1package ipsecpolicies 2 3import ( 4 "github.com/gophercloud/gophercloud" 5 "github.com/gophercloud/gophercloud/pagination" 6) 7 8type TransformProtocol string 9type AuthAlgorithm string 10type EncapsulationMode string 11type EncryptionAlgorithm string 12type PFS string 13type Unit string 14 15const ( 16 TransformProtocolESP TransformProtocol = "esp" 17 TransformProtocolAH TransformProtocol = "ah" 18 TransformProtocolAHESP TransformProtocol = "ah-esp" 19 AuthAlgorithmSHA1 AuthAlgorithm = "sha1" 20 AuthAlgorithmSHA256 AuthAlgorithm = "sha256" 21 AuthAlgorithmSHA384 AuthAlgorithm = "sha384" 22 AuthAlgorithmSHA512 AuthAlgorithm = "sha512" 23 EncryptionAlgorithm3DES EncryptionAlgorithm = "3des" 24 EncryptionAlgorithmAES128 EncryptionAlgorithm = "aes-128" 25 EncryptionAlgorithmAES256 EncryptionAlgorithm = "aes-256" 26 EncryptionAlgorithmAES192 EncryptionAlgorithm = "aes-192" 27 EncapsulationModeTunnel EncapsulationMode = "tunnel" 28 EncapsulationModeTransport EncapsulationMode = "transport" 29 UnitSeconds Unit = "seconds" 30 UnitKilobytes Unit = "kilobytes" 31 PFSGroup2 PFS = "group2" 32 PFSGroup5 PFS = "group5" 33 PFSGroup14 PFS = "group14" 34) 35 36// CreateOptsBuilder allows extensions to add additional parameters to the 37// Create request. 38type CreateOptsBuilder interface { 39 ToPolicyCreateMap() (map[string]interface{}, error) 40} 41 42// CreateOpts contains all the values needed to create a new IPSec policy 43type CreateOpts struct { 44 // TenantID specifies a tenant to own the IPSec policy. The caller must have 45 // an admin role in order to set this. Otherwise, this field is left unset 46 // and the caller will be the owner. 47 TenantID string `json:"tenant_id,omitempty"` 48 49 // Description is the human readable description of the policy. 50 Description string `json:"description,omitempty"` 51 52 // Name is the human readable name of the policy. 53 // Does not have to be unique. 54 Name string `json:"name,omitempty"` 55 56 // AuthAlgorithm is the authentication hash algorithm. 57 // Valid values are sha1, sha256, sha384, sha512. 58 // The default is sha1. 59 AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"` 60 61 // EncapsulationMode is the encapsulation mode. 62 // A valid value is tunnel or transport. 63 // Default is tunnel. 64 EncapsulationMode EncapsulationMode `json:"encapsulation_mode,omitempty"` 65 66 // EncryptionAlgorithm is the encryption algorithm. 67 // A valid value is 3des, aes-128, aes-192, aes-256, and so on. 68 // Default is aes-128. 69 EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"` 70 71 // PFS is the Perfect forward secrecy mode. 72 // A valid value is Group2, Group5, Group14, and so on. 73 // Default is Group5. 74 PFS PFS `json:"pfs,omitempty"` 75 76 // TransformProtocol is the transform protocol. 77 // A valid value is ESP, AH, or AH- ESP. 78 // Default is ESP. 79 TransformProtocol TransformProtocol `json:"transform_protocol,omitempty"` 80 81 //Lifetime is the lifetime of the security association 82 Lifetime *LifetimeCreateOpts `json:"lifetime,omitempty"` 83} 84 85// The lifetime consists of a unit and integer value 86// You can omit either the unit or value portion of the lifetime 87type LifetimeCreateOpts struct { 88 // Units is the units for the lifetime of the security association 89 // Default unit is seconds 90 Units Unit `json:"units,omitempty"` 91 92 // The lifetime value. 93 // Must be a positive integer. 94 // Default value is 3600. 95 Value int `json:"value,omitempty"` 96} 97 98// ToPolicyCreateMap casts a CreateOpts struct to a map. 99func (opts CreateOpts) ToPolicyCreateMap() (map[string]interface{}, error) { 100 return gophercloud.BuildRequestBody(opts, "ipsecpolicy") 101} 102 103// Create accepts a CreateOpts struct and uses the values to create a new 104// IPSec policy 105func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult) { 106 b, err := opts.ToPolicyCreateMap() 107 if err != nil { 108 r.Err = err 109 return 110 } 111 _, r.Err = c.Post(rootURL(c), b, &r.Body, nil) 112 return 113} 114 115// Delete will permanently delete a particular IPSec policy based on its 116// unique ID. 117func Delete(c *gophercloud.ServiceClient, id string) (r DeleteResult) { 118 _, r.Err = c.Delete(resourceURL(c, id), nil) 119 return 120} 121 122// Get retrieves a particular IPSec policy based on its unique ID. 123func Get(c *gophercloud.ServiceClient, id string) (r GetResult) { 124 _, r.Err = c.Get(resourceURL(c, id), &r.Body, nil) 125 return 126} 127 128// ListOptsBuilder allows extensions to add additional parameters to the 129// List request. 130type ListOptsBuilder interface { 131 ToPolicyListQuery() (string, error) 132} 133 134// ListOpts allows the filtering of paginated collections through 135// the API. Filtering is achieved by passing in struct field values that map to 136// the IPSec policy attributes you want to see returned. 137type ListOpts struct { 138 TenantID string `q:"tenant_id"` 139 Name string `q:"name"` 140 Description string `q:"description"` 141 ProjectID string `q:"project_id"` 142 AuthAlgorithm string `q:"auth_algorithm"` 143 EncapsulationMode string `q:"encapsulation_mode"` 144 EncryptionAlgorithm string `q:"encryption_algorithm"` 145 PFS string `q:"pfs"` 146 TransformProtocol string `q:"transform_protocol"` 147} 148 149// ToPolicyListQuery formats a ListOpts into a query string. 150func (opts ListOpts) ToPolicyListQuery() (string, error) { 151 q, err := gophercloud.BuildQueryString(opts) 152 return q.String(), err 153} 154 155// List returns a Pager which allows you to iterate over a collection of 156// IPSec policies. It accepts a ListOpts struct, which allows you to filter 157// the returned collection for greater efficiency. 158func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager { 159 url := rootURL(c) 160 if opts != nil { 161 query, err := opts.ToPolicyListQuery() 162 if err != nil { 163 return pagination.Pager{Err: err} 164 } 165 url += query 166 } 167 return pagination.NewPager(c, url, func(r pagination.PageResult) pagination.Page { 168 return PolicyPage{pagination.LinkedPageBase{PageResult: r}} 169 }) 170} 171 172// UpdateOptsBuilder allows extensions to add additional parameters to the 173// Update request. 174type UpdateOptsBuilder interface { 175 ToPolicyUpdateMap() (map[string]interface{}, error) 176} 177 178type LifetimeUpdateOpts struct { 179 Units Unit `json:"units,omitempty"` 180 Value int `json:"value,omitempty"` 181} 182 183// UpdateOpts contains the values used when updating an IPSec policy 184type UpdateOpts struct { 185 Description *string `json:"description,omitempty"` 186 Name *string `json:"name,omitempty"` 187 AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"` 188 EncapsulationMode EncapsulationMode `json:"encapsulation_mode,omitempty"` 189 EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"` 190 PFS PFS `json:"pfs,omitempty"` 191 TransformProtocol TransformProtocol `json:"transform_protocol,omitempty"` 192 Lifetime *LifetimeUpdateOpts `json:"lifetime,omitempty"` 193} 194 195// ToPolicyUpdateMap casts an UpdateOpts struct to a map. 196func (opts UpdateOpts) ToPolicyUpdateMap() (map[string]interface{}, error) { 197 return gophercloud.BuildRequestBody(opts, "ipsecpolicy") 198} 199 200// Update allows IPSec policies to be updated. 201func Update(c *gophercloud.ServiceClient, id string, opts UpdateOptsBuilder) (r UpdateResult) { 202 b, err := opts.ToPolicyUpdateMap() 203 if err != nil { 204 r.Err = err 205 return 206 } 207 _, r.Err = c.Put(resourceURL(c, id), b, &r.Body, &gophercloud.RequestOpts{ 208 OkCodes: []int{200}, 209 }) 210 return 211} 212