mirror of
https://github.com/bpg/terraform-provider-proxmox.git
synced 2025-07-01 19:12:59 +00:00
98e1cff7fe
* refactoring existing cluster / firewall API for better composition * add basic security groups API fix linter errors * add rules API * fix after renaming resourceVirtualEnvironmentClusterIPSet * fix linter errors * make linter happy * even more refactoring * tidy up datasources * in refactoring spree * update examples * fix firewall resource/datasource & client error handling * add ipset(s) datasource * update docs * add security group resource with rules * docs * fix security group update, TODO: rule update * fix after rebase * add rule update, extract common rule schema, refactor group * fix linter errors * bump linter for ci * make alias and ipset reusable * make security group reusable * refactor datasources * add security group datasources * fix linter errors * update docs TODO: documentation for group datasources * add sg docs, update doc index * minor cleanup * fix examples & tests * stub for firewall-level options and rules * extract firewall interface * add firewall options and rules on the cluster level TODO: issues with rule list management * refactor all resources format AGAIN, now more flat, without complex subresources * sort out hierarchy of APIs and remove duplication in API wrappers * bring back security group * finally, working rules * restore cluster firewall option * add containers support * add options * move rules back under security group, update docs * fix vm_id / container_id attrs * add examples * cleanup * more cleanup Release-As: 0.17.0-rc1
179 lines
5.1 KiB
Go
179 lines
5.1 KiB
Go
/*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
*/
|
|
|
|
/**
|
|
* Reference: https://pve.proxmox.com/pve-docs/api-viewer/#/cluster/firewall/ipset
|
|
*/
|
|
|
|
package firewall
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"sort"
|
|
|
|
"github.com/bpg/terraform-provider-proxmox/proxmox/types"
|
|
)
|
|
|
|
type IPSet interface {
|
|
CreateIPSet(ctx context.Context, d *IPSetCreateRequestBody) error
|
|
AddCIDRToIPSet(ctx context.Context, id string, d IPSetGetResponseData) error
|
|
UpdateIPSet(ctx context.Context, d *IPSetUpdateRequestBody) error
|
|
DeleteIPSet(ctx context.Context, id string) error
|
|
DeleteIPSetContent(ctx context.Context, id string, cidr string) error
|
|
GetIPSetContent(ctx context.Context, id string) ([]*IPSetGetResponseData, error)
|
|
ListIPSets(ctx context.Context) ([]*IPSetListResponseData, error)
|
|
}
|
|
|
|
// IPSetListResponseBody contains the data from an IPSet get response.
|
|
type IPSetListResponseBody struct {
|
|
Data []*IPSetListResponseData `json:"data,omitempty"`
|
|
}
|
|
|
|
// IPSetCreateRequestBody contains the data for an IPSet create request
|
|
type IPSetCreateRequestBody struct {
|
|
Comment string `json:"comment,omitempty" url:"comment,omitempty"`
|
|
Name string `json:"name" url:"name"`
|
|
}
|
|
|
|
// IPSetGetResponseBody contains the body from an IPSet get response.
|
|
type IPSetGetResponseBody struct {
|
|
Data []*IPSetGetResponseData `json:"data,omitempty"`
|
|
}
|
|
|
|
// IPSetGetResponseData contains the data from an IPSet get response.
|
|
type IPSetGetResponseData struct {
|
|
CIDR string `json:"cidr" url:"cidr"`
|
|
NoMatch *types.CustomBool `json:"nomatch,omitempty" url:"nomatch,omitempty,int"`
|
|
Comment *string `json:"comment,omitempty" url:"comment,omitempty"`
|
|
}
|
|
|
|
// IPSetUpdateRequestBody contains the data for an IPSet update request.
|
|
type IPSetUpdateRequestBody struct {
|
|
ReName string `json:"rename,omitempty" url:"rename,omitempty"`
|
|
Comment *string `json:"comment,omitempty" url:"comment,omitempty"`
|
|
Name string `json:"name" url:"name"`
|
|
}
|
|
|
|
// IPSetListResponseData contains list of IPSets from
|
|
type IPSetListResponseData struct {
|
|
Comment *string `json:"comment,omitempty" url:"comment,omitempty"`
|
|
Name string `json:"name" url:"name"`
|
|
}
|
|
|
|
// IPSetContent is an array of IPSetGetResponseData.
|
|
type IPSetContent []IPSetGetResponseData
|
|
|
|
func (c *Client) ipsetPath() string {
|
|
return c.ExpandPath("firewall/ipset")
|
|
}
|
|
|
|
// CreateIPSet create an IPSet
|
|
func (c *Client) CreateIPSet(ctx context.Context, d *IPSetCreateRequestBody) error {
|
|
err := c.DoRequest(ctx, http.MethodPost, c.ipsetPath(), d, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("error creating IPSet: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// AddCIDRToIPSet adds IP or Network to IPSet
|
|
func (c *Client) AddCIDRToIPSet(ctx context.Context, id string, d IPSetGetResponseData) error {
|
|
err := c.DoRequest(
|
|
ctx,
|
|
http.MethodPost,
|
|
fmt.Sprintf("%s/%s", c.ipsetPath(), url.PathEscape(id)),
|
|
&d,
|
|
nil,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("error adding CIDR to IPSet: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// UpdateIPSet updates an IPSet.
|
|
func (c *Client) UpdateIPSet(ctx context.Context, d *IPSetUpdateRequestBody) error {
|
|
err := c.DoRequest(ctx, http.MethodPost, c.ipsetPath(), d, nil)
|
|
if err != nil {
|
|
return fmt.Errorf("error updating IPSet: %w", err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DeleteIPSet delete an IPSet
|
|
func (c *Client) DeleteIPSet(ctx context.Context, id string) error {
|
|
err := c.DoRequest(
|
|
ctx,
|
|
http.MethodDelete,
|
|
fmt.Sprintf("%s/%s", c.ipsetPath(), url.PathEscape(id)),
|
|
nil,
|
|
nil,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("error deleting IPSet %s: %w", id, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DeleteIPSetContent remove IP or Network from IPSet.
|
|
func (c *Client) DeleteIPSetContent(ctx context.Context, id string, cidr string) error {
|
|
err := c.DoRequest(
|
|
ctx,
|
|
http.MethodDelete,
|
|
fmt.Sprintf("%s/%s/%s", c.ipsetPath(), url.PathEscape(id), url.PathEscape(cidr)),
|
|
nil,
|
|
nil,
|
|
)
|
|
if err != nil {
|
|
return fmt.Errorf("error deleting IPSet content %s: %w", id, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// GetIPSetContent retrieve a list of IPSet content
|
|
func (c *Client) GetIPSetContent(ctx context.Context, id string) ([]*IPSetGetResponseData, error) {
|
|
resBody := &IPSetGetResponseBody{}
|
|
err := c.DoRequest(
|
|
ctx,
|
|
http.MethodGet,
|
|
fmt.Sprintf("%s/%s", c.ipsetPath(), url.PathEscape(id)),
|
|
nil,
|
|
resBody,
|
|
)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error getting IPSet content: %w", err)
|
|
}
|
|
|
|
if resBody.Data == nil {
|
|
return nil, errors.New("the server did not include a data object in the response")
|
|
}
|
|
|
|
return resBody.Data, nil
|
|
}
|
|
|
|
// ListIPSets retrieves list of IPSets.
|
|
func (c *Client) ListIPSets(ctx context.Context) ([]*IPSetListResponseData, error) {
|
|
resBody := &IPSetListResponseBody{}
|
|
err := c.DoRequest(ctx, http.MethodGet, c.ipsetPath(), nil, resBody)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error getting IPSet list: %w", err)
|
|
}
|
|
|
|
if resBody.Data == nil {
|
|
return nil, errors.New("the server did not include a data object in the response")
|
|
}
|
|
|
|
sort.Slice(resBody.Data, func(i, j int) bool {
|
|
return resBody.Data[i].Name < resBody.Data[j].Name
|
|
})
|
|
|
|
return resBody.Data, nil
|
|
}
|