-
Notifications
You must be signed in to change notification settings - Fork 363
/
securitygroup_types.go
284 lines (235 loc) · 9.86 KB
/
securitygroup_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
/*
Copyright 2019 The Crossplane Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
)
// SecurityGroupParameters define the desired state of an AWS VPC Security
// Group.
type SecurityGroupParameters struct {
// TODO(muvaf): Region is a required field but in order to keep backward compatibility
// with old Provider type and not bear the cost of bumping to v1beta2, we're
// keeping it optional for now. Reconsider before v1beta2 or v1.
// Region is the region you'd like your SecurityGroup to be created in.
// +optional
Region *string `json:"region,omitempty"`
// A description of the security group.
// +immutable
Description string `json:"description"`
// The name of the security group.
// +immutable
GroupName string `json:"groupName"`
// One or more inbound rules associated with the security group.
// +optional
Ingress []IPPermission `json:"ingress,omitempty"`
// [EC2-VPC] One or more outbound rules associated with the security group.
// +optional
Egress []IPPermission `json:"egress,omitempty"`
// Tags represents to current ec2 tags.
// +optional
Tags []Tag `json:"tags,omitempty"`
// VPCID is the ID of the VPC.
// +optional
// +immutable
// +crossplane:generate:reference:type=VPC
VPCID *string `json:"vpcId,omitempty"`
// VPCIDRef references a VPC to and retrieves its vpcId
// +optional
// +immutable
VPCIDRef *xpv1.Reference `json:"vpcIdRef,omitempty"`
// VPCIDSelector selects a reference to a VPC to and retrieves its vpcId
// +optional
VPCIDSelector *xpv1.Selector `json:"vpcIdSelector,omitempty"`
}
// IPRange describes an IPv4 range.
type IPRange struct {
// The IPv4 CIDR range. You can either specify a CIDR range or a source security
// group, not both. To specify a single IPv4 address, use the /32 prefix length.
CIDRIP string `json:"cidrIp"`
// A description for the security group rule that references this IPv4 address
// range.
//
// Constraints: Up to 255 characters in length. Allowed characters are a-z,
// A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
// +optional
Description *string `json:"description,omitempty"`
}
// IPv6Range describes an IPv6 range.
type IPv6Range struct {
// The IPv6 CIDR range. You can either specify a CIDR range or a source security
// group, not both. To specify a single IPv6 address, use the /128 prefix length.
CIDRIPv6 string `json:"cidrIPv6"`
// A description for the security group rule that references this IPv6 address
// range.
//
// Constraints: Up to 255 characters in length. Allowed characters are a-z,
// A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
// +optional
Description *string `json:"description,omitempty"`
}
// PrefixListID describes a prefix list ID.
type PrefixListID struct {
// A description for the security group rule that references this prefix list
// ID.
//
// Constraints: Up to 255 characters in length. Allowed characters are a-z,
// A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
// +optional
Description *string `json:"description,omitempty"`
// The ID of the prefix.
PrefixListID string `json:"prefixListId"`
}
// UserIDGroupPair describes a security group and AWS account ID pair.
type UserIDGroupPair struct {
// A description for the security group rule that references this user ID group
// pair.
//
// Constraints: Up to 255 characters in length. Allowed characters are a-z,
// A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
// +optional
Description *string `json:"description,omitempty"`
// The ID of the security group.
// +optional
GroupID *string `json:"groupId,omitempty"`
// GroupIDRef reference a security group to retrieve its GroupID
// +optional
// +immutable
GroupIDRef *xpv1.Reference `json:"groupIdRef,omitempty"`
// GroupIDSelector selects reference to a security group to retrieve its GroupID
// +optional
GroupIDSelector *xpv1.Selector `json:"groupIdSelector,omitempty"`
// The name of the security group. In a request, use this parameter for a security
// group in EC2-Classic or a default VPC only. For a security group in a nondefault
// VPC, use the security group ID.
//
// For a referenced security group in another VPC, this value is not returned
// if the referenced security group is deleted.
// +optional
GroupName *string `json:"groupName,omitempty"`
// The ID of an AWS account.
//
// For a referenced security group in another VPC, the account ID of the referenced
// security group is returned in the response. If the referenced security group
// is deleted, this value is not returned.
//
// [EC2-Classic] Required when adding or removing rules that reference a security
// group in another AWS account.
// +optional
UserID *string `json:"userId,omitempty"`
// The ID of the VPC for the referenced security group, if applicable.
// +optional
// +crossplane:generate:reference:type=VPC
VPCID *string `json:"vpcId,omitempty"`
// VPCIDRef reference a VPC to retrieve its vpcId
// +optional
// +immutable
VPCIDRef *xpv1.Reference `json:"vpcIdRef,omitempty"`
// VPCIDSelector selects reference to a VPC to retrieve its vpcId
// +optional
VPCIDSelector *xpv1.Selector `json:"vpcIdSelector,omitempty"`
// The ID of the VPC peering connection, if applicable.
// +optional
VPCPeeringConnectionID *string `json:"vpcPeeringConnectionId,omitempty"`
}
// ClearRefSelectors nils out ref and selectors
func (u *UserIDGroupPair) ClearRefSelectors() {
u.VPCIDRef = nil
u.VPCIDSelector = nil
u.GroupIDRef = nil
u.GroupIDSelector = nil
}
// IPPermission Describes a set of permissions for a security group rule.
type IPPermission struct {
// The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6
// type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify
// all ICMP/ICMPv6 types, you must specify all codes.
// +optional
FromPort *int32 `json:"fromPort,omitempty"`
// The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers
// (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)).
//
// [VPC only] Use -1 to specify all protocols. When authorizing security group
// rules, specifying -1 or a protocol number other than tcp, udp, icmp, or icmpv6
// allows traffic on all ports, regardless of any port range you specify. For
// tcp, udp, and icmp, you must specify a port range. For icmpv6, the port range
// is optional; if you omit the port range, traffic for all types and codes
// is allowed.
IPProtocol string `json:"ipProtocol"`
// The IPv4 ranges.
// +optional
IPRanges []IPRange `json:"ipRanges,omitempty"`
// The IPv6 ranges.
//
// [VPC only]
// +optional
IPv6Ranges []IPv6Range `json:"ipv6Ranges,omitempty"`
// PrefixListIDs for an AWS service. With outbound rules, this
// is the AWS service to access through a VPC endpoint from instances associated
// with the security group.
//
// [VPC only]
// +optional
PrefixListIDs []PrefixListID `json:"prefixListIds,omitempty"`
// The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code.
// A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6
// types, you must specify all codes.
// +optional
ToPort *int32 `json:"toPort,omitempty"`
// UserIDGroupPairs are the source security group and AWS account ID pairs.
// It contains one or more accounts and security groups to allow flows from
// security groups of other accounts.
// +optional
UserIDGroupPairs []UserIDGroupPair `json:"userIdGroupPairs,omitempty"`
}
// A SecurityGroupSpec defines the desired state of a SecurityGroup.
type SecurityGroupSpec struct {
xpv1.ResourceSpec `json:",inline"`
ForProvider SecurityGroupParameters `json:"forProvider"`
}
// SecurityGroupObservation keeps the state for the external resource
type SecurityGroupObservation struct {
// The AWS account ID of the owner of the security group.
OwnerID string `json:"ownerId"`
// SecurityGroupID is the ID of the SecurityGroup.
SecurityGroupID string `json:"securityGroupID"`
}
// A SecurityGroupStatus represents the observed state of a SecurityGroup.
type SecurityGroupStatus struct {
xpv1.ResourceStatus `json:",inline"`
AtProvider SecurityGroupObservation `json:"atProvider,omitempty"`
}
// +kubebuilder:object:root=true
// A SecurityGroup is a managed resource that represents an AWS VPC Security
// Group.
// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status"
// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status"
// +kubebuilder:printcolumn:name="ID",type="string",JSONPath=".metadata.annotations.crossplane\\.io/external-name"
// +kubebuilder:printcolumn:name="VPC",type="string",JSONPath=".spec.forProvider.vpcId"
// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp"
// +kubebuilder:subresource:status
// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,aws}
// +kubebuilder:storageversion
type SecurityGroup struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec SecurityGroupSpec `json:"spec"`
Status SecurityGroupStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// SecurityGroupList contains a list of SecurityGroups
type SecurityGroupList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []SecurityGroup `json:"items"`
}