
func (g *Cloud) DeleteBetaSecurityPolicy(name string) error {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("delete", computeBetaVersion)
|
|
|
|
return mc.Observe(g.c.BetaSecurityPolicies().Delete(ctx, meta.GlobalKey(name)))
|
|
|
|
}
|
|
|
|
|
|
|
|
// PatchBetaSecurityPolicy applies the given security policy as a
|
|
|
|
// patch to an existing security policy.
|
|
|
|
func (g *Cloud) PatchBetaSecurityPolicy(sp *computebeta.SecurityPolicy) error {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("patch", computeBetaVersion)
|
|
|
|
return mc.Observe(g.c.BetaSecurityPolicies().Patch(ctx, meta.GlobalKey(sp.Name), sp))
|
|
|
|
}
|
|
|
|
|
|
|
|
// GetRuleForBetaSecurityPolicy gets rule from a security policy.
|
|
|
|
func (g *Cloud) GetRuleForBetaSecurityPolicy(name string) (*computebeta.SecurityPolicyRule, error) {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("get_rule", computeBetaVersion)
|
|
|
|
v, err := g.c.BetaSecurityPolicies().GetRule(ctx, meta.GlobalKey(name))
|
|
|
|
return v, mc.Observe(err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// AddRuletoBetaSecurityPolicy adds the given security policy rule to
|
|
|
|
// a security policy.
|
|
|
|
func (g *Cloud) AddRuletoBetaSecurityPolicy(name string, spr *computebeta.SecurityPolicyRule) error {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("add_rule", computeBetaVersion)
|
|
|
|
return mc.Observe(g.c.BetaSecurityPolicies().AddRule(ctx, meta.GlobalKey(name), spr))
|
|
|
|
}
|
|
|
|
|
|
|
|
// PatchRuleForBetaSecurityPolicy patches the given security policy
|
|
|
|
// rule to a security policy.
|
|
|
|
func (g *Cloud) PatchRuleForBetaSecurityPolicy(name string, spr *computebeta.SecurityPolicyRule) error {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("patch_rule", computeBetaVersion)
|
|
|
|
return mc.Observe(g.c.BetaSecurityPolicies().PatchRule(ctx, meta.GlobalKey(name), spr))
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemoveRuleFromBetaSecurityPolicy removes rule from a security policy.
|
|
|
|
func (g *Cloud) RemoveRuleFromBetaSecurityPolicy(name string) error {
|
|
|
|
ctx, cancel := cloud.ContextWithCallTimeout()
|
|
|
|
defer cancel()
|
|
|
|
|
|
|
|
mc := newSecurityPolicyMetricContextWithVersion("remove_rule", computeBetaVersion)
|
|
|
|
return mc.Observe(g.c.BetaSecurityPolicies().RemoveRule(ctx, meta.GlobalKey(name)))
|
|
|
|
}
|