1package ikepolicies 2 3import ( 4 "github.com/gophercloud/gophercloud" 5 "github.com/gophercloud/gophercloud/pagination" 6) 7 8type AuthAlgorithm string 9type EncryptionAlgorithm string 10type PFS string 11type Unit string 12type IKEVersion string 13type Phase1NegotiationMode string 14 15const ( 16 AuthAlgorithmSHA1 AuthAlgorithm = "sha1" 17 AuthAlgorithmSHA256 AuthAlgorithm = "sha256" 18 AuthAlgorithmSHA384 AuthAlgorithm = "sha384" 19 AuthAlgorithmSHA512 AuthAlgorithm = "sha512" 20 EncryptionAlgorithm3DES EncryptionAlgorithm = "3des" 21 EncryptionAlgorithmAES128 EncryptionAlgorithm = "aes-128" 22 EncryptionAlgorithmAES256 EncryptionAlgorithm = "aes-256" 23 EncryptionAlgorithmAES192 EncryptionAlgorithm = "aes-192" 24 UnitSeconds Unit = "seconds" 25 UnitKilobytes Unit = "kilobytes" 26 PFSGroup2 PFS = "group2" 27 PFSGroup5 PFS = "group5" 28 PFSGroup14 PFS = "group14" 29 IKEVersionv1 IKEVersion = "v1" 30 IKEVersionv2 IKEVersion = "v2" 31 Phase1NegotiationModeMain Phase1NegotiationMode = "main" 32) 33 34// CreateOptsBuilder allows extensions to add additional parameters to the 35// Create request. 36type CreateOptsBuilder interface { 37 ToPolicyCreateMap() (map[string]interface{}, error) 38} 39 40// CreateOpts contains all the values needed to create a new IKE policy 41type CreateOpts struct { 42 // TenantID specifies a tenant to own the IKE policy. The caller must have 43 // an admin role in order to set this. Otherwise, this field is left unset 44 // and the caller will be the owner. 45 TenantID string `json:"tenant_id,omitempty"` 46 47 // Description is the human readable description of the policy. 48 Description string `json:"description,omitempty"` 49 50 // Name is the human readable name of the policy. 51 // Does not have to be unique. 52 Name string `json:"name,omitempty"` 53 54 // AuthAlgorithm is the authentication hash algorithm. 55 // Valid values are sha1, sha256, sha384, sha512. 56 // The default is sha1. 57 AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"` 58 59 // EncryptionAlgorithm is the encryption algorithm. 60 // A valid value is 3des, aes-128, aes-192, aes-256, and so on. 61 // Default is aes-128. 62 EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"` 63 64 // PFS is the Perfect forward secrecy mode. 65 // A valid value is Group2, Group5, Group14, and so on. 66 // Default is Group5. 67 PFS PFS `json:"pfs,omitempty"` 68 69 // The IKE mode. 70 // A valid value is main, which is the default. 71 Phase1NegotiationMode Phase1NegotiationMode `json:"phase1_negotiation_mode,omitempty"` 72 73 // The IKE version. 74 // A valid value is v1 or v2. 75 // Default is v1. 76 IKEVersion IKEVersion `json:"ike_version,omitempty"` 77 78 //Lifetime is the lifetime of the security association 79 Lifetime *LifetimeCreateOpts `json:"lifetime,omitempty"` 80} 81 82// The lifetime consists of a unit and integer value 83// You can omit either the unit or value portion of the lifetime 84type LifetimeCreateOpts struct { 85 // Units is the units for the lifetime of the security association 86 // Default unit is seconds 87 Units Unit `json:"units,omitempty"` 88 89 // The lifetime value. 90 // Must be a positive integer. 91 // Default value is 3600. 92 Value int `json:"value,omitempty"` 93} 94 95// ToPolicyCreateMap casts a CreateOpts struct to a map. 96func (opts CreateOpts) ToPolicyCreateMap() (map[string]interface{}, error) { 97 return gophercloud.BuildRequestBody(opts, "ikepolicy") 98} 99 100// Create accepts a CreateOpts struct and uses the values to create a new 101// IKE policy 102func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult) { 103 b, err := opts.ToPolicyCreateMap() 104 if err != nil { 105 r.Err = err 106 return 107 } 108 resp, err := c.Post(rootURL(c), b, &r.Body, nil) 109 _, r.Header, r.Err = gophercloud.ParseResponse(resp, err) 110 return 111} 112 113// Get retrieves a particular IKE policy based on its unique ID. 114func Get(c *gophercloud.ServiceClient, id string) (r GetResult) { 115 resp, err := c.Get(resourceURL(c, id), &r.Body, nil) 116 _, r.Header, r.Err = gophercloud.ParseResponse(resp, err) 117 return 118} 119 120// Delete will permanently delete a particular IKE policy based on its 121// unique ID. 122func Delete(c *gophercloud.ServiceClient, id string) (r DeleteResult) { 123 resp, err := c.Delete(resourceURL(c, id), nil) 124 _, r.Header, r.Err = gophercloud.ParseResponse(resp, err) 125 return 126} 127 128// ListOptsBuilder allows extensions to add additional parameters to the 129// List request. 130type ListOptsBuilder interface { 131 ToPolicyListQuery() (string, error) 132} 133 134// ListOpts allows the filtering of paginated collections through 135// the API. Filtering is achieved by passing in struct field values that map to 136// the IKE policy attributes you want to see returned. 137type ListOpts struct { 138 TenantID string `q:"tenant_id"` 139 Name string `q:"name"` 140 Description string `q:"description"` 141 ProjectID string `q:"project_id"` 142 AuthAlgorithm string `q:"auth_algorithm"` 143 EncapsulationMode string `q:"encapsulation_mode"` 144 EncryptionAlgorithm string `q:"encryption_algorithm"` 145 PFS string `q:"pfs"` 146 Phase1NegotiationMode string `q:"phase_1_negotiation_mode"` 147 IKEVersion string `q:"ike_version"` 148} 149 150// ToPolicyListQuery formats a ListOpts into a query string. 151func (opts ListOpts) ToPolicyListQuery() (string, error) { 152 q, err := gophercloud.BuildQueryString(opts) 153 return q.String(), err 154} 155 156// List returns a Pager which allows you to iterate over a collection of 157// IKE policies. It accepts a ListOpts struct, which allows you to filter 158// the returned collection for greater efficiency. 159func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager { 160 url := rootURL(c) 161 if opts != nil { 162 query, err := opts.ToPolicyListQuery() 163 if err != nil { 164 return pagination.Pager{Err: err} 165 } 166 url += query 167 } 168 return pagination.NewPager(c, url, func(r pagination.PageResult) pagination.Page { 169 return PolicyPage{pagination.LinkedPageBase{PageResult: r}} 170 }) 171} 172 173// UpdateOptsBuilder allows extensions to add additional parameters to the 174// Update request. 175type UpdateOptsBuilder interface { 176 ToPolicyUpdateMap() (map[string]interface{}, error) 177} 178 179type LifetimeUpdateOpts struct { 180 Units Unit `json:"units,omitempty"` 181 Value int `json:"value,omitempty"` 182} 183 184// UpdateOpts contains the values used when updating an IKE policy 185type UpdateOpts struct { 186 Description *string `json:"description,omitempty"` 187 Name *string `json:"name,omitempty"` 188 AuthAlgorithm AuthAlgorithm `json:"auth_algorithm,omitempty"` 189 EncryptionAlgorithm EncryptionAlgorithm `json:"encryption_algorithm,omitempty"` 190 PFS PFS `json:"pfs,omitempty"` 191 Lifetime *LifetimeUpdateOpts `json:"lifetime,omitempty"` 192 Phase1NegotiationMode Phase1NegotiationMode `json:"phase_1_negotiation_mode,omitempty"` 193 IKEVersion IKEVersion `json:"ike_version,omitempty"` 194} 195 196// ToPolicyUpdateMap casts an UpdateOpts struct to a map. 197func (opts UpdateOpts) ToPolicyUpdateMap() (map[string]interface{}, error) { 198 return gophercloud.BuildRequestBody(opts, "ikepolicy") 199} 200 201// Update allows IKE policies to be updated. 202func Update(c *gophercloud.ServiceClient, id string, opts UpdateOptsBuilder) (r UpdateResult) { 203 b, err := opts.ToPolicyUpdateMap() 204 if err != nil { 205 r.Err = err 206 return 207 } 208 resp, err := c.Put(resourceURL(c, id), b, &r.Body, &gophercloud.RequestOpts{ 209 OkCodes: []int{200}, 210 }) 211 _, r.Header, r.Err = gophercloud.ParseResponse(resp, err) 212 return 213} 214