Documentation ¶
Index ¶
- Constants
- func CRN2ID(crn string) string
- func DoCIDROverlap(cidr1, cidr2 string) (bool, error)
- func GenerateResourceName(name string) string
- func GetRemoteType(remote string) (string, error)
- func IBMToParagliderRules(rules []SecurityGroupRule) ([]*paragliderpb.PermitListRule, error)
- func IsCIDRSubset(cidr1, cidr2 string) (bool, error)
- func IsParagliderResource(name string) bool
- func IsRemoteInCIDR(remote, cidr string) (bool, error)
- type CloudClient
- func (c *CloudClient) AddSecurityGroupRule(rule SecurityGroupRule) (string, error)
- func (c *CloudClient) AddTransitGWConnection(transitGatewayID string, vpcCRN string) (TransitConnection, error)
- func (c *CloudClient) ConnectVPC(gatewayID string, vpcCRN string) error
- func (c *CloudClient) CreateSubnet(vpcID, zone, addressSpace string, tags []string) (*vpcv1.Subnet, error)
- func (c *CloudClient) CreateTransitGW(region string) (*transitgatewayapisv1.TransitGateway, error)
- func (c *CloudClient) CreateVPC(tags []string, exclusive bool) (*vpcv1.VPC, error)
- func (c *CloudClient) DeleteSecurityGroupRule(sgID, ruleID string) error
- func (c *CloudClient) DeleteSubnets(vpcID string) error
- func (c *CloudClient) DeleteTransitGW(gwID string) error
- func (c *CloudClient) DoSubnetsInVPCOverlapCIDR(vpcID string, CIDR string) (bool, error)
- func (c *CloudClient) GetOrCreateTransitGateway(region string) (string, error)
- func (c *CloudClient) GetParagliderTaggedResources(resourceType TaggedResourceType, tags []string, customQuery ResourceQuery) ([]ResourceData, error)
- func (c *CloudClient) GetResourceHandlerFromDesc(resourceDesc []byte) (ResourceIntf, error)
- func (c *CloudClient) GetResourceHandlerFromID(deploymentID string) (ResourceIntf, error)
- func (c *CloudClient) GetRulesIDs(rules []SecurityGroupRule, sgID string) ([]string, error)
- func (c *CloudClient) GetSecurityRulesOfSG(sgID string) ([]SecurityGroupRule, error)
- func (c *CloudClient) GetSubnetCIDR(subnetID string) (string, error)
- func (c *CloudClient) GetSubnetsInVPC(vpcID string) ([]ResourceData, error)
- func (c *CloudClient) GetSubnetsInVpcRegionBound(vpcID string) ([]vpcv1.Subnet, error)
- func (c *CloudClient) GetTransitGWConnections(gwID string) ([]TransitConnection, error)
- func (c *CloudClient) GetUniqueSGRules(rules []SecurityGroupRule, rulesHashValues map[uint64]bool) ([]SecurityGroupRule, error)
- func (c *CloudClient) GetVPCByID(vpcID string) (*vpcv1.VPC, error)
- func (c *CloudClient) IsRemoteInVPC(vpcID string, remote string) (bool, error)
- func (c *CloudClient) Region() string
- func (c *CloudClient) RemoveTransitGWConnection(connection string, transitGW string) error
- func (c *CloudClient) RemoveTransitGWConnections(gwID string) error
- func (c *CloudClient) TerminateVPC(vpcID string) error
- func (c *CloudClient) UpdateRegion(region string) error
- func (c *CloudClient) UpdateSecurityGroupRule(rule SecurityGroupRule) error
- type Credentials
- type ResourceClusterType
- func (c *ResourceClusterType) CreateResource(name, vpcID, subnetID string, tags []string, resourceDesc []byte) (*ResourceResponse, error)
- func (c *ResourceClusterType) GetID() string
- func (c *ResourceClusterType) GetVPC() (*vpcv1.VPCReference, error)
- func (c *ResourceClusterType) IsExclusiveNetworkNeeded() bool
- func (c *ResourceClusterType) IsInNamespace(namespace, region string) (bool, error)
- type ResourceData
- type ResourceInstanceType
- func (i *ResourceInstanceType) CreateResource(name, vpcID, subnetID string, tags []string, resourceDesc []byte) (*ResourceResponse, error)
- func (i *ResourceInstanceType) GetID() string
- func (i *ResourceInstanceType) GetSecurityGroupID() (string, error)
- func (i *ResourceInstanceType) GetVPC() (*vpcv1.VPCReference, error)
- func (i *ResourceInstanceType) IsExclusiveNetworkNeeded() bool
- func (i *ResourceInstanceType) IsInNamespace(namespace, region string) (bool, error)
- type ResourceIntf
- type ResourceQuery
- type ResourceResponse
- type SecurityGroupRule
- type TaggedResourceType
- type TransitConnection
Constants ¶
const ( // InstanceResourceType is an instance type of resource InstanceResourceType = "instance" // ClusterResourceType is a cluster type of resource ClusterResourceType = "cluster" // ClusterReadyState is the ideal running state of a cluster ClusterReadyState = "normal" )
Variables ¶
This section is empty.
Functions ¶
func DoCIDROverlap ¶
DoCIDROverlap returns false if cidr blocks don't share a single ip, i.e. they don't overlap.
func GenerateResourceName ¶
GenerateResourceName returns unique paraglider resource name
func GetRemoteType ¶
GetRemoteType returns IBM specific keyword returned by vpc1 SDK, indicating the type of remote an SG rule permits
func IBMToParagliderRules ¶
func IBMToParagliderRules(rules []SecurityGroupRule) ([]*paragliderpb.PermitListRule, error)
returns rules in paraglider format from IBM cloud format TODO @cohen-j-omer: handle permitList tags if required.
func IsCIDRSubset ¶
IsCIDRSubset returns true if cidr1 is a subset (including equal) to cidr2
func IsParagliderResource ¶
IsParagliderResource returns if a given resource (e.g. permit list) belongs to paraglider
func IsRemoteInCIDR ¶
IsRemoteInCIDR returns true if remote is contained in the CIDR's IP range. remote could be either an IP or a CIDR block.
Types ¶
type CloudClient ¶
type CloudClient struct {
// contains filtered or unexported fields
}
CloudClient is the client used to interact with IBM Cloud SDK
func FakeIBMCloudClient ¶
func FakeIBMCloudClient(fakeURL, fakeResGroupID, fakeRegion string) (*CloudClient, error)
FakeIBMCloudClient returns a fake/mock CloudClient instance without auth, that needs to be handled in the URL
func NewIBMCloudClient ¶
func NewIBMCloudClient(resourceGroupID, region string) (*CloudClient, error)
NewIBMCloudClient returns CloudClient instance with initialized clients Note: This will be used by IBM plugin through setupCloudClient, and should not be used directly to create a cloud client otherwise.
func (*CloudClient) AddSecurityGroupRule ¶
func (c *CloudClient) AddSecurityGroupRule(rule SecurityGroupRule) (string, error)
AddSecurityGroupRule adds following functions are responsible for assigning SecurityGroupRules to a security group.
func (*CloudClient) AddTransitGWConnection ¶
func (c *CloudClient) AddTransitGWConnection(transitGatewayID string, vpcCRN string) (TransitConnection, error)
adds VPC as a connection to an existing Transit Gateway
func (*CloudClient) ConnectVPC ¶
func (c *CloudClient) ConnectVPC(gatewayID string, vpcCRN string) error
Connects vpc to the specified transit gateway. ignores error if already connected.
func (*CloudClient) CreateSubnet ¶
func (c *CloudClient) CreateSubnet( vpcID, zone, addressSpace string, tags []string) (*vpcv1.Subnet, error)
CreateSubnet creates subnet in specified vpc and zone.
func (*CloudClient) CreateTransitGW ¶
func (c *CloudClient) CreateTransitGW(region string) (*transitgatewayapisv1.TransitGateway, error)
creates a global transit gateway (global routing) at the specified region and tags it with the specified namespace
func (*CloudClient) CreateVPC ¶
CreateVPC creates a Paraglider VPC for a region resources are tagged.
func (*CloudClient) DeleteSecurityGroupRule ¶
func (c *CloudClient) DeleteSecurityGroupRule(sgID, ruleID string) error
DeleteSecurityGroupRule deletes a rule from the security group
func (*CloudClient) DeleteSubnets ¶
func (c *CloudClient) DeleteSubnets(vpcID string) error
DeleteSubnets deletes all subnets in the specified VPC. NOTE: before invoking this function Set VPC client to the region the VPC is located in.
func (*CloudClient) DeleteTransitGW ¶
func (c *CloudClient) DeleteTransitGW(gwID string) error
deletes a gateway matching the specified ID
func (*CloudClient) DoSubnetsInVPCOverlapCIDR ¶
func (c *CloudClient) DoSubnetsInVPCOverlapCIDR(vpcID string, CIDR string) (bool, error)
returns true if any of the specified vpc's subnets' address spaces overlap with given cidr NOTE: before invoking this function Set VPC client to the region the VPC is located in.
func (*CloudClient) GetOrCreateTransitGateway ¶
func (c *CloudClient) GetOrCreateTransitGateway(region string) (string, error)
returns an ID for an existent global transit gateway. If doesn't exist, creates one in the specified region. NOTE: the region argument isn't relevant for the lookup process.
func (*CloudClient) GetParagliderTaggedResources ¶
func (c *CloudClient) GetParagliderTaggedResources(resourceType TaggedResourceType, tags []string, customQuery ResourceQuery) ([]ResourceData, error)
GetParagliderTaggedResources returns slice of IDs of tagged resources Arg resourceType: type of VPC resource, e.g. subnet, security group, instance. Arg tags: labels set by dev, e.g. {<vpcID>,<deploymentID>} Args customQueryMap: map of attributes to filter by, e.g. {"region":"<regionName>"}
func (*CloudClient) GetResourceHandlerFromDesc ¶
func (c *CloudClient) GetResourceHandlerFromDesc(resourceDesc []byte) (ResourceIntf, error)
GetResourceHandlerFromDesc gets the resource handler from the resource description
func (*CloudClient) GetResourceHandlerFromID ¶
func (c *CloudClient) GetResourceHandlerFromID(deploymentID string) (ResourceIntf, error)
GetResourceHandlerFromID gets the resource handler from the resource ID/URI
func (*CloudClient) GetRulesIDs ¶
func (c *CloudClient) GetRulesIDs(rules []SecurityGroupRule, sgID string) ([]string, error)
return IDs of rules matching the specified specifications.
func (*CloudClient) GetSecurityRulesOfSG ¶
func (c *CloudClient) GetSecurityRulesOfSG(sgID string) ([]SecurityGroupRule, error)
GetSecurityRulesOfSG gets the rules of security groups
func (*CloudClient) GetSubnetCIDR ¶
func (c *CloudClient) GetSubnetCIDR(subnetID string) (string, error)
GetSubnetCIDR returns address space of subnet NOTE: before invoking this function Set VPC client to the region the VPC is located in.
func (*CloudClient) GetSubnetsInVPC ¶
func (c *CloudClient) GetSubnetsInVPC(vpcID string) ([]ResourceData, error)
GetSubnetsInVPC returns all paraglider subnets in the specified VPC. NOTE: unlike GetSubnetsInVpcRegionBound isn't reliant on the vpcService's region.
func (*CloudClient) GetSubnetsInVpcRegionBound ¶
func (c *CloudClient) GetSubnetsInVpcRegionBound(vpcID string) ([]vpcv1.Subnet, error)
GetSubnetsInVpcRegionBound returns all subnets in vpc, user's and paraglider' in the region set by the client. NOTES: before invoking this function Set VPC client to the region the VPC is located in.
This function returns more info in contrast to GetSubnetsInVPC.
func (*CloudClient) GetTransitGWConnections ¶
func (c *CloudClient) GetTransitGWConnections(gwID string) ([]TransitConnection, error)
returns connections of the transit gateway
func (*CloudClient) GetUniqueSGRules ¶
func (c *CloudClient) GetUniqueSGRules(rules []SecurityGroupRule, rulesHashValues map[uint64]bool) ([]SecurityGroupRule, error)
return the specified rules without duplicates, while keeping the rules' hash values updated for future use.
func (*CloudClient) GetVPCByID ¶
func (c *CloudClient) GetVPCByID(vpcID string) (*vpcv1.VPC, error)
GetVPCByID returns vpc data of specified vpc
func (*CloudClient) IsRemoteInVPC ¶
func (c *CloudClient) IsRemoteInVPC(vpcID string, remote string) (bool, error)
returns true if the specified remote (CIDR/IP) is a subset of the specified VPC's address space. NOTE: address space refers to that of the subnets within the VPC's, not to its address prefixes.
func (*CloudClient) Region ¶
func (c *CloudClient) Region() string
func (*CloudClient) RemoveTransitGWConnection ¶
func (c *CloudClient) RemoveTransitGWConnection(connection string, transitGW string) error
removes the specified connection from the specified transit gateway.
func (*CloudClient) RemoveTransitGWConnections ¶
func (c *CloudClient) RemoveTransitGWConnections(gwID string) error
removes connections attached to gateway. returns only when all connections removed.
func (*CloudClient) TerminateVPC ¶
func (c *CloudClient) TerminateVPC(vpcID string) error
TerminateVPC terminates a vpc, deleting its associated instances and subnets
func (*CloudClient) UpdateRegion ¶
func (c *CloudClient) UpdateRegion(region string) error
updates the vpc service's url service to the specified region
func (*CloudClient) UpdateSecurityGroupRule ¶
func (c *CloudClient) UpdateSecurityGroupRule(rule SecurityGroupRule) error
type Credentials ¶
type Credentials struct {
APIKey string `yaml:"iam_api_key"`
}
Credentials extracted from local credential file
type ResourceClusterType ¶
type ResourceClusterType struct { ResourceIntf ID string // contains filtered or unexported fields }
ResourceClusterType is the handler for cluster type resources
func (*ResourceClusterType) CreateResource ¶
func (c *ResourceClusterType) CreateResource(name, vpcID, subnetID string, tags []string, resourceDesc []byte) (*ResourceResponse, error)
CreateResource creates a cluster
func (*ResourceClusterType) GetID ¶
func (c *ResourceClusterType) GetID() string
GetID fetches the identifier of instance
func (*ResourceClusterType) GetVPC ¶
func (c *ResourceClusterType) GetVPC() (*vpcv1.VPCReference, error)
GetVPC returns the VPC reference of the endpoint gateway of the cluster
func (*ResourceClusterType) IsExclusiveNetworkNeeded ¶
func (c *ResourceClusterType) IsExclusiveNetworkNeeded() bool
IsExclusiveNetworkNeeded indicates if this resource needs an exclusive VPC to be provisioned
func (*ResourceClusterType) IsInNamespace ¶
func (c *ResourceClusterType) IsInNamespace(namespace, region string) (bool, error)
IsInNamespace checks if the cluster is in the namespace
type ResourceData ¶
ResourceData represents the fields retrieved from tagged resources.
type ResourceInstanceType ¶
type ResourceInstanceType struct { ResourceIntf ID string // contains filtered or unexported fields }
ResourceInstanceType is the handler for instance type resources
func (*ResourceInstanceType) CreateResource ¶
func (i *ResourceInstanceType) CreateResource(name, vpcID, subnetID string, tags []string, resourceDesc []byte) (*ResourceResponse, error)
CreateResource create an instance
func (*ResourceInstanceType) GetID ¶
func (i *ResourceInstanceType) GetID() string
GetID fetches the identifier of instance
func (*ResourceInstanceType) GetSecurityGroupID ¶
func (i *ResourceInstanceType) GetSecurityGroupID() (string, error)
GetSecurityGroupID returns the security group ID that's associated with the instance's network interfaces
func (*ResourceInstanceType) GetVPC ¶
func (i *ResourceInstanceType) GetVPC() (*vpcv1.VPCReference, error)
GetVPC returns VPC data of specified instance
func (*ResourceInstanceType) IsExclusiveNetworkNeeded ¶
func (i *ResourceInstanceType) IsExclusiveNetworkNeeded() bool
IsExclusiveNetworkNeeded indicates if this resource needs an exclusive VPC to be provisioned
func (*ResourceInstanceType) IsInNamespace ¶
func (i *ResourceInstanceType) IsInNamespace(namespace, region string) (bool, error)
IsInNamespace returns True if an instance resides inside the specified namespace region is an optional argument used to increase effectiveness of resource search
type ResourceIntf ¶
type ResourceIntf interface { CreateResource(name, vpcID, subnetID string, tags []string, resourceDesc []byte) (*ResourceResponse, error) IsInNamespace(namespace, region string) (bool, error) IsExclusiveNetworkNeeded() bool GetID() string GetSecurityGroupID() (string, error) GetVPC() (*vpcv1.VPCReference, error) }
ResourceIntf is a common resource interface to be implemented for multiple resource types such as instance, k8s cluster, etc.
type ResourceQuery ¶
type ResourceQuery struct { Region string Zone string CRN string // cloud resource name globally identifying the resource }
ResourceQuery represents attributes a user can filter tagged resources by. Note: ResourceQuery isn't associated with resources' tags, but their attributes.
type ResourceResponse ¶
type ResourceResponse struct { // Name is the resource name Name string // URI is the unique resource identifier of the format /resourcegroup/{id}/zone/{zone}/{resource_type}/{resource_id} URI string // IP is the endpoint IP of the resource IP string }
ResourceResponse contains the required resource fields to be returned after creation of a resource
type SecurityGroupRule ¶
type SecurityGroupRule struct { ID string // Unique identifier of this rule SgID string // Unique ID of the security group to which this rule belongs Protocol string // IP protocol that this rules applies to Remote string // What this rule applies to (IP or CIDR block) RemoteType string // Type of remote, can be "IP", "CIDR", or "SG" PortMin int64 // First port of the range to which this rule applies (only available for TCP/UDP rules), -1 means all ports PortMax int64 // Last port of the range to which this rule applies (only available for TCP/UDP rules), -1 means all ports IcmpType int64 // ICMP Type for the rule (only available for ICMP rules), -1 means all types IcmpCode int64 // ICMP Code for the rule (only available for ICMP rules), -1 means all codes Egress bool // The rule affects to outbound traffic (true) or inbound (false) }
SecurityGroupRule defines the entries of a security group rule
func ParagliderToIBMRules ¶
func ParagliderToIBMRules(securityGroupID string, rules []*paragliderpb.PermitListRule) ( []SecurityGroupRule, error)
returns rules in IBM cloud format to paraglider format NOTE: with the current PermitListRule we can't translate ICMP rules with specific type or code
type TaggedResourceType ¶
type TaggedResourceType string
TaggedResourceType indicates the type of tagged resource to fetch
const ( VPC TaggedResourceType = "vpc" SUBNET TaggedResourceType = "subnet" VM TaggedResourceType = "instance" CLUSTER TaggedResourceType = "k8-cluster" // Security group of a specific instance SG TaggedResourceType = "security-group" // transit gateway for vpc-peering GATEWAY TaggedResourceType = "gateway" // ParagliderResourcePrefix is used to prefix a resource's name ParagliderResourcePrefix = "paraglider" // ParagliderTag is the default tag attached to all paraglider resources ParagliderTag = "pg" )