-
Notifications
You must be signed in to change notification settings - Fork 491
/
unexpose.go
101 lines (81 loc) · 3.03 KB
/
unexpose.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
// Copyright 2012, 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package application
import (
"github.com/juju/cmd/v3"
"github.com/juju/errors"
"github.com/juju/gnuflag"
"github.com/juju/juju/api/client/application"
jujucmd "github.com/juju/juju/cmd"
"github.com/juju/juju/cmd/juju/block"
"github.com/juju/juju/cmd/modelcmd"
)
var usageUnexposeSummary = `
Removes public availability over the network for an application.`[1:]
var usageUnexposeDetails = `
Adjusts the firewall rules and any relevant security mechanisms of the
cloud to deny public access to the application.
Applications are unexposed by default when they get created. If exposed via
the "juju expose" command, they can be unexposed by running the "juju unexpose"
command.
If no additional options are specified, the command will unexpose the
application (if exposed). For example, to unexpose the apache2 application,
you can run:
juju unexpose apache2
The --endpoints option may be used to restrict the effect of this command to
the list of ports opened for a comma-delimited list of endpoints. For instance,
to only unexpose the ports opened by apache2 for the "www" endpoint, you can
run:
juju unexpose apache2 --endpoints www
Note that when the --endpoints option is provided, the application will still
remain exposed if any other of its endpoints are still exposed. However, if
none of its endpoints remain exposed, the application will be instead unexposed.
See also:
expose`[1:]
// NewUnexposeCommand returns a command to unexpose applications.
func NewUnexposeCommand() modelcmd.ModelCommand {
return modelcmd.Wrap(&unexposeCommand{})
}
// unexposeCommand is responsible exposing applications.
type unexposeCommand struct {
modelcmd.ModelCommandBase
ApplicationName string
ExposedEndpointsList string
}
func (c *unexposeCommand) Info() *cmd.Info {
return jujucmd.Info(&cmd.Info{
Name: "unexpose",
Args: "<application name>",
Purpose: usageUnexposeSummary,
Doc: usageUnexposeDetails,
})
}
func (c *unexposeCommand) SetFlags(f *gnuflag.FlagSet) {
c.ModelCommandBase.SetFlags(f)
f.StringVar(&c.ExposedEndpointsList, "endpoints", "", "Unexpose only the ports that charms have opened for this comma-delimited list of endpoints")
}
func (c *unexposeCommand) Init(args []string) error {
if len(args) == 0 {
return errors.New("no application name specified")
}
c.ApplicationName = args[0]
return cmd.CheckEmpty(args[1:])
}
func (c *unexposeCommand) getAPI() (applicationExposeAPI, error) {
root, err := c.NewAPIRoot()
if err != nil {
return nil, errors.Trace(err)
}
return application.NewClient(root), nil
}
// Run changes the juju-managed firewall to hide any
// ports that were also explicitly marked by units as closed.
func (c *unexposeCommand) Run(_ *cmd.Context) error {
client, err := c.getAPI()
if err != nil {
return err
}
defer client.Close()
endpoints := splitCommaDelimitedList(c.ExposedEndpointsList)
return block.ProcessBlockedError(client.Unexpose(c.ApplicationName, endpoints), block.BlockChange)
}