Skip to content

Commit ef7be5a

Browse files
scaleway-botLaure-di
scaleway-bot
and
Laure-di
authored
feat(vpcgw): add support BastionAllowedIPs (scaleway#2383)
Co-authored-by: Laure-di <[email protected]>
1 parent 24fe89d commit ef7be5a

File tree

1 file changed

+156
-0
lines changed

1 file changed

+156
-0
lines changed

api/vpcgw/v2/vpcgw_sdk.go

Lines changed: 156 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -491,6 +491,9 @@ type Gateway struct {
491491
// IsLegacy: defines whether the gateway uses non-IPAM IP configurations.
492492
IsLegacy bool `json:"is_legacy"`
493493

494+
// BastionAllowedIPs: ranges of IP addresses allowed to connect to the gateway's SSH bastion.
495+
BastionAllowedIPs []scw.IPNet `json:"bastion_allowed_ips"`
496+
494497
// Zone: zone of the gateway.
495498
Zone scw.Zone `json:"zone"`
496499
}
@@ -542,6 +545,24 @@ type SetPatRulesRequestRule struct {
542545
Protocol PatRuleProtocol `json:"protocol"`
543546
}
544547

548+
// AddBastionAllowedIPsRequest: add bastion allowed i ps request.
549+
type AddBastionAllowedIPsRequest struct {
550+
// Zone: zone to target. If none is passed will use default zone from the config.
551+
Zone scw.Zone `json:"-"`
552+
553+
// GatewayID: ID of the gateway to add the allowed IP range to.
554+
GatewayID string `json:"-"`
555+
556+
// IPRange: IP range allowed to connect to the SSH bastion.
557+
IPRange scw.IPNet `json:"ip_range"`
558+
}
559+
560+
// AddBastionAllowedIPsResponse: add bastion allowed i ps response.
561+
type AddBastionAllowedIPsResponse struct {
562+
// IPRanges: ranges of IP addresses allowed to connect to the gateway's SSH bastion.
563+
IPRanges []scw.IPNet `json:"ip_ranges"`
564+
}
565+
545566
// CreateGatewayNetworkRequest: create gateway network request.
546567
type CreateGatewayNetworkRequest struct {
547568
// Zone: zone to target. If none is passed will use default zone from the config.
@@ -627,6 +648,18 @@ type CreatePatRuleRequest struct {
627648
Protocol PatRuleProtocol `json:"protocol"`
628649
}
629650

651+
// DeleteBastionAllowedIPsRequest: delete bastion allowed i ps request.
652+
type DeleteBastionAllowedIPsRequest struct {
653+
// Zone: zone to target. If none is passed will use default zone from the config.
654+
Zone scw.Zone `json:"-"`
655+
656+
// GatewayID: ID of the gateway on which to delete the allowed IP range.
657+
GatewayID string `json:"-"`
658+
659+
// IPRange: IP range to delete from SSH bastion's list of allowed IPs.
660+
IPRange scw.IPNet `json:"-"`
661+
}
662+
630663
// DeleteGatewayNetworkRequest: delete gateway network request.
631664
type DeleteGatewayNetworkRequest struct {
632665
// Zone: zone to target. If none is passed will use default zone from the config.
@@ -960,6 +993,24 @@ type RefreshSSHKeysRequest struct {
960993
GatewayID string `json:"-"`
961994
}
962995

996+
// SetBastionAllowedIPsRequest: set bastion allowed i ps request.
997+
type SetBastionAllowedIPsRequest struct {
998+
// Zone: zone to target. If none is passed will use default zone from the config.
999+
Zone scw.Zone `json:"-"`
1000+
1001+
// GatewayID: ID of the gateway on which to set the allowed IP range.
1002+
GatewayID string `json:"-"`
1003+
1004+
// IPRanges: new list of IP ranges (each range in CIDR notation) allowed to connect to the SSH bastion.
1005+
IPRanges []string `json:"ip_ranges"`
1006+
}
1007+
1008+
// SetBastionAllowedIPsResponse: set bastion allowed i ps response.
1009+
type SetBastionAllowedIPsResponse struct {
1010+
// IPRanges: ranges of IP addresses allowed to connect to the gateway's SSH bastion.
1011+
IPRanges []scw.IPNet `json:"ip_ranges"`
1012+
}
1013+
9631014
// SetPatRulesRequest: set pat rules request.
9641015
type SetPatRulesRequest struct {
9651016
// Zone: zone to target. If none is passed will use default zone from the config.
@@ -1923,3 +1974,108 @@ func (s *API) RefreshSSHKeys(req *RefreshSSHKeysRequest, opts ...scw.RequestOpti
19231974
}
19241975
return &resp, nil
19251976
}
1977+
1978+
// AddBastionAllowedIPs: Add an IP range (in CIDR notation) to be allowed to connect to the SSH bastion.
1979+
func (s *API) AddBastionAllowedIPs(req *AddBastionAllowedIPsRequest, opts ...scw.RequestOption) (*AddBastionAllowedIPsResponse, error) {
1980+
var err error
1981+
1982+
if req.Zone == "" {
1983+
defaultZone, _ := s.client.GetDefaultZone()
1984+
req.Zone = defaultZone
1985+
}
1986+
1987+
if fmt.Sprint(req.Zone) == "" {
1988+
return nil, errors.New("field Zone cannot be empty in request")
1989+
}
1990+
1991+
if fmt.Sprint(req.GatewayID) == "" {
1992+
return nil, errors.New("field GatewayID cannot be empty in request")
1993+
}
1994+
1995+
scwReq := &scw.ScalewayRequest{
1996+
Method: "POST",
1997+
Path: "/vpc-gw/v2/zones/" + fmt.Sprint(req.Zone) + "/gateways/" + fmt.Sprint(req.GatewayID) + "/bastion-allowed-ips",
1998+
}
1999+
2000+
err = scwReq.SetBody(req)
2001+
if err != nil {
2002+
return nil, err
2003+
}
2004+
2005+
var resp AddBastionAllowedIPsResponse
2006+
2007+
err = s.client.Do(scwReq, &resp, opts...)
2008+
if err != nil {
2009+
return nil, err
2010+
}
2011+
return &resp, nil
2012+
}
2013+
2014+
// SetBastionAllowedIPs: Set a definitive list of IP ranges (in CIDR notation) allowed to connect to the SSH bastion.
2015+
func (s *API) SetBastionAllowedIPs(req *SetBastionAllowedIPsRequest, opts ...scw.RequestOption) (*SetBastionAllowedIPsResponse, error) {
2016+
var err error
2017+
2018+
if req.Zone == "" {
2019+
defaultZone, _ := s.client.GetDefaultZone()
2020+
req.Zone = defaultZone
2021+
}
2022+
2023+
if fmt.Sprint(req.Zone) == "" {
2024+
return nil, errors.New("field Zone cannot be empty in request")
2025+
}
2026+
2027+
if fmt.Sprint(req.GatewayID) == "" {
2028+
return nil, errors.New("field GatewayID cannot be empty in request")
2029+
}
2030+
2031+
scwReq := &scw.ScalewayRequest{
2032+
Method: "PUT",
2033+
Path: "/vpc-gw/v2/zones/" + fmt.Sprint(req.Zone) + "/gateways/" + fmt.Sprint(req.GatewayID) + "/bastion-allowed-ips",
2034+
}
2035+
2036+
err = scwReq.SetBody(req)
2037+
if err != nil {
2038+
return nil, err
2039+
}
2040+
2041+
var resp SetBastionAllowedIPsResponse
2042+
2043+
err = s.client.Do(scwReq, &resp, opts...)
2044+
if err != nil {
2045+
return nil, err
2046+
}
2047+
return &resp, nil
2048+
}
2049+
2050+
// DeleteBastionAllowedIPs: Delete an IP range (defined in CIDR notation) from SSH bastion, so that it is no longer allowed to connect.
2051+
func (s *API) DeleteBastionAllowedIPs(req *DeleteBastionAllowedIPsRequest, opts ...scw.RequestOption) error {
2052+
var err error
2053+
2054+
if req.Zone == "" {
2055+
defaultZone, _ := s.client.GetDefaultZone()
2056+
req.Zone = defaultZone
2057+
}
2058+
2059+
if fmt.Sprint(req.Zone) == "" {
2060+
return errors.New("field Zone cannot be empty in request")
2061+
}
2062+
2063+
if fmt.Sprint(req.GatewayID) == "" {
2064+
return errors.New("field GatewayID cannot be empty in request")
2065+
}
2066+
2067+
if fmt.Sprint(req.IPRange) == "" {
2068+
return errors.New("field IPRange cannot be empty in request")
2069+
}
2070+
2071+
scwReq := &scw.ScalewayRequest{
2072+
Method: "DELETE",
2073+
Path: "/vpc-gw/v2/zones/" + fmt.Sprint(req.Zone) + "/gateways/" + fmt.Sprint(req.GatewayID) + "/bastion-allowed-ips/" + fmt.Sprint(req.IPRange) + "",
2074+
}
2075+
2076+
err = s.client.Do(scwReq, nil, opts...)
2077+
if err != nil {
2078+
return err
2079+
}
2080+
return nil
2081+
}

0 commit comments

Comments
 (0)