diff --git a/acceptance/openstack/elb/v3/security_policy_test.go b/acceptance/openstack/elb/v3/security_policy_test.go new file mode 100644 index 000000000..a44f7c749 --- /dev/null +++ b/acceptance/openstack/elb/v3/security_policy_test.go @@ -0,0 +1,173 @@ +package v3 + +import ( + "testing" + + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud/acceptance/clients" + "github.com/opentelekomcloud/gophertelekomcloud/acceptance/tools" + "github.com/opentelekomcloud/gophertelekomcloud/openstack/elb/v3/listeners" + "github.com/opentelekomcloud/gophertelekomcloud/openstack/elb/v3/security_policy" + th "github.com/opentelekomcloud/gophertelekomcloud/testhelper" +) + +func TestSystemSecurityPolicy(t *testing.T) { + client, err := clients.NewElbV3Client() + th.AssertNoErr(t, err) + + systemPolicies, err := security_policy.ListSystemPolicies(client) + th.AssertNoErr(t, err) + + tools.PrintResource(t, systemPolicies) +} + +func TestSecurityPolicyList(t *testing.T) { + client, err := clients.NewElbV3Client() + th.AssertNoErr(t, err) + + allPolicies, err := security_policy.List(client, security_policy.ListOpts{}) + th.AssertNoErr(t, err) + + tools.PrintResource(t, allPolicies) +} + +func TestSecurityPolicyLifecycle(t *testing.T) { + client, err := clients.NewElbV3Client() + th.AssertNoErr(t, err) + + policyName := tools.RandomString("create-policy-", 3) + + secPolicy := createSecurityPolicy(t, client, policyName) + tools.PrintResource(t, secPolicy) + + defer deleteSecurityPolicy(t, client, secPolicy.SecurityPolicy.ID) + + updatedName := tools.RandomString("update-policy-", 3) + + updateOpts := security_policy.UpdateOpts{ + Name: updatedName, + } + + putPolicy, err := security_policy.Update(client, updateOpts, secPolicy.SecurityPolicy.ID) + th.AssertNoErr(t, err) + th.AssertEquals(t, putPolicy.SecurityPolicy.Name, updatedName) + + getPolicy, err := security_policy.Get(client, secPolicy.SecurityPolicy.ID) + th.AssertNoErr(t, err) + + tools.PrintResource(t, getPolicy) + th.AssertEquals(t, getPolicy.SecurityPolicy.ID, secPolicy.SecurityPolicy.ID) + th.AssertEquals(t, getPolicy.SecurityPolicy.Name, putPolicy.SecurityPolicy.Name) + th.AssertEquals(t, getPolicy.SecurityPolicy.ProjectId, secPolicy.SecurityPolicy.ProjectId) + + listOpts := security_policy.ListOpts{ + Name: []string{ + updatedName, + }, + } + + listPolicy, err := security_policy.List(client, listOpts) + th.AssertNoErr(t, err) + tools.PrintResource(t, listPolicy) +} + +func TestPolicyAssignment(t *testing.T) { + client, err := clients.NewElbV3Client() + th.AssertNoErr(t, err) + + policyName := tools.RandomString("create-policy-", 3) + + loadbalancerID := createLoadBalancer(t, client) + defer deleteLoadbalancer(t, client, loadbalancerID) + + certificateID := createCertificate(t, client) + defer deleteCertificate(t, client, certificateID) + + t.Run("AssignSecurityPolicyListenerCreation", func(t *testing.T) { + secPolicyID := createSecurityPolicy(t, client, policyName).SecurityPolicy.ID + defer deleteSecurityPolicy(t, client, secPolicyID) + + listenerName := tools.RandomString("create-listener-", 3) + + createOpts := listeners.CreateOpts{ + DefaultTlsContainerRef: certificateID, + Description: "some interesting description", + LoadbalancerID: loadbalancerID, + Name: listenerName, + Protocol: "HTTPS", + ProtocolPort: 443, + SecurityPolicy: secPolicyID, + } + + listener, err := listeners.Create(client, createOpts).Extract() + defer func() { + t.Logf("Attempting to delete ELBv3 Listener: %s", listener.ID) + err := listeners.Delete(client, listener.ID).ExtractErr() + th.AssertNoErr(t, err) + t.Logf("Deleted ELBv3 Listener: %s", listener.ID) + }() + th.AssertNoErr(t, err) + th.AssertEquals(t, listener.SecurityPolicy, secPolicyID) + }) + + t.Run("AssignSecurityPolicyListenerUpdate", func(t *testing.T) { + secPolicyUpdatedID := createSecurityPolicy(t, client, policyName).SecurityPolicy.ID + defer deleteSecurityPolicy(t, client, secPolicyUpdatedID) + listenerName := tools.RandomString("create-listener-", 3) + + createOpts := listeners.CreateOpts{ + DefaultTlsContainerRef: certificateID, + Description: "some interesting description", + LoadbalancerID: loadbalancerID, + Name: listenerName, + Protocol: "HTTPS", + ProtocolPort: 443, + } + + listener, err := listeners.Create(client, createOpts).Extract() + th.AssertNoErr(t, err) + defer func() { + t.Logf("Attempting to delete ELBv3 Listener: %s", listener.ID) + err := listeners.Delete(client, listener.ID).ExtractErr() + th.AssertNoErr(t, err) + t.Logf("Deleted ELBv3 Listener: %s", listener.ID) + }() + + updateOpts := listeners.UpdateOpts{ + SecurityPolicy: secPolicyUpdatedID, + } + + _ = listeners.Update(client, listener.ID, updateOpts) + + updatedListener, err := listeners.Get(client, listener.ID).Extract() + th.AssertNoErr(t, err) + th.AssertEquals(t, updatedListener.SecurityPolicy, secPolicyUpdatedID) + }) +} + +func deleteSecurityPolicy(t *testing.T, client *golangsdk.ServiceClient, secPolicyID string) { + t.Logf("Attempting to delete ELBv3 Security Policy: %s", secPolicyID) + err := security_policy.Delete(client, secPolicyID) + th.AssertNoErr(t, err) + t.Logf("Deleted ELBv3 security policy: %s", secPolicyID) +} + +func createSecurityPolicy(t *testing.T, client *golangsdk.ServiceClient, policyName string) *security_policy.SecurityPolicy { + t.Logf("Attempting to create ELBv3 security policy") + secOpts := security_policy.CreateOpts{ + Name: policyName, + Description: "test policy for acceptance testing", + Protocols: []string{ + "TLSv1", + }, + Ciphers: []string{ + "AES256-SHA", + }, + } + + secPolicy, err := security_policy.Create(client, secOpts) + th.AssertNoErr(t, err) + t.Logf("Created ELBv3 security policy: %s", secPolicy.SecurityPolicy.ID) + + return secPolicy +} diff --git a/openstack/elb/v3/security_policy/Create.go b/openstack/elb/v3/security_policy/Create.go new file mode 100644 index 000000000..b2e96cd76 --- /dev/null +++ b/openstack/elb/v3/security_policy/Create.go @@ -0,0 +1,51 @@ +package security_policy + +import ( + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud/internal/build" + "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" +) + +type CreateOpts struct { + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + Protocols []string `json:"protocols" required:"true"` + Ciphers []string `json:"ciphers" required:"true"` +} + +func Create(client *golangsdk.ServiceClient, opts CreateOpts) (*SecurityPolicy, error) { + b, err := build.RequestBody(opts, "security_policy") + if err != nil { + return nil, err + } + + raw, err := client.Post(client.ServiceURL("security-policies"), b, nil, &golangsdk.RequestOpts{OkCodes: []int{201}}) + if err != nil { + return nil, err + } + + var res SecurityPolicy + err = extract.Into(raw.Body, &res) + return &res, err +} + +type SecurityPolicy struct { + SecurityPolicy PolicyRef `json:"security_policy"` + RequestId string `json:"request_id"` +} + +type PolicyRef struct { + ID string `json:"id"` + ProjectId string `json:"project_id"` + Name string `json:"name"` + Description string `json:"description"` + Listeners []ListenerRef `json:"listeners"` + Protocols []string `json:"protocols"` + Ciphers []string `json:"ciphers"` + CreatedAt string `json:"created_at"` + UpdatedAt string `json:"updated_at"` +} + +type ListenerRef struct { + ID string `json:"id"` +} diff --git a/openstack/elb/v3/security_policy/Delete.go b/openstack/elb/v3/security_policy/Delete.go new file mode 100644 index 000000000..3a59fc51c --- /dev/null +++ b/openstack/elb/v3/security_policy/Delete.go @@ -0,0 +1,13 @@ +package security_policy + +import ( + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" +) + +func Delete(client *golangsdk.ServiceClient, id string) (err error) { + _, err = client.Delete(client.ServiceURL("security-policies", id), &golangsdk.RequestOpts{ + OkCodes: []int{204}, + MoreHeaders: map[string]string{"Content-Type": "application/json"}, + }) + return +} diff --git a/openstack/elb/v3/security_policy/Get.go b/openstack/elb/v3/security_policy/Get.go new file mode 100644 index 000000000..101cb327b --- /dev/null +++ b/openstack/elb/v3/security_policy/Get.go @@ -0,0 +1,17 @@ +package security_policy + +import ( + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" +) + +func Get(client *golangsdk.ServiceClient, id string) (*SecurityPolicy, error) { + raw, err := client.Get(client.ServiceURL("security-policies", id), nil, &golangsdk.RequestOpts{OkCodes: []int{200}}) + if err != nil { + return nil, err + } + + var res SecurityPolicy + err = extract.Into(raw.Body, &res) + return &res, err +} diff --git a/openstack/elb/v3/security_policy/List.go b/openstack/elb/v3/security_policy/List.go new file mode 100644 index 000000000..2491a8bb9 --- /dev/null +++ b/openstack/elb/v3/security_policy/List.go @@ -0,0 +1,35 @@ +package security_policy + +import ( + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" +) + +type ListOpts struct { + Marker string `q:"marker"` + Limit string `q:"limit"` + PageReverse bool `q:"page_reverse"` + ID []string `q:"id"` + Name []string `q:"name"` + Description []string `q:"description"` + Protocols []string `q:"protocols"` + Ciphers []string `q:"ciphers"` +} + +func List(client *golangsdk.ServiceClient, opts ListOpts) ([]PolicyRef, error) { + q, err := golangsdk.BuildQueryString(&opts) + if err != nil { + return nil, err + } + + raw, err := client.Get(client.ServiceURL("security-policies")+q.String(), nil, &golangsdk.RequestOpts{OkCodes: []int{200}}) + if err != nil { + return nil, err + } + + var res []PolicyRef + + err = extract.IntoSlicePtr(raw.Body, &res, "security_policies") + return res, err + +} diff --git a/openstack/elb/v3/security_policy/ListSystemPolicies.go b/openstack/elb/v3/security_policy/ListSystemPolicies.go new file mode 100644 index 000000000..e52911305 --- /dev/null +++ b/openstack/elb/v3/security_policy/ListSystemPolicies.go @@ -0,0 +1,25 @@ +package security_policy + +import ( + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" +) + +func ListSystemPolicies(client *golangsdk.ServiceClient) ([]SystemPolicy, error) { + raw, err := client.Get(client.ServiceURL("system-security-policies"), nil, &golangsdk.RequestOpts{OkCodes: []int{200}}) + if err != nil { + return nil, err + } + + var res []SystemPolicy + + err = extract.IntoSlicePtr(raw.Body, &res, "system_security_policies") + return res, err +} + +type SystemPolicy struct { + ProjectId string `json:"project_id"` + Name string `json:"name"` + Protocols string `json:"protocols"` + Ciphers string `json:"ciphers"` +} diff --git a/openstack/elb/v3/security_policy/Update.go b/openstack/elb/v3/security_policy/Update.go new file mode 100644 index 000000000..8a7c08384 --- /dev/null +++ b/openstack/elb/v3/security_policy/Update.go @@ -0,0 +1,30 @@ +package security_policy + +import ( + golangsdk "github.com/opentelekomcloud/gophertelekomcloud" + "github.com/opentelekomcloud/gophertelekomcloud/internal/build" + "github.com/opentelekomcloud/gophertelekomcloud/internal/extract" +) + +type UpdateOpts struct { + Name string `json:"name,omitempty"` + Description string `json:"description,omitempty"` + Protocols []string `json:"protocols,omitempty"` + Ciphers []string `json:"ciphers,omitempty"` +} + +func Update(client *golangsdk.ServiceClient, opts UpdateOpts, id string) (*SecurityPolicy, error) { + b, err := build.RequestBody(opts, "security_policy") + if err != nil { + return nil, err + } + + raw, err := client.Put(client.ServiceURL("security-policies", id), b, nil, &golangsdk.RequestOpts{OkCodes: []int{200}}) + if err != nil { + return nil, err + } + + var res SecurityPolicy + err = extract.Into(raw.Body, &res) + return &res, err +}