1package siteconnections
2
3import (
4	"github.com/gophercloud/gophercloud"
5	"github.com/gophercloud/gophercloud/pagination"
6)
7
8// CreateOptsBuilder allows extensions to add additional parameters to the
9// Create request.
10type CreateOptsBuilder interface {
11	ToConnectionCreateMap() (map[string]interface{}, error)
12}
13type Action string
14type Initiator string
15
16const (
17	ActionHold             Action    = "hold"
18	ActionClear            Action    = "clear"
19	ActionRestart          Action    = "restart"
20	ActionDisabled         Action    = "disabled"
21	ActionRestartByPeer    Action    = "restart-by-peer"
22	InitiatorBiDirectional Initiator = "bi-directional"
23	InitiatorResponseOnly  Initiator = "response-only"
24)
25
26// DPDCreateOpts contains all the values needed to create a valid configuration for Dead Peer detection protocols
27type DPDCreateOpts struct {
28	// The dead peer detection (DPD) action.
29	// A valid value is clear, hold, restart, disabled, or restart-by-peer.
30	// Default value is hold.
31	Action Action `json:"action,omitempty"`
32
33	// The dead peer detection (DPD) timeout in seconds.
34	// A valid value is a positive integer that is greater than the DPD interval value.
35	// Default is 120.
36	Timeout int `json:"timeout,omitempty"`
37
38	// The dead peer detection (DPD) interval, in seconds.
39	// A valid value is a positive integer.
40	// Default is 30.
41	Interval int `json:"interval,omitempty"`
42}
43
44// CreateOpts contains all the values needed to create a new IPSec site connection
45type CreateOpts struct {
46	// The ID of the IKE policy
47	IKEPolicyID string `json:"ikepolicy_id"`
48
49	// The ID of the VPN Service
50	VPNServiceID string `json:"vpnservice_id"`
51
52	// The ID for the endpoint group that contains private subnets for the local side of the connection.
53	// You must specify this parameter with the peer_ep_group_id parameter unless
54	// in backward- compatible mode where peer_cidrs is provided with a subnet_id for the VPN service.
55	LocalEPGroupID string `json:"local_ep_group_id,omitempty"`
56
57	// The ID of the IPsec policy.
58	IPSecPolicyID string `json:"ipsecpolicy_id"`
59
60	// The peer router identity for authentication.
61	// A valid value is an IPv4 address, IPv6 address, e-mail address, key ID, or FQDN.
62	// Typically, this value matches the peer_address value.
63	PeerID string `json:"peer_id"`
64
65	// The ID of the project
66	TenantID string `json:"tenant_id,omitempty"`
67
68	// The ID for the endpoint group that contains private CIDRs in the form < net_address > / < prefix >
69	// for the peer side of the connection.
70	// You must specify this parameter with the local_ep_group_id parameter unless in backward-compatible mode
71	// where peer_cidrs is provided with a subnet_id for the VPN service.
72	PeerEPGroupID string `json:"peer_ep_group_id,omitempty"`
73
74	// An ID to be used instead of the external IP address for a virtual router used in traffic between instances on different networks in east-west traffic.
75	// Most often, local ID would be domain name, email address, etc.
76	// If this is not configured then the external IP address will be used as the ID.
77	LocalID string `json:"local_id,omitempty"`
78
79	// The human readable name of the connection.
80	// Does not have to be unique.
81	// Default is an empty string
82	Name string `json:"name,omitempty"`
83
84	// The human readable description of the connection.
85	// Does not have to be unique.
86	// Default is an empty string
87	Description string `json:"description,omitempty"`
88
89	// The peer gateway public IPv4 or IPv6 address or FQDN.
90	PeerAddress string `json:"peer_address"`
91
92	// The pre-shared key.
93	// A valid value is any string.
94	PSK string `json:"psk"`
95
96	// Indicates whether this VPN can only respond to connections or both respond to and initiate connections.
97	// A valid value is response-only or bi-directional. Default is bi-directional.
98	Initiator Initiator `json:"initiator,omitempty"`
99
100	// Unique list of valid peer private CIDRs in the form < net_address > / < prefix > .
101	PeerCIDRs []string `json:"peer_cidrs,omitempty"`
102
103	// The administrative state of the resource, which is up (true) or down (false).
104	// Default is false
105	AdminStateUp *bool `json:"admin_state_up,omitempty"`
106
107	// A dictionary with dead peer detection (DPD) protocol controls.
108	DPD *DPDCreateOpts `json:"dpd,omitempty"`
109
110	// The maximum transmission unit (MTU) value to address fragmentation.
111	// Minimum value is 68 for IPv4, and 1280 for IPv6.
112	MTU int `json:"mtu,omitempty"`
113}
114
115// ToConnectionCreateMap casts a CreateOpts struct to a map.
116func (opts CreateOpts) ToConnectionCreateMap() (map[string]interface{}, error) {
117	return gophercloud.BuildRequestBody(opts, "ipsec_site_connection")
118}
119
120// Create accepts a CreateOpts struct and uses the values to create a new
121// IPSec site connection.
122func Create(c *gophercloud.ServiceClient, opts CreateOptsBuilder) (r CreateResult) {
123	b, err := opts.ToConnectionCreateMap()
124	if err != nil {
125		r.Err = err
126		return
127	}
128	resp, err := c.Post(rootURL(c), b, &r.Body, nil)
129	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
130	return
131}
132
133// Delete will permanently delete a particular IPSec site connection based on its
134// unique ID.
135func Delete(c *gophercloud.ServiceClient, id string) (r DeleteResult) {
136	resp, err := c.Delete(resourceURL(c, id), nil)
137	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
138	return
139}
140
141// Get retrieves a particular IPSec site connection based on its unique ID.
142func Get(c *gophercloud.ServiceClient, id string) (r GetResult) {
143	resp, err := c.Get(resourceURL(c, id), &r.Body, nil)
144	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
145	return
146}
147
148// ListOptsBuilder allows extensions to add additional parameters to the
149// List request.
150type ListOptsBuilder interface {
151	ToConnectionListQuery() (string, error)
152}
153
154// ListOpts allows the filtering and sorting of paginated collections through
155// the API. Filtering is achieved by passing in struct field values that map to
156// the IPSec site connection attributes you want to see returned.
157type ListOpts struct {
158	IKEPolicyID    string    `q:"ikepolicy_id"`
159	VPNServiceID   string    `q:"vpnservice_id"`
160	LocalEPGroupID string    `q:"local_ep_group_id"`
161	IPSecPolicyID  string    `q:"ipsecpolicy_id"`
162	PeerID         string    `q:"peer_id"`
163	TenantID       string    `q:"tenant_id"`
164	ProjectID      string    `q:"project_id"`
165	PeerEPGroupID  string    `q:"peer_ep_group_id"`
166	LocalID        string    `q:"local_id"`
167	Name           string    `q:"name"`
168	Description    string    `q:"description"`
169	PeerAddress    string    `q:"peer_address"`
170	PSK            string    `q:"psk"`
171	Initiator      Initiator `q:"initiator"`
172	AdminStateUp   *bool     `q:"admin_state_up"`
173	MTU            int       `q:"mtu"`
174}
175
176// ToConnectionListQuery formats a ListOpts into a query string.
177func (opts ListOpts) ToConnectionListQuery() (string, error) {
178	q, err := gophercloud.BuildQueryString(opts)
179	return q.String(), err
180}
181
182// List returns a Pager which allows you to iterate over a collection of
183// IPSec site connections. It accepts a ListOpts struct, which allows you to filter
184// and sort the returned collection for greater efficiency.
185func List(c *gophercloud.ServiceClient, opts ListOptsBuilder) pagination.Pager {
186	url := rootURL(c)
187	if opts != nil {
188		query, err := opts.ToConnectionListQuery()
189		if err != nil {
190			return pagination.Pager{Err: err}
191		}
192		url += query
193	}
194	return pagination.NewPager(c, url, func(r pagination.PageResult) pagination.Page {
195		return ConnectionPage{pagination.LinkedPageBase{PageResult: r}}
196	})
197}
198
199// UpdateOptsBuilder allows extensions to add additional parameters to the
200// Update request.
201type UpdateOptsBuilder interface {
202	ToConnectionUpdateMap() (map[string]interface{}, error)
203}
204
205// UpdateOpts contains the values used when updating the DPD of an IPSec site connection
206type DPDUpdateOpts struct {
207	Action   Action `json:"action,omitempty"`
208	Timeout  int    `json:"timeout,omitempty"`
209	Interval int    `json:"interval,omitempty"`
210}
211
212// UpdateOpts contains the values used when updating an IPSec site connection
213type UpdateOpts struct {
214	Description    *string        `json:"description,omitempty"`
215	Name           *string        `json:"name,omitempty"`
216	LocalID        string         `json:"local_id,omitempty"`
217	PeerAddress    string         `json:"peer_address,omitempty"`
218	PeerID         string         `json:"peer_id,omitempty"`
219	PeerCIDRs      []string       `json:"peer_cidrs,omitempty"`
220	LocalEPGroupID string         `json:"local_ep_group_id,omitempty"`
221	PeerEPGroupID  string         `json:"peer_ep_group_id,omitempty"`
222	MTU            int            `json:"mtu,omitempty"`
223	Initiator      Initiator      `json:"initiator,omitempty"`
224	PSK            string         `json:"psk,omitempty"`
225	DPD            *DPDUpdateOpts `json:"dpd,omitempty"`
226	AdminStateUp   *bool          `json:"admin_state_up,omitempty"`
227}
228
229// ToConnectionUpdateMap casts an UpdateOpts struct to a map.
230func (opts UpdateOpts) ToConnectionUpdateMap() (map[string]interface{}, error) {
231	return gophercloud.BuildRequestBody(opts, "ipsec_site_connection")
232}
233
234// Update allows IPSec site connections to be updated.
235func Update(c *gophercloud.ServiceClient, id string, opts UpdateOptsBuilder) (r UpdateResult) {
236	b, err := opts.ToConnectionUpdateMap()
237	if err != nil {
238		r.Err = err
239		return
240	}
241	resp, err := c.Put(resourceURL(c, id), b, &r.Body, &gophercloud.RequestOpts{
242		OkCodes: []int{200},
243	})
244	_, r.Header, r.Err = gophercloud.ParseResponse(resp, err)
245	return
246}
247