Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var AddRuleCmd = base.Cmd{ BaseCobraCommand: func(client hcapi2.Client) *cobra.Command { cmd := &cobra.Command{ Use: "add-rule [options] (--direction in --source-ips <ips> | --direction out --destination-ips <ips>) (--protocol <tcp|udp> --port <port> | --protocol <icmp|esp|gre>) <firewall>", Short: "Add a single rule to a firewall", ValidArgsFunction: cmpl.SuggestArgs(cmpl.SuggestCandidatesF(client.Firewall().Names)), TraverseChildren: true, DisableFlagsInUseLine: true, } cmd.Flags().String("direction", "", "Direction (in, out) (required)") _ = cmd.RegisterFlagCompletionFunc("direction", cmpl.SuggestCandidates("in", "out")) _ = cmd.MarkFlagRequired("direction") cmd.Flags().String("protocol", "", "Protocol (icmp, esp, gre, udp or tcp) (required)") _ = cmd.RegisterFlagCompletionFunc("protocol", cmpl.SuggestCandidates("icmp", "udp", "tcp", "esp", "gre")) _ = cmd.MarkFlagRequired("protocol") cmd.Flags().StringSlice("source-ips", []string{}, "Source IPs (CIDR Notation) (required when direction is in)") cmd.Flags().StringSlice("destination-ips", []string{}, "Destination IPs (CIDR Notation) (required when direction is out)") cmd.Flags().String("port", "", "Port to which traffic will be allowed, only applicable for protocols TCP and UDP, you can specify port ranges, sample: 80-85") cmd.Flags().String("description", "", "Description of the Firewall rule") return cmd }, Run: func(s state.State, cmd *cobra.Command, args []string) error { idOrName := args[0] firewall, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return err } if firewall == nil { return fmt.Errorf("Firewall not found: %v", idOrName) } rule, err := parseRuleFromArgs(cmd.Flags()) if err != nil { return err } rules := append(firewall.Rules, *rule) actions, _, err := s.Client().Firewall().SetRules(s, firewall, hcloud.FirewallSetRulesOpts{Rules: rules}, ) if err != nil { return err } if err := s.WaitForActions(s, cmd, actions...); err != nil { return err } cmd.Printf("Firewall Rules for Firewall %d updated\n", firewall.ID) return nil }, }
View Source
var ApplyToResourceCmd = base.Cmd{ BaseCobraCommand: func(client hcapi2.Client) *cobra.Command { cmd := &cobra.Command{ Use: "apply-to-resource (--type server --server <server> | --type label_selector --label-selector <label-selector>) <firewall>", Short: "Applies a Firewall to a single resource", ValidArgsFunction: cmpl.SuggestArgs(cmpl.SuggestCandidatesF(client.Firewall().Names)), TraverseChildren: true, DisableFlagsInUseLine: true, } cmd.Flags().String("type", "", "Resource Type (server, label_selector) (required)") _ = cmd.RegisterFlagCompletionFunc("type", cmpl.SuggestCandidates("server", "label_selector")) _ = cmd.MarkFlagRequired("type") cmd.Flags().String("server", "", "Server name of ID (required when type is server)") _ = cmd.RegisterFlagCompletionFunc("server", cmpl.SuggestCandidatesF(client.Server().Names)) cmd.Flags().StringP("label-selector", "l", "", "Label Selector") return cmd }, Run: func(s state.State, cmd *cobra.Command, args []string) error { resourceType, _ := cmd.Flags().GetString("type") switch resourceType { case string(hcloud.FirewallResourceTypeServer): server, _ := cmd.Flags().GetString("server") if server == "" { return fmt.Errorf("type %s need a --server specific", resourceType) } case string(hcloud.FirewallResourceTypeLabelSelector): labelSelector, _ := cmd.Flags().GetString("label-selector") if labelSelector == "" { return fmt.Errorf("type %s need a --label-selector specific", resourceType) } default: return fmt.Errorf("unknown type %s", resourceType) } serverIDOrName, _ := cmd.Flags().GetString("server") labelSelector, _ := cmd.Flags().GetString("label-selector") idOrName := args[0] firewall, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return err } if firewall == nil { return fmt.Errorf("Firewall not found: %v", idOrName) } opts := hcloud.FirewallResource{Type: hcloud.FirewallResourceType(resourceType)} switch opts.Type { case hcloud.FirewallResourceTypeServer: server, _, err := s.Client().Server().Get(s, serverIDOrName) if err != nil { return err } if server == nil { return fmt.Errorf("Server not found: %v", serverIDOrName) } opts.Server = &hcloud.FirewallResourceServer{ID: server.ID} case hcloud.FirewallResourceTypeLabelSelector: opts.LabelSelector = &hcloud.FirewallResourceLabelSelector{Selector: labelSelector} default: return fmt.Errorf("unknown type %s", opts.Type) } actions, _, err := s.Client().Firewall().ApplyResources(s, firewall, []hcloud.FirewallResource{opts}) if err != nil { return err } if err := s.WaitForActions(s, cmd, actions...); err != nil { return err } cmd.Printf("Firewall %d applied to resource\n", firewall.ID) return nil }, }
View Source
var CreateCmd = base.CreateCmd[*hcloud.Firewall]{ BaseCobraCommand: func(hcapi2.Client) *cobra.Command { cmd := &cobra.Command{ Use: "create [options] --name <name>", Short: "Create a Firewall", } cmd.Flags().String("name", "", "Name") _ = cmd.MarkFlagRequired("name") cmd.Flags().StringToString("label", nil, "User-defined labels ('key=value') (can be specified multiple times)") cmd.Flags().String("rules-file", "", "JSON file containing your routes (use - to read from stdin). The structure of the file needs to be the same as within the API: https://docs.hetzner.cloud/reference/cloud#firewalls-get-a-firewall ") return cmd }, Run: func(s state.State, cmd *cobra.Command, _ []string) (*hcloud.Firewall, any, error) { name, _ := cmd.Flags().GetString("name") labels, _ := cmd.Flags().GetStringToString("label") opts := hcloud.FirewallCreateOpts{ Name: name, Labels: labels, } rulesFile, _ := cmd.Flags().GetString("rules-file") if rulesFile != "" { rules, err := parseRulesFile(rulesFile) if err != nil { return nil, nil, err } opts.Rules = rules } result, _, err := s.Client().Firewall().Create(s, opts) if err != nil { return nil, nil, err } if err := s.WaitForActions(s, cmd, result.Actions...); err != nil { return nil, nil, err } cmd.Printf("Firewall %d created\n", result.Firewall.ID) return result.Firewall, util.Wrap("firewall", hcloud.SchemaFromFirewall(result.Firewall)), err }, }
View Source
var DeleteCmd = base.DeleteCmd{ ResourceNameSingular: "Firewall", ResourceNamePlural: "Firewalls", ShortDescription: "Delete a Firewall", NameSuggestions: func(c hcapi2.Client) func() []string { return c.Firewall().Names }, Fetch: func(s state.State, _ *cobra.Command, idOrName string) (interface{}, *hcloud.Response, error) { return s.Client().Firewall().Get(s, idOrName) }, Delete: func(s state.State, _ *cobra.Command, resource interface{}) (*hcloud.Action, error) { firewall := resource.(*hcloud.Firewall) _, err := s.Client().Firewall().Delete(s, firewall) return nil, err }, }
View Source
var DeleteRuleCmd = base.Cmd{ BaseCobraCommand: func(client hcapi2.Client) *cobra.Command { cmd := &cobra.Command{ Use: "delete-rule [options] (--direction in --source-ips <ips> | --direction out --destination-ips <ips>) (--protocol <tcp|udp> --port <port> | --protocol <icmp|esp|gre>) <firewall>", Short: "Delete a single rule from a Firewall", ValidArgsFunction: cmpl.SuggestArgs(cmpl.SuggestCandidatesF(client.Firewall().Names)), TraverseChildren: true, DisableFlagsInUseLine: true, } cmd.Flags().String("direction", "", "Direction (in, out) (required)") _ = cmd.RegisterFlagCompletionFunc("direction", cmpl.SuggestCandidates("in", "out")) _ = cmd.MarkFlagRequired("direction") cmd.Flags().String("protocol", "", "Protocol (icmp, esp, gre, udp or tcp) (required)") _ = cmd.RegisterFlagCompletionFunc("protocol", cmpl.SuggestCandidates("icmp", "udp", "tcp", "esp", "gre")) _ = cmd.MarkFlagRequired("protocol") cmd.Flags().StringSlice("source-ips", []string{}, "Source IPs (CIDR Notation) (required when direction is in)") cmd.Flags().StringSlice("destination-ips", []string{}, "Destination IPs (CIDR Notation) (required when direction is out)") cmd.Flags().String("port", "", "Port to which traffic will be allowed, only applicable for protocols TCP and UDP") cmd.Flags().String("description", "", "Description of the Firewall rule") return cmd }, Run: func(s state.State, cmd *cobra.Command, args []string) error { idOrName := args[0] firewall, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return err } if firewall == nil { return fmt.Errorf("Firewall not found: %v", idOrName) } rule, err := parseRuleFromArgs(cmd.Flags()) if err != nil { return err } var rules = make([]hcloud.FirewallRule, 0) for _, existingRule := range firewall.Rules { if !reflect.DeepEqual(existingRule, *rule) { rules = append(rules, existingRule) } } if len(rules) == len(firewall.Rules) { return fmt.Errorf("the specified rule was not found in the ruleset of Firewall %d", firewall.ID) } actions, _, err := s.Client().Firewall().SetRules(s, firewall, hcloud.FirewallSetRulesOpts{Rules: rules}, ) if err != nil { return err } if err := s.WaitForActions(s, cmd, actions...); err != nil { return err } cmd.Printf("Firewall Rules for Firewall %d updated\n", firewall.ID) return nil }, }
View Source
var DescribeCmd = base.DescribeCmd[*hcloud.Firewall]{ ResourceNameSingular: "Firewall", ShortDescription: "Describe a Firewall", NameSuggestions: func(c hcapi2.Client) func() []string { return c.Firewall().Names }, Fetch: func(s state.State, _ *cobra.Command, idOrName string) (*hcloud.Firewall, any, error) { fw, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return nil, nil, err } return fw, hcloud.SchemaFromFirewall(fw), nil }, PrintText: func(s state.State, _ *cobra.Command, out io.Writer, firewall *hcloud.Firewall) error { fmt.Fprintf(out, "ID:\t%d\n", firewall.ID) fmt.Fprintf(out, "Name:\t%s\n", firewall.Name) fmt.Fprintf(out, "Created:\t%s (%s)\n", util.Datetime(firewall.Created), humanize.Time(firewall.Created)) fmt.Fprintln(out) util.DescribeLabels(out, firewall.Labels, "") fmt.Fprintln(out) fmt.Fprintf(out, "Rules:\n") if len(firewall.Rules) == 0 { fmt.Fprintf(out, " No rules\n") } else { for i, rule := range firewall.Rules { if i > 0 { fmt.Fprintln(out) } fmt.Fprintf(out, " - Direction:\t%s\n", rule.Direction) if rule.Description != nil { fmt.Fprintf(out, " Description:\t%s\n", *rule.Description) } fmt.Fprintf(out, " Protocol:\t%s\n", rule.Protocol) if rule.Port != nil { fmt.Fprintf(out, " Port:\t%s\n", *rule.Port) } var ips []net.IPNet switch rule.Direction { case hcloud.FirewallRuleDirectionIn: fmt.Fprintf(out, " Source IPs:\n") ips = rule.SourceIPs case hcloud.FirewallRuleDirectionOut: fmt.Fprintf(out, " Destination IPs:\n") ips = rule.DestinationIPs } for _, cidr := range ips { fmt.Fprintf(out, " %s\n", cidr.String()) } } } fmt.Fprintln(out) fmt.Fprintf(out, "Applied To:\n") if len(firewall.AppliedTo) == 0 { fmt.Fprintf(out, " Not applied\n") } else { fmt.Fprintf(out, "%s", describeResources(s.Client(), firewall.AppliedTo)) } return nil }, }
View Source
var LabelCmds = base.LabelCmds[*hcloud.Firewall]{ ResourceNameSingular: "Firewall", ShortDescriptionAdd: "Add a label to a Firewall", ShortDescriptionRemove: "Remove a label from a Firewall", NameSuggestions: func(c hcapi2.Client) func() []string { return c.Firewall().Names }, LabelKeySuggestions: func(c hcapi2.Client) func(idOrName string) []string { return c.Firewall().LabelKeys }, Fetch: func(s state.State, idOrName string) (*hcloud.Firewall, error) { firewall, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return nil, err } if firewall == nil { return nil, fmt.Errorf("Firewall not found: %s", idOrName) } return firewall, nil }, SetLabels: func(s state.State, firewall *hcloud.Firewall, labels map[string]string) error { opts := hcloud.FirewallUpdateOpts{ Labels: labels, } _, _, err := s.Client().Firewall().Update(s, firewall, opts) return err }, GetLabels: func(firewall *hcloud.Firewall) map[string]string { return firewall.Labels }, GetIDOrName: func(firewall *hcloud.Firewall) string { return strconv.FormatInt(firewall.ID, 10) }, }
View Source
var ListCmd = &base.ListCmd[*hcloud.Firewall, schema.Firewall]{ ResourceNamePlural: "Firewalls", JSONKeyGetByName: "firewalls", DefaultColumns: []string{"id", "name", "rules_count", "applied_to_count"}, SortOption: config.OptionSortFirewall, Fetch: func(s state.State, _ *pflag.FlagSet, listOpts hcloud.ListOpts, sorts []string) ([]*hcloud.Firewall, error) { opts := hcloud.FirewallListOpts{ListOpts: listOpts} if len(sorts) > 0 { opts.Sort = sorts } return s.Client().Firewall().AllWithOpts(s, opts) }, OutputTable: func(t *output.Table[*hcloud.Firewall], _ hcapi2.Client) { t. AddAllowedFields(&hcloud.Firewall{}). AddFieldFn("rules_count", func(firewall *hcloud.Firewall) string { count := len(firewall.Rules) if count == 1 { return fmt.Sprintf("%d Rule", count) } return fmt.Sprintf("%d Rules", count) }). AddFieldFn("applied_to_count", func(firewall *hcloud.Firewall) string { servers := 0 labelSelectors := 0 for _, r := range firewall.AppliedTo { if r.Type == hcloud.FirewallResourceTypeLabelSelector { labelSelectors++ continue } servers++ } serversText := "Servers" if servers == 1 { serversText = "Server" } labelSelectorsText := "Label Selectors" if labelSelectors == 1 { labelSelectorsText = "Label Selector" } return fmt.Sprintf("%d %s | %d %s", servers, serversText, labelSelectors, labelSelectorsText) }) }, Schema: hcloud.SchemaFromFirewall, }
View Source
var RemoveFromResourceCmd = base.Cmd{ BaseCobraCommand: func(client hcapi2.Client) *cobra.Command { cmd := &cobra.Command{ Use: "remove-from-resource (--type server --server <server> | --type label_selector --label-selector <label-selector>) <firewall>", Short: "Removes a Firewall from a single resource", ValidArgsFunction: cmpl.SuggestArgs(cmpl.SuggestCandidatesF(client.Firewall().Names)), TraverseChildren: true, DisableFlagsInUseLine: true, } cmd.Flags().String("type", "", "Resource Type (server) (required)") _ = cmd.RegisterFlagCompletionFunc("type", cmpl.SuggestCandidates("server", "label_selector")) _ = cmd.MarkFlagRequired("type") cmd.Flags().String("server", "", "Server name of ID (required when type is server)") _ = cmd.RegisterFlagCompletionFunc("server", cmpl.SuggestCandidatesF(client.Server().Names)) cmd.Flags().StringP("label-selector", "l", "", "Label Selector") return cmd }, Run: func(s state.State, cmd *cobra.Command, args []string) error { resourceType, _ := cmd.Flags().GetString("type") switch resourceType { case string(hcloud.FirewallResourceTypeServer): server, _ := cmd.Flags().GetString("server") if server == "" { return fmt.Errorf("type %s need a --server specific", resourceType) } case string(hcloud.FirewallResourceTypeLabelSelector): labelSelector, _ := cmd.Flags().GetString("label-selector") if labelSelector == "" { return fmt.Errorf("type %s need a --label-selector specific", resourceType) } default: return fmt.Errorf("unknown type %s", resourceType) } serverIDOrName, _ := cmd.Flags().GetString("server") labelSelector, _ := cmd.Flags().GetString("label-selector") idOrName := args[0] firewall, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return err } if firewall == nil { return fmt.Errorf("Firewall not found: %v", idOrName) } opts := hcloud.FirewallResource{Type: hcloud.FirewallResourceType(resourceType)} switch opts.Type { case hcloud.FirewallResourceTypeServer: server, _, err := s.Client().Server().Get(s, serverIDOrName) if err != nil { return err } if server == nil { return fmt.Errorf("Server not found: %v", serverIDOrName) } opts.Server = &hcloud.FirewallResourceServer{ID: server.ID} case hcloud.FirewallResourceTypeLabelSelector: opts.LabelSelector = &hcloud.FirewallResourceLabelSelector{Selector: labelSelector} default: return fmt.Errorf("unknown type %s", opts.Type) } actions, _, err := s.Client().Firewall().RemoveResources(s, firewall, []hcloud.FirewallResource{opts}) if err != nil { return err } if err := s.WaitForActions(s, cmd, actions...); err != nil { return err } cmd.Printf("Firewall %d removed from resource\n", firewall.ID) return nil }, }
View Source
var ReplaceRulesCmd = base.Cmd{ BaseCobraCommand: func(client hcapi2.Client) *cobra.Command { cmd := &cobra.Command{ Use: "replace-rules --rules-file <file> <firewall>", Short: "Replaces all rules from a Firewall from a file", ValidArgsFunction: cmpl.SuggestArgs(cmpl.SuggestCandidatesF(client.Firewall().Names)), TraverseChildren: true, DisableFlagsInUseLine: true, } cmd.Flags().String("rules-file", "", "JSON file containing your routes (use - to read from stdin). The structure of the file needs to be the same as within the API: https://docs.hetzner.cloud/reference/cloud#firewalls-get-a-firewall") _ = cmd.MarkFlagRequired("rules-file") return cmd }, Run: func(s state.State, cmd *cobra.Command, args []string) error { idOrName := args[0] firewall, _, err := s.Client().Firewall().Get(s, idOrName) if err != nil { return err } if firewall == nil { return fmt.Errorf("Firewall not found: %v", idOrName) } opts := hcloud.FirewallSetRulesOpts{} rulesFile, _ := cmd.Flags().GetString("rules-file") if rulesFile != "" { rules, err := parseRulesFile(rulesFile) if err != nil { return err } opts.Rules = rules } actions, _, err := s.Client().Firewall().SetRules(s, firewall, opts) if err != nil { return err } if err := s.WaitForActions(s, cmd, actions...); err != nil { return err } cmd.Printf("Firewall Rules for Firewall %d updated\n", firewall.ID) return nil }, }
View Source
var UpdateCmd = base.UpdateCmd{ ResourceNameSingular: "Firewall", ShortDescription: "Update a Firewall", NameSuggestions: func(c hcapi2.Client) func() []string { return c.Firewall().Names }, Fetch: func(s state.State, _ *cobra.Command, idOrName string) (interface{}, *hcloud.Response, error) { return s.Client().Firewall().Get(s, idOrName) }, DefineFlags: func(cmd *cobra.Command) { cmd.Flags().String("name", "", "Firewall name") }, Update: func(s state.State, _ *cobra.Command, resource interface{}, flags map[string]pflag.Value) error { firewall := resource.(*hcloud.Firewall) updOpts := hcloud.FirewallUpdateOpts{ Name: flags["name"].String(), } _, _, err := s.Client().Firewall().Update(s, firewall, updOpts) if err != nil { return err } return nil }, }
Functions ¶
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.