Merge branch 'main' into proj/iam

Author: jriddle-linode

account_events.go

@@ -122,6 +122,10 @@ const (
 	ActionFirewallUpdate                          EventAction = "firewall_update"
 	ActionFirewallDeviceAdd                       EventAction = "firewall_device_add"
 	ActionFirewallDeviceRemove                    EventAction = "firewall_device_remove"
+	ActionFirewallRuleSetCreate                   EventAction = "firewall_ruleset_create"
+	ActionFirewallRuleSetUpdate                   EventAction = "firewall_ruleset_update"
+	ActionFirewallRuleSetDelete                   EventAction = "firewall_ruleset_delete"
+	ActionFirewallRuleSetFirewallUpdate           EventAction = "firewall_ruleset_firewall_update"
 	ActionHostReboot                              EventAction = "host_reboot"
 	ActionImageDelete                             EventAction = "image_delete"
 	ActionImageUpdate                             EventAction = "image_update"

firewall_rules.go

@@ -2,6 +2,7 @@ package linodego
 
 import (
 	"context"
+	"encoding/json"
 )
 
 // NetworkProtocol enum type
@@ -22,13 +23,51 @@ type NetworkAddresses struct {
 }
 
 // A FirewallRule is a whitelist of ports, protocols, and addresses for which traffic should be allowed.
+// The ipv4/ipv6 address lists may contain Prefix List tokens (for example, "pl::..." or "pl:system:...")
+// in addition to literal IP addresses.
 type FirewallRule struct {
 	Action      string           `json:"action"`
 	Label       string           `json:"label"`
 	Description string           `json:"description,omitempty"`
 	Ports       string           `json:"ports,omitempty"`
 	Protocol    NetworkProtocol  `json:"protocol"`
 	Addresses   NetworkAddresses `json:"addresses"`
+
+	// FirewallRule references one `Rule Set` by ID. When provided, this entry
+	// represents a reference and should be mutually exclusive with ordinary
+	// rule fields according to the API contract.
+	RuleSet int `json:"ruleset,omitempty"`
+}
+
+// MarshalJSON ensures that when a rule references a Rule Set (RuleSet != 0),
+// only the reference shape { "ruleset": <id> } is emitted. Otherwise, the
+// ordinary rule fields are emitted without the ruleset key.
+func (r FirewallRule) MarshalJSON() ([]byte, error) {
+	if r.RuleSet != 0 {
+		type rulesetOnly struct {
+			RuleSet int `json:"ruleset"`
+		}
+
+		return json.Marshal(rulesetOnly{RuleSet: r.RuleSet})
+	}
+
+	type normal struct {
+		Action      string           `json:"action"`
+		Label       string           `json:"label"`
+		Description string           `json:"description,omitempty"`
+		Ports       string           `json:"ports,omitempty"`
+		Protocol    NetworkProtocol  `json:"protocol"`
+		Addresses   NetworkAddresses `json:"addresses"`
+	}
+
+	return json.Marshal(normal{
+		Action:      r.Action,
+		Label:       r.Label,
+		Description: r.Description,
+		Ports:       r.Ports,
+		Protocol:    r.Protocol,
+		Addresses:   r.Addresses,
+	})
 }
 
 // FirewallRuleSet is a pair of inbound and outbound rules that specify what network traffic should be allowed.
@@ -45,6 +84,12 @@ func (c *Client) GetFirewallRules(ctx context.Context, firewallID int) (*Firewal
 	return doGETRequest[FirewallRuleSet](ctx, c, e)
 }
 
+// GetFirewallRulesExpansion gets the expanded FirewallRuleSet for the given Firewall.
+func (c *Client) GetFirewallRulesExpansion(ctx context.Context, firewallID int) (*FirewallRuleSet, error) {
+	e := formatAPIPath("networking/firewalls/%d/rules/expansion", firewallID)
+	return doGETRequest[FirewallRuleSet](ctx, c, e)
+}
+
 // UpdateFirewallRules updates the FirewallRuleSet for the given Firewall
 func (c *Client) UpdateFirewallRules(ctx context.Context, firewallID int, rules FirewallRuleSet) (*FirewallRuleSet, error) {
 	e := formatAPIPath("networking/firewalls/%d/rules", firewallID)

firewall_rulesets.go

@@ -0,0 +1,113 @@
+package linodego
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/linode/linodego/internal/parseabletime"
+)
+
+// FirewallRuleSetType represents the type of rules a Rule Set contains.
+// Valid values are "inbound" and "outbound".
+type FirewallRuleSetType string
+
+const (
+	FirewallRuleSetTypeInbound  FirewallRuleSetType = "inbound"
+	FirewallRuleSetTypeOutbound FirewallRuleSetType = "outbound"
+)
+
+// RuleSet represents the Rule Set resource.
+// Note: created/updated/deleted are parsed via UnmarshalJSON into time.Time pointers.
+type RuleSet struct {
+	ID               int                 `json:"id"`
+	Label            string              `json:"label"`
+	Description      string              `json:"description,omitempty"`
+	Type             FirewallRuleSetType `json:"type"`
+	Rules            []FirewallRule      `json:"rules"`
+	IsServiceDefined bool                `json:"is_service_defined"`
+	Version          int                 `json:"version"`
+
+	Created *time.Time `json:"-"`
+	Updated *time.Time `json:"-"`
+	Deleted *time.Time `json:"-"`
+}
+
+// UnmarshalJSON implements custom timestamp parsing for RuleSet.
+func (r *RuleSet) UnmarshalJSON(b []byte) error {
+	type Mask RuleSet
+
+	aux := struct {
+		*Mask
+
+		Created *parseabletime.ParseableTime `json:"created"`
+		Updated *parseabletime.ParseableTime `json:"updated"`
+		Deleted *parseabletime.ParseableTime `json:"deleted"`
+	}{
+		Mask: (*Mask)(r),
+	}
+
+	if err := json.Unmarshal(b, &aux); err != nil {
+		return err
+	}
+
+	if aux.Created != nil {
+		r.Created = (*time.Time)(aux.Created)
+	}
+
+	if aux.Updated != nil {
+		r.Updated = (*time.Time)(aux.Updated)
+	}
+
+	if aux.Deleted != nil {
+		r.Deleted = (*time.Time)(aux.Deleted)
+	}
+
+	return nil
+}
+
+// RuleSetCreateOptions fields accepted by CreateRuleSet.
+type RuleSetCreateOptions struct {
+	Label       string              `json:"label"`
+	Description string              `json:"description,omitempty"`
+	Type        FirewallRuleSetType `json:"type"`
+	Rules       []FirewallRule      `json:"rules"`
+}
+
+// RuleSetUpdateOptions fields accepted by UpdateRuleSet.
+// Omit a top-level field to leave it unchanged. If Rules is provided, it
+// replaces the entire ordered rules array.
+type RuleSetUpdateOptions struct {
+	Label       *string         `json:"label,omitempty"`
+	Description *string         `json:"description,omitempty"`
+	Rules       *[]FirewallRule `json:"rules,omitempty"`
+}
+
+// ListFirewallRuleSets returns a paginated list of Rule Sets.
+// Supports filtering (e.g., by label) via ListOptions.Filter.
+func (c *Client) ListFirewallRuleSets(ctx context.Context, opts *ListOptions) ([]RuleSet, error) {
+	return getPaginatedResults[RuleSet](ctx, c, "networking/firewalls/rulesets", opts)
+}
+
+// CreateFirewallRuleSet creates a new Rule Set.
+func (c *Client) CreateFirewallRuleSet(ctx context.Context, opts RuleSetCreateOptions) (*RuleSet, error) {
+	return doPOSTRequest[RuleSet](ctx, c, "networking/firewalls/rulesets", opts)
+}
+
+// GetFirewallRuleSet fetches a Rule Set by ID.
+func (c *Client) GetFirewallRuleSet(ctx context.Context, rulesetID int) (*RuleSet, error) {
+	e := formatAPIPath("networking/firewalls/rulesets/%d", rulesetID)
+	return doGETRequest[RuleSet](ctx, c, e)
+}
+
+// UpdateFirewallRuleSet updates a Rule Set by ID.
+func (c *Client) UpdateFirewallRuleSet(ctx context.Context, rulesetID int, opts RuleSetUpdateOptions) (*RuleSet, error) {
+	e := formatAPIPath("networking/firewalls/rulesets/%d", rulesetID)
+	return doPUTRequest[RuleSet](ctx, c, e, opts)
+}
+
+// DeleteFirewallRuleSet deletes a Rule Set by ID.
+func (c *Client) DeleteFirewallRuleSet(ctx context.Context, rulesetID int) error {
+	e := formatAPIPath("networking/firewalls/rulesets/%d", rulesetID)
+	return doDELETERequest(ctx, c, e)
+}

go.mod

@@ -1,7 +1,7 @@
 module github.com/linode/linodego
 
 require (
-	github.com/go-resty/resty/v2 v2.17.0
+	github.com/go-resty/resty/v2 v2.17.1
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-querystring v1.1.0
 	github.com/jarcoal/httpmock v1.4.1

go.sum

@@ -1,7 +1,7 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/go-resty/resty/v2 v2.17.0 h1:pW9DeXcaL4Rrym4EZ8v7L19zZiIlWPg5YXAcVmt+gN0=
-github.com/go-resty/resty/v2 v2.17.0/go.mod h1:kCKZ3wWmwJaNc7S29BRtUhJwy7iqmn+2mLtQrOyQlVA=
+github.com/go-resty/resty/v2 v2.17.1 h1:x3aMpHK1YM9e4va/TMDRlusDDoZiQ+ViDu/WpA6xTM4=
+github.com/go-resty/resty/v2 v2.17.1/go.mod h1:kCKZ3wWmwJaNc7S29BRtUhJwy7iqmn+2mLtQrOyQlVA=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=

instance_configs.go

@@ -34,6 +34,7 @@ type InstanceConfigDevice struct {
 
 // InstanceConfigDeviceMap contains SDA-SDH InstanceConfigDevice settings
 type InstanceConfigDeviceMap struct {
+	// sda-sdz
 	SDA *InstanceConfigDevice `json:"sda,omitempty"`
 	SDB *InstanceConfigDevice `json:"sdb,omitempty"`
 	SDC *InstanceConfigDevice `json:"sdc,omitempty"`
@@ -42,6 +43,66 @@ type InstanceConfigDeviceMap struct {
 	SDF *InstanceConfigDevice `json:"sdf,omitempty"`
 	SDG *InstanceConfigDevice `json:"sdg,omitempty"`
 	SDH *InstanceConfigDevice `json:"sdh,omitempty"`
+	SDI *InstanceConfigDevice `json:"sdi,omitempty"`
+	SDJ *InstanceConfigDevice `json:"sdj,omitempty"`
+	SDK *InstanceConfigDevice `json:"sdk,omitempty"`
+	SDL *InstanceConfigDevice `json:"sdl,omitempty"`
+	SDM *InstanceConfigDevice `json:"sdm,omitempty"`
+	SDN *InstanceConfigDevice `json:"sdn,omitempty"`
+	SDO *InstanceConfigDevice `json:"sdo,omitempty"`
+	SDP *InstanceConfigDevice `json:"sdp,omitempty"`
+	SDQ *InstanceConfigDevice `json:"sdq,omitempty"`
+	SDR *InstanceConfigDevice `json:"sdr,omitempty"`
+	SDS *InstanceConfigDevice `json:"sds,omitempty"`
+	SDT *InstanceConfigDevice `json:"sdt,omitempty"`
+	SDU *InstanceConfigDevice `json:"sdu,omitempty"`
+	SDV *InstanceConfigDevice `json:"sdv,omitempty"`
+	SDW *InstanceConfigDevice `json:"sdw,omitempty"`
+	SDX *InstanceConfigDevice `json:"sdx,omitempty"`
+	SDY *InstanceConfigDevice `json:"sdy,omitempty"`
+	SDZ *InstanceConfigDevice `json:"sdz,omitempty"`
+
+	// sdaa-sdaz
+	SDAA *InstanceConfigDevice `json:"sdaa,omitempty"`
+	SDAB *InstanceConfigDevice `json:"sdab,omitempty"`
+	SDAC *InstanceConfigDevice `json:"sdac,omitempty"`
+	SDAD *InstanceConfigDevice `json:"sdad,omitempty"`
+	SDAE *InstanceConfigDevice `json:"sdae,omitempty"`
+	SDAF *InstanceConfigDevice `json:"sdaf,omitempty"`
+	SDAG *InstanceConfigDevice `json:"sdag,omitempty"`
+	SDAH *InstanceConfigDevice `json:"sdah,omitempty"`
+	SDAI *InstanceConfigDevice `json:"sdai,omitempty"`
+	SDAJ *InstanceConfigDevice `json:"sdaj,omitempty"`
+	SDAK *InstanceConfigDevice `json:"sdak,omitempty"`
+	SDAL *InstanceConfigDevice `json:"sdal,omitempty"`
+	SDAM *InstanceConfigDevice `json:"sdam,omitempty"`
+	SDAN *InstanceConfigDevice `json:"sdan,omitempty"`
+	SDAO *InstanceConfigDevice `json:"sdao,omitempty"`
+	SDAP *InstanceConfigDevice `json:"sdap,omitempty"`
+	SDAQ *InstanceConfigDevice `json:"sdaq,omitempty"`
+	SDAR *InstanceConfigDevice `json:"sdar,omitempty"`
+	SDAS *InstanceConfigDevice `json:"sdas,omitempty"`
+	SDAT *InstanceConfigDevice `json:"sdat,omitempty"`
+	SDAU *InstanceConfigDevice `json:"sdau,omitempty"`
+	SDAV *InstanceConfigDevice `json:"sdav,omitempty"`
+	SDAW *InstanceConfigDevice `json:"sdaw,omitempty"`
+	SDAX *InstanceConfigDevice `json:"sdax,omitempty"`
+	SDAY *InstanceConfigDevice `json:"sday,omitempty"`
+	SDAZ *InstanceConfigDevice `json:"sdaz,omitempty"`
+
+	// sdba-sdbl
+	SDBA *InstanceConfigDevice `json:"sdba,omitempty"`
+	SDBB *InstanceConfigDevice `json:"sdbb,omitempty"`
+	SDBC *InstanceConfigDevice `json:"sdbc,omitempty"`
+	SDBD *InstanceConfigDevice `json:"sdbd,omitempty"`
+	SDBE *InstanceConfigDevice `json:"sdbe,omitempty"`
+	SDBF *InstanceConfigDevice `json:"sdbf,omitempty"`
+	SDBG *InstanceConfigDevice `json:"sdbg,omitempty"`
+	SDBH *InstanceConfigDevice `json:"sdbh,omitempty"`
+	SDBI *InstanceConfigDevice `json:"sdbi,omitempty"`
+	SDBJ *InstanceConfigDevice `json:"sdbj,omitempty"`
+	SDBK *InstanceConfigDevice `json:"sdbk,omitempty"`
+	SDBL *InstanceConfigDevice `json:"sdbl,omitempty"`
 }
 
 // InstanceConfigHelpers are Instance Config options that control Linux distribution specific tweaks

k8s/go.mod

@@ -14,7 +14,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-resty/resty/v2 v2.17.0 // indirect
+	github.com/go-resty/resty/v2 v2.17.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect

k8s/go.sum

@@ -12,8 +12,8 @@ github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2Kv
 github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
 github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
 github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-resty/resty/v2 v2.17.0 h1:pW9DeXcaL4Rrym4EZ8v7L19zZiIlWPg5YXAcVmt+gN0=
-github.com/go-resty/resty/v2 v2.17.0/go.mod h1:kCKZ3wWmwJaNc7S29BRtUhJwy7iqmn+2mLtQrOyQlVA=
+github.com/go-resty/resty/v2 v2.17.1 h1:x3aMpHK1YM9e4va/TMDRlusDDoZiQ+ViDu/WpA6xTM4=
+github.com/go-resty/resty/v2 v2.17.1/go.mod h1:kCKZ3wWmwJaNc7S29BRtUhJwy7iqmn+2mLtQrOyQlVA=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=

prefixlists.go

@@ -0,0 +1,61 @@
+package linodego
+
+import (
+	"context"
+	"encoding/json"
+	"time"
+
+	"github.com/linode/linodego/internal/parseabletime"
+)
+
+// PrefixList represents a network prefix list returned by the API.
+type PrefixList struct {
+	ID                 int       `json:"id"`
+	Name               string    `json:"name"`
+	Description        string    `json:"description"`
+	Visibility         string    `json:"visibility"`
+	SourcePrefixListID *int      `json:"source_prefixlist_id"`
+	IPv4               *[]string `json:"ipv4"`
+	IPv6               *[]string `json:"ipv6"`
+	Version            int       `json:"version"`
+
+	Created *time.Time `json:"-"`
+	Updated *time.Time `json:"-"`
+	Deleted *time.Time `json:"-"`
+}
+
+// UnmarshalJSON implements custom timestamp parsing for PrefixList values.
+func (p *PrefixList) UnmarshalJSON(data []byte) error {
+	type Mask PrefixList
+
+	aux := struct {
+		*Mask
+
+		Created *parseabletime.ParseableTime `json:"created"`
+		Updated *parseabletime.ParseableTime `json:"updated"`
+		Deleted *parseabletime.ParseableTime `json:"deleted"`
+	}{
+		Mask: (*Mask)(p),
+	}
+
+	if err := json.Unmarshal(data, &aux); err != nil {
+		return err
+	}
+
+	p.Created = (*time.Time)(aux.Created)
+	p.Updated = (*time.Time)(aux.Updated)
+	p.Deleted = (*time.Time)(aux.Deleted)
+
+	return nil
+}
+
+// ListPrefixLists returns a paginated collection of Prefix Lists.
+func (c *Client) ListPrefixLists(ctx context.Context, opts *ListOptions) ([]PrefixList, error) {
+	return getPaginatedResults[PrefixList](ctx, c, "networking/prefixlists", opts)
+}
+
+// GetPrefixList fetches a single Prefix List by its ID.
+func (c *Client) GetPrefixList(ctx context.Context, id int) (*PrefixList, error) {
+	endpoint := formatAPIPath("networking/prefixlists/%d", id)
+	return doGETRequest[PrefixList](ctx, c, endpoint)
+}

test/go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-resty/resty/v2 v2.17.0 // indirect
+	github.com/go-resty/resty/v2 v2.17.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect