Documentation ¶
Overview ¶
Package rules provides information and interaction with Security Group Rules for the OpenStack Networking service.
Example to List Security Groups Rules
listOpts := rules.ListOpts{ Protocol: "tcp", } allPages, err := rules.List(networkClient, listOpts).AllPages() if err != nil { panic(err) } allRules, err := rules.ExtractRules(allPages) if err != nil { panic(err) } for _, rule := range allRules { fmt.Printf("%+v\n", rule) }
Example to Create a Security Group Rule
createOpts := rules.CreateOpts{ Direction: "ingress", PortRangeMin: 80, EtherType: rules.EtherType4, PortRangeMax: 80, Protocol: "tcp", RemoteGroupID: "85cc3048-abc3-43cc-89b3-377341426ac5", SecGroupID: "a7734e61-b545-452d-a3cd-0189cbd9747a", } rule, err := rules.Create(networkClient, createOpts).Extract() if err != nil { panic(err) }
Example to Delete a Security Group Rule
ruleID := "37d94f8a-d136-465c-ae46-144f0d8ef141" err := rules.Delete(networkClient, ruleID).ExtractErr() if err != nil { panic(err) }
Index ¶
Constants ¶
const ( DirIngress RuleDirection = "ingress" DirEgress RuleDirection = "egress" EtherType4 RuleEtherType = "IPv4" EtherType6 RuleEtherType = "IPv6" ProtocolAH RuleProtocol = "ah" ProtocolDCCP RuleProtocol = "dccp" ProtocolEGP RuleProtocol = "egp" ProtocolESP RuleProtocol = "esp" ProtocolGRE RuleProtocol = "gre" ProtocolICMP RuleProtocol = "icmp" ProtocolIGMP RuleProtocol = "igmp" ProtocolIPv6Encap RuleProtocol = "ipv6-encap" ProtocolIPv6Frag RuleProtocol = "ipv6-frag" ProtocolIPv6ICMP RuleProtocol = "ipv6-icmp" ProtocolIPv6NoNxt RuleProtocol = "ipv6-nonxt" ProtocolIPv6Opts RuleProtocol = "ipv6-opts" ProtocolIPv6Route RuleProtocol = "ipv6-route" ProtocolOSPF RuleProtocol = "ospf" ProtocolPGM RuleProtocol = "pgm" ProtocolRSVP RuleProtocol = "rsvp" ProtocolSCTP RuleProtocol = "sctp" ProtocolTCP RuleProtocol = "tcp" ProtocolUDP RuleProtocol = "udp" ProtocolUDPLite RuleProtocol = "udplite" ProtocolVRRP RuleProtocol = "vrrp" ProtocolAny RuleProtocol = "any" )
Constants useful for CreateOpts
Variables ¶
This section is empty.
Functions ¶
func List ¶
func List(c *gophercloud.ServiceClient, opts ListOpts) pagination.Pager
List returns a Pager which allows you to iterate over a collection of security group rules. It accepts a ListOpts struct, which allows you to filter and sort the returned collection for greater efficiency.
Types ¶
type CreateOpts ¶
type CreateOpts struct { // Must be either "ingress" or "egress": the direction in which the security // group rule is applied. Direction RuleDirection `json:"direction" required:"true"` // String description of each rule, optional Description string `json:"description,omitempty"` // Must be "IPv4" or "IPv6", and addresses represented in CIDR must match the // ingress or egress rules. EtherType RuleEtherType `json:"ethertype" required:"true"` // The security group ID to associate with this security group rule. SecGroupID string `json:"security_group_id" required:"true"` // The maximum port number in the range that is matched by the security group // rule. The PortRangeMin attribute constrains the PortRangeMax attribute. If // the protocol is ICMP, this value must be an ICMP type. PortRangeMax int `json:"port_range_max,omitempty"` // The minimum port number in the range that is matched by the security group // rule. If the protocol is TCP or UDP, this value must be less than or equal // to the value of the PortRangeMax attribute. If the protocol is ICMP, this // value must be an ICMP type. PortRangeMin int `json:"port_range_min,omitempty"` // The protocol that is matched by the security group rule. Valid values are // "tcp", "udp", "icmp" or an empty string. Protocol RuleProtocol `json:"protocol,omitempty"` // The remote group ID to be associated with this security group rule. You can // specify either RemoteGroupID or RemoteIPPrefix. RemoteGroupID string `json:"remote_group_id,omitempty"` // The remote IP prefix to be associated with this security group rule. You can // specify either RemoteGroupID or RemoteIPPrefix. This attribute matches the // specified IP prefix as the source IP address of the IP packet. RemoteIPPrefix string `json:"remote_ip_prefix,omitempty"` // TenantID is the UUID of the project who owns the Rule. // Only administrative users can specify a project UUID other than their own. ProjectID string `json:"project_id,omitempty"` }
CreateOpts contains all the values needed to create a new security group rule.
func (CreateOpts) ToSecGroupRuleCreateMap ¶
func (opts CreateOpts) ToSecGroupRuleCreateMap() (map[string]interface{}, error)
ToSecGroupRuleCreateMap builds a request body from CreateOpts.
type CreateOptsBuilder ¶
CreateOptsBuilder allows extensions to add additional parameters to the Create request.
type CreateResult ¶
type CreateResult struct {
// contains filtered or unexported fields
}
CreateResult represents the result of a create operation. Call its Extract method to interpret it as a SecGroupRule.
func Create ¶
func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult)
Create is an operation which adds a new security group rule and associates it with an existing security group (whose ID is specified in CreateOpts).
func (CreateResult) Extract ¶
func (r CreateResult) Extract() (*SecGroupRule, error)
Extract is a function that accepts a result and extracts a security rule.
type DeleteResult ¶
type DeleteResult struct {
gophercloud.ErrResult
}
DeleteResult represents the result of a delete operation. Call its ExtractErr method to determine if the request succeeded or failed.
func Delete ¶
func Delete(c *gophercloud.ServiceClient, id string) (r DeleteResult)
Delete will permanently delete a particular security group rule based on its unique ID.
type GetResult ¶
type GetResult struct {
// contains filtered or unexported fields
}
GetResult represents the result of a get operation. Call its Extract method to interpret it as a SecGroupRule.
func (GetResult) Extract ¶
func (r GetResult) Extract() (*SecGroupRule, error)
Extract is a function that accepts a result and extracts a security rule.
type ListOpts ¶
type ListOpts struct { Direction string `q:"direction"` EtherType string `q:"ethertype"` ID string `q:"id"` Description string `q:"description"` PortRangeMax int `q:"port_range_max"` PortRangeMin int `q:"port_range_min"` Protocol string `q:"protocol"` RemoteGroupID string `q:"remote_group_id"` RemoteIPPrefix string `q:"remote_ip_prefix"` SecGroupID string `q:"security_group_id"` TenantID string `q:"tenant_id"` ProjectID string `q:"project_id"` Limit int `q:"limit"` Marker string `q:"marker"` SortKey string `q:"sort_key"` SortDir string `q:"sort_dir"` }
ListOpts allows the filtering and sorting of paginated collections through the API. Filtering is achieved by passing in struct field values that map to the security group rule attributes you want to see returned. SortKey allows you to sort by a particular network attribute. SortDir sets the direction, and is either `asc' or `desc'. Marker and Limit are used for pagination.
type RuleDirection ¶
type RuleDirection string
type RuleEtherType ¶
type RuleEtherType string
type RuleProtocol ¶
type RuleProtocol string
type SecGroupRule ¶
type SecGroupRule struct { // The UUID for this security group rule. ID string // The direction in which the security group rule is applied. The only values // allowed are "ingress" or "egress". For a compute instance, an ingress // security group rule is applied to incoming (ingress) traffic for that // instance. An egress rule is applied to traffic leaving the instance. Direction string // Description of the rule Description string `json:"description"` // Must be IPv4 or IPv6, and addresses represented in CIDR must match the // ingress or egress rules. EtherType string `json:"ethertype"` // The security group ID to associate with this security group rule. SecGroupID string `json:"security_group_id"` // The minimum port number in the range that is matched by the security group // rule. If the protocol is TCP or UDP, this value must be less than or equal // to the value of the PortRangeMax attribute. If the protocol is ICMP, this // value must be an ICMP type. PortRangeMin int `json:"port_range_min"` // The maximum port number in the range that is matched by the security group // rule. The PortRangeMin attribute constrains the PortRangeMax attribute. If // the protocol is ICMP, this value must be an ICMP type. PortRangeMax int `json:"port_range_max"` // The protocol that is matched by the security group rule. Valid values are // "tcp", "udp", "icmp" or an empty string. Protocol string // The remote group ID to be associated with this security group rule. You // can specify either RemoteGroupID or RemoteIPPrefix. RemoteGroupID string `json:"remote_group_id"` // The remote IP prefix to be associated with this security group rule. You // can specify either RemoteGroupID or RemoteIPPrefix . This attribute // matches the specified IP prefix as the source IP address of the IP packet. RemoteIPPrefix string `json:"remote_ip_prefix"` // TenantID is the project owner of this security group rule. TenantID string `json:"tenant_id"` // ProjectID is the project owner of this security group rule. ProjectID string `json:"project_id"` }
SecGroupRule represents a rule to dictate the behaviour of incoming or outgoing traffic for a particular security group.
func ExtractRules ¶
func ExtractRules(r pagination.Page) ([]SecGroupRule, error)
ExtractRules accepts a Page struct, specifically a SecGroupRulePage struct, and extracts the elements into a slice of SecGroupRule structs. In other words, a generic collection is mapped into a relevant slice.
type SecGroupRulePage ¶
type SecGroupRulePage struct {
pagination.LinkedPageBase
}
SecGroupRulePage is the page returned by a pager when traversing over a collection of security group rules.
func (SecGroupRulePage) IsEmpty ¶
func (r SecGroupRulePage) IsEmpty() (bool, error)
IsEmpty checks whether a SecGroupRulePage struct is empty.
func (SecGroupRulePage) NextPageURL ¶
func (r SecGroupRulePage) NextPageURL() (string, error)
NextPageURL is invoked when a paginated collection of security group rules has reached the end of a page and the pager seeks to traverse over a new one. In order to do this, it needs to construct the next page's URL.