securitygroup

package
v0.0.0-...-81fcf0e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 29, 2020 License: Apache-2.0 Imports: 23 Imported by: 1

README

腾讯云安全组业务接口

部署说明

qcloud插件接口调用关系如下:

qcloud_deployment

qcloud插件部署时,需设置如下环境变量:

变量名称 必填 说明
SECRET_ID 腾讯云帐号secretId,调用腾讯云API时鉴权使用
SECRET_KEY 腾讯云帐号secretKey,调用腾讯云API时鉴权使用
REGIONS 查询资源时搜索哪些地域,多个地域之间用分号分割,如ap-guangzhou;ap-shanghai
https_proxy 当需要通过https代理才能腾讯云API时,需要设置该环境变量

当有https代理时,需要启动qcloud二进制程序的脚本如下:

 env SECRET_ID=xxxx \
     SECRET_KEY=xxx  \
     REGIONS="ap-guangzhou;ap-shanghai" \
     https_proxy="http_proxy_server:http_proxy_server_port" \
     nohup ./wecube-plugins-qcloud >./stdout.txt 2>&1 &

停止qcloud二进制程序的脚本如下:

pidof wecube-plugins-qcloud | xargs kill -9

接口说明

安全组策略业务api用于在大规模、多地域使用腾讯云资源过程中,快速根据源ip和目标ip等参数自动生成对应的安全组策略并实施,避免用户通过腾讯云控制台对多个地域多个资源进行ip资源查询后进行手动创建安全策略并关联安全组到具体资源实例的操作。

目前提供的组合api有两个:

  • 计算安全组策略接口: 根据源ip,目标ip,目标端口,协议,action(drop 或accept)和安全组方向(入栈和出栈)这六元组,返回需要添加的安全组策略。用户可人工确认自动产生的安全组策略是否正确,如果正确可将该输出参数作为第二个实施接口的输入入参来实施对应的安全组。

  • 实施安全组策略接口: 根据计算安全组策略接口的出参,调用腾讯云的api创建对应的安全组,并关联到对应的腾讯云资源。

计算安全组策略接口
接口url
http://server:port/v1/bs-security-group/calc-security-policies
输入参数
参数名称 参数类型 参数说明
protocol string 协议类型 tcp或udp
source_ips string数组 允许访问目标地址的源ip地址
dest_ips string数组 允许源ip访问的目标ip地址
dest_port string 需要放通的端口,如果有多个端口需要开通则用分号分隔,如80;90;100-120
policy_action string 策略是放通还是拒绝,有效值为accept 和drop
policy_directions string数组 策略方向,如只开入栈,或者只开出栈,或者是入和出都开,有效值为ingress和egress
description string 通过接口创建的安全组和安全组策略都会带上该描述字段,可通过该字段和工单系统的编号做关联
输出参数
参数名称 参数类型 参数说明
result_code string 0表示接口正常返回,其他值表示接口异常
result_message string 接口异常时的错误详情
time_taken string 调用本次接口的耗时
ingress_policies_total int 生成的入栈策略条数
egress_policies_total int 生成的出栈策略条数
ingress_policies Policy数组 生成的入栈策略
egress_policies Policy数组 生成的出栈策略

Policy结构如下:

参数名称 参数类型 参数说明
ip string 需要设置策略的ip
type string ip对应的资源类型,可以是cvm,clb等
id string ip对应的资源实例id
region string ip对应的资源所在地域
support_security_group_api string ip对应的资源是否支持关联安全组的接口
peer_ip string 需要设置安全组策略的对端ip地址
protocol string 需要设置安全组策略的协议
ports string 需要设置安全组策略的端口
action string 需要设置安全组策略的action
description string 需要设置安全组策略的描述字段
示例
request:
{
    "protocol": "tcp",
    "source_ips": [
        "172.16.0.17"
    ],
    "dest_ips": [
        "172.16.0.2"
    ],
    "dest_port": "80;8081",
    "policy_action": "accept",
    "policy_directions": [
        "egress",
        "ingress"
    ],
    "description": "abc"
}

response:
{
    "result_code": "0",
    "result_message": "success",
    "results": {
        "time_taken": "999.360079ms",
        "ingress_policies_total": 1,
        "egress_policies_total": 1,
        "ingress_policies": [
            {
                "ip": "172.16.0.2",
                "type": "cvm",
                "id": "ins-9v6zys0w",
                "region": "ap-guangzhou",
                "support_security_group_api": true,
                "peer_ip": "172.16.0.17",
                "protocol": "tcp",
                "ports": "80,8081",
                "action": "accept",
                "description": "abc"
            }
        ],
        "egress_policies": [
            {
                "ip": "172.16.0.17",
                "type": "cvm",
                "id": "ins-ekvqwspy",
                "region": "ap-guangzhou",
                "support_security_group_api": true,
                "peer_ip": "172.16.0.2",
                "protocol": "tcp",
                "ports": "80,8081",
                "action": "accept",
                "description": "abc"
            }
        ]
    }
}
实施安全组策略接口
接口url
http://server:port/v1/qcloud/bs-security-group/apply-security-policies
输入参数
参数名称 参数类型 参数说明
ingress_policies Policy数组 需要实施的入栈规则
egress_policies Policy数组 需要实施的出栈规则
输出参数
参数名称 参数类型 参数说明
policies_total int 需要实施的入栈或出栈规则有多少条
success_policies_total int 成功实施的入栈或出栈规则有多少条
undo_policies_total int 未实施的入栈或出栈规则有多少条
failed_policies_total int 实施失败的入栈或出栈规则有多少条
success_policies Polciy数组 成功实施的入栈或出栈规则有哪些
undo_policies Polciy数组 未实施的入栈或出栈规则有哪些
failed_policies Polciy数组 实施失败的入栈或出栈规则有哪些
示例
request:
{
    "ingress_policies": [
        {
            "ip": "172.16.0.2",
            "type": "cvm",
            "id": "ins-9v6zys0w",
            "region": "ap-guangzhou",
            "support_security_group_api": true,
            "peer_ip": "172.16.0.17",
            "protocol": "tcp",
            "ports": "80,8081",
            "action": "accept",
            "description": "abc"
        }
    ],
    "egress_policies": [
        {
            "ip": "172.16.0.17",
            "type": "cvm",
            "id": "ins-ekvqwspy",
            "region": "ap-guangzhou",
            "support_security_group_api": true,
            "peer_ip": "172.16.0.2",
            "protocol": "tcp",
            "ports": "80,8081",
            "action": "accept",
            "description": "abc"
        }
    ]
}

response:
{
    "result_code": "0",
    "result_message": "success",
    "results": {
        "time_taken": "3.805069793s",
        "ingress": {
            "policies_total": 1,
            "success_policies_total": 1,
            "undo_policies_total": 0,
            "failed_policies_total": 0,
            "success_policies": [
                {
                    "ip": "172.16.0.2",
                    "type": "cvm",
                    "id": "ins-9v6zys0w",
                    "region": "ap-guangzhou",
                    "support_security_group_api": true,
                    "peer_ip": "172.16.0.17",
                    "protocol": "tcp",
                    "ports": "80,8081",
                    "action": "accept",
                    "description": "abc"
                }
            ],
            "undo_policies": null,
            "failed_policies": null
        },
        "egress": {
            "policies_total": 1,
            "success_policies_total": 1,
            "undo_policies_total": 0,
            "failed_policies_total": 0,
            "success_policies": [
                {
                    "ip": "172.16.0.17",
                    "type": "cvm",
                    "id": "ins-ekvqwspy",
                    "region": "ap-guangzhou",
                    "support_security_group_api": true,
                    "peer_ip": "172.16.0.2",
                    "protocol": "tcp",
                    "ports": "80,8081",
                    "action": "accept",
                    "description": "abc"
                }
            ],
            "undo_policies": null,
            "failed_policies": null
        }
    }
}

代码说明

安全组相关代码: https://github.com/WeBankPartners/wecube-plugins-qcloud/tree/master/plugins/bussiness_plugins/security_group

主要的逻辑代码在security_group.go中,其他的文件都以具体的资源名称来命名,如果要支持新的资源类型,只要实现security_group.go中ResourceInstanc和ResourceType定义的接口即可。

主要抽象接口

ResourceType接口:

type ResourceType interface {
    QueryInstancesById(providerParams string, instanceIds []string) (map[string]  ResourceInstance, error)
    QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)
    IsLoadBalanceType() bool
    IsSupportEgressPolicy() bool
}
接口名称 接口说明
QueryInstancesById 根据资源id查询资源实例
QueryInstancesByIp 根据资源ip查询资源实例
IsLoadBalanceType 资源类型是否是负载均衡类型
IsSupportEgressPolicy 资源是否支持出栈规则设置,像mysql等资源的安全组只支持入栈设置,不支持出栈设置

ResourceInstance接口:

type ResourceInstance interface {
     ResourceTypeName() string
     GetId() string
     GetName() string
     GetRegion() string
     GetIp() string
     QuerySecurityGroups(providerParams string) ([]string, error)
     AssociateSecurityGroups(providerParams string, securityGroups []string) error
     IsSupportSecurityGroupApi() bool
     GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)
}
接口名称 接口说明
ResourceTypeName 实例返回自己所属的资源类型,如clb,cvm等
GetId 返回实例对应的资源id
GetName 返回实例的别名
GetRegion 获取资源实例所在的地域
GetIp 获取实例ip地址
QuerySecurityGroups 查询实例已经关联哪些安全组
AssociateSecurityGroups 关联安全组到实例
IsSupportSecurityGroupApi 实例是否支持关联安全组的操作
GetBackendTarget 如果设备类型是负载均衡类型,通过该接口获取后端关联的主机信息
主要流程
计算安全组流程
  1. 入参有效性检查。检查端口格式,协议字段,ip格式,action等值是否有效。
  2. 根据输入的多个ip并行查询各个地域,获取ip对应的资源实例信息并保存为key-value。
  3. 根据入参direction的值确认是否需要生成入栈规则,如果需要就生成入栈规则,并添加到出参的入栈规则中。
  4. 根据入参direction的值确认是否需要生成出栈规则,如果需要就生成出栈规则,并添加到出参的出栈规则中。

生成规则的代码在如下函数中,生成入栈规则和出栈规则都是通过该函数生成,入参devIp表示需要生成策略的资源ip,ipMap为根据ip查询腾讯云各个地域后的key-value,peerIps为安全策略对应的对端ip,proto为安全策略的协议,ports为安全策略的端口,direction为设置入栈还是出栈。

func calcPolicies(devIp string, ipMap map[string]ResourceInstance, peerIps []string, proto string, ports []string,action string, description string, direction string) ([]SecurityPolicy, error)

该函数的流程如下:

  1. 根据devIp在ipMap中找是否能找到ip对应的资源,如果找不到就报错,报错提示为ip找不到
  2. 检查direction是否为出栈,如果是出栈检查devIp对应的资源是否支持出栈设置,如果不支持出栈规则设置就报错,报错提示为ip对应的资源类型不支持出栈规则设置
  3. 进入for循环,遍历peerIps,根据peerIp检查是否在ipMap中能找到资源类型,如果找到了且资源类型为负载均衡设备并且direction是入栈规则就报错,报错信息为入栈规则不支持对端为负载均衡的设备。
  4. 调用newPolicies函数生成安全策略

newPolicies函数的定义如下,其中instance为需设置安全组的资源类型的实例信息,peerIp为对端设备ip。

func newPolicies(instance ResourceInstance, peerIp string, proto string, port string, action string, desc string) ([]SecurityPolicy, error)

该函数的流程如下:

  1. 检查instance是不是负载均衡设备,如果不是就生成安全策略
  2. 如果是负载均衡设备,则根据port和proto查询监听器,如果查不到监听器就报错;如果查询成功,再获取监听器后端的主机,如果没有后端主机就报错
  3. 根据负载均衡设备后端的主机信息,生成和后端主机相关的安全策略。
实施安全组流程
  1. 入参检查。
  2. 调用applyPolicies生成入栈和出栈的安全组并关联到具体的资源实例,其中policies为安全规则,direction为入栈或出栈。

applyPolicies的定义如下:

func applyPolicies(policies []SecurityPolicy, direction string) ApplyResult

该函数的流程如下:

  1. for循环每一条policies
  2. 根据当前policy的资源实例id和region查询实例信息,确认实例存在
  3. 查询实例关联的安全组信息,然后调用createPolicies函数,生成安全策略并放到对应的安全组中,createPolices函数的定义如下,其中existSecurityGroups为该实例已经关联的安全组,policies为需要新加的策略,返回参数的第一个参数,为本次创建安全组新建了几个安全组。每个自动创建的安全组最多放100条入栈规则和100条出栈规则,当超过100条时,代码会自动创建新的安全组。
func createPolicies(providerParams string, existSecurityGroups []string, policies []*SecurityPolicy, direction string) ([]string, error)
  1. 根据createPolices返回的新建的安全组,调用实例的关联安全组接口,更新实例关联的安全组。

接口局限性

  1. 只有添加安全组策略的功能,没有销毁安全组策略的功能
  2. 自动添加的安全策略都新建在名称为ip_auoto_xx的安全策略里,当对应ip的主机销毁时,不会自动销毁对应的安全组。
  3. 当资源类型是负载均衡时,关联的安全组都关联在监听器里绑定的主机上。当对LB后端的主机进行添加或者删除时,安全组不会自动添加,需要重新调用接口才能生效。
  4. 每次实施安全组策略是,都是新加操作,不会去检查和已有安全策略是否有重复。

Documentation

Index

Constants

View Source 
const (
	INGRESS_RULE = "ingress" //入站规则
	EGRESS_RULE  = "egress"  //出栈规则

	TCP_PROTOCOL  = "TCP"
	UDP_PROTOCOL  = "UDP"
	ICMP_PROTOCOL = "ICMP"

	POLICY_ACTION_ACCEPT = "ACCEPT"
	POLICY_ACTION_DROP   = "DROP"

	ALL_PORT = "ALL"
)
View Source 
const (
	REDIS_SEARCH_KEY_IP = "IP"
	REDIS_SEARCH_KEY_ID = "ID"
)
View Source 
const ENV_SECRET_ID = "SECRET_ID"
View Source 
const ENV_SECRET_KEY = "SECRET_KEY"
View Source 
const ENV_SUPPORT_REGIONS = "REGIONS" //用分号隔开多个地域
View Source 
const (
	MAX_SEUCRITY_RULE_NUM = 100
)
View Source 
const (
	QCLOUD_ENDPOINT_BM = "bm.tencentcloudapi.com"
)
View Source 
const (
	QCLOUD_ENDPOINT_BMLB = "bmlb.tencentcloudapi.com"
)

Variables

View Source 
var (
	DEVICE_TYPE_MAP = map[string]bool{
		"HA":    true,
		"BASIC": false,
	}
)
View Source 
var (
	ErrorIpNotFound = errors.New("ip not found")
)
View Source 
var SecurityGroupActions = make(map[string]plugins.Action)

Functions

func BindBmInstanceSecurityGroups 

func BindBmInstanceSecurityGroups(providerParams string, instanceId string, securityGroups []string) error

func QueryBmInstance 

func QueryBmInstance(providerParams string, filter plugins.Filter) ([]*bm.DeviceInfo, error)

func QueryBmInstanceSecurityGroups 

func QueryBmInstanceSecurityGroups(providerParams string, instanceId string) ([]string, error)

func QueryBmlbInstance 

func QueryBmlbInstance(providerParams string, filter plugins.Filter) ([]*bmlb.LoadBalancer, error)

Types

type ApplyResult 

type ApplyResult struct {
	PoliciesTotal int `json:"policies_total"`

	SuccessTotal int `json:"success_policies_total"`
	UndoTotal    int `json:"undo_policies_total"`
	FailedTotal  int `json:"failed_policies_total"`

	SuccessPolicies []SecurityPolicy `json:"success_policies"`
	UndoPolicies    []SecurityPolicy `json:"undo_policies"`
	FailedPolicies  []SecurityPolicy `json:"failed_policies"`
}

type ApplySecurityPoliciesRequest 

type ApplySecurityPoliciesRequest struct {
	IngressPolicies []SecurityPolicy `json:"ingress_policies"`
	EgressPolicies  []SecurityPolicy `json:"egress_policies"`
}

type ApplySecurityPoliciesResult 

type ApplySecurityPoliciesResult struct {
	TimeTaken          string      `json:"time_taken"`
	IngressApplyResult ApplyResult `json:"ingress"`
	EgressApplyResult  ApplyResult `json:"egress"`
}

type ApplySecurityPolicyAction 

type ApplySecurityPolicyAction struct {
}

---------------apply security policy action------------------------------//

func (*ApplySecurityPolicyAction) CheckParam 

func (action *ApplySecurityPolicyAction) CheckParam(input interface{}) error

func (*ApplySecurityPolicyAction) Do 

func (action *ApplySecurityPolicyAction) Do(input interface{}) (interface{}, error)

func (*ApplySecurityPolicyAction) ReadParam 

func (action *ApplySecurityPolicyAction) ReadParam(param interface{}) (interface{}, error)

type BmInstance 

type BmInstance struct {
	Id                      string
	Name                    string
	WanIp                   string
	LanIp                   string
	Region                  string
	SupportSecurityGroupApi bool
	IsLoadBalancerBackend   bool
	LoadBalanceIp           string
}

func (BmInstance) AssociateSecurityGroups 

func (instance BmInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (BmInstance) GetBackendTargets 

func (instance BmInstance) GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)

func (BmInstance) GetId 

func (instance BmInstance) GetId() string

func (BmInstance) GetIp 

func (instance BmInstance) GetIp() string

func (BmInstance) GetName 

func (instance BmInstance) GetName() string

func (BmInstance) GetRegion 

func (instance BmInstance) GetRegion() string

func (BmInstance) IsSupportSecurityGroupApi 

func (instance BmInstance) IsSupportSecurityGroupApi() bool

func (BmInstance) QuerySecurityGroups 

func (instance BmInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (BmInstance) ResourceTypeName 

func (instance BmInstance) ResourceTypeName() string

type BmResourceType 

type BmResourceType struct {
}

resource type

func (*BmResourceType) IsLoadBalanceType 

func (resourceType *BmResourceType) IsLoadBalanceType() bool

func (*BmResourceType) IsSupportEgressPolicy 

func (resourceType *BmResourceType) IsSupportEgressPolicy() bool

func (*BmResourceType) QueryInstancesById 

func (resourceType *BmResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*BmResourceType) QueryInstancesByIp 

func (resourceType *BmResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type BmlbInstance 

type BmlbInstance struct {
	Id                      string
	Name                    string
	Forward                 uint64
	Region                  string
	Vip                     string
	VpcId                   string
	SupportSecurityGroupApi bool
}

func (BmlbInstance) AssociateSecurityGroups 

func (instance BmlbInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (BmlbInstance) GetBackendTargets 

func (instance BmlbInstance) GetBackendTargets(providerParams string, protocol string, port string) ([]ResourceInstance, []string, error)

func (BmlbInstance) GetId 

func (instance BmlbInstance) GetId() string

func (BmlbInstance) GetIp 

func (instance BmlbInstance) GetIp() string

func (BmlbInstance) GetName 

func (instance BmlbInstance) GetName() string

func (BmlbInstance) GetRegion 

func (instance BmlbInstance) GetRegion() string

func (BmlbInstance) IsSupportSecurityGroupApi 

func (instance BmlbInstance) IsSupportSecurityGroupApi() bool

func (BmlbInstance) QuerySecurityGroups 

func (instance BmlbInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (BmlbInstance) ResourceTypeName 

func (instance BmlbInstance) ResourceTypeName() string

type BmlbResourceType 

type BmlbResourceType struct {
}

resource type

func (*BmlbResourceType) IsLoadBalanceType 

func (resourceType *BmlbResourceType) IsLoadBalanceType() bool

func (*BmlbResourceType) IsSupportEgressPolicy 

func (resourceType *BmlbResourceType) IsSupportEgressPolicy() bool

func (*BmlbResourceType) QueryInstancesById 

func (resourceType *BmlbResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*BmlbResourceType) QueryInstancesByIp 

func (resourceType *BmlbResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type BussinessSecurityGroupPlugin 

type BussinessSecurityGroupPlugin struct {
}

func (*BussinessSecurityGroupPlugin) GetActionByName 

func (plugin *BussinessSecurityGroupPlugin) GetActionByName(actionName string) (plugins.Action, error)

type CalcSecurityPoliciesRequest 

type CalcSecurityPoliciesRequest struct {
	Protocol         string   `json:"protocol"`
	SourceIps        []string `json:"source_ips"`
	DestIps          []string `json:"dest_ips"`
	DestPort         string   `json:"dest_port"`
	PolicyAction     string   `json:"policy_action"`
	PolicyDirections []string `json:"policy_directions"`
	Description      string   `json:"description"`
}

---------------calc security policy action------------------------------//

type CalcSecurityPoliciesResult 

type CalcSecurityPoliciesResult struct {
	TimeTaken string `json:"time_taken"`

	IngressPoliciesTotal int `json:"ingress_policies_total"`
	EgressPoliciesTotal  int `json:"egress_policies_total"`

	IngressPolicies []SecurityPolicy `json:"ingress_policies"`
	EgressPolicies  []SecurityPolicy `json:"egress_policies"`
}

type CalcSecurityPolicyAction 

type CalcSecurityPolicyAction struct {
}

func (*CalcSecurityPolicyAction) CheckParam 

func (action *CalcSecurityPolicyAction) CheckParam(input interface{}) error

func (*CalcSecurityPolicyAction) Do 

func (action *CalcSecurityPolicyAction) Do(input interface{}) (interface{}, error)

func (*CalcSecurityPolicyAction) ReadParam 

func (action *CalcSecurityPolicyAction) ReadParam(param interface{}) (interface{}, error)

type ClbInstance 

type ClbInstance struct {
	Id      string
	Name    string
	Forward uint64
	Region  string
	Vip     string
}

func (ClbInstance) AssociateSecurityGroups 

func (instance ClbInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (ClbInstance) GetBackendTargets 

func (instance ClbInstance) GetBackendTargets(providerParams string, protocol string, port string) ([]ResourceInstance, []string, error)

func (ClbInstance) GetId 

func (instance ClbInstance) GetId() string

func (ClbInstance) GetIp 

func (instance ClbInstance) GetIp() string

func (ClbInstance) GetName 

func (instance ClbInstance) GetName() string

func (ClbInstance) GetRegion 

func (instance ClbInstance) GetRegion() string

func (ClbInstance) IsSupportSecurityGroupApi 

func (instance ClbInstance) IsSupportSecurityGroupApi() bool

func (ClbInstance) QuerySecurityGroups 

func (instance ClbInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (ClbInstance) ResourceTypeName 

func (instance ClbInstance) ResourceTypeName() string

type ClbResourceType 

type ClbResourceType struct {
}

func (*ClbResourceType) IsLoadBalanceType 

func (resourceType *ClbResourceType) IsLoadBalanceType() bool

func (*ClbResourceType) IsSupportEgressPolicy 

func (resourceType *ClbResourceType) IsSupportEgressPolicy() bool

func (*ClbResourceType) QueryInstancesById 

func (resourceType *ClbResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*ClbResourceType) QueryInstancesByIp 

func (resourceType *ClbResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type CvmInstance 

type CvmInstance struct {
	Id                      string
	Ip                      string
	Name                    string
	PrivateIps              []string
	PublicIps               []string
	Region                  string
	SecurityGroups          []string
	SupportSecurityGroupApi bool
	IsLoadBalancerBackend   bool
	LoadBalanceIp           string
}

resource instance

func (CvmInstance) AssociateSecurityGroups 

func (instance CvmInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (CvmInstance) GetBackendTargets 

func (instance CvmInstance) GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)

func (CvmInstance) GetId 

func (instance CvmInstance) GetId() string

func (CvmInstance) GetIp 

func (instance CvmInstance) GetIp() string

func (CvmInstance) GetName 

func (instance CvmInstance) GetName() string

func (CvmInstance) GetRegion 

func (instance CvmInstance) GetRegion() string

func (CvmInstance) IsSupportSecurityGroupApi 

func (instance CvmInstance) IsSupportSecurityGroupApi() bool

func (CvmInstance) QuerySecurityGroups 

func (instance CvmInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (CvmInstance) ResourceTypeName 

func (instance CvmInstance) ResourceTypeName() string

type CvmResourceType 

type CvmResourceType struct {
}

resource type

func (*CvmResourceType) IsLoadBalanceType 

func (resourceType *CvmResourceType) IsLoadBalanceType() bool

func (*CvmResourceType) IsSupportEgressPolicy 

func (resourceType *CvmResourceType) IsSupportEgressPolicy() bool

func (*CvmResourceType) QueryInstancesById 

func (resourceType *CvmResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*CvmResourceType) QueryInstancesByIp 

func (resourceType *CvmResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type MariadbInstance 

type MariadbInstance struct {
	Id                      string
	Name                    string
	Vip                     string
	Region                  string
	SupportSecurityGroupApi bool
}

func (MariadbInstance) AssociateSecurityGroups 

func (instance MariadbInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (MariadbInstance) GetBackendTargets 

func (instance MariadbInstance) GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)

func (MariadbInstance) GetId 

func (instance MariadbInstance) GetId() string

func (MariadbInstance) GetIp 

func (instance MariadbInstance) GetIp() string

func (MariadbInstance) GetName 

func (instance MariadbInstance) GetName() string

func (MariadbInstance) GetRegion 

func (instance MariadbInstance) GetRegion() string

func (MariadbInstance) IsSupportSecurityGroupApi 

func (instance MariadbInstance) IsSupportSecurityGroupApi() bool

func (MariadbInstance) QuerySecurityGroups 

func (instance MariadbInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (MariadbInstance) ResourceTypeName 

func (instance MariadbInstance) ResourceTypeName() string

type MariadbResourceType 

type MariadbResourceType struct {
}

resource type

func (*MariadbResourceType) IsLoadBalanceType 

func (resourceType *MariadbResourceType) IsLoadBalanceType() bool

func (*MariadbResourceType) IsSupportEgressPolicy 

func (resourceType *MariadbResourceType) IsSupportEgressPolicy() bool

func (*MariadbResourceType) QueryInstancesById 

func (resourceType *MariadbResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*MariadbResourceType) QueryInstancesByIp 

func (resourceType *MariadbResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type MongodbInstance 

type MongodbInstance struct {
	Id     string
	Name   string
	Region string
	Vip    string
}

func (MongodbInstance) AssociateSecurityGroups 

func (instance MongodbInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (MongodbInstance) GetBackendTargets 

func (instance MongodbInstance) GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)

func (MongodbInstance) GetId 

func (instance MongodbInstance) GetId() string

func (MongodbInstance) GetIp 

func (instance MongodbInstance) GetIp() string

func (MongodbInstance) GetName 

func (instance MongodbInstance) GetName() string

func (MongodbInstance) GetRegion 

func (instance MongodbInstance) GetRegion() string

func (MongodbInstance) IsSupportSecurityGroupApi 

func (instance MongodbInstance) IsSupportSecurityGroupApi() bool

func (MongodbInstance) QuerySecurityGroups 

func (instance MongodbInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (MongodbInstance) ResourceTypeName 

func (instance MongodbInstance) ResourceTypeName() string

type MongodbResourceType 

type MongodbResourceType struct {
}

func (*MongodbResourceType) IsLoadBalanceType 

func (resourceType *MongodbResourceType) IsLoadBalanceType() bool

func (*MongodbResourceType) IsSupportEgressPolicy 

func (resourceType *MongodbResourceType) IsSupportEgressPolicy() bool

func (*MongodbResourceType) QueryInstancesById 

func (resourceType *MongodbResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*MongodbResourceType) QueryInstancesByIp 

func (resourceType *MongodbResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type MysqlInstance 

type MysqlInstance struct {
	Id                      string
	Name                    string
	Vip                     string
	Region                  string
	SupportSecurityGroupApi bool
}

resource instance

func (MysqlInstance) AssociateSecurityGroups 

func (instance MysqlInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (MysqlInstance) GetBackendTargets 

func (instance MysqlInstance) GetBackendTargets(providerParams string, port string, proto string) ([]ResourceInstance, []string, error)

func (MysqlInstance) GetId 

func (instance MysqlInstance) GetId() string

func (MysqlInstance) GetIp 

func (instance MysqlInstance) GetIp() string

func (MysqlInstance) GetName 

func (instance MysqlInstance) GetName() string

func (MysqlInstance) GetRegion 

func (instance MysqlInstance) GetRegion() string

func (MysqlInstance) IsSupportSecurityGroupApi 

func (instance MysqlInstance) IsSupportSecurityGroupApi() bool

func (MysqlInstance) QuerySecurityGroups 

func (instance MysqlInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (MysqlInstance) ResourceTypeName 

func (instance MysqlInstance) ResourceTypeName() string

type MysqlResourceType 

type MysqlResourceType struct {
}

resource type

func (*MysqlResourceType) IsLoadBalanceType 

func (resourceType *MysqlResourceType) IsLoadBalanceType() bool

func (*MysqlResourceType) IsSupportEgressPolicy 

func (resourceType *MysqlResourceType) IsSupportEgressPolicy() bool

func (*MysqlResourceType) QueryInstancesById 

func (resourceType *MysqlResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*MysqlResourceType) QueryInstancesByIp 

func (resourceType *MysqlResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type QueryIpsResult 

type QueryIpsResult struct {
	Err         error
	InstanceMap map[string]ResourceInstance
}

type RedisInstance 

type RedisInstance struct {
	Id     string
	Name   string
	Region string
	Vip    string
}

func (RedisInstance) AssociateSecurityGroups 

func (instance RedisInstance) AssociateSecurityGroups(providerParams string, securityGroups []string) error

func (RedisInstance) GetBackendTargets 

func (instance RedisInstance) GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)

func (RedisInstance) GetId 

func (instance RedisInstance) GetId() string

func (RedisInstance) GetIp 

func (instance RedisInstance) GetIp() string

func (RedisInstance) GetName 

func (instance RedisInstance) GetName() string

func (RedisInstance) GetRegion 

func (instance RedisInstance) GetRegion() string

func (RedisInstance) IsSupportSecurityGroupApi 

func (instance RedisInstance) IsSupportSecurityGroupApi() bool

func (RedisInstance) QuerySecurityGroups 

func (instance RedisInstance) QuerySecurityGroups(providerParams string) ([]string, error)

func (RedisInstance) ResourceTypeName 

func (instance RedisInstance) ResourceTypeName() string

type RedisResourceType 

type RedisResourceType struct {
}

func (*RedisResourceType) IsLoadBalanceType 

func (resourceType *RedisResourceType) IsLoadBalanceType() bool

func (*RedisResourceType) IsSupportEgressPolicy 

func (resourceType *RedisResourceType) IsSupportEgressPolicy() bool

func (*RedisResourceType) QueryInstancesById 

func (resourceType *RedisResourceType) QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)

func (*RedisResourceType) QueryInstancesByIp 

func (resourceType *RedisResourceType) QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)

type ResourceInstance 

type ResourceInstance interface {
	ResourceTypeName() string
	GetId() string
	GetName() string
	GetRegion() string
	GetIp() string
	QuerySecurityGroups(providerParams string) ([]string, error)
	AssociateSecurityGroups(providerParams string, securityGroups []string) error
	IsSupportSecurityGroupApi() bool
	GetBackendTargets(providerParams string, proto string, port string) ([]ResourceInstance, []string, error)
}

interface definition

type ResourceType 

type ResourceType interface {
	QueryInstancesById(providerParams string, instanceIds []string) (map[string]ResourceInstance, error)
	QueryInstancesByIp(providerParams string, ips []string) (map[string]ResourceInstance, error)
	IsLoadBalanceType() bool
	IsSupportEgressPolicy() bool
}

type SecurityPolicy 

type SecurityPolicy struct {
	Ip                      string `json:"ip"`
	Type                    string `json:"type"`
	Id                      string `json:"id"`
	Region                  string `json:"region"`
	SupportSecurityGroupApi bool   `json:"support_security_group_api"`
	PeerIp                  string `json:"peer_ip"`
	Protocol                string `json:"protocol"`
	Ports                   string `json:"ports"`
	Action                  string `json:"action"`
	Description             string `json:"description"`
	ErrorMsg                string `json:"err_msg,omitempty"`
	UndoReason              string `json:"undo_reason,omitempty"`
	SecurityGroupId         string `json:"security_group_id,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.