Add cloudprovider methods for ssl.
This commit is contained in:
Prashanth Balasubramanian
@@ -488,14 +488,15 @@ func (gce *GCECloud) EnsureLoadBalancer(name, region string, requestedIP net.IP,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if firewallNeedsUpdate {
|
if firewallNeedsUpdate {
|
||||||
|
desc := makeFirewallDescription(ipAddress)
|
||||||
// Unlike forwarding rules and target pools, firewalls can be updated
|
// Unlike forwarding rules and target pools, firewalls can be updated
|
||||||
// without needing to be deleted and recreated.
|
// without needing to be deleted and recreated.
|
||||||
if firewallExists {
|
if firewallExists {
|
||||||
if err := gce.updateFirewall(name, region, ipAddress, ports, hosts); err != nil {
|
if err := gce.updateFirewall(name, region, desc, "0.0.0.0/0", ports, hosts); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if err := gce.createFirewall(name, region, ipAddress, ports, hosts); err != nil {
|
if err := gce.createFirewall(name, region, desc, "0.0.0.0/0", ports, hosts); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -727,8 +728,8 @@ func (gce *GCECloud) createTargetPool(name, region string, hosts []*gceInstance,
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (gce *GCECloud) createFirewall(name, region, ipAddress string, ports []*api.ServicePort, hosts []*gceInstance) error {
|
func (gce *GCECloud) createFirewall(name, region, desc, srcRange string, ports []*api.ServicePort, hosts []*gceInstance) error {
|
||||||
firewall, err := gce.firewallObject(name, region, ipAddress, ports, hosts)
|
firewall, err := gce.firewallObject(name, region, desc, srcRange, ports, hosts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -745,8 +746,8 @@ func (gce *GCECloud) createFirewall(name, region, ipAddress string, ports []*api
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (gce *GCECloud) updateFirewall(name, region, ipAddress string, ports []*api.ServicePort, hosts []*gceInstance) error {
|
func (gce *GCECloud) updateFirewall(name, region, desc, srcRange string, ports []*api.ServicePort, hosts []*gceInstance) error {
|
||||||
firewall, err := gce.firewallObject(name, region, ipAddress, ports, hosts)
|
firewall, err := gce.firewallObject(name, region, desc, srcRange, ports, hosts)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
@@ -763,7 +764,7 @@ func (gce *GCECloud) updateFirewall(name, region, ipAddress string, ports []*api
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (gce *GCECloud) firewallObject(name, region, ipAddress string, ports []*api.ServicePort, hosts []*gceInstance) (*compute.Firewall, error) {
|
func (gce *GCECloud) firewallObject(name, region, desc, srcRange string, ports []*api.ServicePort, hosts []*gceInstance) (*compute.Firewall, error) {
|
||||||
allowedPorts := make([]string, len(ports))
|
allowedPorts := make([]string, len(ports))
|
||||||
for ix := range ports {
|
for ix := range ports {
|
||||||
allowedPorts[ix] = strconv.Itoa(ports[ix].Port)
|
allowedPorts[ix] = strconv.Itoa(ports[ix].Port)
|
||||||
@@ -774,9 +775,9 @@ func (gce *GCECloud) firewallObject(name, region, ipAddress string, ports []*api
|
|||||||
}
|
}
|
||||||
firewall := &compute.Firewall{
|
firewall := &compute.Firewall{
|
||||||
Name: makeFirewallName(name),
|
Name: makeFirewallName(name),
|
||||||
Description: makeFirewallDescription(ipAddress),
|
Description: desc,
|
||||||
Network: gce.networkURL,
|
Network: gce.networkURL,
|
||||||
SourceRanges: []string{"0.0.0.0/0"},
|
SourceRanges: []string{srcRange},
|
||||||
TargetTags: hostTags,
|
TargetTags: hostTags,
|
||||||
Allowed: []*compute.FirewallAllowed{
|
Allowed: []*compute.FirewallAllowed{
|
||||||
{
|
{
|
||||||
@@ -1036,6 +1037,94 @@ func (gce *GCECloud) deleteStaticIP(name, region string) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Firewall management: These methods are just passthrough to the existing
|
||||||
|
// internal firewall creation methods used to manage TCPLoadBalancer.
|
||||||
|
|
||||||
|
// GetFirewall returns the Firewall by name.
|
||||||
|
func (gce *GCECloud) GetFirewall(name string) (*compute.Firewall, error) {
|
||||||
|
return gce.service.Firewalls.Get(gce.projectID, name).Do()
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateFirewall creates the given firewall rule.
|
||||||
|
func (gce *GCECloud) CreateFirewall(name, desc, srcRange string, ports []int64, hostNames []string) error {
|
||||||
|
region, err := GetGCERegion(gce.localZone)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// TODO: This completely breaks modularity in the cloudprovider but the methods
|
||||||
|
// shared with the TCPLoadBalancer take api.ServicePorts.
|
||||||
|
svcPorts := []*api.ServicePort{}
|
||||||
|
for _, p := range ports {
|
||||||
|
svcPorts = append(svcPorts, &api.ServicePort{Port: int(p)})
|
||||||
|
}
|
||||||
|
hosts, err := gce.getInstancesByNames(hostNames)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.createFirewall(name, region, desc, srcRange, svcPorts, hosts)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteFirewall deletes the given firewall rule.
|
||||||
|
func (gce *GCECloud) DeleteFirewall(name string) error {
|
||||||
|
region, err := GetGCERegion(gce.localZone)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.deleteFirewall(name, region)
|
||||||
|
}
|
||||||
|
|
||||||
|
// UpdateFirewall applies the given firewall rule as an update to an existing
|
||||||
|
// firewall rule with the same name.
|
||||||
|
func (gce *GCECloud) UpdateFirewall(name, desc, srcRange string, ports []int64, hostNames []string) error {
|
||||||
|
region, err := GetGCERegion(gce.localZone)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// TODO: This completely breaks modularity in the cloudprovider but the methods
|
||||||
|
// shared with the TCPLoadBalancer take api.ServicePorts.
|
||||||
|
svcPorts := []*api.ServicePort{}
|
||||||
|
for _, p := range ports {
|
||||||
|
svcPorts = append(svcPorts, &api.ServicePort{Port: int(p)})
|
||||||
|
}
|
||||||
|
hosts, err := gce.getInstancesByNames(hostNames)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.updateFirewall(name, region, desc, srcRange, svcPorts, hosts)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Global static IP management
|
||||||
|
|
||||||
|
// ReserveGlobalStaticIP creates a global static IP.
|
||||||
|
// Caller is allocated a random IP if they do not specify an ipAddress. If an
|
||||||
|
// ipAddress is specified, it must belong to the current project, eg: an
|
||||||
|
// ephemeral IP associated with a global forwarding rule.
|
||||||
|
func (gce *GCECloud) ReserveGlobalStaticIP(name, ipAddress string) (address *compute.Address, err error) {
|
||||||
|
op, err := gce.service.GlobalAddresses.Insert(gce.projectID, &compute.Address{Name: name, Address: ipAddress}).Do()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if err := gce.waitForGlobalOp(op); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
// We have to get the address to know which IP was allocated for us.
|
||||||
|
return gce.service.GlobalAddresses.Get(gce.projectID, name).Do()
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteGlobalStaticIP deletes a global static IP by name.
|
||||||
|
func (gce *GCECloud) DeleteGlobalStaticIP(name string) error {
|
||||||
|
op, err := gce.service.GlobalAddresses.Delete(gce.projectID, name).Do()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.waitForGlobalOp(op)
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetGlobalStaticIP returns the global static IP by name.
|
||||||
|
func (gce *GCECloud) GetGlobalStaticIP(name string) (address *compute.Address, err error) {
|
||||||
|
return gce.service.GlobalAddresses.Get(gce.projectID, name).Do()
|
||||||
|
}
|
||||||
|
|
||||||
// UrlMap management
|
// UrlMap management
|
||||||
|
|
||||||
// GetUrlMap returns the UrlMap by name.
|
// GetUrlMap returns the UrlMap by name.
|
||||||
@@ -1137,6 +1226,101 @@ func (gce *GCECloud) ListTargetHttpProxies() (*compute.TargetHttpProxyList, erro
|
|||||||
return gce.service.TargetHttpProxies.List(gce.projectID).Do()
|
return gce.service.TargetHttpProxies.List(gce.projectID).Do()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TargetHttpsProxy management
|
||||||
|
|
||||||
|
// GetTargetHttpsProxy returns the UrlMap by name.
|
||||||
|
func (gce *GCECloud) GetTargetHttpsProxy(name string) (*compute.TargetHttpsProxy, error) {
|
||||||
|
return gce.service.TargetHttpsProxies.Get(gce.projectID, name).Do()
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateTargetHttpsProxy creates and returns a TargetHttpsProxy with the given UrlMap and SslCertificate.
|
||||||
|
func (gce *GCECloud) CreateTargetHttpsProxy(urlMap *compute.UrlMap, sslCert *compute.SslCertificate, name string) (*compute.TargetHttpsProxy, error) {
|
||||||
|
proxy := &compute.TargetHttpsProxy{
|
||||||
|
Name: name,
|
||||||
|
UrlMap: urlMap.SelfLink,
|
||||||
|
SslCertificates: []string{sslCert.SelfLink},
|
||||||
|
}
|
||||||
|
op, err := gce.service.TargetHttpsProxies.Insert(gce.projectID, proxy).Do()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if err = gce.waitForGlobalOp(op); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return gce.GetTargetHttpsProxy(name)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetUrlMapForTargetHttpsProxy sets the given UrlMap for the given TargetHttpsProxy.
|
||||||
|
func (gce *GCECloud) SetUrlMapForTargetHttpsProxy(proxy *compute.TargetHttpsProxy, urlMap *compute.UrlMap) error {
|
||||||
|
op, err := gce.service.TargetHttpsProxies.SetUrlMap(gce.projectID, proxy.Name, &compute.UrlMapReference{UrlMap: urlMap.SelfLink}).Do()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.waitForGlobalOp(op)
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetSslCertificateForTargetHttpsProxy sets the given SslCertificate for the given TargetHttpsProxy.
|
||||||
|
func (gce *GCECloud) SetSslCertificateForTargetHttpsProxy(proxy *compute.TargetHttpsProxy, sslCert *compute.SslCertificate) error {
|
||||||
|
op, err := gce.service.TargetHttpsProxies.SetSslCertificates(gce.projectID, proxy.Name, &compute.TargetHttpsProxiesSetSslCertificatesRequest{SslCertificates: []string{sslCert.SelfLink}}).Do()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.waitForGlobalOp(op)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteTargetHttpsProxy deletes the TargetHttpsProxy by name.
|
||||||
|
func (gce *GCECloud) DeleteTargetHttpsProxy(name string) error {
|
||||||
|
op, err := gce.service.TargetHttpsProxies.Delete(gce.projectID, name).Do()
|
||||||
|
if err != nil {
|
||||||
|
if isHTTPErrorCode(err, http.StatusNotFound) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.waitForGlobalOp(op)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListTargetHttpsProxies lists all TargetHttpsProxies in the project.
|
||||||
|
func (gce *GCECloud) ListTargetHttpsProxies() (*compute.TargetHttpsProxyList, error) {
|
||||||
|
return gce.service.TargetHttpsProxies.List(gce.projectID).Do()
|
||||||
|
}
|
||||||
|
|
||||||
|
// SSL Certificate management
|
||||||
|
|
||||||
|
// GetSslCertificate returns the SslCertificate by name.
|
||||||
|
func (gce *GCECloud) GetSslCertificate(name string) (*compute.SslCertificate, error) {
|
||||||
|
return gce.service.SslCertificates.Get(gce.projectID, name).Do()
|
||||||
|
}
|
||||||
|
|
||||||
|
// CreateSslCertificate creates and returns a SslCertificate.
|
||||||
|
func (gce *GCECloud) CreateSslCertificate(sslCerts *compute.SslCertificate) (*compute.SslCertificate, error) {
|
||||||
|
op, err := gce.service.SslCertificates.Insert(gce.projectID, sslCerts).Do()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
if err = gce.waitForGlobalOp(op); err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return gce.GetSslCertificate(sslCerts.Name)
|
||||||
|
}
|
||||||
|
|
||||||
|
// DeleteSslCertificate deletes the SslCertificate by name.
|
||||||
|
func (gce *GCECloud) DeleteSslCertificate(name string) error {
|
||||||
|
op, err := gce.service.SslCertificates.Delete(gce.projectID, name).Do()
|
||||||
|
if err != nil {
|
||||||
|
if isHTTPErrorCode(err, http.StatusNotFound) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return gce.waitForGlobalOp(op)
|
||||||
|
}
|
||||||
|
|
||||||
|
// ListSslCertificates lists all SslCertificates in the project.
|
||||||
|
func (gce *GCECloud) ListSslCertificates() (*compute.SslCertificateList, error) {
|
||||||
|
return gce.service.SslCertificates.List(gce.projectID).Do()
|
||||||
|
}
|
||||||
|
|
||||||
// GlobalForwardingRule management
|
// GlobalForwardingRule management
|
||||||
|
|
||||||
// CreateGlobalForwardingRule creates and returns a GlobalForwardingRule that points to the given TargetHttpProxy.
|
// CreateGlobalForwardingRule creates and returns a GlobalForwardingRule that points to the given TargetHttpProxy.
|
||||||
|
|||||||
Reference in New Issue
Block a user