Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

read nACLs #229

Open
wants to merge 238 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
238 commits
Select commit Hold shift + click to select a range
8ae3193
updated subcmds
YairSlobodin1 Aug 5, 2024
2187816
readme
YairSlobodin1 Aug 5, 2024
13ae9a2
Merge branch 'main' into first_step_optimization
YairSlobodin1 Aug 6, 2024
851e02c
generic
YairSlobodin1 Aug 6, 2024
210ddcc
merge
YairSlobodin1 Aug 6, 2024
20ffe15
Merge branch 'main' into use_models
YairSlobodin1 Aug 12, 2024
4aeaef5
updated
YairSlobodin1 Aug 18, 2024
9a4f06d
Merge branch 'main' into use_models
YairSlobodin1 Aug 21, 2024
cec430e
use ipblock size
YairSlobodin1 Aug 26, 2024
b8ee61b
minor changes
YairSlobodin1 Aug 26, 2024
c117941
template
YairSlobodin1 Aug 26, 2024
7e70c95
fixed
YairSlobodin1 Aug 26, 2024
19123f9
minor change
YairSlobodin1 Aug 26, 2024
067edfe
another change
YairSlobodin1 Aug 26, 2024
20ab99f
Merge branch 'optimize' into read_sgs
YairSlobodin1 Aug 26, 2024
2b7f244
added synth prefix
YairSlobodin1 Aug 26, 2024
8203f78
unexported two functions
YairSlobodin1 Aug 26, 2024
5fbeefc
wip
YairSlobodin1 Aug 26, 2024
19c5483
rename folder name
YairSlobodin1 Aug 26, 2024
b228063
Merge branch 'optimize' into read_sgs
YairSlobodin1 Aug 26, 2024
ebe6148
Merge branch 'read_sgs' into output
YairSlobodin1 Aug 26, 2024
74737e7
renaming
YairSlobodin1 Aug 26, 2024
d17ce6d
Merge branch 'optimize' into read_sgs
YairSlobodin1 Aug 26, 2024
32f3104
Merge branch 'read_sgs' into output
YairSlobodin1 Aug 26, 2024
02030ac
updated
YairSlobodin1 Aug 26, 2024
4fb97b4
updated template
YairSlobodin1 Aug 26, 2024
47fe8bb
merge
YairSlobodin1 Aug 26, 2024
1371e59
Merge branch 'read_sgs' into output
YairSlobodin1 Aug 26, 2024
0c9cfe2
wip
YairSlobodin1 Aug 26, 2024
eebd628
template
YairSlobodin1 Aug 27, 2024
26473b3
done
YairSlobodin1 Aug 28, 2024
010ee9d
fixed
YairSlobodin1 Sep 1, 2024
524956c
fixed
YairSlobodin1 Sep 2, 2024
02231d3
use ToIPAddressString
YairSlobodin1 Sep 2, 2024
150f697
Merge branch 'use_models' into optimize
YairSlobodin1 Sep 2, 2024
a005a82
Merge branch 'optimize' into read_sgs
YairSlobodin1 Sep 2, 2024
9692f06
Merge branch 'read_sgs' into output
YairSlobodin1 Sep 2, 2024
002a952
Merge branch 'output' into tcp_algo
YairSlobodin1 Sep 2, 2024
aabe195
wip
YairSlobodin1 Sep 2, 2024
b163645
wip
YairSlobodin1 Sep 3, 2024
1e9a621
wip
YairSlobodin1 Sep 8, 2024
c4f9ed4
wip
YairSlobodin1 Sep 8, 2024
820a023
check protocol is not nil
YairSlobodin1 Sep 8, 2024
2916159
Merge branch 'use_models' into optimize
YairSlobodin1 Sep 8, 2024
a683181
Merge branch 'optimize' into read_sgs
YairSlobodin1 Sep 8, 2024
77a3fe0
Merge branch 'read_sgs' into output
YairSlobodin1 Sep 8, 2024
e3fb24b
Merge branch 'output' into all_algo
YairSlobodin1 Sep 8, 2024
9286689
inbound udp
YairSlobodin1 Sep 9, 2024
a7f68f5
lint
YairSlobodin1 Sep 11, 2024
d25bf9c
make mod
YairSlobodin1 Sep 11, 2024
87180ef
merge wip
YairSlobodin1 Sep 11, 2024
dc400bf
update
YairSlobodin1 Sep 11, 2024
8e5cb2d
wip
YairSlobodin1 Sep 11, 2024
a861722
wip
YairSlobodin1 Sep 12, 2024
40c3a52
fixed
YairSlobodin1 Sep 12, 2024
4af3f7a
merged
YairSlobodin1 Sep 12, 2024
380c62e
fixed
YairSlobodin1 Sep 12, 2024
c22aad0
fixed
YairSlobodin1 Sep 12, 2024
81f6194
fixed
YairSlobodin1 Sep 12, 2024
197ed31
fixed
YairSlobodin1 Sep 12, 2024
3ab9859
merge
YairSlobodin1 Sep 12, 2024
9078e5c
wip
YairSlobodin1 Sep 12, 2024
dfb8a7d
wip
YairSlobodin1 Sep 12, 2024
8895149
implement ip functions
YairSlobodin1 Sep 12, 2024
c8fe2d7
all protocol rule covers the holes
YairSlobodin1 Sep 12, 2024
0a0decd
wip
YairSlobodin1 Sep 24, 2024
cf119cc
wip
YairSlobodin1 Sep 24, 2024
a51e158
documentation
YairSlobodin1 Sep 24, 2024
bd2acb8
merge main
YairSlobodin1 Sep 25, 2024
67f320b
merge
YairSlobodin1 Sep 25, 2024
f93c27c
Merge branch 'optimize' into read_sgs
YairSlobodin1 Sep 25, 2024
6be5ee0
fixed
YairSlobodin1 Sep 25, 2024
2f9991a
wip
YairSlobodin1 Sep 25, 2024
bf9438f
wip
YairSlobodin1 Sep 25, 2024
e3d4668
wip
YairSlobodin1 Sep 25, 2024
ebb4b3b
wip
YairSlobodin1 Sep 25, 2024
f34b9b7
fixed
YairSlobodin1 Sep 25, 2024
3d120cc
Merge branch 'main' into optimize
YairSlobodin1 Sep 25, 2024
f228c0b
Merge branch 'optimize' into read_sgs
YairSlobodin1 Sep 25, 2024
d3c7703
Merge branch 'read_sgs' into output
YairSlobodin1 Sep 25, 2024
b2b0b99
merge
YairSlobodin1 Sep 25, 2024
09528ae
Merge branch 'main' into optimize
YairSlobodin1 Sep 29, 2024
5001289
Merge branch 'optimize' into read_sgs
YairSlobodin1 Sep 29, 2024
a89e1fe
merge
YairSlobodin1 Sep 29, 2024
16764ca
Merge branch 'output' into all_algo
YairSlobodin1 Sep 29, 2024
ca64cee
avoid code dup
YairSlobodin1 Sep 30, 2024
49f4a47
fixed
YairSlobodin1 Sep 30, 2024
766f737
fix output fmts
YairSlobodin1 Sep 30, 2024
d326453
Merge branch 'output' into all_algo
YairSlobodin1 Sep 30, 2024
e6bb1b3
tests template
YairSlobodin1 Sep 30, 2024
34410ed
tests data
YairSlobodin1 Sep 30, 2024
28a55ec
wip
YairSlobodin1 Sep 30, 2024
4919d00
Read sgs (#192)
YairSlobodin1 Oct 1, 2024
0fa5920
Merge branch 'main' into optimize
YairSlobodin1 Oct 1, 2024
3145c59
merge
YairSlobodin1 Oct 1, 2024
cd621ce
Merge branch 'output' into all_algo
YairSlobodin1 Oct 1, 2024
2de0e77
wip
YairSlobodin1 Oct 1, 2024
02cae44
Optimize output and flags (#193)
YairSlobodin1 Oct 2, 2024
b496279
wip
YairSlobodin1 Oct 2, 2024
6fcb85f
Merge branch 'main' into optimize
YairSlobodin1 Oct 7, 2024
bca5f6f
Merge branch 'optimize' into all_algo
YairSlobodin1 Oct 7, 2024
11effb7
fix merging
YairSlobodin1 Oct 7, 2024
2bb0719
models new version, cubes, wip
YairSlobodin1 Oct 8, 2024
fadb26b
portset
YairSlobodin1 Oct 9, 2024
3cdadc6
convert ip cubes, generic ipCubeToRule
YairSlobodin1 Oct 9, 2024
69ca412
delete test
YairSlobodin1 Oct 9, 2024
c2512d9
make fmt
YairSlobodin1 Oct 9, 2024
28c3a3b
remove utils func
YairSlobodin1 Oct 9, 2024
9cd8663
models v0.5.1
YairSlobodin1 Oct 9, 2024
da1c7d2
fixed
YairSlobodin1 Oct 9, 2024
4f54945
another test, fixed icmp bug
YairSlobodin1 Oct 9, 2024
5f3d0d9
fixed
YairSlobodin1 Oct 9, 2024
af1c12c
merge
YairSlobodin1 Oct 9, 2024
68f23ed
wip
YairSlobodin1 Oct 10, 2024
38f9fa5
lookup functions
YairSlobodin1 Oct 13, 2024
c565d25
better lookup
YairSlobodin1 Oct 14, 2024
4ba19c2
lookup, blocked
YairSlobodin1 Oct 14, 2024
cd94ff0
fix bugs, linter, update old tests
YairSlobodin1 Oct 14, 2024
e763b72
readme
YairSlobodin1 Oct 14, 2024
d6fa8c3
rename acl_segment test
YairSlobodin1 Oct 14, 2024
4894fa8
generic synth acl func
YairSlobodin1 Oct 14, 2024
68503df
merged
YairSlobodin1 Oct 14, 2024
dc92129
added instance nif segment test (acl)
YairSlobodin1 Oct 14, 2024
e40861d
added vpe acl test
YairSlobodin1 Oct 14, 2024
6fa8417
merge test configs
YairSlobodin1 Oct 14, 2024
e34acb0
added sg segment tests
YairSlobodin1 Oct 14, 2024
fe6f4e3
small fixes
YairSlobodin1 Oct 20, 2024
2f08925
fixed
YairSlobodin1 Oct 20, 2024
fb59982
added isSynth argument
YairSlobodin1 Oct 20, 2024
27bbf91
read sg targets, rename attached to targets
YairSlobodin1 Oct 20, 2024
40e87d3
tf comment, read targets
YairSlobodin1 Oct 20, 2024
5616f9e
fixed
YairSlobodin1 Oct 21, 2024
93f805c
added a test
YairSlobodin1 Oct 21, 2024
3ec4c70
fixed
YairSlobodin1 Oct 22, 2024
737b803
small fix
YairSlobodin1 Oct 28, 2024
799cd73
small fix
YairSlobodin1 Oct 28, 2024
6407b27
rename1
YairSlobodin1 Oct 28, 2024
a9cb5ac
rename2
YairSlobodin1 Oct 28, 2024
f4bca3b
rename3
YairSlobodin1 Oct 28, 2024
c3fbb1a
Merge branch 'main' into update_conn
YairSlobodin1 Oct 28, 2024
5ed0542
read acls
YairSlobodin1 Oct 29, 2024
9fbc33f
renaming
YairSlobodin1 Oct 29, 2024
2eb5a5c
>=
YairSlobodin1 Oct 29, 2024
068a2eb
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Oct 29, 2024
4c976b9
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Oct 29, 2024
7a62bc3
review comments
YairSlobodin1 Oct 29, 2024
61c623d
merge
YairSlobodin1 Oct 30, 2024
510d6e9
merge
YairSlobodin1 Oct 30, 2024
082a014
Merge branch 'all_algo' into io
YairSlobodin1 Oct 30, 2024
f2a2746
Merge branch 'io' into read_targets
YairSlobodin1 Oct 30, 2024
aca7e73
update tests
YairSlobodin1 Oct 30, 2024
0815a19
merge
YairSlobodin1 Oct 30, 2024
2ae3434
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Oct 30, 2024
4e97ab2
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Oct 30, 2024
51d04a2
check vpc
YairSlobodin1 Nov 4, 2024
191c996
typo
YairSlobodin1 Nov 4, 2024
a72b4b7
small fix
YairSlobodin1 Nov 5, 2024
7b37e1c
merge
YairSlobodin1 Dec 9, 2024
ecbb4aa
small fixed
YairSlobodin1 Dec 9, 2024
0891b84
merge
YairSlobodin1 Dec 9, 2024
75a7f7d
minor fixes
YairSlobodin1 Dec 9, 2024
43dbf82
renaming, docs
YairSlobodin1 Dec 9, 2024
0dbae7e
docs
YairSlobodin1 Dec 9, 2024
cccbb3b
Merge branch 'all_algo' into io
YairSlobodin1 Dec 10, 2024
1b2861f
reorder tf functions
YairSlobodin1 Dec 10, 2024
8dc0f73
merge
YairSlobodin1 Dec 10, 2024
46d997a
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 10, 2024
e65e64d
merge
YairSlobodin1 Dec 10, 2024
f39fe6e
renaming
YairSlobodin1 Dec 10, 2024
aa83ea8
errors.Join
YairSlobodin1 Dec 10, 2024
93c8f62
merge
YairSlobodin1 Dec 10, 2024
0fee3f2
Merge branch 'all_algo' into io
YairSlobodin1 Dec 10, 2024
83e0cf3
Merge branch 'io' into json_optimize
YairSlobodin1 Dec 10, 2024
c18405f
merge
YairSlobodin1 Dec 10, 2024
37b62d3
merge
YairSlobodin1 Dec 10, 2024
4a50688
renaming
YairSlobodin1 Dec 10, 2024
5009f25
minor changes
YairSlobodin1 Dec 10, 2024
e6dbbf4
Merge branch 'main' into optimize
YairSlobodin1 Dec 10, 2024
83e4fcc
Merge branch 'optimize' into all_algo
YairSlobodin1 Dec 10, 2024
5538d7e
any protocol replaces other protocols ip cubes
YairSlobodin1 Dec 11, 2024
298bc6f
upgrade models version
YairSlobodin1 Dec 11, 2024
c6452e4
typos, models
YairSlobodin1 Dec 11, 2024
5fb919d
Merge branch 'all_algo' into io
YairSlobodin1 Dec 12, 2024
be2be9f
Merge branch 'io' into read_targets
YairSlobodin1 Dec 12, 2024
2d89a98
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 12, 2024
51f5656
merge
YairSlobodin1 Dec 12, 2024
c4afdec
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 12, 2024
b236fad
update test
YairSlobodin1 Dec 12, 2024
b5cb012
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Dec 12, 2024
0f524f7
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 12, 2024
22d30f2
wip
YairSlobodin1 Dec 17, 2024
1fa6162
typo
YairSlobodin1 Dec 17, 2024
6689967
update test
YairSlobodin1 Dec 17, 2024
f1e93a4
-d optimization
YairSlobodin1 Dec 17, 2024
547aa14
Merge branch 'optimize' into all_algo
YairSlobodin1 Dec 17, 2024
bc8133f
readme
YairSlobodin1 Dec 17, 2024
67b5b8f
Merge branch 'optimize' into all_algo
YairSlobodin1 Dec 17, 2024
ef10781
Merge branch 'all_algo' into io
YairSlobodin1 Dec 17, 2024
640cd43
Merge branch 'io' into read_targets
YairSlobodin1 Dec 17, 2024
534ea00
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 17, 2024
7148e69
merge
YairSlobodin1 Dec 17, 2024
b0e56fc
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 17, 2024
d5edbe4
minor change
YairSlobodin1 Dec 17, 2024
e3f7951
merge
YairSlobodin1 Dec 18, 2024
abad158
make fmt
YairSlobodin1 Dec 18, 2024
4ac6d7a
slices.Concat
YairSlobodin1 Dec 18, 2024
2b9e3e9
Merge branch 'io' into read_targets
YairSlobodin1 Dec 18, 2024
f4a024e
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 18, 2024
ce4e525
merge
YairSlobodin1 Dec 18, 2024
97def7a
minor changes
YairSlobodin1 Dec 18, 2024
9cef23a
munir changes
YairSlobodin1 Dec 18, 2024
ae60403
Merge branch 'io' into read_targets
YairSlobodin1 Dec 18, 2024
9cb59e9
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 18, 2024
4018372
merge
YairSlobodin1 Dec 18, 2024
92d379b
minor change
YairSlobodin1 Dec 18, 2024
643b938
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 18, 2024
927d85b
fix
YairSlobodin1 Dec 18, 2024
2f9ec9f
fixed
YairSlobodin1 Dec 18, 2024
a37655b
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 18, 2024
d3b9853
fixed
YairSlobodin1 Dec 18, 2024
b65c15e
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 18, 2024
e6f45cd
typo
YairSlobodin1 Dec 18, 2024
33f51af
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 18, 2024
236b1f9
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Dec 18, 2024
2ddde89
another typo
YairSlobodin1 Dec 18, 2024
908d622
Merge branch 'read_targets' into json_optimize
YairSlobodin1 Dec 18, 2024
fac4549
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Dec 18, 2024
4db910c
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 18, 2024
db9a6c2
merge
YairSlobodin1 Dec 18, 2024
6e08c27
merge
YairSlobodin1 Dec 18, 2024
d3f6506
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Dec 18, 2024
8e76d2e
Merge branch 'main' into json_optimize
YairSlobodin1 Dec 18, 2024
eb0c2be
Merge branch 'json_optimize' into optimization_locals
YairSlobodin1 Dec 18, 2024
d70c31f
Merge branch 'optimization_locals' into read_nacls
YairSlobodin1 Dec 18, 2024
9b27578
src ports
YairSlobodin1 Dec 19, 2024
73103f1
merge
YairSlobodin1 Dec 19, 2024
0d4d903
Merge branch 'main' into read_nacls
YairSlobodin1 Dec 19, 2024
5da2730
Merge branch 'main' into read_nacls
YairSlobodin1 Dec 23, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 133 additions & 3 deletions pkg/io/confio/parse_acls.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,138 @@ SPDX-License-Identifier: Apache-2.0

package confio

import "github.com/np-guard/vpc-network-config-synthesis/pkg/ir"
import (
"errors"
"fmt"
"log"

func ReadACLs(_ string) (*ir.ACLCollection, error) {
return nil, nil
"github.com/IBM/vpc-go-sdk/vpcv1"

"github.com/np-guard/models/pkg/netp"
"github.com/np-guard/models/pkg/netset"
"github.com/np-guard/vpc-network-config-synthesis/pkg/ir"
)

// ReadACLs translates ACLs from a config_object file to ir.ACLCollection
func ReadACLs(filename string) (*ir.ACLCollection, error) {
config, err := readModel(filename)
if err != nil {
return nil, err
}

result := ir.NewACLCollection()
for i, acl := range config.NetworkACLList {
if acl.Name == nil || acl.VPC == nil || acl.VPC.Name == nil {
log.Printf("Warning: missing acl/VPC name in acl at index %d\n", i)
continue
}
inbound, outbound, err := translateACLRules(&acl.NetworkACL)
if err != nil {
return nil, err
}
vpcName := *acl.VPC.Name
if result.ACLs[vpcName] == nil {
result.ACLs[vpcName] = make(map[string]*ir.ACL)
}
result.ACLs[vpcName][*acl.Name] = &ir.ACL{Inbound: inbound, Outbound: outbound}
}
return result, nil
}

func translateACLRules(acl *vpcv1.NetworkACL) (inbound, outbound []*ir.ACLRule, err error) {
inbound = make([]*ir.ACLRule, 0)
outbound = make([]*ir.ACLRule, 0)
for index := range acl.Rules {
rule, err := translateACLRule(acl, index)
if err != nil {
return nil, nil, err
}
if rule.Direction == ir.Inbound {
inbound = append(inbound, rule)
} else {
outbound = append(outbound, rule)
}
}
return inbound, outbound, nil
}

func translateACLRule(acl *vpcv1.NetworkACL, i int) (*ir.ACLRule, error) {
switch r := acl.Rules[i].(type) {
case *vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolAll:
return translateACLRuleProtocolAll(r)
case *vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolTcpudp:
return translateACLRuleProtocolTCPUDP(r)
case *vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolIcmp:
return translateACLRuleProtocolIcmp(r)
}
return nil, fmt.Errorf("error parsing rule number %d in acl %s in VPC %s", i, *acl.Name, *acl.VPC.Name)
}

func translateACLRuleProtocolAll(rule *vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolAll) (*ir.ACLRule, error) {
action, err1 := translateAction(rule.Action)
direction, err2 := translateDirection(*rule.Direction)
src, err3 := translateResource(rule.Source)
dst, err4 := translateResource(rule.Destination)
if err := errors.Join(err1, err2, err3, err4); err != nil {
return nil, err
}
return &ir.ACLRule{
Action: action,
Direction: direction,
Source: src,
Destination: dst,
Protocol: netp.AnyProtocol{},
}, nil
}

func translateACLRuleProtocolTCPUDP(rule *vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolTcpudp) (*ir.ACLRule, error) {
action, err1 := translateAction(rule.Action)
direction, err2 := translateDirection(*rule.Direction)
src, err3 := translateResource(rule.Source)
dst, err4 := translateResource(rule.Destination)
protocol, err5 := translateProtocolTCPUDP(*rule.Protocol, rule.SourcePortMin, rule.SourcePortMax,
rule.DestinationPortMin, rule.DestinationPortMax)
if err := errors.Join(err1, err2, err3, err4, err5); err != nil {
return nil, err
}

return &ir.ACLRule{
Action: action,
Direction: direction,
Source: src,
Destination: dst,
Protocol: protocol,
}, nil
}

func translateACLRuleProtocolIcmp(rule *vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolIcmp) (*ir.ACLRule, error) {
action, err1 := translateAction(rule.Action)
direction, err2 := translateDirection(*rule.Direction)
src, err3 := translateResource(rule.Source)
dst, err4 := translateResource(rule.Destination)
protocol, err5 := netp.ICMPFromTypeAndCode64WithoutRFCValidation(rule.Type, rule.Code)
if err := errors.Join(err1, err2, err3, err4, err5); err != nil {
return nil, err
}

return &ir.ACLRule{
Action: action,
Direction: direction,
Source: src,
Destination: dst,
Protocol: protocol,
}, nil
}

func translateAction(action *string) (ir.Action, error) {
if *action == vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolAllActionAllowConst {
return ir.Allow, nil
} else if *action == vpcv1.NetworkACLRuleItemNetworkACLRuleProtocolAllActionDenyConst {
return ir.Deny, nil
}
return ir.Deny, fmt.Errorf("an nACL rule action must be either allow or deny")
}

func translateResource(ipAddrs *string) (*netset.IPBlock, error) {
return netset.IPBlockFromCidrOrAddress(*ipAddrs)
}
16 changes: 9 additions & 7 deletions pkg/io/confio/parse_sgs.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ func translateSGRuleProtocolTCPUDP(rule *vpcv1.SecurityGroupRuleSecurityGroupRul
direction, err1 := translateDirection(*rule.Direction)
remote, err2 := translateRemote(rule.Remote)
local, err3 := translateLocal(rule.Local)
protocol, err4 := translateProtocolTCPUDP(rule)
protocol, err4 := translateProtocolTCPUDP(*rule.Protocol, nil, nil, rule.PortMin, rule.PortMax)
if err := errors.Join(err1, err2, err3, err4); err != nil {
return nil, err
}
Expand All @@ -121,7 +121,7 @@ func translateDirection(direction string) (ir.Direction, error) {
} else if direction == "outbound" {
return ir.Outbound, nil
}
return ir.Inbound, fmt.Errorf("SG rule direction must be either inbound or outbound")
return ir.Inbound, fmt.Errorf("a firewall rule direction must be either inbound or outbound")
}

func translateRemote(remote vpcv1.SecurityGroupRuleRemoteIntf) (ir.RemoteType, error) {
Expand Down Expand Up @@ -166,9 +166,11 @@ func translateTargets(sg *vpcv1.SecurityGroup) []string {
return res
}

func translateProtocolTCPUDP(rule *vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudp) (netp.Protocol, error) {
isTCP := *rule.Protocol == vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudpProtocolTCPConst
minDstPort := utils.GetProperty(rule.PortMin, netp.MinPort)
maxDstPort := utils.GetProperty(rule.PortMax, netp.MaxPort)
return netp.NewTCPUDP(isTCP, netp.MinPort, netp.MaxPort, int(minDstPort), int(maxDstPort))
func translateProtocolTCPUDP(protocolName string, srcPortMin, srcPortMax, dstPortMin, dstPortMax *int64) (netp.Protocol, error) {
isTCP := protocolName == vpcv1.SecurityGroupRuleSecurityGroupRuleProtocolTcpudpProtocolTCPConst
minSrcPort := utils.GetProperty(srcPortMin, netp.MinPort)
maxSrcPort := utils.GetProperty(srcPortMax, netp.MaxPort)
minDstPort := utils.GetProperty(dstPortMin, netp.MinPort)
maxDstPort := utils.GetProperty(dstPortMax, netp.MaxPort)
return netp.NewTCPUDP(isTCP, int(minSrcPort), int(maxSrcPort), int(minDstPort), int(maxDstPort))
}
2 changes: 2 additions & 0 deletions pkg/ir/acl.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ type (
Subnet string
Internal []*ACLRule
External []*ACLRule
Inbound []*ACLRule
Outbound []*ACLRule
}

ACLCollection struct {
Expand Down
Loading