1
// Copyright 2013 Joyent Inc.
2
// Licensed under the AGPLv3, see LICENCE file for details.
10
"github.com/joyent/gosdc/cloudapi"
12
"github.com/juju/juju/environs/config"
13
"github.com/juju/juju/network"
17
firewallRuleVm = "FROM tag %s TO vm %s ALLOW %s %s"
20
// Helper method to create a firewall rule string for the given machine Id and port
21
func createFirewallRuleVm(envName string, machineId string, portRange network.PortRange) string {
23
for p := portRange.FromPort; p <= portRange.ToPort; p++ {
24
ports = append(ports, fmt.Sprintf("PORT %d", p))
28
portList = fmt.Sprintf("( %s )", strings.Join(ports, " AND "))
29
} else if len(ports) == 1 {
32
return fmt.Sprintf(firewallRuleVm, envName, machineId, strings.ToLower(portRange.Protocol), portList)
35
func (inst *joyentInstance) OpenPorts(machineId string, ports []network.PortRange) error {
36
if inst.env.Config().FirewallMode() != config.FwInstance {
37
return fmt.Errorf("invalid firewall mode %q for opening ports on instance", inst.env.Config().FirewallMode())
40
fwRules, err := inst.env.compute.cloudapi.ListFirewallRules()
42
return fmt.Errorf("cannot get firewall rules: %v", err)
45
machineId = string(inst.Id())
46
for _, p := range ports {
47
rule := createFirewallRuleVm(inst.env.Config().Name(), machineId, p)
48
if e, id := ruleExists(fwRules, rule); e {
49
_, err := inst.env.compute.cloudapi.EnableFirewallRule(id)
51
return fmt.Errorf("couldn't enable rule %s: %v", rule, err)
54
_, err := inst.env.compute.cloudapi.CreateFirewallRule(cloudapi.CreateFwRuleOpts{
59
return fmt.Errorf("couldn't create rule %s: %v", rule, err)
64
logger.Infof("ports %v opened for instance %q", ports, machineId)
69
func (inst *joyentInstance) ClosePorts(machineId string, ports []network.PortRange) error {
70
if inst.env.Config().FirewallMode() != config.FwInstance {
71
return fmt.Errorf("invalid firewall mode %q for closing ports on instance", inst.env.Config().FirewallMode())
74
fwRules, err := inst.env.compute.cloudapi.ListFirewallRules()
76
return fmt.Errorf("cannot get firewall rules: %v", err)
79
machineId = string(inst.Id())
80
for _, p := range ports {
81
rule := createFirewallRuleVm(inst.env.Config().Name(), machineId, p)
82
if e, id := ruleExists(fwRules, rule); e {
83
_, err := inst.env.compute.cloudapi.DisableFirewallRule(id)
85
return fmt.Errorf("couldn't disable rule %s: %v", rule, err)
88
_, err := inst.env.compute.cloudapi.CreateFirewallRule(cloudapi.CreateFwRuleOpts{
93
return fmt.Errorf("couldn't create rule %s: %v", rule, err)
98
logger.Infof("ports %v closed for instance %q", ports, machineId)
103
func (inst *joyentInstance) Ports(machineId string) ([]network.PortRange, error) {
104
if inst.env.Config().FirewallMode() != config.FwInstance {
105
return nil, fmt.Errorf("invalid firewall mode %q for retrieving ports from instance", inst.env.Config().FirewallMode())
108
machineId = string(inst.Id())
109
fwRules, err := inst.env.compute.cloudapi.ListMachineFirewallRules(machineId)
111
return nil, fmt.Errorf("cannot get firewall rules: %v", err)
114
return getPorts(inst.env.Config().Name(), fwRules), nil