Merge pull request #13 from bamboo-firewall/v2

V2

api/v1/dto/gnp.go

@@ -19,6 +19,7 @@ type GNPMetadata struct {
 }
 
 type GNPSpec struct {
+	Order    uint32        `json:"order" yaml:"order"`
 	Selector string        `json:"selector,omitempty" yaml:"selector"`
 	Ingress  []GNPSpecRule `json:"ingress,omitempty" yaml:"ingress"`
 	Egress   []GNPSpecRule `json:"egress,omitempty" yaml:"egress"`
@@ -27,9 +28,9 @@ type GNPSpec struct {
 type GNPSpecRule struct {
 	Metadata    map[string]string  `json:"metadata,omitempty" yaml:"metadata"`
 	Action      string             `json:"action" yaml:"action"`
-	Protocol    string             `json:"protocol,omitempty" yaml:"protocol"`
-	NotProtocol string             `json:"notProtocol,omitempty" yaml:"notProtocol"`
-	IPVersion   int                `json:"ipVersion" yaml:"ipVersion"`
+	Protocol    interface{}        `json:"protocol,omitempty" yaml:"protocol"`
+	NotProtocol interface{}        `json:"notProtocol,omitempty" yaml:"notProtocol"`
+	IPVersion   *int               `json:"ipVersion,omitempty" yaml:"ipVersion"`
 	Source      *GNPSpecRuleEntity `json:"source,omitempty" yaml:"source"`
 	Destination *GNPSpecRuleEntity `json:"destination,omitempty" yaml:"destination"`
 }
@@ -54,6 +55,7 @@ type GNPMetadataInput struct {
 }
 
 type GNPSpecInput struct {
+	Order    *uint32            `json:"order" yaml:"order"`
 	Selector string             `json:"selector" yaml:"selector" validate:"omitempty,selector"`
 	Ingress  []GNPSpecRuleInput `json:"ingress" yaml:"ingress" validate:"omitempty,min=1,dive"`
 	Egress   []GNPSpecRuleInput `json:"egress" yaml:"egress" validate:"omitempty,min=1,dive"`
@@ -62,9 +64,9 @@ type GNPSpecInput struct {
 type GNPSpecRuleInput struct {
 	Metadata    map[string]string       `json:"metadata" yaml:"metadata"`
 	Action      string                  `json:"action" yaml:"action" validate:"required,action"`
-	Protocol    string                  `json:"protocol" yaml:"protocol" validate:"omitempty,protocol"`
-	NotProtocol string                  `json:"notProtocol" yaml:"notProtocol" validate:"omitempty,protocol"`
-	IPVersion   int                     `json:"ipVersion" yaml:"ipVersion" validate:"required,ip_version"`
+	Protocol    interface{}             `json:"protocol" yaml:"protocol" validate:"omitempty,protocol"`
+	NotProtocol interface{}             `json:"notProtocol" yaml:"notProtocol" validate:"omitempty,protocol"`
+	IPVersion   *int                    `json:"ipVersion" yaml:"ipVersion" validate:"omitempty,ip_version"`
 	Source      *GNPSpecRuleEntityInput `json:"source" yaml:"source" validate:"omitempty"`
 	Destination *GNPSpecRuleEntityInput `json:"destination" yaml:"destination" validate:"omitempty"`
 }
@@ -73,8 +75,8 @@ type GNPSpecRuleEntityInput struct {
 	Selector string        `json:"selector" yaml:"selector" validate:"omitempty,selector"`
 	Nets     []string      `json:"nets" yaml:"nets" validate:"omitempty,min=1,unique"`
 	NotNets  []string      `json:"notNets" yaml:"notNets" validate:"omitempty,min=1,unique"`
-	Ports    []interface{} `json:"ports" yaml:"ports" validate:"omitempty,min=1,unique,dive"`
-	NotPorts []interface{} `json:"notPorts" yaml:"notPorts" validate:"omitempty,min=1,unique,dive"`
+	Ports    []interface{} `json:"ports" yaml:"ports" validate:"omitempty,min=1,unique,dive,port"`
+	NotPorts []interface{} `json:"notPorts" yaml:"notPorts" validate:"omitempty,min=1,unique,dive,port"`
 }
 
 type GetGNPInput struct {
@@ -84,3 +86,7 @@ type GetGNPInput struct {
 type DeleteGlobalNetworkPolicyInput struct {
 	Metadata GNPMetadataInput `json:"metadata" yaml:"metadata" validate:"required"`
 }
+
+type ListGNPsInput struct {
+	IsOrder bool `form:"isOrder"`
+}

api/v1/dto/gns.go

@@ -37,6 +37,8 @@ type GNSSpecInput struct {
 	Nets []string `json:"nets" yaml:"nets" validate:"min=1,unique"`
 }
 
+type ListGNSsInput struct{}
+
 type GetGNSInput struct {
 	Name string `uri:"name" validate:"required"`
 }

api/v1/dto/hep.go

@@ -22,6 +22,8 @@ type HostEndpointMetadata struct {
 
 type HostEndpointSpec struct {
 	InterfaceName string   `json:"interfaceName" yaml:"interfaceName"`
+	TenantID      uint64   `json:"tenantID" yaml:"tenantID"`
+	IP            string   `json:"ip" yaml:"ip"`
 	IPs           []string `json:"ips" yaml:"ips"`
 }
 
@@ -32,36 +34,45 @@ type CreateHostEndpointInput struct {
 }
 
 type HostEndpointMetadataInput struct {
-	Name   string            `json:"name" yaml:"name" validate:"required,name"`
+	Name   string            `json:"name" yaml:"name" validate:"omitempty,name"`
 	Labels map[string]string `json:"labels" yaml:"labels"`
 }
 
 type HostEndpointSpecInput struct {
 	InterfaceName string   `json:"interfaceName" yaml:"interfaceName"`
+	TenantID      uint64   `json:"tenantID" yaml:"tenantID" validate:"omitempty"`
+	IP            string   `json:"ip" yaml:"ip" validate:"omitempty,ip"`
 	IPs           []string `json:"ips" yaml:"ips" validate:"min=1,unique,dive,ip"`
 }
 
+type ListHostEndpointsInput struct {
+	TenantID *uint64 `form:"tenantID" yaml:"tenantID" validate:"omitempty"`
+	IP       *string `form:"ip" yaml:"ip" validate:"omitempty,ip"`
+}
+
 type GetHostEndpointInput struct {
-	Name string `uri:"name" validate:"required"`
+	TenantID uint64 `uri:"tenantID" yaml:"tenantID" validate:"required"`
+	IP       string `uri:"ip" yaml:"ip" validate:"required,ip"`
 }
 
 type DeleteHostEndpointInput struct {
-	Metadata HostEndpointMetadataInput `json:"metadata" yaml:"metadata" validate:"required"`
+	Spec HostEndpointSpecInput `json:"spec" yaml:"spec" validate:"required"`
 }
 
-type FetchHostEndpointPolicyInput struct {
-	Name string `uri:"name" validate:"required"`
+type FetchHostEndpointPoliciesInput struct {
+	TenantID *uint64 `form:"tenantID" yaml:"tenantID" validate:"omitempty"`
+	IP       *string `form:"ip" yaml:"ip" validate:"omitempty,ip"`
 }
 
 type HostEndpointPolicy struct {
-	MetaData   HostEndPointPolicyMetadata `json:"metadata"`
+	MetaData   HostEndpointPolicyMetadata `json:"metadata"`
 	HEP        *HostEndpoint              `json:"hostEndpoint"`
 	ParsedGNPs []*ParsedGNP               `json:"parsedGNPs"`
 	ParsedHEPs []*ParsedHEP               `json:"parsedHEPs"`
 	ParsedGNSs []*ParsedGNS               `json:"parsedGNSs"`
 }
 
-type HostEndPointPolicyMetadata struct {
+type HostEndpointPolicyMetadata struct {
 	HEPVersions map[string]uint `json:"hepVersions"`
 	GNPVersions map[string]uint `json:"gnpVersions"`
 	GNSVersions map[string]uint `json:"gnsVersions"`
@@ -76,29 +87,31 @@ type ParsedGNP struct {
 }
 
 type ParsedRule struct {
-	Action             string   `json:"action"`
-	IPVersion          int      `json:"ipVersion"`
-	Protocol           string   `json:"protocol"`
-	IsProtocolNegative bool     `json:"isProtocolNegative"`
-	SrcNets            []string `json:"srcNets"`
-	IsSrcNetNegative   bool     `json:"isSrcNetNegative"`
-	SrcGNSUUIDs        []string `json:"srcGNSUUIDs"`
-	SrcHEPUUIDs        []string `json:"srcHEPUUIDs"`
-	SrcPorts           []string `json:"srcPorts"`
-	IsSrcPortNegative  bool     `json:"isSrcPortNegative"`
-	DstNets            []string `json:"dstNets"`
-	IsDstNetNegative   bool     `json:"isDstNetNegative"`
-	DstGNSUUIDs        []string `json:"dstGNSUUIDs"`
-	DstHEPUUIDs        []string `json:"dstHEPUUIDs"`
-	DstPorts           []string `json:"dstPorts"`
-	IsDstPortNegative  bool     `json:"isDstPortNegative"`
+	Action             string      `json:"action"`
+	IPVersion          *int        `json:"ipVersion"`
+	Protocol           interface{} `json:"protocol"`
+	IsProtocolNegative bool        `json:"isProtocolNegative"`
+	SrcNets            []string    `json:"srcNets"`
+	IsSrcNetNegative   bool        `json:"isSrcNetNegative"`
+	SrcGNSUUIDs        []string    `json:"srcGNSUUIDs"`
+	SrcHEPUUIDs        []string    `json:"srcHEPUUIDs"`
+	SrcPorts           []string    `json:"srcPorts"`
+	IsSrcPortNegative  bool        `json:"isSrcPortNegative"`
+	DstNets            []string    `json:"dstNets"`
+	IsDstNetNegative   bool        `json:"isDstNetNegative"`
+	DstGNSUUIDs        []string    `json:"dstGNSUUIDs"`
+	DstHEPUUIDs        []string    `json:"dstHEPUUIDs"`
+	DstPorts           []string    `json:"dstPorts"`
+	IsDstPortNegative  bool        `json:"isDstPortNegative"`
 }
 
 type ParsedHEP struct {
-	UUID  string   `json:"uuid"`
-	Name  string   `json:"name"`
-	IPsV4 []string `json:"ipsV4"`
-	IPsV6 []string `json:"ipsV6"`
+	UUID     string   `json:"uuid"`
+	TenantID uint64   `json:"tenantID"`
+	Name     string   `json:"name"`
+	IP       string   `json:"ip"`
+	IPsV4    []string `json:"ipsV4"`
+	IPsV6    []string `json:"ipsV6"`
 }
 
 type ParsedGNS struct {

api/v1/handler/gnp.go

@@ -16,6 +16,7 @@ import (
 
 type gnpService interface {
 	Create(ctx context.Context, input *model.CreateGlobalNetworkPolicyInput) (*entity.GlobalNetworkPolicy, *ierror.Error)
+	List(ctx context.Context, input *model.ListGNPsInput) ([]*entity.GlobalNetworkPolicy, *ierror.Error)
 	Get(ctx context.Context, name string) (*entity.GlobalNetworkPolicy, *ierror.Error)
 	Delete(ctx context.Context, name string) *ierror.Error
 }
@@ -45,6 +46,21 @@ func (h *gnp) Create(c *gin.Context) {
 	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToGlobalNetworkPolicyDTO(gnsEntity))
 }
 
+func (h *gnp) List(c *gin.Context) {
+	in := new(dto.ListGNPsInput)
+	if ierr := httpbase.BindInput(c, in); ierr != nil {
+		httpbase.ReturnErrorResponse(c, ierr)
+		return
+	}
+
+	gnpsEntity, ierr := h.service.List(c.Request.Context(), &model.ListGNPsInput{IsOrder: in.IsOrder})
+	if ierr != nil {
+		httpbase.ReturnErrorResponse(c, ierr)
+		return
+	}
+	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToListGlobalNetworkPolicyDTOs(gnpsEntity))
+}
+
 func (h *gnp) Get(c *gin.Context) {
 	in := new(dto.GetGNPInput)
 	if ierr := httpbase.BindInput(c, in); ierr != nil {

api/v1/handler/gns.go

@@ -16,6 +16,7 @@ import (
 
 type gnsService interface {
 	Create(ctx context.Context, input *model.CreateGlobalNetworkSetInput) (*entity.GlobalNetworkSet, *ierror.Error)
+	List(ctx context.Context) ([]*entity.GlobalNetworkSet, *ierror.Error)
 	Get(ctx context.Context, name string) (*entity.GlobalNetworkSet, *ierror.Error)
 	Delete(ctx context.Context, name string) *ierror.Error
 }
@@ -45,6 +46,15 @@ func (h *gns) Create(c *gin.Context) {
 	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToGlobalNetworkSetDTO(gnsEntity))
 }
 
+func (h *gns) List(c *gin.Context) {
+	gnpsEntity, ierr := h.service.List(c.Request.Context())
+	if ierr != nil {
+		httpbase.ReturnErrorResponse(c, ierr)
+		return
+	}
+	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToListGlobalNetworkSetDTOs(gnpsEntity))
+}
+
 func (h *gns) Get(c *gin.Context) {
 	in := new(dto.GetGNSInput)
 	if ierr := httpbase.BindInput(c, in); ierr != nil {

api/v1/handler/hep.go

@@ -16,9 +16,10 @@ import (
 
 type hepService interface {
 	Create(ctx context.Context, input *model.CreateHostEndpointInput) (*entity.HostEndpoint, *ierror.Error)
-	Get(ctx context.Context, name string) (*entity.HostEndpoint, *ierror.Error)
-	Delete(ctx context.Context, name string) *ierror.Error
-	FetchPolicies(ctx context.Context, input *model.FetchHostEndpointPolicyInput) (*model.HostEndPointPolicy, *ierror.Error)
+	List(ctx context.Context, input *model.ListHostEndpointsInput) ([]*entity.HostEndpoint, *ierror.Error)
+	Get(ctx context.Context, input *model.GetHostEndpointInput) (*entity.HostEndpoint, *ierror.Error)
+	Delete(ctx context.Context, input *model.DeleteHostEndpointInput) *ierror.Error
+	FetchPolicies(ctx context.Context, input *model.ListHostEndpointsInput) ([]*model.HostEndpointPolicy, *ierror.Error)
 }
 
 func NewHEP(s hepService) *hep {
@@ -46,14 +47,29 @@ func (h *hep) Create(c *gin.Context) {
 	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToHostEndpointDTO(hepEntity))
 }
 
+func (h *hep) List(c *gin.Context) {
+	in := new(dto.ListHostEndpointsInput)
+	if ierr := httpbase.BindInput(c, in); ierr != nil {
+		httpbase.ReturnErrorResponse(c, ierr)
+		return
+	}
+
+	gnpsEntity, ierr := h.service.List(c.Request.Context(), mapper.ToListHostEndpointsInput(in))
+	if ierr != nil {
+		httpbase.ReturnErrorResponse(c, ierr)
+		return
+	}
+	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToListHostEndpointDTOs(gnpsEntity))
+}
+
 func (h *hep) Get(c *gin.Context) {
 	in := new(dto.GetHostEndpointInput)
 	if ierr := httpbase.BindInput(c, in); ierr != nil {
 		httpbase.ReturnErrorResponse(c, ierr)
 		return
 	}
 
-	hepEntity, ierr := h.service.Get(c.Request.Context(), in.Name)
+	hepEntity, ierr := h.service.Get(c.Request.Context(), mapper.ToGetHostEndpointInput(in))
 	if ierr != nil {
 		httpbase.ReturnErrorResponse(c, ierr)
 		return
@@ -68,23 +84,27 @@ func (h *hep) Delete(c *gin.Context) {
 		return
 	}
 
-	if err := h.service.Delete(c.Request.Context(), in.Metadata.Name); err != nil {
+	if err := h.service.Delete(c.Request.Context(), &model.DeleteHostEndpointInput{
+		TenantID: in.Spec.TenantID,
+		IP:       in.Spec.IP,
+		IPs:      in.Spec.IPs,
+	}); err != nil {
 		httpbase.ReturnErrorResponse(c, err)
 		return
 	}
 	httpbase.ReturnSuccessResponse(c, http.StatusOK, nil)
 }
 
 func (h *hep) FetchPolicies(c *gin.Context) {
-	in := new(dto.FetchHostEndpointPolicyInput)
+	in := new(dto.FetchHostEndpointPoliciesInput)
 	if ierr := httpbase.BindInput(c, in); ierr != nil {
 		httpbase.ReturnErrorResponse(c, ierr)
 		return
 	}
-	hostEndpointPolicy, ierr := h.service.FetchPolicies(c.Request.Context(), mapper.ToFetchHostEndPointPolicyInput(in))
+	hostEndpointPolicies, ierr := h.service.FetchPolicies(c.Request.Context(), mapper.ToFetchHostEndpointPolicyInput(in))
 	if ierr != nil {
 		httpbase.ReturnErrorResponse(c, ierr)
 		return
 	}
-	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToFetchPoliciesOutput(hostEndpointPolicy))
+	httpbase.ReturnSuccessResponse(c, http.StatusOK, mapper.ToFetchHEPPoliciesOutput(hostEndpointPolicies))
 }

api/v1/mapper/gnp.go

@@ -6,6 +6,14 @@ import (
 	"github.com/bamboo-firewall/be/domain/model"
 )
 
+func ToListGlobalNetworkPolicyDTOs(gnps []*entity.GlobalNetworkPolicy) []*dto.GlobalNetworkPolicy {
+	gnpDTOs := make([]*dto.GlobalNetworkPolicy, 0, len(gnps))
+	for _, gnp := range gnps {
+		gnpDTOs = append(gnpDTOs, ToGlobalNetworkPolicyDTO(gnp))
+	}
+	return gnpDTOs
+}
+
 func ToGlobalNetworkPolicyDTO(gnp *entity.GlobalNetworkPolicy) *dto.GlobalNetworkPolicy {
 	if gnp == nil {
 		return nil
@@ -29,6 +37,7 @@ func ToGlobalNetworkPolicyDTO(gnp *entity.GlobalNetworkPolicy) *dto.GlobalNetwor
 			Labels: gnp.Metadata.Labels,
 		},
 		Spec: dto.GNPSpec{
+			Order:    gnp.Spec.Order,
 			Selector: gnp.Spec.Selector,
 			Ingress:  specIngress,
 			Egress:   specEgress,
@@ -45,7 +54,7 @@ func toRuleDTO(rule entity.GNPSpecRule) dto.GNPSpecRule {
 		Action:      rule.Action,
 		Protocol:    rule.Protocol,
 		NotProtocol: rule.NotProtocol,
-		IPVersion:   int(rule.IPVersion),
+		IPVersion:   rule.IPVersion,
 		Source:      toRuleEntityDTO(rule.Source),
 		Destination: toRuleEntityDTO(rule.Destination),
 	}
@@ -65,12 +74,12 @@ func toRuleEntityDTO(ruleEntity *entity.GNPSpecRuleEntity) *dto.GNPSpecRuleEntit
 }
 
 func ToCreateGlobalNetworkPolicyInput(in *dto.CreateGlobalNetworkPolicyInput) *model.CreateGlobalNetworkPolicyInput {
-	var specIngress []model.GNPSpecRuleInput
+	specIngress := make([]model.GNPSpecRuleInput, 0, len(in.Spec.Ingress))
 	for _, rule := range in.Spec.Ingress {
 		specIngress = append(specIngress, toRuleInput(rule))
 	}
 
-	var specEgress []model.GNPSpecRuleInput
+	specEgress := make([]model.GNPSpecRuleInput, 0, len(in.Spec.Egress))
 	for _, rule := range in.Spec.Egress {
 		specEgress = append(specEgress, toRuleInput(rule))
 	}
@@ -81,6 +90,7 @@ func ToCreateGlobalNetworkPolicyInput(in *dto.CreateGlobalNetworkPolicyInput) *m
 			Labels: in.Metadata.Labels,
 		},
 		Spec: model.GNPSpecInput{
+			Order:    in.Spec.Order,
 			Selector: in.Spec.Selector,
 			Ingress:  specIngress,
 			Egress:   specEgress,

api/v1/mapper/gns.go

@@ -6,6 +6,14 @@ import (
 	"github.com/bamboo-firewall/be/domain/model"
 )
 
+func ToListGlobalNetworkSetDTOs(gnss []*entity.GlobalNetworkSet) []*dto.GlobalNetworkSet {
+	gnsDTOs := make([]*dto.GlobalNetworkSet, 0, len(gnss))
+	for _, gns := range gnss {
+		gnsDTOs = append(gnsDTOs, ToGlobalNetworkSetDTO(gns))
+	}
+	return gnsDTOs
+}
+
 func ToGlobalNetworkSetDTO(gns *entity.GlobalNetworkSet) *dto.GlobalNetworkSet {
 	if gns == nil {
 		return nil