feat(vpcgw): add support BastionAllowedIPs (#1703)

Co-authored-by: Laure-di <[email protected]>

Author: scaleway-bot

packages/clients/src/api/vpcgw/v2/api.gen.ts

@@ -13,16 +13,19 @@ import {
   GATEWAY_TRANSIENT_STATUSES,
 } from './content.gen'
 import {
+  marshalAddBastionAllowedIPsRequest,
   marshalCreateGatewayNetworkRequest,
   marshalCreateGatewayRequest,
   marshalCreateIPRequest,
   marshalCreatePatRuleRequest,
+  marshalSetBastionAllowedIPsRequest,
   marshalSetPatRulesRequest,
   marshalUpdateGatewayNetworkRequest,
   marshalUpdateGatewayRequest,
   marshalUpdateIPRequest,
   marshalUpdatePatRuleRequest,
   marshalUpgradeGatewayRequest,
+  unmarshalAddBastionAllowedIPsResponse,
   unmarshalGateway,
   unmarshalGatewayNetwork,
   unmarshalIP,
@@ -32,13 +35,17 @@ import {
   unmarshalListIPsResponse,
   unmarshalListPatRulesResponse,
   unmarshalPatRule,
+  unmarshalSetBastionAllowedIPsResponse,
   unmarshalSetPatRulesResponse,
 } from './marshalling.gen'
 import type {
+  AddBastionAllowedIPsRequest,
+  AddBastionAllowedIPsResponse,
   CreateGatewayNetworkRequest,
   CreateGatewayRequest,
   CreateIPRequest,
   CreatePatRuleRequest,
+  DeleteBastionAllowedIPsRequest,
   DeleteGatewayNetworkRequest,
   DeleteGatewayRequest,
   DeleteIPRequest,
@@ -62,6 +69,8 @@ import type {
   ListPatRulesResponse,
   PatRule,
   RefreshSSHKeysRequest,
+  SetBastionAllowedIPsRequest,
+  SetBastionAllowedIPsResponse,
   SetPatRulesRequest,
   SetPatRulesResponse,
   UpdateGatewayNetworkRequest,
@@ -660,4 +669,59 @@ export class API extends ParentAPI {
       },
       unmarshalGateway,
     )
+
+  /**
+   * Add allowed IP range to SSH bastion. Add an IP range (in CIDR notation) to
+   * be allowed to connect to the SSH bastion.
+   *
+   * @param request - The request {@link AddBastionAllowedIPsRequest}
+   * @returns A Promise of AddBastionAllowedIPsResponse
+   */
+  addBastionAllowedIPs = (request: Readonly<AddBastionAllowedIPsRequest>) =>
+    this.client.fetch<AddBastionAllowedIPsResponse>(
+      {
+        body: JSON.stringify(
+          marshalAddBastionAllowedIPsRequest(request, this.client.settings),
+        ),
+        headers: jsonContentHeaders,
+        method: 'POST',
+        path: `/vpc-gw/v2/zones/${validatePathParam('zone', request.zone ?? this.client.settings.defaultZone)}/gateways/${validatePathParam('gatewayId', request.gatewayId)}/bastion-allowed-ips`,
+      },
+      unmarshalAddBastionAllowedIPsResponse,
+    )
+
+  /**
+   * Set all IP ranges allowed for SSH bastion. Set a definitive list of IP
+   * ranges (in CIDR notation) allowed to connect to the SSH bastion.
+   *
+   * @param request - The request {@link SetBastionAllowedIPsRequest}
+   * @returns A Promise of SetBastionAllowedIPsResponse
+   */
+  setBastionAllowedIPs = (request: Readonly<SetBastionAllowedIPsRequest>) =>
+    this.client.fetch<SetBastionAllowedIPsResponse>(
+      {
+        body: JSON.stringify(
+          marshalSetBastionAllowedIPsRequest(request, this.client.settings),
+        ),
+        headers: jsonContentHeaders,
+        method: 'PUT',
+        path: `/vpc-gw/v2/zones/${validatePathParam('zone', request.zone ?? this.client.settings.defaultZone)}/gateways/${validatePathParam('gatewayId', request.gatewayId)}/bastion-allowed-ips`,
+      },
+      unmarshalSetBastionAllowedIPsResponse,
+    )
+
+  /**
+   * Delete allowed IP range from SSH bastion. Delete an IP range (defined in
+   * CIDR notation) from SSH bastion, so that it is no longer allowed to
+   * connect.
+   *
+   * @param request - The request {@link DeleteBastionAllowedIPsRequest}
+   */
+  deleteBastionAllowedIPs = (
+    request: Readonly<DeleteBastionAllowedIPsRequest>,
+  ) =>
+    this.client.fetch<void>({
+      method: 'DELETE',
+      path: `/vpc-gw/v2/zones/${validatePathParam('zone', request.zone ?? this.client.settings.defaultZone)}/gateways/${validatePathParam('gatewayId', request.gatewayId)}/bastion-allowed-ips/${validatePathParam('ipRange', request.ipRange)}`,
+    })
 }

packages/clients/src/api/vpcgw/v2/index.gen.ts

@@ -3,10 +3,13 @@
 export { API } from './api.gen'
 export * from './content.gen'
 export type {
+  AddBastionAllowedIPsRequest,
+  AddBastionAllowedIPsResponse,
   CreateGatewayNetworkRequest,
   CreateGatewayRequest,
   CreateIPRequest,
   CreatePatRuleRequest,
+  DeleteBastionAllowedIPsRequest,
   DeleteGatewayNetworkRequest,
   DeleteGatewayRequest,
   DeleteIPRequest,
@@ -38,6 +41,8 @@ export type {
   PatRule,
   PatRuleProtocol,
   RefreshSSHKeysRequest,
+  SetBastionAllowedIPsRequest,
+  SetBastionAllowedIPsResponse,
   SetPatRulesRequest,
   SetPatRulesRequestRule,
   SetPatRulesResponse,

packages/clients/src/api/vpcgw/v2/marshalling.gen.ts

@@ -8,6 +8,8 @@ import {
 } from '../../../bridge'
 import type { DefaultValues } from '../../../bridge'
 import type {
+  AddBastionAllowedIPsRequest,
+  AddBastionAllowedIPsResponse,
   CreateGatewayNetworkRequest,
   CreateGatewayRequest,
   CreateIPRequest,
@@ -22,6 +24,8 @@ import type {
   ListIPsResponse,
   ListPatRulesResponse,
   PatRule,
+  SetBastionAllowedIPsRequest,
+  SetBastionAllowedIPsResponse,
   SetPatRulesRequest,
   SetPatRulesRequestRule,
   SetPatRulesResponse,
@@ -84,6 +88,7 @@ export const unmarshalGateway = (data: unknown): Gateway => {
 
   return {
     bandwidth: data.bandwidth,
+    bastionAllowedIps: data.bastion_allowed_ips,
     bastionEnabled: data.bastion_enabled,
     bastionPort: data.bastion_port,
     canUpgradeTo: data.can_upgrade_to,
@@ -128,6 +133,20 @@ export const unmarshalPatRule = (data: unknown): PatRule => {
   } as PatRule
 }
 
+export const unmarshalAddBastionAllowedIPsResponse = (
+  data: unknown,
+): AddBastionAllowedIPsResponse => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'AddBastionAllowedIPsResponse' failed as data isn't a dictionary.`,
+    )
+  }
+
+  return {
+    ipRanges: data.ip_ranges,
+  } as AddBastionAllowedIPsResponse
+}
+
 export const unmarshalListGatewayNetworksResponse = (
   data: unknown,
 ): ListGatewayNetworksResponse => {
@@ -217,6 +236,20 @@ export const unmarshalListPatRulesResponse = (
   } as ListPatRulesResponse
 }
 
+export const unmarshalSetBastionAllowedIPsResponse = (
+  data: unknown,
+): SetBastionAllowedIPsResponse => {
+  if (!isJSONObject(data)) {
+    throw new TypeError(
+      `Unmarshalling the type 'SetBastionAllowedIPsResponse' failed as data isn't a dictionary.`,
+    )
+  }
+
+  return {
+    ipRanges: data.ip_ranges,
+  } as SetBastionAllowedIPsResponse
+}
+
 export const unmarshalSetPatRulesResponse = (
   data: unknown,
 ): SetPatRulesResponse => {
@@ -231,6 +264,13 @@ export const unmarshalSetPatRulesResponse = (
   } as SetPatRulesResponse
 }
 
+export const marshalAddBastionAllowedIPsRequest = (
+  request: AddBastionAllowedIPsRequest,
+  defaults: DefaultValues,
+): Record<string, unknown> => ({
+  ip_range: request.ipRange,
+})
+
 export const marshalCreateGatewayNetworkRequest = (
   request: CreateGatewayNetworkRequest,
   defaults: DefaultValues,
@@ -275,6 +315,13 @@ export const marshalCreatePatRuleRequest = (
   public_port: request.publicPort,
 })
 
+export const marshalSetBastionAllowedIPsRequest = (
+  request: SetBastionAllowedIPsRequest,
+  defaults: DefaultValues,
+): Record<string, unknown> => ({
+  ip_ranges: request.ipRanges,
+})
+
 const marshalSetPatRulesRequestRule = (
   request: SetPatRulesRequestRule,
   defaults: DefaultValues,

packages/clients/src/api/vpcgw/v2/types.gen.ts

@@ -160,6 +160,8 @@ export interface Gateway {
   smtpEnabled: boolean
   /** Defines whether the gateway uses non-IPAM IP configurations. */
   isLegacy: boolean
+  /** Ranges of IP addresses allowed to connect to the gateway's SSH bastion. */
+  bastionAllowedIps: string[]
   /** Zone of the gateway. */
   zone: Zone
 }
@@ -199,6 +201,20 @@ export interface SetPatRulesRequestRule {
   protocol: PatRuleProtocol
 }
 
+export type AddBastionAllowedIPsRequest = {
+  /** Zone to target. If none is passed will use default zone from the config. */
+  zone?: Zone
+  /** ID of the gateway to add the allowed IP range to. */
+  gatewayId: string
+  /** IP range allowed to connect to the SSH bastion. */
+  ipRange: string
+}
+
+export interface AddBastionAllowedIPsResponse {
+  /** Ranges of IP addresses allowed to connect to the gateway's SSH bastion. */
+  ipRanges: string[]
+}
+
 export type CreateGatewayNetworkRequest = {
   /** Zone to target. If none is passed will use default zone from the config. */
   zone?: Zone
@@ -259,6 +275,15 @@ export type CreatePatRuleRequest = {
   protocol?: PatRuleProtocol
 }
 
+export type DeleteBastionAllowedIPsRequest = {
+  /** Zone to target. If none is passed will use default zone from the config. */
+  zone?: Zone
+  /** ID of the gateway on which to delete the allowed IP range. */
+  gatewayId: string
+  /** IP range to delete from SSH bastion's list of allowed IPs. */
+  ipRange: string
+}
+
 export type DeleteGatewayNetworkRequest = {
   /** Zone to target. If none is passed will use default zone from the config. */
   zone?: Zone
@@ -452,6 +477,23 @@ export type RefreshSSHKeysRequest = {
   gatewayId: string
 }
 
+export type SetBastionAllowedIPsRequest = {
+  /** Zone to target. If none is passed will use default zone from the config. */
+  zone?: Zone
+  /** ID of the gateway on which to set the allowed IP range. */
+  gatewayId: string
+  /**
+   * New list of IP ranges (each range in CIDR notation) allowed to connect to
+   * the SSH bastion.
+   */
+  ipRanges?: string[]
+}
+
+export interface SetBastionAllowedIPsResponse {
+  /** Ranges of IP addresses allowed to connect to the gateway's SSH bastion. */
+  ipRanges: string[]
+}
+
 export type SetPatRulesRequest = {
   /** Zone to target. If none is passed will use default zone from the config. */
   zone?: Zone