Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion firewall_rules.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,13 @@ import (
"encoding/json"
)

// NetworkProtocol enum type
// NetworkProtocol is used for firewall rule protocol fields.
//
// This can also represent arbitrary protocols, for example an IP protocol number
// like `NetworkProtocol("50")`.
//
// NOTE: ALL and numeric protocols may not yet
// be available to all users.
type NetworkProtocol string

// NetworkProtocol enum values
Expand All @@ -14,6 +20,8 @@ const (
UDP NetworkProtocol = "UDP"
ICMP NetworkProtocol = "ICMP"
IPENCAP NetworkProtocol = "IPENCAP"

AllNetworkProtocols NetworkProtocol = "ALL"

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ended up settling on linodego.AllNetworkProtocols instead of the more generic linodego.ALL or ambiguous linodego.ProtocolAll. Let me know if you have any thoughts or ideas!

)
Comment thread
lgarber-akamai marked this conversation as resolved.

// NetworkAddresses are arrays of ipv4 and v6 addresses
Expand Down
73 changes: 73 additions & 0 deletions test/integration/firewall_rules_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,13 @@ package integration

import (
"context"
"fmt"
"testing"

"github.com/google/go-cmp/cmp"
"github.com/linode/linodego/v2"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)

var (
Expand Down Expand Up @@ -77,6 +80,76 @@ func TestFirewallRules_Get_smoke(t *testing.T) {
}
}

func TestFirewallRules_ExtendedProtocols(t *testing.T) {
label := fmt.Sprintf("fw-ext-%s", getUniqueText())

rules := linodego.FirewallRulesCreateOptions{
Inbound: []linodego.FirewallRuleInbound{
{
Label: "linodego-fwrule-all",
Action: "ACCEPT",
Protocol: linodego.AllNetworkProtocols,
Addresses: linodego.NetworkAddresses{
IPv4: []string{"0.0.0.0/0"},
},
},
{
Label: "linodego-fwrule-numeric",
Action: "ACCEPT",
Protocol: linodego.NetworkProtocol("50"),
Addresses: linodego.NetworkAddresses{
IPv4: []string{"0.0.0.0/0"},
},
},
{
Label: "linodego-fwrule-tcp-numeric",
Action: "ACCEPT",
Ports: "443",
Protocol: linodego.NetworkProtocol("6"),
Addresses: linodego.NetworkAddresses{
IPv4: []string{"0.0.0.0/0"},
},
},
},
InboundPolicy: "DROP",
OutboundPolicy: "ACCEPT",
}

client, firewall, teardown, err := setupFirewall(t, []firewallModifier{
func(createOpts *linodego.FirewallCreateOptions) {
createOpts.Label = label
createOpts.Rules = rules
},
}, "fixtures/TestFirewallRules_ExtendedProtocols")
t.Cleanup(teardown)
require.NoError(t, err)

require.Len(t, firewall.Rules.Inbound, 3)

assert.Equal(t, linodego.AllNetworkProtocols, firewall.Rules.Inbound[0].Protocol)
assert.Empty(t, firewall.Rules.Inbound[0].Ports)

assert.Equal(t, linodego.NetworkProtocol("50"), firewall.Rules.Inbound[1].Protocol)
assert.Empty(t, firewall.Rules.Inbound[1].Ports)

assert.Equal(t, linodego.NetworkProtocol("6"), firewall.Rules.Inbound[2].Protocol)
assert.Equal(t, "443", firewall.Rules.Inbound[2].Ports)

result, err := client.GetFirewall(context.Background(), firewall.ID)
require.NoErrorf(t, err, "failed to get firewall %d", firewall.ID)

require.Len(t, result.Rules.Inbound, 3)

assert.Equal(t, linodego.AllNetworkProtocols, result.Rules.Inbound[0].Protocol)
assert.Empty(t, result.Rules.Inbound[0].Ports)

assert.Equal(t, linodego.NetworkProtocol("50"), result.Rules.Inbound[1].Protocol)
assert.Empty(t, result.Rules.Inbound[1].Ports)

assert.Equal(t, linodego.NetworkProtocol("6"), result.Rules.Inbound[2].Protocol)
assert.Equal(t, "443", result.Rules.Inbound[2].Ports)
}

func TestFirewallRules_Update(t *testing.T) {
client, firewall, teardown, err := setupFirewall(t, []firewallModifier{}, "fixtures/TestFirewallRules_Update")
if err != nil {
Expand Down
198 changes: 198 additions & 0 deletions test/integration/fixtures/TestFirewallRules_ExtendedProtocols.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
---
version: 1
interactions:
- request:
body: '{"label":"fw-ext-1782999745568178000","rules":{"inbound":[{"action":"ACCEPT","label":"linodego-fwrule-all","protocol":"ALL","addresses":{"ipv4":["0.0.0.0/0"]}},{"action":"ACCEPT","label":"linodego-fwrule-numeric","protocol":"50","addresses":{"ipv4":["0.0.0.0/0"]}},{"action":"ACCEPT","label":"linodego-fwrule-tcp-numeric","ports":"443","protocol":"6","addresses":{"ipv4":["0.0.0.0/0"]}}],"inbound_policy":"DROP","outbound":null,"outbound_policy":"ACCEPT"},"tags":["testing"]}'
form: {}
headers:
Accept:
- application/json
Content-Type:
- application/json
User-Agent:
- linodego/dev https://github.com/linode/linodego
url: https://api.linode.com/v4beta/networking/firewalls
method: POST
response:
body: '{"id": 1645933, "label": "fw-ext-1782999745568178000", "created": "2018-01-02T03:04:05",
"updated": "2018-01-02T03:04:05", "status": "enabled", "rules": {"inbound":
[{"protocol": "ALL", "addresses": {"ipv4": ["0.0.0.0/0"]}, "action": "ACCEPT",
"label": "linodego-fwrule-all"}, {"protocol": "50", "addresses": {"ipv4": ["0.0.0.0/0"]},
"action": "ACCEPT", "label": "linodego-fwrule-numeric"}, {"protocol": "6", "addresses":
{"ipv4": ["0.0.0.0/0"]}, "action": "ACCEPT", "label": "linodego-fwrule-tcp-numeric",
"ports": "443"}], "inbound_policy": "DROP", "outbound": null, "outbound_policy":
"ACCEPT", "version": 1, "fingerprint": "1e4bedfd"}, "tags": ["testing"], "entities":
[]}'
headers:
Access-Control-Allow-Credentials:
- "true"
Access-Control-Allow-Headers:
- Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Filter
Access-Control-Allow-Methods:
- HEAD, GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin:
- '*'
Access-Control-Expose-Headers:
- X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Status
Akamai-Internal-Account:
- '*'
Cache-Control:
- private, max-age=60, s-maxage=60
Connection:
- keep-alive
Content-Length:
- "676"
Content-Security-Policy:
- default-src 'none'
Content-Type:
- application/json
Server:
- nginx
Strict-Transport-Security:
- max-age=31536000
Vary:
- Authorization, X-Filter
X-Accepted-Oauth-Scopes:
- firewall:read_write
X-Content-Type-Options:
- nosniff
X-Frame-Options:
- DENY
- DENY
X-Oauth-Scopes:
- '*'
X-Ratelimit-Limit:
- "400"
X-Xss-Protection:
- 1; mode=block
status: 200 OK
code: 200
duration: ""
- request:
body: ""
form: {}
headers:
Accept:
- application/json
Content-Type:
- application/json
User-Agent:
- linodego/dev https://github.com/linode/linodego
url: https://api.linode.com/v4beta/networking/firewalls/1645933
method: GET
response:
body: '{"id": 1645933, "label": "fw-ext-1782999745568178000", "created": "2018-01-02T03:04:05",
"updated": "2018-01-02T03:04:05", "status": "enabled", "rules": {"inbound":
[{"protocol": "ALL", "addresses": {"ipv4": ["0.0.0.0/0"]}, "action": "ACCEPT",
"label": "linodego-fwrule-all"}, {"protocol": "50", "addresses": {"ipv4": ["0.0.0.0/0"]},
"action": "ACCEPT", "label": "linodego-fwrule-numeric"}, {"protocol": "6", "addresses":
{"ipv4": ["0.0.0.0/0"]}, "action": "ACCEPT", "label": "linodego-fwrule-tcp-numeric",
"ports": "443"}], "inbound_policy": "DROP", "outbound": null, "outbound_policy":
"ACCEPT", "version": 1, "fingerprint": "1e4bedfd"}, "tags": ["testing"], "entities":
[]}'
headers:
Access-Control-Allow-Credentials:
- "true"
Access-Control-Allow-Headers:
- Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Filter
Access-Control-Allow-Methods:
- HEAD, GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin:
- '*'
Access-Control-Expose-Headers:
- X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Status
Akamai-Internal-Account:
- '*'
Cache-Control:
- private, max-age=0, s-maxage=0, no-cache, no-store
- private, max-age=60, s-maxage=60
Connection:
- keep-alive
Content-Length:
- "676"
Content-Security-Policy:
- default-src 'none'
Content-Type:
- application/json
Server:
- nginx
Strict-Transport-Security:
- max-age=31536000
Vary:
- Authorization, X-Filter
- Authorization, X-Filter
X-Accepted-Oauth-Scopes:
- firewall:read_only
X-Content-Type-Options:
- nosniff
X-Frame-Options:
- DENY
- DENY
X-Oauth-Scopes:
- '*'
X-Ratelimit-Limit:
- "400"
X-Xss-Protection:
- 1; mode=block
status: 200 OK
code: 200
duration: ""
- request:
body: ""
form: {}
headers:
Accept:
- application/json
Content-Type:
- application/json
User-Agent:
- linodego/dev https://github.com/linode/linodego
url: https://api.linode.com/v4beta/networking/firewalls/1645933
method: DELETE
response:
body: '{}'
headers:
Access-Control-Allow-Credentials:
- "true"
Access-Control-Allow-Headers:
- Authorization, Origin, X-Requested-With, Content-Type, Accept, X-Filter
Access-Control-Allow-Methods:
- HEAD, GET, OPTIONS, POST, PUT, DELETE
Access-Control-Allow-Origin:
- '*'
Access-Control-Expose-Headers:
- X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Status
Akamai-Internal-Account:
- '*'
Cache-Control:
- private, max-age=60, s-maxage=60
Connection:
- keep-alive
Content-Length:
- "2"
Content-Security-Policy:
- default-src 'none'
Content-Type:
- application/json
Server:
- nginx
Strict-Transport-Security:
- max-age=31536000
Vary:
- Authorization, X-Filter
X-Accepted-Oauth-Scopes:
- firewall:read_write
X-Content-Type-Options:
- nosniff
X-Frame-Options:
- DENY
- DENY
X-Oauth-Scopes:
- '*'
X-Ratelimit-Limit:
- "400"
X-Xss-Protection:
- 1; mode=block
status: 200 OK
code: 200
duration: ""
Loading