Vpnaas: Create IKE policy

acceptance/openstack/networking/v2/extensions/vpnaas/ikepolicy_test.go

@@ -0,0 +1,24 @@
+// +build acceptance networking vpnaas
+
+package vpnaas
+
+import (
+	"testing"
+
+	"github.com/gophercloud/gophercloud/acceptance/clients"
+	"github.com/gophercloud/gophercloud/acceptance/tools"
+)
+
+func TestIKEPolicyCRUD(t *testing.T) {
+	client, err := clients.NewNetworkV2Client()
+	if err != nil {
+		t.Fatalf("Unable to create a network client: %v", err)
+	}
+
+	policy, err := CreateIKEPolicy(t, client)
+	if err != nil {
+		t.Fatalf("Unable to create IKE policy: %v", err)
+	}
+
+	tools.PrintResource(t, policy)
+}

acceptance/openstack/networking/v2/extensions/vpnaas/ipsecpolicy_test.go

@@ -9,7 +9,7 @@ import (
 	"github.com/gophercloud/gophercloud/acceptance/tools"
 )
 
-func TestPolicyCRUD(t *testing.T) {
+func TestIPSecPolicyCRUD(t *testing.T) {
 	client, err := clients.NewNetworkV2Client()
 	if err != nil {
 		t.Fatalf("Unable to create a network client: %v", err)

acceptance/openstack/networking/v2/extensions/vpnaas/vpnaas.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/gophercloud/gophercloud"
 	"github.com/gophercloud/gophercloud/acceptance/tools"
+	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/vpnaas/ikepolicies"
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/vpnaas/ipsecpolicies"
 	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/vpnaas/services"
 )
@@ -67,6 +68,29 @@ func CreateIPSecPolicy(t *testing.T, client *gophercloud.ServiceClient) (*ipsecp
 	return policy, nil
 }
 
+// CreateIKEPolicy will create an IKE Policy with a random name and given
+// rule. An error will be returned if the policy could not be created.
+func CreateIKEPolicy(t *testing.T, client *gophercloud.ServiceClient) (*ikepolicies.Policy, error) {
+	policyName := tools.RandomString("TESTACC-", 8)
+
+	t.Logf("Attempting to create policy %s", policyName)
+
+	createOpts := ikepolicies.CreateOpts{
+		Name:                policyName,
+		EncryptionAlgorithm: ikepolicies.EncryptionAlgorithm3DES,
+		PFS:                 ikepolicies.PFSGroup5,
+	}
+
+	policy, err := ikepolicies.Create(client, createOpts).Extract()
+	if err != nil {
+		return policy, err
+	}
+
+	t.Logf("Successfully created IKE policy %s", policyName)
+
+	return policy, nil
+}
+
 // DeleteIPSecPolicy will delete an IPSec policy with a specified ID. A fatal error will
 // occur if the delete was not successful. This works best when used as a
 // deferred function.

openstack/networking/v2/extensions/vpnaas/ikepolicies/doc.go

@@ -0,0 +1,21 @@
+/*
+Package ikepolicies allows management and retrieval of IKE policies in the
+OpenStack Networking Service.
+
+
+Example to Create an IKE policy
+
+	createOpts := ikepolicies.CreateOpts{
+		Name:        "ikepolicy1",
+		Description: "Description of ikepolicy1",
+		EncryptionAlgorithm: ikepolicies.EncryptionAlgorithm3DES,
+		PFS:                 ikepolicies.PFSGroup5,
+	}
+
+	policy, err := ikepolicies.Create(networkClient, createOpts).Extract()
+	if err != nil {
+		panic(err)
+	}
+
+*/
+package ikepolicies

openstack/networking/v2/extensions/vpnaas/ikepolicies/requests.go

@@ -0,0 +1,107 @@
+package ikepolicies
+
+import "github.com/gophercloud/gophercloud"
+
+type AuthAlgorithm string
+type EncryptionAlgorithm string
+type PFS string
+type Unit string
+type IKEVersion string
+type Phase1NegotiationMode string
+
+const (
+	AuthAlgorithmSHA1         AuthAlgorithm         = "sha1"
+	AuthAlgorithmSHA256       AuthAlgorithm         = "sha256"
+	AuthAlgorithmSHA384       AuthAlgorithm         = "sha384"
+	AuthAlgorithmSHA512       AuthAlgorithm         = "sha512"
+	EncryptionAlgorithm3DES   EncryptionAlgorithm   = "3des"
+	EncryptionAlgorithmAES128 EncryptionAlgorithm   = "aes-128"
+	EncryptionAlgorithmAES256 EncryptionAlgorithm   = "aes-256"
+	EncryptionAlgorithmAES192 EncryptionAlgorithm   = "aes-192"
+	UnitSeconds               Unit                  = "seconds"
+	UnitKilobytes             Unit                  = "kilobytes"
+	PFSGroup2                 PFS                   = "group2"
+	PFSGroup5                 PFS                   = "group5"
+	PFSGroup14                PFS                   = "group14"
+	IKEVersionv1              IKEVersion            = "v1"
+	IKEVersionv2              IKEVersion            = "v2"
+	Phase1NegotiationModeMain Phase1NegotiationMode = "main"
+)
+
+// CreateOptsBuilder allows extensions to add additional parameters to the
+// Create request.
+type CreateOptsBuilder interface {
+	ToPolicyCreateMap() (map[string]interface{}, error)
+}
+
+// CreateOpts contains all the values needed to create a new IKE policy
+type CreateOpts struct {
+	// TenantID specifies a tenant to own the IKE policy. The caller must have
+	// an admin role in order to set this. Otherwise, this field is left unset
+	// and the caller will be the owner.
+	TenantID string `json:"tenant_id,omitempty"`
+
+	// Description is the human readable description of the policy.
+	Description string `json:"description,omitempty"`
+
+	// Name is the human readable name of the policy.
+	// Does not have to be unique.
+	Name string `json:"name,omitempty"`
+
+	// AuthAlgorithm is the authentication hash algorithm.
+	// Valid values are sha1, sha256, sha384, sha512.
+	// The default is sha1.
+	AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"`
+
+	// EncryptionAlgorithm is the encryption algorithm.
+	// A valid value is 3des, aes-128, aes-192, aes-256, and so on.
+	// Default is aes-128.
+	EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"`
+
+	// PFS is the Perfect forward secrecy mode.
+	// A valid value is Group2, Group5, Group14, and so on.
+	// Default is Group5.
+	PFS PFS `json:"pfs,omitempty"`
+
+	// The IKE mode.
+	// A valid value is main, which is the default.
+	Phase1NegotiationMode Phase1NegotiationMode `json:"phase1_negotiation_mode,omitempty"`
+
+	// The IKE version.
+	// A valid value is v1 or v2.
+	// Default is v1.
+	IKEVersion IKEVersion `json:"ike_version,omitempty"`
+
+	//Lifetime is the lifetime of the security association
+	Lifetime *LifetimeCreateOpts `json:"lifetime,omitempty"`
+}
+
+// The lifetime consists of a unit and integer value
+// You can omit either the unit or value portion of the lifetime
+type LifetimeCreateOpts struct {
+	// Units is the units for the lifetime of the security association
+	// Default unit is seconds
+	Units Unit `json:"units,omitempty"`
+
+	// The lifetime value.
+	// Must be a positive integer.
+	// Default value is 3600.
+	Value int `json:"value,omitempty"`
+}
+
+// ToPolicyCreateMap casts a CreateOpts struct to a map.
+func (opts CreateOpts) ToPolicyCreateMap() (map[string]interface{}, error) {
+	return gophercloud.BuildRequestBody(opts, "ikepolicy")
+}
+
+// Create accepts a CreateOpts struct and uses the values to create a new
+// IKE policy
+func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult) {
+	b, err := opts.ToPolicyCreateMap()
+	if err != nil {
+		r.Err = err
+		return
+	}
+	_, r.Err = c.Post(rootURL(c), b, &r.Body, nil)
+	return
+}

openstack/networking/v2/extensions/vpnaas/ikepolicies/results.go

@@ -0,0 +1,65 @@
+package ikepolicies
+
+import "github.com/gophercloud/gophercloud"
+
+// Policy is an IKE Policy
+type Policy struct {
+	// TenantID is the ID of the project
+	TenantID string `json:"tenant_id"`
+
+	// ProjectID is the ID of the project
+	ProjectID string `json:"project_id"`
+
+	// Description is the human readable description of the policy
+	Description string `json:"description"`
+
+	// Name is the human readable name of the policy
+	Name string `json:"name"`
+
+	// AuthAlgorithm is the authentication hash algorithm
+	AuthAlgorithm string `json:"auth_algorithm"`
+
+	// EncryptionAlgorithm is the encryption algorithm
+	EncryptionAlgorithm string `json:"encryption_algorithm"`
+
+	// PFS is the Perfect forward secrecy (PFS) mode
+	PFS string `json:"pfs"`
+
+	// Lifetime is the lifetime of the security association
+	Lifetime Lifetime `json:"lifetime"`
+
+	// ID is the ID of the policy
+	ID string `json:"id"`
+
+	// Phase1NegotiationMode is the IKE mode
+	Phase1NegotiationMode string `json:"phase1_negotiation_mode"`
+
+	// IKEVersion is the IKE version.
+	IKEVersion string `json:"ike_version"`
+}
+
+type commonResult struct {
+	gophercloud.Result
+}
+type Lifetime struct {
+	// Units is the unit for the lifetime
+	// Default is seconds
+	Units string `json:"units"`
+
+	// Value is the lifetime
+	// Default is 3600
+	Value int `json:"value"`
+}
+
+// Extract is a function that accepts a result and extracts an IKE Policy.
+func (r commonResult) Extract() (*Policy, error) {
+	var s struct {
+		Policy *Policy `json:"ikepolicy"`
+	}
+	err := r.ExtractInto(&s)
+	return s.Policy, err
+}
+
+type CreateResult struct {
+	commonResult
+}

openstack/networking/v2/extensions/vpnaas/ikepolicies/testing/requests_test.go

@@ -0,0 +1,85 @@
+package testing
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	fake "github.com/gophercloud/gophercloud/openstack/networking/v2/common"
+	"github.com/gophercloud/gophercloud/openstack/networking/v2/extensions/vpnaas/ikepolicies"
+	th "github.com/gophercloud/gophercloud/testhelper"
+)
+
+func TestCreate(t *testing.T) {
+	th.SetupHTTP()
+	defer th.TeardownHTTP()
+
+	th.Mux.HandleFunc("/v2.0/vpn/ikepolicies", func(w http.ResponseWriter, r *http.Request) {
+		th.TestMethod(t, r, "POST")
+		th.TestHeader(t, r, "X-Auth-Token", fake.TokenID)
+		th.TestHeader(t, r, "Content-Type", "application/json")
+		th.TestHeader(t, r, "Accept", "application/json")
+		th.TestJSONRequest(t, r, `
+{
+    "ikepolicy":{
+        "name": "policy",
+        "description": "IKE policy",
+		"tenant_id": "9145d91459d248b1b02fdaca97c6a75d",
+		"ike_version": "v2"
+    }
+}
+      `)
+
+		w.Header().Add("Content-Type", "application/json")
+		w.WriteHeader(http.StatusCreated)
+
+		fmt.Fprintf(w, `
+{
+    "ikepolicy":{
+        "name": "policy",
+        "tenant_id": "9145d91459d248b1b02fdaca97c6a75d",
+        "project_id": "9145d91459d248b1b02fdaca97c6a75d",
+        "id": "f2b08c1e-aa81-4668-8ae1-1401bcb0576c",
+        "description": "IKE policy",
+		"auth_algorithm": "sha1",
+		"encryption_algorithm": "aes-128",
+		"pfs": "Group5",
+		"lifetime": {
+			"value": 3600,
+			"units": "seconds"
+		},
+		"phase1_negotiation_mode": "main",
+		"ike_version": "v2"
+    }
+}
+        `)
+	})
+
+	options := ikepolicies.CreateOpts{
+		TenantID:    "9145d91459d248b1b02fdaca97c6a75d",
+		Name:        "policy",
+		Description: "IKE policy",
+		IKEVersion:  ikepolicies.IKEVersionv2,
+	}
+
+	actual, err := ikepolicies.Create(fake.ServiceClient(), options).Extract()
+	th.AssertNoErr(t, err)
+	expectedLifetime := ikepolicies.Lifetime{
+		Units: "seconds",
+		Value: 3600,
+	}
+	expected := ikepolicies.Policy{
+		AuthAlgorithm:         "sha1",
+		IKEVersion:            "v2",
+		TenantID:              "9145d91459d248b1b02fdaca97c6a75d",
+		Phase1NegotiationMode: "main",
+		PFS:                 "Group5",
+		EncryptionAlgorithm: "aes-128",
+		Description:         "IKE policy",
+		Name:                "policy",
+		ID:                  "f2b08c1e-aa81-4668-8ae1-1401bcb0576c",
+		Lifetime:            expectedLifetime,
+		ProjectID:           "9145d91459d248b1b02fdaca97c6a75d",
+	}
+	th.AssertDeepEquals(t, expected, *actual)
+}

openstack/networking/v2/extensions/vpnaas/ikepolicies/urls.go

@@ -0,0 +1,16 @@
+package ikepolicies
+
+import "github.com/gophercloud/gophercloud"
+
+const (
+	rootPath     = "vpn"
+	resourcePath = "ikepolicies"
+)
+
+func rootURL(c *gophercloud.ServiceClient) string {
+	return c.ServiceURL(rootPath, resourcePath)
+}
+
+func resourceURL(c *gophercloud.ServiceClient, id string) string {
+	return c.ServiceURL(rootPath, resourcePath, id)
+}