/
project.go
83 lines (74 loc) · 2.24 KB
/
project.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
package models
import (
"github.com/Juniper/asf/pkg/models"
uuid "github.com/satori/go.uuid"
)
// DefaultSecurityGroupName is the Name of a project's default SecurityGroup.
const (
DefaultSecurityGroupName = "default"
)
// DefaultSecurityGroup returns the default SecurityGroup for the project.
func (m *Project) DefaultSecurityGroup() *SecurityGroup {
thisSecurityGroup := models.FQNameToString(m.DefaultSecurityGroupFQName())
return &SecurityGroup{
Name: DefaultSecurityGroupName,
ParentUUID: m.GetUUID(),
ParentType: KindProject,
IDPerms: &IdPermsType{
Enable: true,
Description: "Default security group",
},
SecurityGroupEntries: &PolicyEntriesType{
PolicyRule: []*PolicyRuleType{
MakeDefaultSecurityGroupPolicyRule(true, IPv4Ethertype, &AddressType{
SecurityGroup: thisSecurityGroup,
}),
MakeDefaultSecurityGroupPolicyRule(true, IPv6Ethertype, &AddressType{
SecurityGroup: thisSecurityGroup,
}),
MakeDefaultSecurityGroupPolicyRule(false, IPv4Ethertype, &AddressType{
Subnet: &SubnetType{
IPPrefix: IPv4ZeroValue,
IPPrefixLen: 0,
},
}),
MakeDefaultSecurityGroupPolicyRule(false, IPv6Ethertype, &AddressType{
Subnet: &SubnetType{
IPPrefix: IPv6ZeroValue,
IPPrefixLen: 0,
},
}),
},
},
}
}
// DefaultSecurityGroupFQName returns the FQName of the project's default SecurityGroup.
func (m *Project) DefaultSecurityGroupFQName() []string {
return models.ChildFQName(m.GetFQName(), DefaultSecurityGroupName)
}
// MakeDefaultSecurityGroupPolicyRule makes a policy rule for the default SecurityGroup.
func MakeDefaultSecurityGroupPolicyRule(
ingress bool,
ethertype string,
remoteAddr *AddressType,
) *PolicyRuleType {
rule := &PolicyRuleType{
RuleUUID: uuid.NewV4().String(),
Direction: SRCToDSTDirection,
Ethertype: ethertype,
Protocol: AnyProtocol,
SRCPorts: []*PortType{AllPorts()},
DSTPorts: []*PortType{AllPorts()},
}
localAddr := &AddressType{
SecurityGroup: LocalSecurityGroup,
}
if ingress {
rule.SRCAddresses = []*AddressType{remoteAddr}
rule.DSTAddresses = []*AddressType{localAddr}
} else {
rule.SRCAddresses = []*AddressType{localAddr}
rule.DSTAddresses = []*AddressType{remoteAddr}
}
return rule
}