Documentation
¶
Index ¶
- func DeleteACLRule(client *golangsdk.ServiceClient, ruleId string) error
- func SetRulePriority(client *golangsdk.ServiceClient, ruleId string, opts OrderRuleAclDto) (*string, error)
- type ACLRule
- type ACLRuleQueryResponseData
- type CreateACLRuleOpts
- type CreateResponse
- type GetQueryParameters
- type GetResponse
- type IpRegionDto
- type IpRegionDtoResponse
- type ListQueryParameters
- type ListResponse
- type OrderRuleAclDto
- type OrderRuleId
- type Rule
- type RuleAddressDtoRequest
- type RuleAddressDtoResponse
- type RuleId
- type RuleIdList
- type RuleServiceDto
- type RuleServiceDtoResponse
- type ServiceGroupVO
- type ServiceGroupVOResponse
- type ServiceItem
- type ServiceItemResponse
- type SetRulePriorityResponse
- type TagsVO
- type TagsVOResponse
- type UpdateACLRuleOpts
- type UpdateResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DeleteACLRule ¶
func DeleteACLRule(client *golangsdk.ServiceClient, ruleId string) error
This function is used to delete an ACL rule.
func SetRulePriority ¶
func SetRulePriority(client *golangsdk.ServiceClient, ruleId string, opts OrderRuleAclDto) (*string, error)
This function is used to set the priority of an ACL protection rule.
Types ¶
type ACLRule ¶
type ACLRule struct {
// Rule ID
RuleId string `json:"rule_id"`
// Rule name.
Name string `json:"name"`
// Internet protocol type of an address (0: IPv4, 1: IPv6).
AddressType int `json:"address_type"`
// Rule action (0: Permit, 1: Deny).
ActionType int `json:"action_type"`
// Rule status (0: Disabled, 1: Enabled)
Status int `json:"status"`
// Persistent connection duration.
LongConnectTime int64 `json:"long_connect_time"`
// Persistent connection duration (hour).
LongConnectTimeHour int64 `json:"long_connect_time_hour"`
// Persistent connection duration (minutes).
LongConnectTimeMinute int64 `json:"long_connect_time_minute"`
// Persistent connection duration (seconds).
LongConnectTimeSecond int64 `json:"long_connect_time_second"`
// Whether to enable long connection (0: No, 1: Yes).
LongConnectEnable int `json:"long_connect_enable"`
// Description of the rule.
Description string `json:"description"`
// Direction of rule (0: Inbound, 1: Outbound).
Direction int `json:"direction"`
// Source address Data Transport Object.
Source RuleAddressDtoResponse `json:"source"`
// Destination address Data Transport Object.
Destination RuleAddressDtoResponse `json:"destination"`
// Service object associated with the rule.
Service RuleServiceDtoResponse `json:"service"`
// Rule type: 0 (Internet border rule), 1 (inter-VPC rule), or 2 (NAT rule).
Type string `json:"type"`
// Rule creation time, for example, 2024-08-12 08:40:00.
CreatedDate string `json:"created_date"`
// Last time when the rule was enabled, for example, 2024-08-12 08:40:00.
LastOpenTime string `json:"last_open_time"`
// Tag object attached to a rule.
Tag TagsVOResponse `json:"tag"`
}
func GetACLRule ¶
func GetACLRule(client *golangsdk.ServiceClient, objectId string, ruleName string) (*ACLRule, error)
This function is used to query a protection rule. Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the Get function in management package. In the return value, find the ID in ProtectObjects[n].ObjectID. If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border.
func ListACLRules ¶
func ListACLRules(client *golangsdk.ServiceClient, objectId string) ([]ACLRule, error)
This function is used to query all protection rules. Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the Get function in management package. In the return value, find the ID in ProtectObjects[n].ObjectID. If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border.
type ACLRuleQueryResponseData ¶
type ACLRuleQueryResponseData struct {
// The maximum number of records to return
Limit int `json:"limit"`
// The offset of the first record to return
Offset int `json:"offset"`
// The total number of rules
Total int `json:"total"`
// TProtected object ID, which is used to distinguish Internet border protection from VPC border protection after a CFW instance is created
ObjectID string `json:"object_id"`
// The list of firewall instance records
Records []ACLRule `json:"records"`
}
type CreateACLRuleOpts ¶
type CreateACLRuleOpts struct {
// Protected object ID, which is used to distinguish between Internet border protection and VPC border protection
// after a cloud firewall is created. You can obtain the ID by calling the Get function in management package.
// In the return value, find the ID in ProtectObjects[n].ObjectID.
// If the value of type is 0, the protected object ID belongs to the Internet border.
// If the value of type is 1, the protected object ID belongs to the VPC border.
ObjectID string `json:"object_id" required:"true"`
// Rule type: 0 (Internet border rule), 1 (inter-VPC rule), or 2 (NAT rule).
// When type is set to 0, the source and destination addresses of the rule
// must be EIPs or domain names of the public network.
// For an inter-VPC rule, the source and destination addresses must be private IP addresses.
// For a NAT rule, the source address must be a private IP address, and the destination address
// must be an EIP or domain name of the public network.
Type *int `json:"type" required:"true"`
// Rules in a rule addition request.
Rules []Rule `json:"rules" required:"true"`
}
type CreateResponse ¶
type CreateResponse struct {
// Data of the return value for creating a rule.
Data RuleIdList `json:"data"`
}
type GetQueryParameters ¶
type GetQueryParameters struct {
// Protected object ID, which is used to distinguish between Internet border protection and VPC border protection
// after a cloud firewall is created. You can obtain the ID by calling the Get function in management package.
// In the return value, find the ID in ProtectObjects[n].ObjectID.
// If the value of type is 0, the protected object ID belongs to the Internet border.
// If the value of type is 1, the protected object ID belongs to the VPC border.
ObjectID string `q:"object_id" required:"true"`
// Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.
Offset string `q:"offset" required:"true"`
// Number of records displayed on each page. The value ranges from 1 to 1024.
Limit int `q:"limit" required:"true"`
// Rule name.
Name string `q:"name,omitempty"`
}
type GetResponse ¶
type GetResponse struct {
// Return value for querying the rule list.
Data ACLRuleQueryResponseData `json:"data"`
}
type IpRegionDto ¶
type IpRegionDtoResponse ¶
type ListQueryParameters ¶
type ListQueryParameters struct {
// Protected object ID, which is used to distinguish between Internet border protection and VPC border protection
// after a cloud firewall is created. You can obtain the ID by calling the Get function in management package.
// In the return value, find the ID in ProtectObjects[n].ObjectID.
// If the value of type is 0, the protected object ID belongs to the Internet border.
// If the value of type is 1, the protected object ID belongs to the VPC border.
ObjectID string `q:"object_id" required:"true"`
// Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0.
Offset string `q:"offset" required:"true"`
// Number of records displayed on each page. The value ranges from 1 to 1024.
Limit int `q:"limit" required:"true"`
}
type ListResponse ¶
type ListResponse struct {
// Return value for querying the rule list.
Data ACLRuleQueryResponseData `json:"data"`
}
type OrderRuleAclDto ¶
type OrderRuleAclDto struct {
// ID of the target rule. The added rule is placed after this rule.
// This parameter cannot be left blank when the added rule is not pinned on top,
// and can be left blank when the added rule is pinned on top.
DestRuleId string `json:"dest_rule_id,omitempty"`
// Whether to pin on top: 0 (no), 1 (yes).
Top *int `json:"top,omitempty"`
// Whether to pin the rule to the bottom (0: No, 1: Yes).
Bottom *int `json:"bottom,omitempty"`
}
OrderRuleAclDto represents the ordering of rule actions.
type OrderRuleId ¶
type OrderRuleId struct {
// Rule ID
ID string `json:"id"`
}
type Rule ¶
type Rule struct {
// Rule name.
Name string `json:"name" required:"true"`
// Request body for changing the rule sequence.
Sequence OrderRuleAclDto `json:"sequence" required:"true"`
// Internet protocol type of an address (0: IPv4, 1: IPv6).
AddressType *int `json:"address_type" required:"true"`
// Rule action (0: Permit, 1: Deny).
ActionType *int `json:"action_type" required:"true"`
// Rule status (0: Disabled, 1: Enabled)
Status *int `json:"status" required:"true"`
// Rule application list. Rule application type:
// HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP.
Applications []string `json:"applications,omitempty"`
// JSON string converted from the applications field in the application list.
ApplicationsJsonString string `json:"applicationsJsonString,omitempty"`
// Persistent connection duration.
LongConnectTime int64 `json:"long_connect_time,omitempty"`
// Persistent connection duration (hour).
LongConnectTimeHour int64 `json:"long_connect_time_hour,omitempty"`
// Persistent connection duration (minutes).
LongConnectTimeMinute int64 `json:"long_connect_time_minute,omitempty"`
// Persistent connection duration (seconds).
LongConnectTimeSecond int64 `json:"long_connect_time_second,omitempty"`
// Whether to enable long connection (0: No, 1: Yes).
LongConnectEnable *int `json:"long_connect_enable" required:"true"`
// Description of the rule.
Description string `json:"description,omitempty"`
// Direction of rule (0: Inbound, 1: Outbound). This parameter is mandatory when type is set to 0 (Internet rule) or 2 (NAT rule).
Direction *int `json:"direction,omitempty"`
// Source address Data Transport Object.
Source RuleAddressDtoRequest `json:"source" required:"true"`
// Destination address Data Transport Object.
Destination RuleAddressDtoRequest `json:"destination" required:"true"`
// Service object associated with the rule.
Service RuleServiceDto `json:"service" required:"true"`
// Tag object attached to a rule.
Tag *TagsVO `json:"tag,omitempty"`
}
type RuleAddressDtoRequest ¶
type RuleAddressDtoRequest struct {
// Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name),
// 3 (geographical location), 4 (domain name group) 5 (multiple objects),
// 6 (domain name group - network), 7 (domain name group - application).
Type *int `json:"type" required:"true"`
// Internet protocol type of an address (0: IPv4, 1: IPv6).
// If type is 0, this parameter cannot be left blank.
AddressType *int `json:"address_type,omitempty"`
// IP address information. It cannot be left blank if type is set to 0.
Address string `json:"address,omitempty"`
// ID of an associated IP address group. This parameter cannot be left blank when type is set to 1.
AddressSetID string `json:"address_set_id,omitempty"`
// Name of an associated IP address.
// Name of an associated IP address group. This parameter cannot be left blank when type is set to 1.
AddressSetName string `json:"address_set_name,omitempty"`
// Name of a domain name address. This parameter is valid when type is set to 2 (domain name) or 7 (application domain name group).
DomainAddressName string `json:"domain_address_name,omitempty"`
// JSON value of the rule region list.
RegionListJson string `json:"region_list_json,omitempty"`
// Rule region list.
RegionList []IpRegionDto `json:"region_list,omitempty"`
// Domain group ID. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application).
DomainSetID string `json:"domain_set_id,omitempty"`
// Domain group name. The value cannot be left blank when type is set to 4 (domain name group) or 7 (domain name group - application).
DomainSetName string `json:"domain_set_name,omitempty"`
// IP address list. This parameter cannot be left blank when type is set to 5 (multiple objects).
IPAddresses []string `json:"ip_address,omitempty"`
// Address group type. It cannot be left blank when type is set to 1 (associated IP address group).
// It value can be 0 (user-defined address group), 1 (WAF back-to-source IP address group),
// 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group).
AddressSetType *int `json:"address_set_type,omitempty"`
// Pre-defined address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects).
PredefinedGroup []string `json:"predefined_group,omitempty"`
// Address group ID list. This parameter cannot be left blank when type is set to 5 (multiple objects).
AddressGroup []string `json:"address_group,omitempty"`
}
Note for devs: This struct is almost same in create and update api with the exception of additional redundant parameter "address_group_names" in Update of type []AddressGroupVO which can be replaced easily by "address_group" parameter.
type RuleAddressDtoResponse ¶
type RuleAddressDtoResponse struct {
// Address type: 0 (manual input), 1 (associated IP address group), 2 (domain name),
// 3 (geographical location), 4 (domain name group) 5 (multiple objects),
// 6 (domain name group - network), 7 (domain name group - application).
Type int `json:"type"`
// Internet protocol type of an address (0: IPv4, 1: IPv6).
AddressType int `json:"address_type"`
// IP address information.
Address string `json:"address"`
// ID of an associated IP address group.
AddressSetID string `json:"address_set_id"`
// Name of an associated IP address.
AddressSetName string `json:"address_set_name"`
// Name of a domain name address.
DomainAddressName string `json:"domain_address_name"`
// JSON value of the rule region list.
RegionListJson string `json:"region_list_json"`
// Rule region list.
RegionList []IpRegionDtoResponse `json:"region_list"`
// Domain group ID.
DomainSetID string `json:"domain_set_id"`
// Domain group name.
DomainSetName string `json:"domain_set_name"`
// IP address list.
IPAddresses []string `json:"ip_address"`
// Address group ID list.
AddressGroup []string `json:"address_group"`
// Address group type.
// It value can be 0 (user-defined address group), 1 (WAF back-to-source IP address group),
// 2 (DDoS back-to-source IP address group), or 3 (NAT64 address group).
AddressSetType int `json:"address_set_type"`
}
type RuleId ¶
########################## RESPONSE STRUCTS ##############################
func CreateACLRule ¶
func CreateACLRule(client *golangsdk.ServiceClient, opts CreateACLRuleOpts) ([]RuleId, error)
This function is used to create an ACL rule.
func UpdateACLRule ¶
func UpdateACLRule(client *golangsdk.ServiceClient, ruleId string, opts UpdateACLRuleOpts) (*RuleId, error)
This function is used to update an ACL rule.
type RuleIdList ¶
type RuleIdList struct {
// Rule ID list
Rules []RuleId `json:"rules"`
}
type RuleServiceDto ¶
type RuleServiceDto struct {
// Service input type (0: manual, 1: automatic).
Type *int `json:"type" required:"true"`
// Protocol type (6: TCP, 17: UDP, 1: ICMP, 58: ICMPv6, -1: any).
// It cannot be left blank when type is set to 0 (manual).
Protocol int `json:"protocol,omitempty"`
// List of protocols (6: TCP, 17: UDP, 1: ICMP, 58: ICMPv6, -1: any).
// It cannot be left blank when type is set to 0 (manual).
Protocols []int `json:"protocols,omitempty"`
// Source port.
SourcePort string `json:"source_port,omitempty"`
// Destination port.
DestPort string `json:"dest_port,omitempty"`
// Service group ID. This parameter cannot be left blank when type is set to 1 (associated IP address group).
ServiceSetID string `json:"service_set_id,omitempty"`
// Service group name. This parameter cannot be left blank when type is set to 1 (associated IP address group).
ServiceSetName string `json:"service_set_name,omitempty"`
// Custom service list.
CustomService []ServiceItem `json:"custom_service,omitempty"`
// Predefined service group ID list.
PredefinedGroup []string `json:"predefined_group,omitempty"`
// Service group ID list.
ServiceGroup []string `json:"service_group,omitempty"`
// Service group name list.
ServiceGroupNames []ServiceGroupVO `json:"service_group_names,omitempty"`
// Service group type (0: user-defined service group, 1: common web service, 2: common remote login & ping, 3: common database).
ServiceSetType *int `json:"service_set_type,omitempty"`
}
type RuleServiceDtoResponse ¶
type RuleServiceDtoResponse struct {
// Service input type (0: manual, 1: automatic).
Type int `json:"type"`
// Protocol type (6: TCP, 17: UDP, 1: ICMP, 58: ICMPv6, -1: any).
Protocol int `json:"protocol"`
// List of protocols (6: TCP, 17: UDP, 1: ICMP, 58: ICMPv6, -1: any).
Protocols []int `json:"protocols"`
// Source port.
SourcePort string `json:"source_port"`
// Destination port.
DestPort string `json:"dest_port"`
// Service group ID.
ServiceSetID string `json:"service_set_id"`
// Service group name.
ServiceSetName string `json:"service_set_name"`
// Custom service list.
CustomService []ServiceItemResponse `json:"custom_service"`
// Service group ID list.
ServiceGroup []string `json:"service_group"`
// Service group name list.
ServiceGroupNames []ServiceGroupVOResponse `json:"service_group_names"`
// Service group type (0: user-defined service group, 1: common web service, 2: common remote login & ping, 3: common database).
ServiceSetType int `json:"service_set_type"`
}
type ServiceGroupVO ¶
type ServiceGroupVO struct {
// Service group name.
Name string `json:"name,omitempty"`
// Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any).
Protocols []int `json:"protocols,omitempty"`
// Service group type (0: user-defined service group, 1: predefined service group).
ServiceSetType *int `json:"service_set_type,omitempty"`
// Service group ID.
SetID string `json:"set_id,omitempty"`
}
type ServiceGroupVOResponse ¶
type ServiceGroupVOResponse struct {
// Service group name.
Name string `json:"name"`
// Protocol list. Protocol type: 6 (TCP), 17 (UDP), 1 (ICMP), 58 (ICMPv6), or -1 (any).
Protocols []int `json:"protocols"`
// Service group type (0: user-defined service group, 1: predefined service group).
ServiceSetType int `json:"service_set_type"`
// Service group ID.
SetID string `json:"set_id"`
}
type ServiceItem ¶
type ServiceItem struct {
// Protocol type (6: TCP, 17: UDP, 1: ICMP, 58: ICMPv6, -1: any).
// It cannot be left blank when RuleServiceDto.type is set to 0 (manual).
Protocol int `json:"protocol,omitempty"`
// Source port.
SourcePort string `json:"source_port,omitempty"`
// Destination port.
DestPort string `json:"dest_port,omitempty"`
// Service member description.
Description string `json:"description,omitempty"`
// Service member name.
Name string `json:"name,omitempty"`
}
type ServiceItemResponse ¶
type ServiceItemResponse struct {
// Protocol type (6: TCP, 17: UDP, 1: ICMP, 58: ICMPv6, -1: any).
Protocol int `json:"protocol"`
// Source port.
SourcePort string `json:"source_port"`
// Destination port.
DestPort string `json:"dest_port"`
// Service member description.
Description string `json:"description"`
// Service member name.
Name string `json:"name"`
}
type SetRulePriorityResponse ¶
type SetRulePriorityResponse struct {
// Data of the return value for updating priority
Data OrderRuleId `json:"data"`
}
type TagsVOResponse ¶
type UpdateACLRuleOpts ¶
type UpdateACLRuleOpts struct {
// Rule name.
Name string `json:"name,omitempty"`
// Internet protocol type of an address (0: IPv4, 1: IPv6).
AddressType *int `json:"address_type,omitempty"`
// Rule action (0: Permit, 1: Deny).
ActionType *int `json:"action_type,omitempty"`
// Rule status (0: Disabled, 1: Enabled)
Status *int `json:"status,omitempty"`
// Rule application list. Rule application type:
// HTTP, HTTPS, TLS1, DNS, SSH, MYSQL, SMTP, RDP, RDPS, VNC, POP3, IMAP4, SMTPS, POP3S, FTPS, ANY, or BGP.
Applications []string `json:"applications,omitempty"`
// JSON string converted from the applications field in the application list.
ApplicationsJsonString string `json:"applicationsJsonString,omitempty"`
// Persistent connection duration.
LongConnectTime int64 `json:"long_connect_time,omitempty"`
// Persistent connection duration (hour).
LongConnectTimeHour int64 `json:"long_connect_time_hour,omitempty"`
// Persistent connection duration (minutes).
LongConnectTimeMinute int64 `json:"long_connect_time_minute,omitempty"`
// Persistent connection duration (seconds).
LongConnectTimeSecond int64 `json:"long_connect_time_second,omitempty"`
// Whether to enable long connection (0: No, 1: Yes).
LongConnectEnable *int `json:"long_connect_enable,omitempty"`
// Description of the rule.
Description string `json:"description,omitempty"`
// Direction of rule (0: Inbound, 1: Outbound). This parameter is mandatory when type is set to 0 (Internet rule) or 2 (NAT rule).
Direction *int `json:"direction,omitempty"`
// Source address Data Transport Object.
Source *RuleAddressDtoRequest `json:"source,omitempty"`
// Destination address Data Transport Object.
Destination *RuleAddressDtoRequest `json:"destination,omitempty"`
// Service object associated with the rule.
Service *RuleServiceDto `json:"service,omitempty"`
// Rule type: 0 (Internet border rule), 1 (inter-VPC rule), or 2 (NAT rule).
Type *int `json:"type,omitempty"`
// Tag object attached to a rule.
Tag *TagsVO `json:"tag,omitempty"`
}
type UpdateResponse ¶
type UpdateResponse struct {
// Rule Data
Data RuleId `json:"data"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.