[ELBv3]: Security policies implementation (#510)

[ELBv3]: Security policies implementation What this PR does / why we need it This PR implements management of Security policies of ELBv3. Acceptance test === RUN TestSystemSecurityPolicy --- PASS: TestSystemSecurityPolicy (0.62s) === RUN TestSecurityPolicyList --- PASS: TestSecurityPolicyList (0.63s) === RUN TestSecurityPolicyLifecycle --- PASS: TestSecurityPolicyLifecycle (1.81s) PASS Process finished with the exit code 0 Reviewed-by: Aloento Reviewed-by: Anton Sidelnikov
opentelekomcloud · Mar 22, 2023 · 4e179f3 · 4e179f3
1 parent 3e72376
commit 4e179f3
Show file tree

Hide file tree

Showing 7 changed files with 344 additions and 0 deletions.
diff --git a/acceptance/openstack/elb/v3/security_policy_test.go b/acceptance/openstack/elb/v3/security_policy_test.go
@@ -0,0 +1,173 @@
+package v3
+
+import (
+	"testing"
+
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/clients"
+	"github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/elb/v3/listeners"
+	"github.com/opentelekomcloud/gophertelekomcloud/openstack/elb/v3/security_policy"
+	th "github.com/opentelekomcloud/gophertelekomcloud/testhelper"
+)
+
+func TestSystemSecurityPolicy(t *testing.T) {
+	client, err := clients.NewElbV3Client()
+	th.AssertNoErr(t, err)
+
+	systemPolicies, err := security_policy.ListSystemPolicies(client)
+	th.AssertNoErr(t, err)
+
+	tools.PrintResource(t, systemPolicies)
+}
+
+func TestSecurityPolicyList(t *testing.T) {
+	client, err := clients.NewElbV3Client()
+	th.AssertNoErr(t, err)
+
+	allPolicies, err := security_policy.List(client, security_policy.ListOpts{})
+	th.AssertNoErr(t, err)
+
+	tools.PrintResource(t, allPolicies)
+}
+
+func TestSecurityPolicyLifecycle(t *testing.T) {
+	client, err := clients.NewElbV3Client()
+	th.AssertNoErr(t, err)
+
+	policyName := tools.RandomString("create-policy-", 3)
+
+	secPolicy := createSecurityPolicy(t, client, policyName)
+	tools.PrintResource(t, secPolicy)
+
+	defer deleteSecurityPolicy(t, client, secPolicy.SecurityPolicy.ID)
+
+	updatedName := tools.RandomString("update-policy-", 3)
+
+	updateOpts := security_policy.UpdateOpts{
+		Name: updatedName,
+	}
+
+	putPolicy, err := security_policy.Update(client, updateOpts, secPolicy.SecurityPolicy.ID)
+	th.AssertNoErr(t, err)
+	th.AssertEquals(t, putPolicy.SecurityPolicy.Name, updatedName)
+
+	getPolicy, err := security_policy.Get(client, secPolicy.SecurityPolicy.ID)
+	th.AssertNoErr(t, err)
+
+	tools.PrintResource(t, getPolicy)
+	th.AssertEquals(t, getPolicy.SecurityPolicy.ID, secPolicy.SecurityPolicy.ID)
+	th.AssertEquals(t, getPolicy.SecurityPolicy.Name, putPolicy.SecurityPolicy.Name)
+	th.AssertEquals(t, getPolicy.SecurityPolicy.ProjectId, secPolicy.SecurityPolicy.ProjectId)
+
+	listOpts := security_policy.ListOpts{
+		Name: []string{
+			updatedName,
+		},
+	}
+
+	listPolicy, err := security_policy.List(client, listOpts)
+	th.AssertNoErr(t, err)
+	tools.PrintResource(t, listPolicy)
+}
+
+func TestPolicyAssignment(t *testing.T) {
+	client, err := clients.NewElbV3Client()
+	th.AssertNoErr(t, err)
+
+	policyName := tools.RandomString("create-policy-", 3)
+
+	loadbalancerID := createLoadBalancer(t, client)
+	defer deleteLoadbalancer(t, client, loadbalancerID)
+
+	certificateID := createCertificate(t, client)
+	defer deleteCertificate(t, client, certificateID)
+
+	t.Run("AssignSecurityPolicyListenerCreation", func(t *testing.T) {
+		secPolicyID := createSecurityPolicy(t, client, policyName).SecurityPolicy.ID
+		defer deleteSecurityPolicy(t, client, secPolicyID)
+
+		listenerName := tools.RandomString("create-listener-", 3)
+
+		createOpts := listeners.CreateOpts{
+			DefaultTlsContainerRef: certificateID,
+			Description:            "some interesting description",
+			LoadbalancerID:         loadbalancerID,
+			Name:                   listenerName,
+			Protocol:               "HTTPS",
+			ProtocolPort:           443,
+			SecurityPolicy:         secPolicyID,
+		}
+
+		listener, err := listeners.Create(client, createOpts).Extract()
+		defer func() {
+			t.Logf("Attempting to delete ELBv3 Listener: %s", listener.ID)
+			err := listeners.Delete(client, listener.ID).ExtractErr()
+			th.AssertNoErr(t, err)
+			t.Logf("Deleted ELBv3 Listener: %s", listener.ID)
+		}()
+		th.AssertNoErr(t, err)
+		th.AssertEquals(t, listener.SecurityPolicy, secPolicyID)
+	})
+
+	t.Run("AssignSecurityPolicyListenerUpdate", func(t *testing.T) {
+		secPolicyUpdatedID := createSecurityPolicy(t, client, policyName).SecurityPolicy.ID
+		defer deleteSecurityPolicy(t, client, secPolicyUpdatedID)
+		listenerName := tools.RandomString("create-listener-", 3)
+
+		createOpts := listeners.CreateOpts{
+			DefaultTlsContainerRef: certificateID,
+			Description:            "some interesting description",
+			LoadbalancerID:         loadbalancerID,
+			Name:                   listenerName,
+			Protocol:               "HTTPS",
+			ProtocolPort:           443,
+		}
+
+		listener, err := listeners.Create(client, createOpts).Extract()
+		th.AssertNoErr(t, err)
+		defer func() {
+			t.Logf("Attempting to delete ELBv3 Listener: %s", listener.ID)
+			err := listeners.Delete(client, listener.ID).ExtractErr()
+			th.AssertNoErr(t, err)
+			t.Logf("Deleted ELBv3 Listener: %s", listener.ID)
+		}()
+
+		updateOpts := listeners.UpdateOpts{
+			SecurityPolicy: secPolicyUpdatedID,
+		}
+
+		_ = listeners.Update(client, listener.ID, updateOpts)
+
+		updatedListener, err := listeners.Get(client, listener.ID).Extract()
+		th.AssertNoErr(t, err)
+		th.AssertEquals(t, updatedListener.SecurityPolicy, secPolicyUpdatedID)
+	})
+}
+
+func deleteSecurityPolicy(t *testing.T, client *golangsdk.ServiceClient, secPolicyID string) {
+	t.Logf("Attempting to delete ELBv3 Security Policy: %s", secPolicyID)
+	err := security_policy.Delete(client, secPolicyID)
+	th.AssertNoErr(t, err)
+	t.Logf("Deleted ELBv3 security policy: %s", secPolicyID)
+}
+
+func createSecurityPolicy(t *testing.T, client *golangsdk.ServiceClient, policyName string) *security_policy.SecurityPolicy {
+	t.Logf("Attempting to create ELBv3 security policy")
+	secOpts := security_policy.CreateOpts{
+		Name:        policyName,
+		Description: "test policy for acceptance testing",
+		Protocols: []string{
+			"TLSv1",
+		},
+		Ciphers: []string{
+			"AES256-SHA",
+		},
+	}
+
+	secPolicy, err := security_policy.Create(client, secOpts)
+	th.AssertNoErr(t, err)
+	t.Logf("Created  ELBv3 security policy: %s", secPolicy.SecurityPolicy.ID)
+
+	return secPolicy
+}
diff --git a/openstack/elb/v3/security_policy/Create.go b/openstack/elb/v3/security_policy/Create.go
@@ -0,0 +1,51 @@
+package security_policy
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/build"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+type CreateOpts struct {
+	Name        string   `json:"name,omitempty"`
+	Description string   `json:"description,omitempty"`
+	Protocols   []string `json:"protocols" required:"true"`
+	Ciphers     []string `json:"ciphers" required:"true"`
+}
+
+func Create(client *golangsdk.ServiceClient, opts CreateOpts) (*SecurityPolicy, error) {
+	b, err := build.RequestBody(opts, "security_policy")
+	if err != nil {
+		return nil, err
+	}
+
+	raw, err := client.Post(client.ServiceURL("security-policies"), b, nil, &golangsdk.RequestOpts{OkCodes: []int{201}})
+	if err != nil {
+		return nil, err
+	}
+
+	var res SecurityPolicy
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}
+
+type SecurityPolicy struct {
+	SecurityPolicy PolicyRef `json:"security_policy"`
+	RequestId      string    `json:"request_id"`
+}
+
+type PolicyRef struct {
+	ID          string        `json:"id"`
+	ProjectId   string        `json:"project_id"`
+	Name        string        `json:"name"`
+	Description string        `json:"description"`
+	Listeners   []ListenerRef `json:"listeners"`
+	Protocols   []string      `json:"protocols"`
+	Ciphers     []string      `json:"ciphers"`
+	CreatedAt   string        `json:"created_at"`
+	UpdatedAt   string        `json:"updated_at"`
+}
+
+type ListenerRef struct {
+	ID string `json:"id"`
+}
diff --git a/openstack/elb/v3/security_policy/Delete.go b/openstack/elb/v3/security_policy/Delete.go
@@ -0,0 +1,13 @@
+package security_policy
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+)
+
+func Delete(client *golangsdk.ServiceClient, id string) (err error) {
+	_, err = client.Delete(client.ServiceURL("security-policies", id), &golangsdk.RequestOpts{
+		OkCodes:     []int{204},
+		MoreHeaders: map[string]string{"Content-Type": "application/json"},
+	})
+	return
+}
diff --git a/openstack/elb/v3/security_policy/Get.go b/openstack/elb/v3/security_policy/Get.go
@@ -0,0 +1,17 @@
+package security_policy
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+func Get(client *golangsdk.ServiceClient, id string) (*SecurityPolicy, error) {
+	raw, err := client.Get(client.ServiceURL("security-policies", id), nil, &golangsdk.RequestOpts{OkCodes: []int{200}})
+	if err != nil {
+		return nil, err
+	}
+
+	var res SecurityPolicy
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}
diff --git a/openstack/elb/v3/security_policy/List.go b/openstack/elb/v3/security_policy/List.go
@@ -0,0 +1,35 @@
+package security_policy
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+type ListOpts struct {
+	Marker      string   `q:"marker"`
+	Limit       string   `q:"limit"`
+	PageReverse bool     `q:"page_reverse"`
+	ID          []string `q:"id"`
+	Name        []string `q:"name"`
+	Description []string `q:"description"`
+	Protocols   []string `q:"protocols"`
+	Ciphers     []string `q:"ciphers"`
+}
+
+func List(client *golangsdk.ServiceClient, opts ListOpts) ([]PolicyRef, error) {
+	q, err := golangsdk.BuildQueryString(&opts)
+	if err != nil {
+		return nil, err
+	}
+
+	raw, err := client.Get(client.ServiceURL("security-policies")+q.String(), nil, &golangsdk.RequestOpts{OkCodes: []int{200}})
+	if err != nil {
+		return nil, err
+	}
+
+	var res []PolicyRef
+
+	err = extract.IntoSlicePtr(raw.Body, &res, "security_policies")
+	return res, err
+
+}
diff --git a/openstack/elb/v3/security_policy/ListSystemPolicies.go b/openstack/elb/v3/security_policy/ListSystemPolicies.go
@@ -0,0 +1,25 @@
+package security_policy
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+func ListSystemPolicies(client *golangsdk.ServiceClient) ([]SystemPolicy, error) {
+	raw, err := client.Get(client.ServiceURL("system-security-policies"), nil, &golangsdk.RequestOpts{OkCodes: []int{200}})
+	if err != nil {
+		return nil, err
+	}
+
+	var res []SystemPolicy
+
+	err = extract.IntoSlicePtr(raw.Body, &res, "system_security_policies")
+	return res, err
+}
+
+type SystemPolicy struct {
+	ProjectId string `json:"project_id"`
+	Name      string `json:"name"`
+	Protocols string `json:"protocols"`
+	Ciphers   string `json:"ciphers"`
+}
diff --git a/openstack/elb/v3/security_policy/Update.go b/openstack/elb/v3/security_policy/Update.go
@@ -0,0 +1,30 @@
+package security_policy
+
+import (
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/build"
+	"github.com/opentelekomcloud/gophertelekomcloud/internal/extract"
+)
+
+type UpdateOpts struct {
+	Name        string   `json:"name,omitempty"`
+	Description string   `json:"description,omitempty"`
+	Protocols   []string `json:"protocols,omitempty"`
+	Ciphers     []string `json:"ciphers,omitempty"`
+}
+
+func Update(client *golangsdk.ServiceClient, opts UpdateOpts, id string) (*SecurityPolicy, error) {
+	b, err := build.RequestBody(opts, "security_policy")
+	if err != nil {
+		return nil, err
+	}
+
+	raw, err := client.Put(client.ServiceURL("security-policies", id), b, nil, &golangsdk.RequestOpts{OkCodes: []int{200}})
+	if err != nil {
+		return nil, err
+	}
+
+	var res SecurityPolicy
+	err = extract.Into(raw.Body, &res)
+	return &res, err
+}