softlayer
diff --git a/‎.secrets.baseline‎
Lines changed: 13 additions & 5 deletions b/‎.secrets.baseline‎
Lines changed: 13 additions & 5 deletions
diff --git a/‎README.md‎
Lines changed: 42 additions & 0 deletions b/‎README.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎bin/buildAndDeploy.py‎
Lines changed: 1 addition & 1 deletion b/‎bin/buildAndDeploy.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎plugin/commands/block/access_authorize.go‎
Lines changed: 80 additions & 12 deletions b/‎plugin/commands/block/access_authorize.go‎
Lines changed: 80 additions & 12 deletions
@@ -3,7 +3,7 @@
     "files": "plugin/i18n/v1Resources/|plugin/i18n/v2Resources/|(.*test.*)|(vendor)|(go.sum)|bin/|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-10-16T21:46:33Z",
+  "generated_at": "2024-11-08T22:44:41Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -124,31 +124,39 @@
         "hashed_secret": "49f18203810a56503e8b16bea101314713ce1a0c",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 82,
+        "line_number": 97,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "4283f377a2ad3c107b4a3c9920c6ab508c6b1099",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 102,
+        "line_number": 117,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "aa1f122c9be20b5a2aff7f2c513e3b065c033894",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 133,
+        "line_number": 151,
         "type": "Secret Keyword",
         "verified_result": null
       },
       {
         "hashed_secret": "b2b24235714bf178e052e52a4af5a21a1f17c445",
         "is_secret": false,
         "is_verified": false,
-        "line_number": 160,
+        "line_number": 178,
+        "type": "Secret Keyword",
+        "verified_result": null
+      },
+      {
+        "hashed_secret": "55839213174fc8f39a78d97deeaeecbd69f6de27",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 265,
         "type": "Secret Keyword",
         "verified_result": null
       }
 
@@ -435,6 +435,28 @@ T("This is some output for a {{.CMDTYPE}} command", subs)
 
 *NOTICE* goi18n/v2 has some newer features that can make this a bit easier to deal with, but I'm not sure they are currently supported, so procede with caution in you make use of them.
 
+Commands that accept a list of options to display should have those subbed into the string, not hard coded.
+
+BAD:
+```go
+cobraCmd.Flags().StringVar(&thisCmd.Sortby, "sortby", "id", T("Column to sort by. Options are: id, name, type, private_ip_address, source_subnet, host_iqn, username, password, allowed_host_id."))
+
+```
+
+GOOD:
+
+```go
+defaultColumns := []string{
+    "id", "name", "type", "private_ip_address", "source_subnet",
+    "host_iqn", "username", "password","allowed_host_id"
+}
+
+default_subs := map[string]interface{}{"COLUMNS": strings.join(defaultColumns, ", ")}
+
+cobraCmd.Flags().StringVar(&thisCmd.Sortby, "sortby", "id",
+    T("Column to sort by. Options are: {{.COLUMNS}}.", default_subs))
+```
+
 ### Useful Scripts
 
 #### `./bin/buildAndDeploy.py i18n`
@@ -589,4 +611,24 @@ detect-secrets scan --update .secrets.baseline
 If we need to update the excluded files (these are saved in the .secrets.baseline file) do this:
 ```bash
 detect-secrets -v scan --update .secrets.baseline  --exclude-files "plugin/i18n/v1Resources/|plugin/i18n/v2Resources/|(.*test.*)|(vendor)|(go.sum)|bin/"
+```
+
+
+# Commit Signing
+Always a good idea to sign commits, even if it takes a bit to setup.
+
+1. `git config --global commit.gpgsign true` Enabled signed commits
+2. `gpg --full-generate-key` Create a GPG key to sign commits with (use your github email)
+3. `git commit --message="THE MESSAGE"` is your normal commit, but should now be signed! You may be prompted for a password
+4. `git log --show-signature` confirm its signed.
+5. `gpg --output email.pgp --armor --export [email protected]` will export your PUBLIC key so you can upload it to github.
+
+
+## Windows setup
+
+In windows GPG pops up an annoying window for password prompting. Following [Using Command-Line Passphrase Input for GPG with Git](https://betakuang.medium.com/using-command-line-passphrase-input-for-gpg-with-git-for-windows-f78ae2c7cd2e) to be prompted on the CLI
+
+```
+$>  cat ~/.gnupg/gpg-agent.conf
+allow-loopback-pinentry
 ```
@@ -94,7 +94,7 @@ def runTests() -> None:
     except subprocess.CalledProcessError as e:
         print(f"[red]>>> Go Test failed <<<")
         sys.exit(e.returncode)
-    go_sec = ['gosec', '-exclude-dir=fixture', '-exclude-dir=plugin/resources', '-quiet', './...']
+    go_sec = ['gosec', '-exclude-dir=fixture', '-exclude-dir=plugin/resources', '-exclude-generated', './...']
     # Not using the 'real' command because this is more copy/pasteable.
     print('[turquoise2]Running: ' + " ".join(go_sec)) 
     try:
 
@@ -1,6 +1,7 @@
 package block
 
 import (
+	"strconv"
 	"github.com/spf13/cobra"
 
 	slErr "github.ibm.com/SoftLayer/softlayer-cli/plugin/errors"
@@ -19,6 +20,7 @@ type AccessAuthorizeCommand struct {
 	Virtual_id     []int
 	Ip_address_id  []int
 	Ip_address     []string
+	Subnet_id	   int
 }
 
 func NewAccessAuthorizeCommand(sl *metadata.SoftlayerStorageCommand) *AccessAuthorizeCommand {
@@ -32,24 +34,42 @@ func NewAccessAuthorizeCommand(sl *metadata.SoftlayerStorageCommand) *AccessAuth
 		Short: T("Authorize hosts to access a given volume."),
 		Long: T(`EXAMPLE:
    ${COMMAND_NAME} sl {{.storageType}} access-authorize 12345678 --virtual-id 87654321
-   This command authorizes virtual server with ID 87654321 to access volume with ID 12345678.`, sl.StorageI18n),
+   This command authorizes virtual server with ID 87654321 to access volume with ID 12345678.`, sl.StorageI18n) + "\n" +
+			T(`
+   ${COMMAND_NAME} sl {{.storageType}} access-authorize 5555 --subnet-id 1111
+   This command adds subnet with id 1111 to the Allowed Host with id 5555. Use 'access-list' to find this id.
+   SoftLayer_Account::iscsiIsolationDisabled must be False for this command to do anything.`, sl.StorageI18n),
 		Args: metadata.OneArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return thisCmd.Run(args)
 		},
 	}
 
-	cobraCmd.Flags().IntSliceVarP(&thisCmd.Hardware_id, "hardware-id", "d", []int{}, T("The ID of one hardware server to authorize."))
-	cobraCmd.Flags().IntSliceVarP(&thisCmd.Virtual_id, "virtual-id", "v", []int{}, T("The ID of one virtual server to authorize."))
-	cobraCmd.Flags().IntSliceVarP(&thisCmd.Ip_address_id, "ip-address-id", "i", []int{}, T("The ID of one IP address to authorize."))
-	cobraCmd.Flags().StringSliceVarP(&thisCmd.Ip_address, "ip-address", "p", []string{}, T("An IP address to authorize."))
+	cobraCmd.Flags().IntSliceVarP(&thisCmd.Hardware_id, "hardware-id", "d", []int{},
+		T("The ID of one hardware server to authorize."))
+	cobraCmd.Flags().IntSliceVarP(&thisCmd.Virtual_id, "virtual-id", "v", []int{},
+		T("The ID of one virtual server to authorize."))
+	cobraCmd.Flags().IntSliceVarP(&thisCmd.Ip_address_id, "ip-address-id", "i", []int{},
+		T("The ID of one IP address to authorize."))
+	cobraCmd.Flags().StringSliceVarP(&thisCmd.Ip_address, "ip-address", "p", []string{},
+		T("An IP address to authorize."))
+	cobraCmd.Flags().IntVarP(&thisCmd.Subnet_id, "subnet-id", "s", 0,
+		T("A Subnet Id. With this option IDENTIFIER should be an 'allowed_host_id' from the access-list command."))
 	thisCmd.Command = cobraCmd
 
 	return thisCmd
 }
 
 func (cmd *AccessAuthorizeCommand) Run(args []string) error {
 
+	// Subnets have to get added to an existing authorized host.
+	if cmd.Subnet_id > 0 {
+		hostId, err := strconv.Atoi(args[0])
+		if err != nil {
+			return slErr.NewInvalidSoftlayerIdInputError("Allowed Host IDENTIFIER")
+		}
+		return cmd.AddSubnetToHost(hostId)
+	}
 	volumeID, err := cmd.StorageManager.GetVolumeId(args[0], cmd.StorageType)
 	if err != nil {
 		return err
@@ -60,7 +80,8 @@ func (cmd *AccessAuthorizeCommand) Run(args []string) error {
 		for _, ip := range IPs {
 			ipRecord, err := cmd.NetworkManager.IPLookup(ip)
 			if err != nil {
-				return slErr.NewAPIError(T("IP address {{.IP}} is not found on your account.Please confirm IP and try again.\n",
+				return slErr.NewAPIError(
+					T("IP address {{.IP}} is not found on your account.Please confirm IP and try again.\n",
 					map[string]interface{}{"IP": ip}), err.Error(), 2)
 			}
 			if ipRecord.Id != nil {
@@ -82,14 +103,61 @@ func (cmd *AccessAuthorizeCommand) Run(args []string) error {
 	}
 
 	cmd.UI.Ok()
-	for _, vsID := range cmd.Virtual_id {
-		cmd.UI.Print(T("The virtual server {{.VsID}} was authorized to access {{.VolumeId}}.", map[string]interface{}{"VolumeId": volumeID, "VsID": vsID}))
+	subs := map[string]interface{}{
+		"VolumeId": volumeID,
+		"SL_ID": 0,
+		"SL_Object": "",
 	}
-	for _, hwID := range cmd.Hardware_id {
-		cmd.UI.Print(T("The hardware server {{.HwID}} was authorized to access {{.VolumeId}}.", map[string]interface{}{"VolumeId": volumeID, "HwID": hwID}))
+	for _, sl_id := range cmd.Virtual_id {
+		subs["SL_Object"] = T("Virtual Server")
+		subs["SL_ID"] = sl_id
+		cmd.UI.Print(T("The {{.SL_Object}} {{.SL_ID}} was authorized to access {{.VolumeId}}.", subs))
 	}
-	for _, ip := range IPIds {
-		cmd.UI.Print(T("The IP address {{.IP}} was authorized to access {{.VolumeId}}.", map[string]interface{}{"VolumeId": volumeID, "IP": ip}))
+	for _, sl_id := range cmd.Hardware_id {
+		subs["SL_Object"] = T("Hardware Server")
+		subs["SL_ID"] = sl_id
+		cmd.UI.Print(T("The {{.SL_Object}} {{.SL_ID}} was authorized to access {{.VolumeId}}.", subs))
+	}
+	for _, sl_id := range IPIds {
+		subs["SL_Object"] = T("IP Address")
+		subs["SL_ID"] = sl_id
+		cmd.UI.Print(T("The {{.SL_Object}} {{.SL_ID}} was authorized to access {{.VolumeId}}.", subs))
 	}
 	return nil
 }
+
+func (cmd *AccessAuthorizeCommand) AddSubnetToHost(host_id int) error {
+
+	outputFormat := cmd.GetOutputFlag()
+	subnet_ids := []int{cmd.Subnet_id}
+	resp, err := cmd.StorageManager.AssignSubnetsToAcl(host_id, subnet_ids)
+	if err != nil {
+		subs := map[string]interface{}{"subnetID": cmd.Subnet_id, "accessID": host_id}
+		return slErr.NewAPIError(
+			T("Failed to assign subnet id: {{.subnetID}} to allowed host id: {{.accessID}}", subs),
+			err.Error(), 2)
+	}
+	// If the API returns an empty array, that means it didn't add the subnet we asked for.
+	// Likely because ISCSI Isolation is disabled on the account.
+	// ibmcloud sl call-api SoftLayer_Account getObject --mask="mask[id,iscsiIsolationDisabled]"
+	if len(resp) == 0 || utils.IntInSlice(cmd.Subnet_id, resp) == -1 {
+		subs := map[string]interface{}{"subnetID": cmd.Subnet_id, "accessID": host_id}
+		return slErr.NewAPIError(
+			T("Failed to assign subnet id: {{.subnetID}} to allowed host id: {{.accessID}}", subs) + "\n" +
+			T("Make sure ISCSI Isolation is enabled for this account."),
+			"", 2,
+		)
+	}
+	if outputFormat == "JSON" {
+		return utils.PrintPrettyJSON(cmd.UI, resp)
+	}
+
+	cmd.UI.Ok()
+	subs := map[string]interface{}{
+		"VolumeId": host_id,
+		"SL_ID": cmd.Subnet_id,
+		"SL_Object": T("Subnet"),
+	}
+	cmd.UI.Print(T("The {{.SL_Object}} {{.SL_ID}} was authorized to access {{.VolumeId}}.", subs))
+	return nil
+}