Merge pull request #157 from cloudfoundry-community/features/implement-security-groups-in-v3-api

antechrestos · web-flow · commit 478a26231aff · 2022-01-01T16:20:20.000+01:00
Implement security groups in V3 api
diff --git a/README.rst b/README.rst
@@ -244,6 +244,7 @@ Available managers on API V3 are:
 - ``organizations``
 - ``organization_quotas``
 - ``processes``
+- ``security_groups``
 - ``service_brokers``
 - ``service_credential_bindings``
 - ``service_instances``
diff --git a/main/cloudfoundry_client/client.py b/main/cloudfoundry_client/client.py
@@ -32,6 +32,7 @@
 from cloudfoundry_client.v3.organization_quotas import OrganizationQuotaManager
 from cloudfoundry_client.v3.processes import ProcessManager
 from cloudfoundry_client.v3.organizations import OrganizationManager
+from cloudfoundry_client.v3.security_groups import SecurityGroupManager
 from cloudfoundry_client.v3.service_brokers import ServiceBrokerManager
 from cloudfoundry_client.v3.service_credential_bindings import ServiceCredentialBindingManager
 from cloudfoundry_client.v3.service_instances import ServiceInstanceManager
@@ -105,6 +106,7 @@ def __init__(self, target_endpoint: str, credential_manager: "CloudFoundryClient
         self.organizations = OrganizationManager(target_endpoint, credential_manager)
         self.organization_quotas = OrganizationQuotaManager(target_endpoint, credential_manager)
         self.processes = ProcessManager(target_endpoint, credential_manager)
+        self.security_groups = SecurityGroupManager(target_endpoint, credential_manager)
         self.service_brokers = ServiceBrokerManager(target_endpoint, credential_manager)
         self.service_credential_bindings = ServiceCredentialBindingManager(target_endpoint, credential_manager)
         self.service_instances = ServiceInstanceManager(target_endpoint, credential_manager)
diff --git a/main/cloudfoundry_client/v3/security_groups.py b/main/cloudfoundry_client/v3/security_groups.py
@@ -0,0 +1,115 @@
+from dataclasses import dataclass, asdict
+from enum import Enum, auto
+from typing import TYPE_CHECKING, Optional, List
+
+from cloudfoundry_client.v3.entities import EntityManager, ToManyRelationship, Entity, ToOneRelationship
+
+if TYPE_CHECKING:
+    from cloudfoundry_client.client import CloudFoundryClient
+
+
+class RuleProtocol(Enum):
+    TCP = auto()
+    UDP = auto()
+    ICMP = auto()
+    ALL = auto()
+
+    def __repr__(self):
+        return '%s' % self.name.lower()
+
+
+@dataclass
+class Rule:
+    protocol: RuleProtocol
+    destination: str
+    ports: Optional[str] = None
+    type: Optional[int] = None
+    code: Optional[int] = None
+    description: Optional[str] = None
+    log: Optional[bool] = None
+
+
+@dataclass
+class GloballyEnabled:
+    running: Optional[bool] = None
+    staging: Optional[bool] = None
+
+
+class SecurityGroupManager(EntityManager):
+    def __init__(self, target_endpoint: str, client: "CloudFoundryClient"):
+        super(SecurityGroupManager, self).__init__(target_endpoint, client, "/v3/security_groups")
+
+    def create(self,
+               name: str,
+               rules: Optional[List[Rule]] = None,
+               globally_enabled: Optional[GloballyEnabled] = None,
+               staging_spaces: Optional[ToManyRelationship] = None,
+               running_spaces: Optional[ToManyRelationship] = None) -> Entity:
+        payload = self._generate_payload(name, rules, globally_enabled, staging_spaces, running_spaces)
+        return super()._create(payload)
+
+    def update(self,
+               security_group_id: str,
+               name: Optional[str] = None,
+               rules: Optional[List[Rule]] = None,
+               globally_enabled: Optional[GloballyEnabled] = None,
+               staging_spaces: Optional[ToManyRelationship] = None,
+               running_spaces: Optional[ToManyRelationship] = None) -> Entity:
+        payload = self._generate_payload(name, rules, globally_enabled, staging_spaces, running_spaces)
+        return super()._update(security_group_id, payload)
+
+    def remove(self, security_group_id: str):
+        return super()._remove(security_group_id)
+
+    def bind_running_security_group_to_spaces(self, security_group_id: str, space_guids: ToManyRelationship) \
+            -> ToManyRelationship:
+        relationship = "running_spaces"
+        return self._bind_spaces(security_group_id, space_guids, relationship)
+
+    def bind_staging_security_group_to_spaces(self, security_group_id: str, space_guids: ToManyRelationship) \
+            -> ToManyRelationship:
+        relationship = "staging_spaces"
+        return self._bind_spaces(security_group_id, space_guids, relationship)
+
+    def unbind_running_security_group_from_space(self, security_group_id: str, space_guid: ToOneRelationship):
+        relationship = "running_spaces"
+        return self._unbind_space(security_group_id, space_guid, relationship)
+
+    def unbind_staging_security_group_from_space(self, security_group_id: str, space_guid: ToOneRelationship):
+        relationship = "staging_spaces"
+        return self._unbind_space(security_group_id, space_guid, relationship)
+
+    def _bind_spaces(self, security_group_id: str, space_guids: ToManyRelationship, relationship: str) \
+            -> ToManyRelationship:
+        url = "%s%s/%s/relationships/%s" % (self.target_endpoint, self.entity_uri, security_group_id, relationship)
+        return ToManyRelationship.from_json_object(super()._post(url, space_guids))
+
+    def _unbind_space(self, security_group_id: str, space_guid: ToOneRelationship, relationship: str):
+        url = "%s%s/%s/relationships/%s/%s" \
+              % (self.target_endpoint, self.entity_uri, security_group_id, relationship, space_guid.guid)
+        super()._delete(url)
+
+    @staticmethod
+    def _generate_payload(name: Optional[str],
+                          rules: Optional[List[Rule]],
+                          globally_enabled: Optional[GloballyEnabled],
+                          staging_spaces: Optional[ToManyRelationship],
+                          running_spaces: Optional[ToManyRelationship]):
+        payload = {}
+        if name:
+            payload["name"] = name
+        if rules:
+            payload["rules"] = [asdict(rule, dict_factory=lambda x: {k: repr(v) if k == "protocol" else v
+                                                                     for (k, v) in x if v is not None})
+                                for rule in rules]
+        if globally_enabled:
+            payload["globally_enabled"] = asdict(globally_enabled,
+                                                 dict_factory=lambda x: {k: v for (k, v) in x if v is not None})
+        relationships = dict()
+        if staging_spaces:
+            relationships["staging_spaces"] = staging_spaces
+        if running_spaces:
+            relationships["running_spaces"] = running_spaces
+        if len(relationships) > 0:
+            payload["relationships"] = relationships
+        return payload
diff --git a/test/fixtures/v3/security_groups/GET_response.json b/test/fixtures/v3/security_groups/GET_response.json
@@ -0,0 +1,84 @@
+{
+  "pagination": {
+    "total_results": 1,
+    "total_pages": 1,
+    "first": {
+      "href": "https://api.example.org/v3/security_groups?page=1&per_page=50"
+    },
+    "last": {
+      "href": "https://api.example.org/v3/security_groups?page=1&per_page=50"
+    },
+    "next": null,
+    "previous": null
+  },
+  "resources": [
+    {
+      "guid": "b85a788e-671f-4549-814d-e34cdb2f539a",
+      "created_at": "2020-02-20T17:42:08Z",
+      "updated_at": "2020-02-20T17:42:08Z",
+      "name": "my-group0",
+      "globally_enabled": {
+        "running": true,
+        "staging": false
+      },
+      "rules": [
+        {
+          "protocol": "tcp",
+          "destination": "10.10.10.0/24",
+          "ports": "443,80,8080"
+        },
+        {
+          "protocol": "icmp",
+          "destination": "10.10.10.0/24",
+          "type": 8,
+          "code": 0,
+          "description": "Allow ping requests to private services"
+        }
+      ],
+      "relationships": {
+        "staging_spaces": {
+          "data": [
+            {
+              "guid": "space-guid-1"
+            },
+            {
+              "guid": "space-guid-2"
+            }
+          ]
+        },
+        "running_spaces": {
+          "data": []
+        }
+      },
+      "links": {
+        "self": {
+          "href": "https://api.example.org/v3/security_groups/b85a788e-671f-4549-814d-e34cdb2f539a"
+        }
+      }
+    },
+    {
+      "guid": "a89a788e-671f-4549-814d-e34c1b2f533a",
+      "created_at": "2020-02-20T17:42:08Z",
+      "updated_at": "2020-02-20T17:42:08Z",
+      "name": "my-group1",
+      "globally_enabled": {
+        "running": true,
+        "staging": true
+      },
+      "rules": [],
+      "relationships": {
+        "staging_spaces": {
+          "data": []
+        },
+        "running_spaces": {
+          "data": []
+        }
+      },
+      "links": {
+        "self": {
+          "href": "https://api.example.org/v3/security_groups/a89a788e-671f-4549-814d-e34c1b2f533a"
+        }
+      }
+    }
+  ]
+}
diff --git a/test/fixtures/v3/security_groups/GET_{id}_response.json b/test/fixtures/v3/security_groups/GET_{id}_response.json
@@ -0,0 +1,44 @@
+{
+  "guid": "b85a788e-671f-4549-814d-e34cdb2f539a",
+  "created_at": "2020-02-20T17:42:08Z",
+  "updated_at": "2020-02-20T17:42:08Z",
+  "name": "my-group0",
+  "globally_enabled": {
+    "running": true,
+    "staging": false
+  },
+  "rules": [
+    {
+      "protocol": "tcp",
+      "destination": "10.10.10.0/24",
+      "ports": "443,80,8080"
+    },
+    {
+      "protocol": "icmp",
+      "destination": "10.10.10.0/24",
+      "type": 8,
+      "code": 0,
+      "description": "Allow ping requests to private services"
+    }
+  ],
+  "relationships": {
+    "staging_spaces": {
+      "data": [
+        {
+          "guid": "space-guid-1"
+        },
+        {
+          "guid": "space-guid-2"
+        }
+      ]
+    },
+    "running_spaces": {
+      "data": []
+    }
+  },
+  "links": {
+    "self": {
+      "href": "https://api.example.org/v3/security_groups/b85a788e-671f-4549-814d-e34cdb2f539a"
+    }
+  }
+}
diff --git a/test/fixtures/v3/security_groups/PATCH_{id}_response.json b/test/fixtures/v3/security_groups/PATCH_{id}_response.json
@@ -0,0 +1,44 @@
+{
+  "guid": "b85a788e-671f-4549-814d-e34cdb2f539a",
+  "created_at": "2020-02-20T17:42:08Z",
+  "updated_at": "2020-02-20T17:42:08Z",
+  "name": "my-group0",
+  "globally_enabled": {
+    "running": true,
+    "staging": false
+  },
+  "rules": [
+    {
+      "protocol": "tcp",
+      "destination": "10.10.10.0/24",
+      "ports": "443,80,8080"
+    },
+    {
+      "protocol": "icmp",
+      "destination": "10.10.10.0/24",
+      "type": 8,
+      "code": 0,
+      "description": "Allow ping requests to private services"
+    }
+  ],
+  "relationships": {
+    "staging_spaces": {
+      "data": [
+        {
+          "guid": "space-guid-1"
+        },
+        {
+          "guid": "space-guid-2"
+        }
+      ]
+    },
+    "running_spaces": {
+      "data": []
+    }
+  },
+  "links": {
+    "self": {
+      "href": "https://api.example.org/v3/security_groups/b85a788e-671f-4549-814d-e34cdb2f539a"
+    }
+  }
+}
diff --git a/test/fixtures/v3/security_groups/POST_response.json b/test/fixtures/v3/security_groups/POST_response.json
@@ -0,0 +1,44 @@
+{
+  "guid": "b85a788e-671f-4549-814d-e34cdb2f539a",
+  "created_at": "2020-02-20T17:42:08Z",
+  "updated_at": "2020-02-20T17:42:08Z",
+  "name": "my-group0",
+  "globally_enabled": {
+    "running": true,
+    "staging": false
+  },
+  "rules": [
+    {
+      "protocol": "tcp",
+      "destination": "10.10.10.0/24",
+      "ports": "443,80,8080"
+    },
+    {
+      "protocol": "icmp",
+      "destination": "10.10.10.0/24",
+      "type": 8,
+      "code": 0,
+      "description": "Allow ping requests to private services"
+    }
+  ],
+  "relationships": {
+    "staging_spaces": {
+      "data": [
+        {
+          "guid": "space-guid-1"
+        },
+        {
+          "guid": "space-guid-2"
+        }
+      ]
+    },
+    "running_spaces": {
+      "data": []
+    }
+  },
+  "links": {
+    "self": {
+      "href": "https://api.example.org/v3/security_groups/b85a788e-671f-4549-814d-e34cdb2f539a"
+    }
+  }
+}
diff --git a/test/fixtures/v3/security_groups/POST_{id}_relationships_running_spaces_response.json b/test/fixtures/v3/security_groups/POST_{id}_relationships_running_spaces_response.json
@@ -0,0 +1,18 @@
+{
+  "data": [
+    {
+      "guid": "space-guid1"
+    },
+    {
+      "guid": "space-guid2"
+    },
+    {
+      "guid": "previous-space-guid"
+    }
+  ],
+  "links": {
+    "self": {
+      "href": "https://api.example.org/v3/security_groups/b85a788e-671f-4549-814d-e34cdb2f539a/relationships/running_spaces"
+    }
+  }
+}
diff --git a/test/fixtures/v3/security_groups/POST_{id}_relationships_staging_spaces_response.json b/test/fixtures/v3/security_groups/POST_{id}_relationships_staging_spaces_response.json
diff --git a/test/v3/test_security_groups.py b/test/v3/test_security_groups.py
