From 9805341dceaf483988b3ec798169396080059fb3 Mon Sep 17 00:00:00 2001 From: mjethwa-msft Date: Thu, 16 Mar 2023 14:13:24 -0700 Subject: [PATCH 01/18] Initial skeleton for NSG support --- pkg/client/network.go | 10 + services/network/network.go | 6 +- .../network/networksecuritygroup/client.go | 49 +++ services/network/networksecuritygroup/wssd.go | 317 ++++++++++++++++++ 4 files changed, 381 insertions(+), 1 deletion(-) create mode 100644 services/network/networksecuritygroup/client.go create mode 100644 services/network/networksecuritygroup/wssd.go diff --git a/pkg/client/network.go b/pkg/client/network.go index 3833fc7c9..9df83d6c4 100644 --- a/pkg/client/network.go +++ b/pkg/client/network.go @@ -59,3 +59,13 @@ func GetMacPoolClient(serverAddress *string, authorizer auth.Authorizer) (networ return network_pb.NewMacPoolAgentClient(conn), nil } + +// GetNetworkSecurityGroupClient returns the NetworkSecurityGroup client to communicate with the wssd agent +func GetNetworkSecurityGroupClient(serverAddress *string, authorizer auth.Authorizer) (network_pb.NetworkSecurityGroupAgentClient, error) { + conn, err := getClientConnection(serverAddress, authorizer) + if err != nil { + log.Fatalf("Unable to get NetworkSecurityGroupAgentClient. Failed to dial: %v", err) + } + + return network_pb.NewNetworkSecurityGroupAgentClient(conn), nil +} diff --git a/services/network/network.go b/services/network/network.go index 9eecf39d2..8463d28c6 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -16,6 +16,10 @@ const ( TransportProtocolTCP TransportProtocol = "Tcp" // TransportProtocolUDP TransportProtocolUDP TransportProtocol = "Udp" + // TransportProtocolICMPv4 + TransportProtocolICMPv4 TransportProtocol = "Icmpv4" + // TransportProtocolICMPv6 + TransportProtocolICMPv6 TransportProtocol = "Icmpv6" ) // SubResource reference to another subresource. @@ -796,7 +800,7 @@ type SecurityRulePropertiesFormat struct { // Access - The network traffic is allowed or denied. Possible values include: 'SecurityRuleAccessAllow', 'SecurityRuleAccessDeny' Access SecurityRuleAccess `json:"access,omitempty"` // Priority - The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. - Priority *int32 `json:"priority,omitempty"` + Priority *uint32 `json:"priority,omitempty"` // Direction - The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values include: 'SecurityRuleDirectionInbound', 'SecurityRuleDirectionOutbound' Direction SecurityRuleDirection `json:"direction,omitempty"` // ProvisioningState - The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. diff --git a/services/network/networksecuritygroup/client.go b/services/network/networksecuritygroup/client.go new file mode 100644 index 000000000..53f2edb05 --- /dev/null +++ b/services/network/networksecuritygroup/client.go @@ -0,0 +1,49 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the Apache v2.0 License. + +package networksecuritygroup + +import ( + "context" + + "github.com/microsoft/moc-sdk-for-go/services/network" + "github.com/microsoft/moc/pkg/auth" +) + +// Service interface +type Service interface { + Get(context.Context, string, string) (*[]network.SecurityGroup, error) + CreateOrUpdate(context.Context, string, string, *network.SecurityGroup) (*network.SecurityGroup, error) + Delete(context.Context, string, string) error +} + +// NetworkSecurityGroupAgentClient structure +type NetworkSecurityGroupAgentClient struct { + network.BaseClient + internal Service +} + +// NewLoadBalancerClient method returns new client +func NewSecurityGroupClient(cloudFQDN string, authorizer auth.Authorizer) (*NetworkSecurityGroupAgentClient, error) { + c, err := newNetworkSecurityGroupClient(cloudFQDN, authorizer) + if err != nil { + return nil, err + } + + return &NetworkSecurityGroupAgentClient{internal: c}, nil +} + +// Get methods invokes the client Get method +func (c *NetworkSecurityGroupAgentClient) Get(ctx context.Context, group, name string) (*[]network.SecurityGroup, error) { + return c.internal.Get(ctx, group, name) +} + +// Ensure methods invokes create or update on the client +func (c *NetworkSecurityGroupAgentClient) CreateOrUpdate(ctx context.Context, group, name string, nsg *network.SecurityGroup) (*network.SecurityGroup, error) { + return c.internal.CreateOrUpdate(ctx, group, name, nsg) +} + +// Delete methods invokes delete of the network resource +func (c *NetworkSecurityGroupAgentClient) Delete(ctx context.Context, group, name string) error { + return c.internal.Delete(ctx, group, name) +} diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go new file mode 100644 index 000000000..96f6a8ec8 --- /dev/null +++ b/services/network/networksecuritygroup/wssd.go @@ -0,0 +1,317 @@ +// Copyright (c) Microsoft Corporation. All rights reserved. +// Licensed under the Apache v2.0 License. + +package networksecuritygroup + +import ( + "context" + "fmt" + "strings" + + wssdcloudclient "github.com/microsoft/moc-sdk-for-go/pkg/client" + "github.com/microsoft/moc-sdk-for-go/services/network" + "github.com/microsoft/moc/pkg/auth" + "github.com/microsoft/moc/pkg/errors" + "github.com/microsoft/moc/pkg/status" + "github.com/microsoft/moc/pkg/tags" + wssdcloudnetwork "github.com/microsoft/moc/rpc/cloudagent/network" + wssdcloudcommon "github.com/microsoft/moc/rpc/common" +) + +type client struct { + wssdcloudnetwork.NetworkSecurityGroupAgentClient +} + +// newClient - creates a client session with the backend wssdcloud agent +func newNetworkSecurityGroupClient(subID string, authorizer auth.Authorizer) (*client, error) { + c, err := wssdcloudclient.GetNetworkSecurityGroupClient(&subID, authorizer) + if err != nil { + return nil, err + } + return &client{c}, nil +} + +// Get network security groups by name. If name is nil, get all network security groups +func (c *client) Get(ctx context.Context, group, name string) (*[]network.SecurityGroup, error) { + + request, err := c.getNetworkSecurityGroupRequestByName(wssdcloudcommon.Operation_GET, group, name) + if err != nil { + return nil, err + } + + response, err := c.NetworkSecurityGroupAgentClient.Invoke(ctx, request) + if err != nil { + return nil, err + } + nsgs, err := c.getNetworkSecurityGroupsFromResponse(response) + if err != nil { + return nil, err + } + + return nsgs, nil + +} + +// CreateOrUpdate creates a network security group if it does not exist, or updates an existing network security group +func (c *client) CreateOrUpdate(ctx context.Context, group, name string, inputNSG *network.SecurityGroup) (*network.SecurityGroup, error) { + + if inputNSG == nil || inputNSG.SecurityGroupPropertiesFormat == nil { + return nil, errors.Wrapf(errors.InvalidConfiguration, "Missing Network Security Group Properties") + } + + request, err := c.getNetworkSecurityGroupRequest(wssdcloudcommon.Operation_POST, group, name, inputNSG) + if err != nil { + return nil, err + } + response, err := c.NetworkSecurityGroupAgentClient.Invoke(ctx, request) + if err != nil { + return nil, err + } + nsgs, err := c.getNetworkSecurityGroupsFromResponse(response) + if err != nil { + return nil, err + } + + return &(*nsgs)[0], nil +} + +// Delete a network security group +func (c *client) Delete(ctx context.Context, group, name string) error { + nsgs, err := c.Get(ctx, group, name) + if err != nil { + return err + } + if len(*nsgs) == 0 { + return fmt.Errorf("Network Security Group [%s] not found", name) + } + + request, err := c.getNetworkSecurityGroupRequest(wssdcloudcommon.Operation_DELETE, group, name, &(*nsgs)[0]) + if err != nil { + return err + } + _, err = c.NetworkSecurityGroupAgentClient.Invoke(ctx, request) + + if err != nil { + return err + } + + return err +} + +func (c *client) getNetworkSecurityGroupRequestByName(opType wssdcloudcommon.Operation, group, name string) (*wssdcloudnetwork.NetworkSecurityGroupRequest, error) { + networkNSG := network.SecurityGroup{ + Name: &name, + } + return c.getNetworkSecurityGroupRequest(opType, group, name, &networkNSG) +} + +// getNetworkSecurityGroupRequest converts our internal representation of a network security group (network.SecurityGroup) into a protobuf request (wssdcloudnetwork.NetworkSecurityGroupRequest) that can be sent to wssdcloudagent +func (c *client) getNetworkSecurityGroupRequest(opType wssdcloudcommon.Operation, group, name string, networkNSG *network.SecurityGroup) (*wssdcloudnetwork.NetworkSecurityGroupRequest, error) { + + if networkNSG == nil { + return nil, errors.InvalidInput + } + + request := &wssdcloudnetwork.NetworkSecurityGroupRequest{ + OperationType: opType, + NetworkSecurityGroups: []*wssdcloudnetwork.NetworkSecurityGroup{}, + } + var err error + + wssdCloudNSG, err := getWssdNetworkSecurityGroup(networkNSG, group) + if err != nil { + return nil, err + } + + request.NetworkSecurityGroups = append(request.NetworkSecurityGroups, wssdCloudNSG) + return request, nil +} + +// getNetworkSecurityGroupsFromResponse converts a protobuf response from wssdcloudagent (wssdcloudnetwork.NetworkSecurityGroupResponse) to out internal representation of a network security group (network.SecurityGroup) +func (c *client) getNetworkSecurityGroupsFromResponse(response *wssdcloudnetwork.NetworkSecurityGroupResponse) (*[]network.SecurityGroup, error) { + networkdNSGs := []network.SecurityGroup{} + + for _, wssdCloudNSG := range response.GetNetworkSecurityGroups() { + networkNSG, err := getNetworkSecurityGroup(wssdCloudNSG) + if err != nil { + return nil, err + } + + networkdNSGs = append(networkdNSGs, *networkNSG) + } + + return &networkdNSGs, nil +} + +// getWssdNetworkSecurityGroup converts our internal representation of a networksecuritygroup (network.SecurityGroup) to the cloud network security group protobuf used by wssdcloudagent (wssdnetwork.NetworkSecurityGroup) +func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string) (wssdCloudNSG *wssdcloudnetwork.NetworkSecurityGroup, err error) { + + if len(group) == 0 { + return nil, errors.Wrapf(errors.InvalidGroup, "Group not specified") + } + + if networkNSG.Name == nil { + return nil, errors.Wrapf(errors.InvalidConfiguration, "Missing Name for Network Security Group") + } + + wssdCloudNSG = &wssdcloudnetwork.NetworkSecurityGroup{ + Name: *networkNSG.Name, + GroupName: group, + } + + if networkNSG.Location != nil { + wssdCloudNSG.LocationName = *networkNSG.Location + } + + if networkNSG.Tags != nil { + wssdCloudNSG.Tags = tags.MapToProto(networkNSG.Tags) + } + + if networkNSG.SecurityGroupPropertiesFormat != nil { + nsgRules, err := getWssdNetworkSecurityGroupRules(networkNSG.SecurityRules) + if err != nil { + return nil, err + } + wssdCloudNSG.Networksecuritygrouprules = nsgRules + } + + return wssdCloudNSG, nil +} + +// getWssdNetworkSecurityGroupRules converts our internal representation of a networksecuritygroup rule (network.SecurityRule) to the cloud network security group rule protobuf used by wssdcloudagent (wssdnetwork.NetworkSecurityGroupRule) +func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (wssdNSGRules []*wssdcloudnetwork.NetworkSecurityGroupRule, err error) { + if securityRules == nil || len(*securityRules) <= 0 { + return + } + + for _, rule := range *securityRules { + if rule.SecurityRulePropertiesFormat == nil { + continue + } + + wssdCloudNSGRule := &wssdcloudnetwork.NetworkSecurityGroupRule{} + + if rule.Name == nil { + return nil, errors.Wrapf(errors.InvalidInput, "Network Security Rule name not specified") + } + wssdCloudNSGRule.Name = *rule.Name + + if rule.Description != nil { + wssdCloudNSGRule.Description = *rule.Description + } + + if strings.EqualFold(string(rule.Protocol), string(network.SecurityRuleProtocolAsterisk)) { + wssdCloudNSGRule.Protocol = wssdcloudcommon.Protocol_All + } else if strings.EqualFold(string(rule.Protocol), string(network.SecurityRuleProtocolTCP)) { + wssdCloudNSGRule.Protocol = wssdcloudcommon.Protocol_Tcp + } else if strings.EqualFold(string(rule.Protocol), string(network.SecurityRuleProtocolUDP)) { + wssdCloudNSGRule.Protocol = wssdcloudcommon.Protocol_Udp + } else { + return nil, errors.Wrapf(errors.InvalidInput, "Unknown Protocol %s specified", rule.Protocol) + } + + if rule.SourceAddressPrefix != nil { + wssdCloudNSGRule.SourceAddressPrefix = *rule.SourceAddressPrefix + } + + if rule.DestinationAddressPrefix != nil { + wssdCloudNSGRule.DestinationAddressPrefix = *rule.DestinationAddressPrefix + } + + if rule.SourcePortRange != nil { + wssdCloudNSGRule.SourcePortRange = *rule.SourcePortRange + } + + if rule.DestinationPortRange != nil { + wssdCloudNSGRule.DestinationPortRange = *rule.DestinationPortRange + } + + if strings.EqualFold(string(rule.Access), string(network.SecurityRuleAccessAllow)) { + wssdCloudNSGRule.Action = wssdcloudnetwork.Action_Allow + } else if strings.EqualFold(string(rule.Access), string(network.SecurityRuleAccessDeny)) { + wssdCloudNSGRule.Action = wssdcloudnetwork.Action_Deny + } else { + return nil, errors.Wrapf(errors.InvalidInput, "Unknown Access %s specified", rule.Access) + } + + if strings.EqualFold(string(rule.Direction), string(network.SecurityRuleDirectionInbound)) { + wssdCloudNSGRule.Direction = wssdcloudnetwork.Direction_Inbound + } else if strings.EqualFold(string(rule.Direction), string(network.SecurityRuleDirectionOutbound)) { + wssdCloudNSGRule.Direction = wssdcloudnetwork.Direction_Outbound + } else { + return nil, errors.Wrapf(errors.InvalidInput, "Unknown Direction %s specified", rule.Access) + } + + if rule.Priority != nil && isValidPriority(*rule.Priority) { + wssdCloudNSGRule.Priority = uint32(*rule.Priority) + } else { + wssdCloudNSGRule.Priority = 4096 // TODO: what should be the default value? + } + + wssdNSGRules = append(wssdNSGRules, wssdCloudNSGRule) + } + return +} + +func isValidPriority(priority uint32) bool { + return priority >= 100 && priority <= 4096 +} + +// getNetworkSecurityGroup converts the cloud network security group protobuf returned from wssdcloudagent (wssdcloudnetwork.NetworkSecurityGroup) to our internal representation of a networksecuritygroup (network.SecurityGroup) +func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (networkNSG *network.SecurityGroup, err error) { + networkNSG = &network.SecurityGroup{ + Name: &wssdNSG.Name, + Location: &wssdNSG.LocationName, + ID: &wssdNSG.Id, + SecurityGroupPropertiesFormat: &network.SecurityGroupPropertiesFormat{ + Statuses: status.GetStatuses(wssdNSG.GetStatus()), + }, + } + + if len(wssdNSG.Networksecuritygrouprules) > 0 { + networkNSGRules := []network.SecurityRule{} + + for _, rule := range wssdNSG.Networksecuritygrouprules { + name := rule.Name + description := rule.Description + protocol := network.SecurityRuleProtocolAsterisk + action := network.SecurityRuleAccessDeny + priority := uint32(rule.GetPriority()) + + if rule.Protocol == wssdcloudcommon.Protocol_All { + protocol = network.SecurityRuleProtocolAsterisk + } else if rule.Protocol == wssdcloudcommon.Protocol_Tcp { + protocol = network.SecurityRuleProtocolTCP + } else if rule.Protocol == wssdcloudcommon.Protocol_Udp { + protocol = network.SecurityRuleProtocolUDP + } else { + return nil, errors.Wrapf(errors.InvalidInput, "Unknown Protocol %s specified", rule.Protocol) + } + + if rule.Action == wssdcloudnetwork.Action_Allow { + action = network.SecurityRuleAccessAllow + } else if rule.Action == wssdcloudnetwork.Action_Deny { + action = network.SecurityRuleAccessDeny + } else { + return nil, errors.Wrapf(errors.InvalidInput, "Unknown Access %s specified", rule.Action) + } + + networkNSGRules = append(networkNSGRules, network.SecurityRule{ + Name: &name, + SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{ + Description: &description, + Protocol: protocol, + SourceAddressPrefix: &rule.SourceAddressPrefix, + DestinationAddressPrefix: &rule.DestinationAddressPrefix, + SourcePortRange: &rule.SourcePortRange, + DestinationPortRange: &rule.DestinationPortRange, + Access: action, + Priority: &priority, + }, + }) + } + networkNSG.SecurityGroupPropertiesFormat.SecurityRules = &networkNSGRules + } + + return networkNSG, nil +} From 7f68b01f32351b5132ef5eb130daadb9a607b958 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Thu, 12 Oct 2023 12:12:11 -0700 Subject: [PATCH 02/18] resolve build problem, push to share code --- go.mod | 1 + go.sum | 2 -- services/network/networksecuritygroup/client.go | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c7cf6bcc7..165cca25d 100644 --- a/go.mod +++ b/go.mod @@ -25,6 +25,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 + github.com/microsoft/moc => ../moc github.com/miekg/dns => github.com/miekg/dns v1.1.25 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c golang.org/x/sys => golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24 diff --git a/go.sum b/go.sum index b41aadaaa..6a683c24a 100644 --- a/go.sum +++ b/go.sum @@ -579,8 +579,6 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= -github.com/microsoft/moc v0.11.0-alpha.29 h1:SXqPMIXXdYlM5o3qlLU/cUf5kTByg/n8VWMMJ+Ls2bM= -github.com/microsoft/moc v0.11.0-alpha.29/go.mod h1:EuYNwYdC667rnJSYcLcLHKTuQURy9GLm7n+SMDhK6ps= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= diff --git a/services/network/networksecuritygroup/client.go b/services/network/networksecuritygroup/client.go index 53f2edb05..c2c518b53 100644 --- a/services/network/networksecuritygroup/client.go +++ b/services/network/networksecuritygroup/client.go @@ -23,7 +23,7 @@ type NetworkSecurityGroupAgentClient struct { internal Service } -// NewLoadBalancerClient method returns new client +// NeNetworkSecurityGroupClient method returns new client func NewSecurityGroupClient(cloudFQDN string, authorizer auth.Authorizer) (*NetworkSecurityGroupAgentClient, error) { c, err := newNetworkSecurityGroupClient(cloudFQDN, authorizer) if err != nil { From 1a795dc313b4a5d059337ffcdc77cef6216ff04a Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Wed, 25 Oct 2023 10:59:00 -0700 Subject: [PATCH 03/18] push for testing --- services/network/network.go | 2 +- services/network/networksecuritygroup/wssd.go | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/services/network/network.go b/services/network/network.go index 8463d28c6..b1609926a 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -835,7 +835,7 @@ type SecurityGroupPropertiesFormat struct { Subnets *[]Subnet `json:"subnets,omitempty"` // ResourceGUID - The resource GUID property of the network security group resource. ResourceGUID *string `json:"resourceGuid,omitempty"` - // ProvisioningState - The provisioning state of the public IP resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. + // ProvisioningState - The provisioning state of the network security group resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. ProvisioningState *string `json:"provisioningState,omitempty"` // State - State Statuses map[string]*string `json:"statuses"` diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 96f6a8ec8..07e0f3986 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -276,6 +276,7 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne description := rule.Description protocol := network.SecurityRuleProtocolAsterisk action := network.SecurityRuleAccessDeny + direction := network.SecurityRuleDirectionInbound priority := uint32(rule.GetPriority()) if rule.Protocol == wssdcloudcommon.Protocol_All { @@ -296,6 +297,14 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne return nil, errors.Wrapf(errors.InvalidInput, "Unknown Access %s specified", rule.Action) } + if rule.Direction == wssdcloudnetwork.Direction_Inbound { + direction = network.SecurityRuleDirectionInbound + } else if rule.Direction == wssdcloudnetwork.Direction_Outbound { + direction = network.SecurityRuleDirectionOutbound + } else { + return nil, errors.Wrapf(errors.InvalidInput, "Unknown Direction %s specified", rule.Direction) + } + networkNSGRules = append(networkNSGRules, network.SecurityRule{ Name: &name, SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{ @@ -306,6 +315,7 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne SourcePortRange: &rule.SourcePortRange, DestinationPortRange: &rule.DestinationPortRange, Access: action, + Direction: direction, Priority: &priority, }, }) From 59aedc977530c616753f7bf3aa562a64bb2beeec Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Mon, 11 Dec 2023 17:14:33 -0800 Subject: [PATCH 04/18] additional go mod changes --- go.mod | 1 + go.sum | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index abde80f98..258c4d5b7 100644 --- a/go.mod +++ b/go.mod @@ -17,6 +17,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/golang/protobuf v1.5.3 github.com/spf13/viper v1.17.0 + github.com/stretchr/testify v1.8.4 google.golang.org/protobuf v1.31.0 ) diff --git a/go.sum b/go.sum index e26294224..5fc129eb0 100644 --- a/go.sum +++ b/go.sum @@ -1120,8 +1120,6 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.11.0-alpha.35 h1:VoP7AYmNbGTdE+rKQKltlYGe6ShD8fMa8/D3r7+ciSc= -github.com/microsoft/moc v0.11.0-alpha.35/go.mod h1:EuYNwYdC667rnJSYcLcLHKTuQURy9GLm7n+SMDhK6ps= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= @@ -1636,7 +1634,6 @@ google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvx google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= @@ -1836,6 +1833,7 @@ google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3 google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/grpc v1.58.2 h1:SXUpjxeVF3FKrTYQI4f4KvbGD5u2xccdYdurwowix5I= google.golang.org/grpc v1.58.2/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= From d68a1869c6fccb2254458928f15d05c80c79da69 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Mon, 18 Dec 2023 23:36:21 -0800 Subject: [PATCH 05/18] add changes, basic functionality working --- services/network/network.go | 4 ++-- .../network/networkinterface/networkinterface.go | 14 +++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/services/network/network.go b/services/network/network.go index 0a8c4d03b..8c60856f8 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -693,6 +693,8 @@ type InterfaceIPConfigurationPropertiesFormat struct { ProvisioningState *string `json:"provisioningState,omitempty"` // State - State Statuses map[string]*string `json:"statuses"` + // NetworkSecurityGroup - The reference of the NetworkSecurityGroup resource. + NetworkSecurityGroup *SubResource `json:"networkSecurityGroup,omitempty"` } // InterfaceIPConfiguration iPConfiguration in a network interface. @@ -897,8 +899,6 @@ type PrivateEndpoint struct { type InterfacePropertiesFormat struct { // VirtualMachine - READ-ONLY; The reference of a virtual machine. VirtualMachine *SubResource `json:"virtualMachine,omitempty"` - // NetworkSecurityGroup - The reference of the NetworkSecurityGroup resource. - NetworkSecurityGroup *SecurityGroup `json:"networkSecurityGroup,omitempty"` // PrivateEndpoint - READ-ONLY; A reference to the private endpoint to which the network interface is linked. PrivateEndpoint *PrivateEndpoint `json:"privateEndpoint,omitempty"` // IPConfigurations - A list of IPConfigurations of the network interface. diff --git a/services/network/networkinterface/networkinterface.go b/services/network/networkinterface/networkinterface.go index 19fd488ca..887461d31 100644 --- a/services/network/networkinterface/networkinterface.go +++ b/services/network/networkinterface/networkinterface.go @@ -129,6 +129,9 @@ func getWssdNetworkInterfaceIPConfig(ipConfig *network.InterfaceIPConfiguration) if ipConfig.Primary != nil { wssdipconfig.Primary = *ipConfig.Primary } + if ipConfig.NetworkSecurityGroup != nil { + wssdipconfig.Networksecuritygroup = *ipConfig.NetworkSecurityGroup.ID + } ipAllocationMethodSdkToProtobuf(ipConfig, wssdipconfig) if ipConfig.LoadBalancerBackendAddressPools != nil { @@ -181,11 +184,12 @@ func getDns(dnssetting *network.InterfaceDNSSettings) *wssdcommonproto.Dns { func getNetworkIpConfig(wssdcloudipconfig *wssdcloudnetwork.IpConfiguration) *network.InterfaceIPConfiguration { ipconfig := &network.InterfaceIPConfiguration{ InterfaceIPConfigurationPropertiesFormat: &network.InterfaceIPConfigurationPropertiesFormat{ - PrivateIPAddress: &wssdcloudipconfig.Ipaddress, - Subnet: &network.APIEntityReference{ID: &wssdcloudipconfig.Subnetid}, - Gateway: &wssdcloudipconfig.Gateway, - PrefixLength: &wssdcloudipconfig.Prefixlength, - Primary: &wssdcloudipconfig.Primary, + PrivateIPAddress: &wssdcloudipconfig.Ipaddress, + Subnet: &network.APIEntityReference{ID: &wssdcloudipconfig.Subnetid}, + Gateway: &wssdcloudipconfig.Gateway, + PrefixLength: &wssdcloudipconfig.Prefixlength, + Primary: &wssdcloudipconfig.Primary, + NetworkSecurityGroup: &network.SubResource{ID: &wssdcloudipconfig.Networksecuritygroup}, }, } From ea6bc2d09df013ca3edcb54da310117d5d977a71 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Tue, 19 Dec 2023 14:10:43 -0800 Subject: [PATCH 06/18] update with commit in go.mod --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 258c4d5b7..415a6af39 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => ../moc + github.com/microsoft/moc => github.com/microsoft/moc v0.13.1-0.20231219183504-8b1bbeb640be github.com/miekg/dns => github.com/miekg/dns v1.1.25 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c golang.org/x/sys => golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24 diff --git a/go.sum b/go.sum index 5fc129eb0..6a76da01e 100644 --- a/go.sum +++ b/go.sum @@ -1120,6 +1120,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/microsoft/moc v0.13.1-0.20231219183504-8b1bbeb640be h1:3Xw+0uGjpwGSTGCCuvnTjyTDa48QvO1jVS2+yothFUc= +github.com/microsoft/moc v0.13.1-0.20231219183504-8b1bbeb640be/go.mod h1:BIbHgGMMD9lHAFfNkXtP8fLVdKyM6vIYaO4Bh+Jn2u8= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= From 4dbce9363b63a75f1f0ba9188f9fa0718c6391ad Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Thu, 15 Feb 2024 22:29:56 -0800 Subject: [PATCH 07/18] remove location and add rule duplicate name check --- go.mod | 2 +- go.sum | 4 +- services/network/network.go | 6 --- services/network/networksecuritygroup/wssd.go | 46 ++++++++++++++----- 4 files changed, 38 insertions(+), 20 deletions(-) diff --git a/go.mod b/go.mod index f81a0b79f..3963e05da 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.13.2-0.20240130005343-685bf78b1b82 + github.com/microsoft/moc => github.com/microsoft/moc v0.14.1-0.20240216061124-a8d4e1c35eee github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index fc17e8f25..08e0901bf 100644 --- a/go.sum +++ b/go.sum @@ -1506,8 +1506,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.13.2-0.20240130005343-685bf78b1b82 h1:TOhbFKM99lLwxG4/SWyRQgikXeDf8DzXPhUg5FoXkis= -github.com/microsoft/moc v0.13.2-0.20240130005343-685bf78b1b82/go.mod h1:gxGh50KXuHDJxp1cSlE6ORp2VbJ0+GI43LjjlGavDds= +github.com/microsoft/moc v0.14.1-0.20240216061124-a8d4e1c35eee h1:yLXL7jAL1t33KhGeDE4J+Oyio+cLVV665DeQBT4ah+U= +github.com/microsoft/moc v0.14.1-0.20240216061124-a8d4e1c35eee/go.mod h1:aQD3xAIFz3XMyLvVwaWMlqIfsR0QC+tJiALaO31ke50= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= diff --git a/services/network/network.go b/services/network/network.go index f7bd08258..7f776116c 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -16,10 +16,6 @@ const ( TransportProtocolTCP TransportProtocol = "Tcp" // TransportProtocolUDP TransportProtocolUDP TransportProtocol = "Udp" - // TransportProtocolICMPv4 - TransportProtocolICMPv4 TransportProtocol = "Icmpv4" - // TransportProtocolICMPv6 - TransportProtocolICMPv6 TransportProtocol = "Icmpv6" ) // SubResource reference to another subresource. @@ -858,8 +854,6 @@ type SecurityGroup struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Resource type. Type *string `json:"type,omitempty"` - // Location - Resource location. - Location *string `json:"location,omitempty"` // Tags - Resource tags. Tags map[string]*string `json:"tags"` } diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 07e0f3986..86bac043e 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -59,6 +59,15 @@ func (c *client) CreateOrUpdate(ctx context.Context, group, name string, inputNS return nil, errors.Wrapf(errors.InvalidConfiguration, "Missing Network Security Group Properties") } + nameMap := map[string]bool{} + for _, item := range *inputNSG.SecurityGroupPropertiesFormat.SecurityRules { + _, alreadyExists := nameMap[*item.Name] + if alreadyExists { + return nil, errors.Wrapf(errors.InvalidConfiguration, "Network Security Group Rules cannot have duplicate names") + } + nameMap[name] = true + } + request, err := c.getNetworkSecurityGroupRequest(wssdcloudcommon.Operation_POST, group, name, inputNSG) if err != nil { return nil, err @@ -91,10 +100,6 @@ func (c *client) Delete(ctx context.Context, group, name string) error { } _, err = c.NetworkSecurityGroupAgentClient.Invoke(ctx, request) - if err != nil { - return err - } - return err } @@ -159,10 +164,6 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string GroupName: group, } - if networkNSG.Location != nil { - wssdCloudNSG.LocationName = *networkNSG.Location - } - if networkNSG.Tags != nil { wssdCloudNSG.Tags = tags.MapToProto(networkNSG.Tags) } @@ -212,18 +213,42 @@ func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (ws if rule.SourceAddressPrefix != nil { wssdCloudNSGRule.SourceAddressPrefix = *rule.SourceAddressPrefix + } else if rule.SourceAddressPrefixes != nil { + concatRule := "" + for _, prefix := range *rule.SourceAddressPrefixes { + concatRule += prefix + } + wssdCloudNSGRule.SourceAddressPrefix = concatRule } if rule.DestinationAddressPrefix != nil { wssdCloudNSGRule.DestinationAddressPrefix = *rule.DestinationAddressPrefix + } else if rule.DestinationAddressPrefixes != nil { + concatRule := "" + for _, prefix := range *rule.DestinationAddressPrefixes { + concatRule += prefix + } + wssdCloudNSGRule.DestinationAddressPrefix = concatRule } if rule.SourcePortRange != nil { wssdCloudNSGRule.SourcePortRange = *rule.SourcePortRange + } else if rule.SourcePortRanges != nil { + concatRule := "" + for _, prefix := range *rule.SourcePortRanges { + concatRule += prefix + } + wssdCloudNSGRule.SourcePortRange = concatRule } if rule.DestinationPortRange != nil { wssdCloudNSGRule.DestinationPortRange = *rule.DestinationPortRange + } else if rule.DestinationPortRanges != nil { + concatRule := "" + for _, prefix := range *rule.DestinationPortRanges { + concatRule += prefix + } + wssdCloudNSGRule.DestinationPortRange = concatRule } if strings.EqualFold(string(rule.Access), string(network.SecurityRuleAccessAllow)) { @@ -260,9 +285,8 @@ func isValidPriority(priority uint32) bool { // getNetworkSecurityGroup converts the cloud network security group protobuf returned from wssdcloudagent (wssdcloudnetwork.NetworkSecurityGroup) to our internal representation of a networksecuritygroup (network.SecurityGroup) func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (networkNSG *network.SecurityGroup, err error) { networkNSG = &network.SecurityGroup{ - Name: &wssdNSG.Name, - Location: &wssdNSG.LocationName, - ID: &wssdNSG.Id, + Name: &wssdNSG.Name, + ID: &wssdNSG.Id, SecurityGroupPropertiesFormat: &network.SecurityGroupPropertiesFormat{ Statuses: status.GetStatuses(wssdNSG.GetStatus()), }, From 0f85ae55a2233cd864113f5f69d91ef4eeb200e3 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Thu, 15 Feb 2024 22:54:27 -0800 Subject: [PATCH 08/18] reinsert location --- go.mod | 2 +- go.sum | 4 ++-- services/network/network.go | 2 ++ services/network/networksecuritygroup/wssd.go | 9 +++++++-- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 3963e05da..c3a61a031 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.14.1-0.20240216061124-a8d4e1c35eee + github.com/microsoft/moc => github.com/microsoft/moc v0.14.1-0.20240216063938-4428f3f54e98 github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index 08e0901bf..44b3970a8 100644 --- a/go.sum +++ b/go.sum @@ -1506,8 +1506,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.14.1-0.20240216061124-a8d4e1c35eee h1:yLXL7jAL1t33KhGeDE4J+Oyio+cLVV665DeQBT4ah+U= -github.com/microsoft/moc v0.14.1-0.20240216061124-a8d4e1c35eee/go.mod h1:aQD3xAIFz3XMyLvVwaWMlqIfsR0QC+tJiALaO31ke50= +github.com/microsoft/moc v0.14.1-0.20240216063938-4428f3f54e98 h1:hEw5aRWTZi+Q03yj540l+l5jCqNBt214GIKmvL3D0sM= +github.com/microsoft/moc v0.14.1-0.20240216063938-4428f3f54e98/go.mod h1:aQD3xAIFz3XMyLvVwaWMlqIfsR0QC+tJiALaO31ke50= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= diff --git a/services/network/network.go b/services/network/network.go index 7f776116c..279c1c7a8 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -854,6 +854,8 @@ type SecurityGroup struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Resource type. Type *string `json:"type,omitempty"` + // Location - Resource location. + Location *string `json:"location,omitempty"` // Tags - Resource tags. Tags map[string]*string `json:"tags"` } diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 86bac043e..6cf6b4805 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -164,6 +164,10 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string GroupName: group, } + if networkNSG.Location != nil { + wssdCloudNSG.LocationName = *networkNSG.Location + } + if networkNSG.Tags != nil { wssdCloudNSG.Tags = tags.MapToProto(networkNSG.Tags) } @@ -285,8 +289,9 @@ func isValidPriority(priority uint32) bool { // getNetworkSecurityGroup converts the cloud network security group protobuf returned from wssdcloudagent (wssdcloudnetwork.NetworkSecurityGroup) to our internal representation of a networksecuritygroup (network.SecurityGroup) func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (networkNSG *network.SecurityGroup, err error) { networkNSG = &network.SecurityGroup{ - Name: &wssdNSG.Name, - ID: &wssdNSG.Id, + Name: &wssdNSG.Name, + Location: &wssdNSG.LocationName, + ID: &wssdNSG.Id, SecurityGroupPropertiesFormat: &network.SecurityGroupPropertiesFormat{ Statuses: status.GetStatuses(wssdNSG.GetStatus()), }, From 5406546aeeabcce4a4f8ea2db776fcdb020ec73b Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Tue, 20 Feb 2024 17:11:19 -0800 Subject: [PATCH 09/18] include default security rules --- services/network/networksecuritygroup/wssd.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 6cf6b4805..647a513c3 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -177,7 +177,11 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string if err != nil { return nil, err } - wssdCloudNSG.Networksecuritygrouprules = nsgRules + defaultNsgRules, err := getWssdNetworkSecurityGroupRules(networkNSG.DefaultSecurityRules) + if err != nil { + return nil, err + } + wssdCloudNSG.Networksecuritygrouprules = append(nsgRules, defaultNsgRules...) } return wssdCloudNSG, nil From 822d95d06121b8767c0caca39daf83fedf9f215f Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Wed, 21 Feb 2024 10:52:34 -0800 Subject: [PATCH 10/18] relax priority range restriction and add icmp protocol support --- services/network/network.go | 2 +- services/network/networksecuritygroup/wssd.go | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/services/network/network.go b/services/network/network.go index 279c1c7a8..d2f75dbe9 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -799,7 +799,7 @@ type SecurityRulePropertiesFormat struct { DestinationPortRanges *[]string `json:"destinationPortRanges,omitempty"` // Access - The network traffic is allowed or denied. Possible values include: 'SecurityRuleAccessAllow', 'SecurityRuleAccessDeny' Access SecurityRuleAccess `json:"access,omitempty"` - // Priority - The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. + // Priority - The priority of the rule. The value can be between 100 and 65500. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. Priority *uint32 `json:"priority,omitempty"` // Direction - The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values include: 'SecurityRuleDirectionInbound', 'SecurityRuleDirectionOutbound' Direction SecurityRuleDirection `json:"direction,omitempty"` diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 647a513c3..9a0efb02e 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -215,6 +215,8 @@ func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (ws wssdCloudNSGRule.Protocol = wssdcloudcommon.Protocol_Tcp } else if strings.EqualFold(string(rule.Protocol), string(network.SecurityRuleProtocolUDP)) { wssdCloudNSGRule.Protocol = wssdcloudcommon.Protocol_Udp + } else if strings.EqualFold(string(rule.Protocol), string(network.SecurityRuleProtocolIcmp)) { + wssdCloudNSGRule.Protocol = wssdcloudcommon.Protocol_Icmpv4 } else { return nil, errors.Wrapf(errors.InvalidInput, "Unknown Protocol %s specified", rule.Protocol) } @@ -278,7 +280,7 @@ func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (ws if rule.Priority != nil && isValidPriority(*rule.Priority) { wssdCloudNSGRule.Priority = uint32(*rule.Priority) } else { - wssdCloudNSGRule.Priority = 4096 // TODO: what should be the default value? + wssdCloudNSGRule.Priority = 4096 // Max for Azure, which expects 100 to 4096 } wssdNSGRules = append(wssdNSGRules, wssdCloudNSGRule) @@ -287,7 +289,7 @@ func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (ws } func isValidPriority(priority uint32) bool { - return priority >= 100 && priority <= 4096 + return priority >= 100 && priority <= 65500 } // getNetworkSecurityGroup converts the cloud network security group protobuf returned from wssdcloudagent (wssdcloudnetwork.NetworkSecurityGroup) to our internal representation of a networksecuritygroup (network.SecurityGroup) From 814cddd337d2d9908d8d6965d85eef714da8f158 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Thu, 22 Feb 2024 15:46:41 -0800 Subject: [PATCH 11/18] translate default rules appropriately --- go.mod | 2 +- go.sum | 4 ++-- services/network/network.go | 2 ++ services/network/networksecuritygroup/wssd.go | 19 ++++++++++++++----- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 1fe510158..d3ffca1c7 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.14.1-0.20240216063938-4428f3f54e98 + github.com/microsoft/moc => github.com/microsoft/moc v0.14.1-0.20240221233811-580e6f9a4709 github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index 44b3970a8..00da2cea6 100644 --- a/go.sum +++ b/go.sum @@ -1506,8 +1506,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.14.1-0.20240216063938-4428f3f54e98 h1:hEw5aRWTZi+Q03yj540l+l5jCqNBt214GIKmvL3D0sM= -github.com/microsoft/moc v0.14.1-0.20240216063938-4428f3f54e98/go.mod h1:aQD3xAIFz3XMyLvVwaWMlqIfsR0QC+tJiALaO31ke50= +github.com/microsoft/moc v0.14.1-0.20240221233811-580e6f9a4709 h1:N1UzVbEcMuruM6Ndx3OwtX/A5dyIispPYduTN7ZCorQ= +github.com/microsoft/moc v0.14.1-0.20240221233811-580e6f9a4709/go.mod h1:aQD3xAIFz3XMyLvVwaWMlqIfsR0QC+tJiALaO31ke50= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= diff --git a/services/network/network.go b/services/network/network.go index d2f75dbe9..3bc4397b7 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -854,6 +854,8 @@ type SecurityGroup struct { Name *string `json:"name,omitempty"` // Type - READ-ONLY; Resource type. Type *string `json:"type,omitempty"` + // Version + Version *string `json:"version,omitempty"` // Location - Resource location. Location *string `json:"location,omitempty"` // Tags - Resource tags. diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 9a0efb02e..b3aea9a41 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -173,11 +173,11 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string } if networkNSG.SecurityGroupPropertiesFormat != nil { - nsgRules, err := getWssdNetworkSecurityGroupRules(networkNSG.SecurityRules) + nsgRules, err := getWssdNetworkSecurityGroupRules(networkNSG.SecurityRules, false) if err != nil { return nil, err } - defaultNsgRules, err := getWssdNetworkSecurityGroupRules(networkNSG.DefaultSecurityRules) + defaultNsgRules, err := getWssdNetworkSecurityGroupRules(networkNSG.DefaultSecurityRules, true) if err != nil { return nil, err } @@ -188,7 +188,7 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string } // getWssdNetworkSecurityGroupRules converts our internal representation of a networksecuritygroup rule (network.SecurityRule) to the cloud network security group rule protobuf used by wssdcloudagent (wssdnetwork.NetworkSecurityGroupRule) -func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (wssdNSGRules []*wssdcloudnetwork.NetworkSecurityGroupRule, err error) { +func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule, isDefault bool) (wssdNSGRules []*wssdcloudnetwork.NetworkSecurityGroupRule, err error) { if securityRules == nil || len(*securityRules) <= 0 { return } @@ -204,6 +204,7 @@ func getWssdNetworkSecurityGroupRules(securityRules *[]network.SecurityRule) (ws return nil, errors.Wrapf(errors.InvalidInput, "Network Security Rule name not specified") } wssdCloudNSGRule.Name = *rule.Name + wssdCloudNSGRule.IsDefaultRule = isDefault if rule.Description != nil { wssdCloudNSGRule.Description = *rule.Description @@ -305,6 +306,7 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne if len(wssdNSG.Networksecuritygrouprules) > 0 { networkNSGRules := []network.SecurityRule{} + networkDefaultNSGRules := []network.SecurityRule{} for _, rule := range wssdNSG.Networksecuritygrouprules { name := rule.Name @@ -340,7 +342,7 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne return nil, errors.Wrapf(errors.InvalidInput, "Unknown Direction %s specified", rule.Direction) } - networkNSGRules = append(networkNSGRules, network.SecurityRule{ + securityRule := network.SecurityRule{ Name: &name, SecurityRulePropertiesFormat: &network.SecurityRulePropertiesFormat{ Description: &description, @@ -353,9 +355,16 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne Direction: direction, Priority: &priority, }, - }) + } + + if rule.IsDefaultRule { + networkDefaultNSGRules = append(networkDefaultNSGRules, securityRule) + } else { + networkNSGRules = append(networkNSGRules, securityRule) + } } networkNSG.SecurityGroupPropertiesFormat.SecurityRules = &networkNSGRules + networkNSG.SecurityGroupPropertiesFormat.DefaultSecurityRules = &networkDefaultNSGRules } return networkNSG, nil From af55e7b366d94de884d6419b74943a636b48bfbf Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Wed, 28 Feb 2024 20:15:54 -0800 Subject: [PATCH 12/18] try updating security rule dereference --- services/network/networksecuritygroup/wssd.go | 25 ++++++++++++++----- 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index b3aea9a41..6d91285cd 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -59,13 +59,26 @@ func (c *client) CreateOrUpdate(ctx context.Context, group, name string, inputNS return nil, errors.Wrapf(errors.InvalidConfiguration, "Missing Network Security Group Properties") } - nameMap := map[string]bool{} - for _, item := range *inputNSG.SecurityGroupPropertiesFormat.SecurityRules { - _, alreadyExists := nameMap[*item.Name] - if alreadyExists { - return nil, errors.Wrapf(errors.InvalidConfiguration, "Network Security Group Rules cannot have duplicate names") + if inputNSG.SecurityGroupPropertiesFormat.SecurityRules != nil { + nameMap := map[string]bool{} + for _, item := range *inputNSG.SecurityGroupPropertiesFormat.SecurityRules { + _, alreadyExists := nameMap[*item.Name] + if alreadyExists { + return nil, errors.Wrapf(errors.InvalidConfiguration, "Network Security Group Rules cannot have duplicate names") + } + nameMap[name] = true + } + } + + if inputNSG.SecurityGroupPropertiesFormat.DefaultSecurityRules != nil { + nameMap := map[string]bool{} + for _, item := range *inputNSG.SecurityGroupPropertiesFormat.DefaultSecurityRules { + _, alreadyExists := nameMap[*item.Name] + if alreadyExists { + return nil, errors.Wrapf(errors.InvalidConfiguration, "Network Security Group Default Rules cannot have duplicate names") + } + nameMap[name] = true } - nameMap[name] = true } request, err := c.getNetworkSecurityGroupRequest(wssdcloudcommon.Operation_POST, group, name, inputNSG) From b0b7d1157fb4faee9d3141aeb796cdd9db9f947b Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Fri, 1 Mar 2024 00:01:54 -0800 Subject: [PATCH 13/18] add two way check for icmp protocol --- services/network/networksecuritygroup/wssd.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 6d91285cd..b9bf03096 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -335,6 +335,8 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne protocol = network.SecurityRuleProtocolTCP } else if rule.Protocol == wssdcloudcommon.Protocol_Udp { protocol = network.SecurityRuleProtocolUDP + } else if rule.Protocol == wssdcloudcommon.Protocol_Icmpv4 { + protocol = network.SecurityRuleProtocolIcmp } else { return nil, errors.Wrapf(errors.InvalidInput, "Unknown Protocol %s specified", rule.Protocol) } From e5efbe3930dc32b953c8ed3032c860ee401aba48 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Tue, 5 Mar 2024 00:08:14 -0800 Subject: [PATCH 14/18] update go mod --- go.mod | 2 +- go.sum | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index d3ffca1c7..1a1f1fd78 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.14.1-0.20240221233811-580e6f9a4709 + github.com/microsoft/moc => github.com/microsoft/moc v0.14.3-0.20240305022458-cbb045996d5c github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index 00da2cea6..8ac6b4757 100644 --- a/go.sum +++ b/go.sum @@ -1506,8 +1506,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.14.1-0.20240221233811-580e6f9a4709 h1:N1UzVbEcMuruM6Ndx3OwtX/A5dyIispPYduTN7ZCorQ= -github.com/microsoft/moc v0.14.1-0.20240221233811-580e6f9a4709/go.mod h1:aQD3xAIFz3XMyLvVwaWMlqIfsR0QC+tJiALaO31ke50= +github.com/microsoft/moc v0.14.3-0.20240305022458-cbb045996d5c h1:ICT29hOpgQlbuEZrI+al2oy4qGGNrC96di3AhLPdY80= +github.com/microsoft/moc v0.14.3-0.20240305022458-cbb045996d5c/go.mod h1:9QyScbyUC39Wknj5qRXWT+ny05uXCk7R+cAbRYevkK4= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= @@ -2209,8 +2209,9 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231002182017-d307bd883b97/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0= google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I= google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8 h1:IR+hp6ypxjH24bkMfEJ0yHR21+gwPWdV+/IBrPQyn3k= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From 852723d3ff9a259311d28e9e0f05cc4dcb09e022 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Tue, 5 Mar 2024 22:31:28 -0800 Subject: [PATCH 15/18] add nsg to conversion for lnet --- go.mod | 2 +- go.sum | 4 ++-- .../network/logicalnetwork/logicalnetwork.go | 17 ++++++++++++++++- services/network/network.go | 2 ++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 1a1f1fd78..cf4a7dd25 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.14.3-0.20240305022458-cbb045996d5c + github.com/microsoft/moc => github.com/microsoft/moc v0.14.3-0.20240306010506-ed00b57fcfa1 github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index 8ac6b4757..1ed833757 100644 --- a/go.sum +++ b/go.sum @@ -1506,8 +1506,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.14.3-0.20240305022458-cbb045996d5c h1:ICT29hOpgQlbuEZrI+al2oy4qGGNrC96di3AhLPdY80= -github.com/microsoft/moc v0.14.3-0.20240305022458-cbb045996d5c/go.mod h1:9QyScbyUC39Wknj5qRXWT+ny05uXCk7R+cAbRYevkK4= +github.com/microsoft/moc v0.14.3-0.20240306010506-ed00b57fcfa1 h1:2SgkKHbwAagSDSi0TRKlglzI0zxkNAEqGlZ9NyVMahc= +github.com/microsoft/moc v0.14.3-0.20240306010506-ed00b57fcfa1/go.mod h1:9QyScbyUC39Wknj5qRXWT+ny05uXCk7R+cAbRYevkK4= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= diff --git a/services/network/logicalnetwork/logicalnetwork.go b/services/network/logicalnetwork/logicalnetwork.go index cf023c2cc..230b4c87f 100644 --- a/services/network/logicalnetwork/logicalnetwork.go +++ b/services/network/logicalnetwork/logicalnetwork.go @@ -143,6 +143,10 @@ func getWssdNetworkSubnets(subnets *[]network.LogicalSubnet) (wssdsubnets []*wss wssdsubnet.IsPublic = *subnet.Public } + if subnet.NetworkSecurityGroup != nil { + wssdsubnet.Networksecuritygroup = *subnet.NetworkSecurityGroup.ID + } + wssdsubnets = append(wssdsubnets, wssdsubnet) } @@ -210,7 +214,8 @@ func getNetworkSubnets(wssdsubnets []*wssdcloudnetwork.LogicalSubnet) *[]network DhcpOptions: &network.DhcpOptions{ DNSServers: &dnsservers, }, - Public: &subnet.IsPublic, + NetworkSecurityGroup: getNetworkSecurityGroup(subnet.Networksecuritygroup), + Public: &subnet.IsPublic, }, }) } @@ -269,3 +274,13 @@ func getVlan(wssdvlan uint32) *uint16 { vlan := uint16(wssdvlan) return &vlan } + +func getNetworkSecurityGroup(wssdNsg string) *network.SubResource { + if wssdNsg == "" { + return nil + } + + return &network.SubResource{ + ID: &wssdNsg, + } +} diff --git a/services/network/network.go b/services/network/network.go index 3bc4397b7..ae142ebdf 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -1061,6 +1061,8 @@ type LogicalSubnetPropertiesFormat struct { DhcpOptions *DhcpOptions `json:"dhcpOptions,omitempty"` // Public - Gets whether this is a public subnet on a virtual machine. Public *bool `json:"primary,omitempty"` + // NetworkSecurityGroup - The reference of the NetworkSecurityGroup resource. + NetworkSecurityGroup *SubResource `json:"networkSecurityGroup,omitempty"` } // LogicalSubnet is a subnet in a Logical network resource. From 6ec5bb2495ab476cc58a28e28e71b709611036ce Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Mon, 11 Mar 2024 12:08:01 -0700 Subject: [PATCH 16/18] add local paths and subresource information --- go.mod | 6 +++--- go.sum | 8 ++++---- .../network/logicalnetwork/logicalnetwork.go | 16 ++++++++++------ services/network/network.go | 10 +++++++++- services/network/networksecuritygroup/wssd.go | 4 ++++ 5 files changed, 30 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index cf4a7dd25..d11c35781 100644 --- a/go.mod +++ b/go.mod @@ -14,17 +14,17 @@ require ( require ( github.com/Microsoft/go-winio v0.6.1 - github.com/golang/protobuf v1.5.3 + github.com/golang/protobuf v1.5.4 github.com/spf13/viper v1.18.2 github.com/stretchr/testify v1.8.4 - google.golang.org/protobuf v1.32.0 + google.golang.org/protobuf v1.33.0 ) replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.14.3-0.20240306010506-ed00b57fcfa1 + github.com/microsoft/moc => ../moc github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index 1ed833757..176c309bd 100644 --- a/go.sum +++ b/go.sum @@ -1322,8 +1322,9 @@ github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -1506,8 +1507,6 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.14.3-0.20240306010506-ed00b57fcfa1 h1:2SgkKHbwAagSDSi0TRKlglzI0zxkNAEqGlZ9NyVMahc= -github.com/microsoft/moc v0.14.3-0.20240306010506-ed00b57fcfa1/go.mod h1:9QyScbyUC39Wknj5qRXWT+ny05uXCk7R+cAbRYevkK4= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= @@ -2280,8 +2279,9 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/services/network/logicalnetwork/logicalnetwork.go b/services/network/logicalnetwork/logicalnetwork.go index 230b4c87f..5bb3f0b13 100644 --- a/services/network/logicalnetwork/logicalnetwork.go +++ b/services/network/logicalnetwork/logicalnetwork.go @@ -144,7 +144,10 @@ func getWssdNetworkSubnets(subnets *[]network.LogicalSubnet) (wssdsubnets []*wss } if subnet.NetworkSecurityGroup != nil { - wssdsubnet.Networksecuritygroup = *subnet.NetworkSecurityGroup.ID + wssdsubnet.NetworkSecurityGroup = &wssdcommonproto.NsgGroup{ + NsgName: *subnet.NetworkSecurityGroup.ID, + GroupName: *subnet.NetworkSecurityGroup.Group, + } } wssdsubnets = append(wssdsubnets, wssdsubnet) @@ -214,7 +217,7 @@ func getNetworkSubnets(wssdsubnets []*wssdcloudnetwork.LogicalSubnet) *[]network DhcpOptions: &network.DhcpOptions{ DNSServers: &dnsservers, }, - NetworkSecurityGroup: getNetworkSecurityGroup(subnet.Networksecuritygroup), + NetworkSecurityGroup: getNetworkSecurityGroup(subnet.NetworkSecurityGroup), Public: &subnet.IsPublic, }, }) @@ -275,12 +278,13 @@ func getVlan(wssdvlan uint32) *uint16 { return &vlan } -func getNetworkSecurityGroup(wssdNsg string) *network.SubResource { - if wssdNsg == "" { +func getNetworkSecurityGroup(wssdNsg *wssdcommonproto.NsgGroup) *network.GroupSubResource { + if wssdNsg == nil || wssdNsg.NsgName == "" { return nil } - return &network.SubResource{ - ID: &wssdNsg, + return &network.GroupSubResource{ + ID: &wssdNsg.NsgName, + Group: &wssdNsg.GroupName, } } diff --git a/services/network/network.go b/services/network/network.go index ae142ebdf..9c2da1d06 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -24,6 +24,14 @@ type SubResource struct { ID *string `json:"id,omitempty"` } +// GroupSubResource referes to another subresource, and the group that subresource belongs to +type GroupSubResource struct { + // ID - Resource ID. + ID *string `json:"id,omitempty"` + // Group name + Group *string `json:"group,omitempty"` +} + // APIEntityReference the API entity reference. type APIEntityReference struct { // ID - The ARM resource id in the form of /subscriptions/{SubscriptionId}/resourceGroups/{ResourceGroupName}/... @@ -1062,7 +1070,7 @@ type LogicalSubnetPropertiesFormat struct { // Public - Gets whether this is a public subnet on a virtual machine. Public *bool `json:"primary,omitempty"` // NetworkSecurityGroup - The reference of the NetworkSecurityGroup resource. - NetworkSecurityGroup *SubResource `json:"networkSecurityGroup,omitempty"` + NetworkSecurityGroup *GroupSubResource `json:"networkSecurityGroup,omitempty"` } // LogicalSubnet is a subnet in a Logical network resource. diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index b9bf03096..8611f5e85 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -317,6 +317,10 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne }, } + if wssdNSG.Tags != nil { + networkNSG.Tags = tags.ProtoToMap(wssdNSG.Tags) + } + if len(wssdNSG.Networksecuritygrouprules) > 0 { networkNSGRules := []network.SecurityRule{} networkDefaultNSGRules := []network.SecurityRule{} From 4ee983bc3011f8b1dd523a451458f30efc5c3307 Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Thu, 21 Mar 2024 13:24:57 -0700 Subject: [PATCH 17/18] add references --- go.mod | 2 +- go.sum | 7 +-- services/network/network.go | 4 +- services/network/networksecuritygroup/wssd.go | 61 +++++++++++++++++++ 4 files changed, 67 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index 72e8c7116..d15701464 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => github.com/microsoft/moc v0.15.2-0.20240312185836-e5b3e536d0f1 + github.com/microsoft/moc => ../moc github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index 622063065..ee1d07469 100644 --- a/go.sum +++ b/go.sum @@ -1507,8 +1507,6 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/microsoft/moc v0.15.2-0.20240312185836-e5b3e536d0f1 h1:fZnC6ZbsUdthYOsBJYhwK8cAox6WPm3rQENHlo8Xr/0= -github.com/microsoft/moc v0.15.2-0.20240312185836-e5b3e536d0f1/go.mod h1:H/eXPYf+J9mcjo2FfeQVyqLdGZzLN5zVqD/OTWXW5G8= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= @@ -2211,8 +2209,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b/go.mod h1:swOH3j0KzcDDgGUWr+SNpyTen5YrXjS3eyPzFYKc6lc= google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405/go.mod h1:67X1fPuzjcrkymZzZV1vvkFeTn2Rvc6lYF9MYFGCcwE= google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8 h1:IR+hp6ypxjH24bkMfEJ0yHR21+gwPWdV+/IBrPQyn3k= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240304212257-790db918fca8/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -2281,7 +2279,6 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= diff --git a/services/network/network.go b/services/network/network.go index 9c2da1d06..88273815d 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -839,8 +839,10 @@ type SecurityGroupPropertiesFormat struct { DefaultSecurityRules *[]SecurityRule `json:"defaultSecurityRules,omitempty"` // NetworkInterfaces - READ-ONLY; A collection of references to network interfaces. NetworkInterfaces *[]Interface `json:"networkInterfaces,omitempty"` - // Subnets - READ-ONLY; A collection of references to subnets. + // Subnets - READ-ONLY; A collection of references to virtual subnets. Subnets *[]Subnet `json:"subnets,omitempty"` + // LogicalSubnets - READ-ONLY; A collection of references to logical subnets. + LogicalSubnets *[]LogicalSubnet `json:"logicalSubnets,omitempty"` // ResourceGUID - The resource GUID property of the network security group resource. ResourceGUID *string `json:"resourceGuid,omitempty"` // ProvisioningState - The provisioning state of the network security group resource. Possible values are: 'Updating', 'Deleting', and 'Failed'. diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 8611f5e85..864f85db4 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -22,6 +22,11 @@ type client struct { wssdcloudnetwork.NetworkSecurityGroupAgentClient } +const ( + VnetPrefix = "virtualnetwork/" + LnetPrefix = "logicalnetwork/" +) + // newClient - creates a client session with the backend wssdcloud agent func newNetworkSecurityGroupClient(subID string, authorizer auth.Authorizer) (*client, error) { c, err := wssdcloudclient.GetNetworkSecurityGroupClient(&subID, authorizer) @@ -197,6 +202,30 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string wssdCloudNSG.Networksecuritygrouprules = append(nsgRules, defaultNsgRules...) } + if networkNSG.Subnets != nil { + subnets := []string{} + for _, subnet := range *networkNSG.Subnets { + subnets = append(subnets, VnetPrefix+*subnet.Name) + } + wssdCloudNSG.SubnetRefs = subnets + } + + if networkNSG.LogicalSubnet != nil { + subnets := []string{} + for _, subnet := range *networkNSG.Subnets { + subnets = append(subnets, LnetPrefix+*subnet.Name) + } + wssdCloudNSG.SubnetRefs = subnets + } + + if networkNSG.NetworkInterfaces != nil { + nics := []string{} + for _, nic := range *networkNSG.NetworkInterfaces { + nics = append(nics, *nic.Name) + } + wssdCloudNSG.NicRefs = nics + } + return wssdCloudNSG, nil } @@ -386,5 +415,37 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne networkNSG.SecurityGroupPropertiesFormat.DefaultSecurityRules = &networkDefaultNSGRules } + if len(wssdNSG.SubnetRefs) > 0 { + subnets := []network.Subnet{} + logicalSubnets := []network.LogicalSubnet{} + + for _, ref := range wssdNSG.SubnetRefs { + if strings.HasPrefix(ref, VnetPrefix) { + subnets = append(subnets, network.Subnet{ + Name: &ref, + }) + } else if strings.HasPrefix(ref, LnetPrefix) { + logicalSubnets = append(logicalSubnets, network.LogicalSubnet{ + Name: &ref, + }) + } + } + + networkNSG.Subnets = &subnets + networkNSG.LogicalSubnet = &logicalSubnets + } + + if len(wssdNSG.NicRefs) > 0 { + nics := []network.Interface{} + + for _, ref := range wssdNSG.NicRefs { + nics = append(nics, network.Interface{ + Name: &ref, + }) + } + + networkNSG.NetworkInterfaces = &nics + } + return networkNSG, nil } From 6de56c9746dd95c8260c8969ac0d9a559a06f49f Mon Sep 17 00:00:00 2001 From: vlappenbusch Date: Thu, 21 Mar 2024 23:10:14 -0700 Subject: [PATCH 18/18] use separated lnet and vnet references --- go.mod | 2 +- go.sum | 2 + services/network/network.go | 4 +- services/network/networksecuritygroup/wssd.go | 69 +++++++++---------- 4 files changed, 39 insertions(+), 38 deletions(-) diff --git a/go.mod b/go.mod index d15701464..2eb76f220 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ replace ( github.com/Azure/go-autorest v11.1.2+incompatible => github.com/Azure/go-autorest/autorest v0.10.0 github.com/dgrijalva/jwt-go => github.com/golang-jwt/jwt/v4 v4.1.0 github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 - github.com/microsoft/moc => ../moc + github.com/microsoft/moc => github.com/microsoft/moc v0.16.3-0.20240322055251-824710ef5544 github.com/miekg/dns => github.com/miekg/dns v1.1.25 github.com/nats-io/nkeys => github.com/nats-io/nkeys v0.4.6 golang.org/x/net => golang.org/x/net v0.0.0-20220822230855-b0a4917ee28c diff --git a/go.sum b/go.sum index ee1d07469..c960e62e2 100644 --- a/go.sum +++ b/go.sum @@ -1507,6 +1507,8 @@ github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/microsoft/moc v0.16.3-0.20240322055251-824710ef5544 h1:kRxa0/O9UU3R31tdVEHtFdutFojAsoZ9qJ2DaSaGC6A= +github.com/microsoft/moc v0.16.3-0.20240322055251-824710ef5544/go.mod h1:Xq5OoPMwNdJDmXbFNTwZuu3u0ehx2P00ChgWGFpAtbQ= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= diff --git a/services/network/network.go b/services/network/network.go index 88273815d..ab40a9b95 100644 --- a/services/network/network.go +++ b/services/network/network.go @@ -837,8 +837,8 @@ type SecurityGroupPropertiesFormat struct { SecurityRules *[]SecurityRule `json:"securityRules,omitempty"` // DefaultSecurityRules - The default security rules of network security group. DefaultSecurityRules *[]SecurityRule `json:"defaultSecurityRules,omitempty"` - // NetworkInterfaces - READ-ONLY; A collection of references to network interfaces. - NetworkInterfaces *[]Interface `json:"networkInterfaces,omitempty"` + // NetworkInterfaces - READ-ONLY; A collection of references to network interface configurations. + IpConfigurations *[]InterfaceIPConfiguration `json:"ipConfigs,omitempty"` // Subnets - READ-ONLY; A collection of references to virtual subnets. Subnets *[]Subnet `json:"subnets,omitempty"` // LogicalSubnets - READ-ONLY; A collection of references to logical subnets. diff --git a/services/network/networksecuritygroup/wssd.go b/services/network/networksecuritygroup/wssd.go index 864f85db4..f030c8ce9 100644 --- a/services/network/networksecuritygroup/wssd.go +++ b/services/network/networksecuritygroup/wssd.go @@ -22,11 +22,6 @@ type client struct { wssdcloudnetwork.NetworkSecurityGroupAgentClient } -const ( - VnetPrefix = "virtualnetwork/" - LnetPrefix = "logicalnetwork/" -) - // newClient - creates a client session with the backend wssdcloud agent func newNetworkSecurityGroupClient(subID string, authorizer auth.Authorizer) (*client, error) { c, err := wssdcloudclient.GetNetworkSecurityGroupClient(&subID, authorizer) @@ -205,25 +200,25 @@ func getWssdNetworkSecurityGroup(networkNSG *network.SecurityGroup, group string if networkNSG.Subnets != nil { subnets := []string{} for _, subnet := range *networkNSG.Subnets { - subnets = append(subnets, VnetPrefix+*subnet.Name) + subnets = append(subnets, *subnet.Name) } - wssdCloudNSG.SubnetRefs = subnets + wssdCloudNSG.VnetRefs = subnets } - if networkNSG.LogicalSubnet != nil { + if networkNSG.LogicalSubnets != nil { subnets := []string{} - for _, subnet := range *networkNSG.Subnets { - subnets = append(subnets, LnetPrefix+*subnet.Name) + for _, subnet := range *networkNSG.LogicalSubnets { + subnets = append(subnets, *subnet.Name) } - wssdCloudNSG.SubnetRefs = subnets + wssdCloudNSG.LnetRefs = subnets } - if networkNSG.NetworkInterfaces != nil { - nics := []string{} - for _, nic := range *networkNSG.NetworkInterfaces { - nics = append(nics, *nic.Name) + if networkNSG.IpConfigurations != nil { + ipConfigs := []string{} + for _, ipConfig := range *networkNSG.IpConfigurations { + ipConfigs = append(ipConfigs, *ipConfig.Name) } - wssdCloudNSG.NicRefs = nics + wssdCloudNSG.IpRefs = ipConfigs } return wssdCloudNSG, nil @@ -415,36 +410,40 @@ func getNetworkSecurityGroup(wssdNSG *wssdcloudnetwork.NetworkSecurityGroup) (ne networkNSG.SecurityGroupPropertiesFormat.DefaultSecurityRules = &networkDefaultNSGRules } - if len(wssdNSG.SubnetRefs) > 0 { + if len(wssdNSG.VnetRefs) > 0 { subnets := []network.Subnet{} - logicalSubnets := []network.LogicalSubnet{} - - for _, ref := range wssdNSG.SubnetRefs { - if strings.HasPrefix(ref, VnetPrefix) { - subnets = append(subnets, network.Subnet{ - Name: &ref, - }) - } else if strings.HasPrefix(ref, LnetPrefix) { - logicalSubnets = append(logicalSubnets, network.LogicalSubnet{ - Name: &ref, - }) - } + + for _, ref := range wssdNSG.VnetRefs { + subnets = append(subnets, network.Subnet{ + Name: &ref, + }) } networkNSG.Subnets = &subnets - networkNSG.LogicalSubnet = &logicalSubnets } - if len(wssdNSG.NicRefs) > 0 { - nics := []network.Interface{} + if len(wssdNSG.LnetRefs) > 0 { + subnets := []network.LogicalSubnet{} + + for _, ref := range wssdNSG.LnetRefs { + subnets = append(subnets, network.LogicalSubnet{ + Name: &ref, + }) + } + + networkNSG.LogicalSubnets = &subnets + } + + if len(wssdNSG.IpRefs) > 0 { + ipConfigs := []network.InterfaceIPConfiguration{} - for _, ref := range wssdNSG.NicRefs { - nics = append(nics, network.Interface{ + for _, ref := range wssdNSG.IpRefs { + ipConfigs = append(ipConfigs, network.InterfaceIPConfiguration{ Name: &ref, }) } - networkNSG.NetworkInterfaces = &nics + networkNSG.IpConfigurations = &ipConfigs } return networkNSG, nil