forked from vmware/go-vcloud-director
/
nsxt_firewall.go
136 lines (108 loc) · 4.28 KB
/
nsxt_firewall.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
/*
* Copyright 2021 VMware, Inc. All rights reserved. Licensed under the Apache v2 License.
*/
package govcd
import (
"fmt"
"github.com/vmware/go-vcloud-director/v2/types/v56"
)
// NsxtFirewall contains a types.NsxtFirewallRuleContainer which encloses three types of rules -
// system, default and user defined rules. User defined rules are the only ones that can be modified, others are
// read-only.
type NsxtFirewall struct {
NsxtFirewallRuleContainer *types.NsxtFirewallRuleContainer
client *Client
// edgeGatewayId is stored for usage in NsxtFirewall receiver functions
edgeGatewayId string
}
// UpdateNsxtFirewall allows user to set new firewall rules or update existing ones. The API does not have POST endpoint
// and always uses PUT endpoint for creating and updating.
func (egw *NsxtEdgeGateway) UpdateNsxtFirewall(firewallRules *types.NsxtFirewallRuleContainer) (*NsxtFirewall, error) {
client := egw.client
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
// Insert Edge Gateway ID into endpoint path edgeGateways/%s/firewall/rules
urlRef, err := client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, egw.EdgeGateway.ID))
if err != nil {
return nil, err
}
returnObject := &NsxtFirewall{
NsxtFirewallRuleContainer: &types.NsxtFirewallRuleContainer{},
client: client,
edgeGatewayId: egw.EdgeGateway.ID,
}
err = client.OpenApiPutItem(minimumApiVersion, urlRef, nil, firewallRules, returnObject.NsxtFirewallRuleContainer, nil)
if err != nil {
return nil, fmt.Errorf("error setting NSX-T Firewall: %s", err)
}
return returnObject, nil
}
// GetNsxtFirewall retrieves all firewall rules system, default and user defined rules
func (egw *NsxtEdgeGateway) GetNsxtFirewall() (*NsxtFirewall, error) {
client := egw.client
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
minimumApiVersion, err := client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return nil, err
}
// Insert Edge Gateway ID into endpoint path edgeGateways/%s/firewall/rules
urlRef, err := client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, egw.EdgeGateway.ID))
if err != nil {
return nil, err
}
returnObject := &NsxtFirewall{
NsxtFirewallRuleContainer: &types.NsxtFirewallRuleContainer{},
client: client,
edgeGatewayId: egw.EdgeGateway.ID,
}
err = client.OpenApiGetItem(minimumApiVersion, urlRef, nil, returnObject.NsxtFirewallRuleContainer, nil)
if err != nil {
return nil, fmt.Errorf("error retrieving NSX-T Firewall rules: %s", err)
}
// Store Edge Gateway ID for later operations
returnObject.edgeGatewayId = egw.EdgeGateway.ID
return returnObject, nil
}
// DeleteAllRules allows users to delete all NSX-T Firewall rules in a particular Edge Gateway
func (firewall *NsxtFirewall) DeleteAllRules() error {
if firewall.edgeGatewayId == "" {
return fmt.Errorf("missing Edge Gateway ID")
}
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
minimumApiVersion, err := firewall.client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return err
}
urlRef, err := firewall.client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, firewall.edgeGatewayId))
if err != nil {
return err
}
err = firewall.client.OpenApiDeleteItem(minimumApiVersion, urlRef, nil, nil)
if err != nil {
return fmt.Errorf("error deleting all NSX-T Firewall Rules: %s", err)
}
return nil
}
// DeleteRuleById allows users to delete NSX-T Firewall Rule By ID
func (firewall *NsxtFirewall) DeleteRuleById(id string) error {
if id == "" {
return fmt.Errorf("empty ID specified")
}
endpoint := types.OpenApiPathVersion1_0_0 + types.OpenApiEndpointNsxtFirewallRules
minimumApiVersion, err := firewall.client.checkOpenApiEndpointCompatibility(endpoint)
if err != nil {
return err
}
urlRef, err := firewall.client.OpenApiBuildEndpoint(fmt.Sprintf(endpoint, firewall.edgeGatewayId), "/", id)
if err != nil {
return err
}
err = firewall.client.OpenApiDeleteItem(minimumApiVersion, urlRef, nil, nil)
if err != nil {
return fmt.Errorf("error deleting NSX-T Firewall Rule with ID '%s': %s", id, err)
}
return nil
}