1package ipsecpolicies
2
3import (
4	"github.com/gophercloud/gophercloud"
5	"github.com/gophercloud/gophercloud/pagination"
6)
7
8type TransformProtocol string
9type AuthAlgorithm string
10type EncapsulationMode string
11type EncryptionAlgorithm string
12type PFS string
13type Unit string
14
15const (
16	TransformProtocolESP       TransformProtocol   = "esp"
17	TransformProtocolAH        TransformProtocol   = "ah"
18	TransformProtocolAHESP     TransformProtocol   = "ah-esp"
19	AuthAlgorithmSHA1          AuthAlgorithm       = "sha1"
20	AuthAlgorithmSHA256        AuthAlgorithm       = "sha256"
21	AuthAlgorithmSHA384        AuthAlgorithm       = "sha384"
22	AuthAlgorithmSHA512        AuthAlgorithm       = "sha512"
23	EncryptionAlgorithm3DES    EncryptionAlgorithm = "3des"
24	EncryptionAlgorithmAES128  EncryptionAlgorithm = "aes-128"
25	EncryptionAlgorithmAES256  EncryptionAlgorithm = "aes-256"
26	EncryptionAlgorithmAES192  EncryptionAlgorithm = "aes-192"
27	EncapsulationModeTunnel    EncapsulationMode   = "tunnel"
28	EncapsulationModeTransport EncapsulationMode   = "transport"
29	UnitSeconds                Unit                = "seconds"
30	UnitKilobytes              Unit                = "kilobytes"
31	PFSGroup2                  PFS                 = "group2"
32	PFSGroup5                  PFS                 = "group5"
33	PFSGroup14                 PFS                 = "group14"
34)
35
36// CreateOptsBuilder allows extensions to add additional parameters to the
37// Create request.
38type CreateOptsBuilder interface {
39	ToPolicyCreateMap() (map[string]interface{}, error)
40}
41
42// CreateOpts contains all the values needed to create a new IPSec policy
43type CreateOpts struct {
44	// TenantID specifies a tenant to own the IPSec policy. The caller must have
45	// an admin role in order to set this. Otherwise, this field is left unset
46	// and the caller will be the owner.
47	TenantID string `json:"tenant_id,omitempty"`
48
49	// Description is the human readable description of the policy.
50	Description string `json:"description,omitempty"`
51
52	// Name is the human readable name of the policy.
53	// Does not have to be unique.
54	Name string `json:"name,omitempty"`
55
56	// AuthAlgorithm is the authentication hash algorithm.
57	// Valid values are sha1, sha256, sha384, sha512.
58	// The default is sha1.
59	AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"`
60
61	// EncapsulationMode is the encapsulation mode.
62	// A valid value is tunnel or transport.
63	// Default is tunnel.
64	EncapsulationMode EncapsulationMode `json:"encapsulation_mode,omitempty"`
65
66	// EncryptionAlgorithm is the encryption algorithm.
67	// A valid value is 3des, aes-128, aes-192, aes-256, and so on.
68	// Default is aes-128.
69	EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"`
70
71	// PFS is the Perfect forward secrecy mode.
72	// A valid value is Group2, Group5, Group14, and so on.
73	// Default is Group5.
74	PFS PFS `json:"pfs,omitempty"`
75
76	// TransformProtocol is the transform protocol.
77	// A valid value is ESP, AH, or AH- ESP.
78	// Default is ESP.
79	TransformProtocol TransformProtocol `json:"transform_protocol,omitempty"`
80
81	//Lifetime is the lifetime of the security association
82	Lifetime *LifetimeCreateOpts `json:"lifetime,omitempty"`
83}
84
85// The lifetime consists of a unit and integer value
86// You can omit either the unit or value portion of the lifetime
87type LifetimeCreateOpts struct {
88	// Units is the units for the lifetime of the security association
89	// Default unit is seconds
90	Units Unit `json:"units,omitempty"`
91
92	// The lifetime value.
93	// Must be a positive integer.
94	// Default value is 3600.
95	Value int `json:"value,omitempty"`
96}
97
98// ToPolicyCreateMap casts a CreateOpts struct to a map.
99func (opts CreateOpts) ToPolicyCreateMap() (map[string]interface{}, error) {
100	return gophercloud.BuildRequestBody(opts, "ipsecpolicy")
101}
102
103// Create accepts a CreateOpts struct and uses the values to create a new
104// IPSec policy
105func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult) {
106	b, err := opts.ToPolicyCreateMap()
107	if err != nil {
108		r.Err = err
109		return
110	}
111	_, r.Err = c.Post(rootURL(c), b, &r.Body, nil)
112	return
113}
114
115// Delete will permanently delete a particular IPSec policy based on its
116// unique ID.
117func Delete(c *gophercloud.ServiceClient, id string) (r DeleteResult) {
118	_, r.Err = c.Delete(resourceURL(c, id), nil)
119	return
120}
121
122// Get retrieves a particular IPSec policy based on its unique ID.
123func Get(c *gophercloud.ServiceClient, id string) (r GetResult) {
124	_, r.Err = c.Get(resourceURL(c, id), &r.Body, nil)
125	return
126}
127
128// ListOptsBuilder allows extensions to add additional parameters to the
129// List request.
130type ListOptsBuilder interface {
131	ToPolicyListQuery() (string, error)
132}
133
134// ListOpts allows the filtering of paginated collections through
135// the API. Filtering is achieved by passing in struct field values that map to
136// the IPSec policy attributes you want to see returned.
137type ListOpts struct {
138	TenantID            string `q:"tenant_id"`
139	Name                string `q:"name"`
140	Description         string `q:"description"`
141	ProjectID           string `q:"project_id"`
142	AuthAlgorithm       string `q:"auth_algorithm"`
143	EncapsulationMode   string `q:"encapsulation_mode"`
144	EncryptionAlgorithm string `q:"encryption_algorithm"`
145	PFS                 string `q:"pfs"`
146	TransformProtocol   string `q:"transform_protocol"`
147}
148
149// ToPolicyListQuery formats a ListOpts into a query string.
150func (opts ListOpts) ToPolicyListQuery() (string, error) {
151	q, err := gophercloud.BuildQueryString(opts)
152	return q.String(), err
153}
154
155// List returns a Pager which allows you to iterate over a collection of
156// IPSec policies. It accepts a ListOpts struct, which allows you to filter
157// the returned collection for greater efficiency.
158func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager {
159	url := rootURL(c)
160	if opts != nil {
161		query, err := opts.ToPolicyListQuery()
162		if err != nil {
163			return pagination.Pager{Err: err}
164		}
165		url += query
166	}
167	return pagination.NewPager(c, url, func(r pagination.PageResult) pagination.Page {
168		return PolicyPage{pagination.LinkedPageBase{PageResult: r}}
169	})
170}
171
172// UpdateOptsBuilder allows extensions to add additional parameters to the
173// Update request.
174type UpdateOptsBuilder interface {
175	ToPolicyUpdateMap() (map[string]interface{}, error)
176}
177
178type LifetimeUpdateOpts struct {
179	Units Unit `json:"units,omitempty"`
180	Value int  `json:"value,omitempty"`
181}
182
183// UpdateOpts contains the values used when updating an IPSec policy
184type UpdateOpts struct {
185	Description         *string             `json:"description,omitempty"`
186	Name                *string             `json:"name,omitempty"`
187	AuthAlgorithm       AuthAlgorithm       `json:"auth_algorithm,omitempty"`
188	EncapsulationMode   EncapsulationMode   `json:"encapsulation_mode,omitempty"`
189	EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"`
190	PFS                 PFS                 `json:"pfs,omitempty"`
191	TransformProtocol   TransformProtocol   `json:"transform_protocol,omitempty"`
192	Lifetime            *LifetimeUpdateOpts `json:"lifetime,omitempty"`
193}
194
195// ToPolicyUpdateMap casts an UpdateOpts struct to a map.
196func (opts UpdateOpts) ToPolicyUpdateMap() (map[string]interface{}, error) {
197	return gophercloud.BuildRequestBody(opts, "ipsecpolicy")
198}
199
200// Update allows IPSec policies to be updated.
201func Update(c *gophercloud.ServiceClient, id string, opts UpdateOptsBuilder) (r UpdateResult) {
202	b, err := opts.ToPolicyUpdateMap()
203	if err != nil {
204		r.Err = err
205		return
206	}
207	_, r.Err = c.Put(resourceURL(c, id), b, &r.Body, &gophercloud.RequestOpts{
208		OkCodes: []int{200},
209	})
210	return
211}
212