diff --git a/apis/network/v1alpha3/register.go b/apis/network/v1alpha3/register.go index a169787d..16948463 100644 --- a/apis/network/v1alpha3/register.go +++ b/apis/network/v1alpha3/register.go @@ -53,7 +53,16 @@ var ( SubnetGroupVersionKind = SchemeGroupVersion.WithKind(SubnetKind) ) +// AzureFirewall type Metadata. +var ( + AzureFirewallKind = reflect.TypeOf(AzureFirewall{}).Name() + AzureFirewallGroupKind = schema.GroupKind{Group: Group, Kind: AzureFirewallKind}.String() + AzureFirewallKindAPIVersion = AzureFirewallKind + "." + SchemeGroupVersion.String() + AzureFirewallGroupVersionKind = SchemeGroupVersion.WithKind(AzureFirewallKind) +) + func init() { SchemeBuilder.Register(&VirtualNetwork{}, &VirtualNetworkList{}) SchemeBuilder.Register(&Subnet{}, &SubnetList{}) + SchemeBuilder.Register(&AzureFirewall{}, &AzureFirewallList{}) } diff --git a/apis/network/v1alpha3/types.go b/apis/network/v1alpha3/types.go index a1d57d3b..a1da4ac0 100644 --- a/apis/network/v1alpha3/types.go +++ b/apis/network/v1alpha3/types.go @@ -89,7 +89,7 @@ type VirtualNetworkStatus struct { // ID of this VirtualNetwork. ID string `json:"id,omitempty"` - // Etag - A unique read-only string that changes whenever the resource is + // Etag - A unique string that changes whenever the resource is // updated. Etag string `json:"etag,omitempty"` @@ -225,3 +225,294 @@ type SubnetList struct { metav1.ListMeta `json:"metadata,omitempty"` Items []Subnet `json:"items"` } + +//Azure Firewall Structs +// +kubebuilder:object:root=true +// A AzureFirewall is a managed resource that represents an Azure Firewall +// +kubebuilder:printcolumn:name="READY",type="string",JSONPath=".status.conditions[?(@.type=='Ready')].status" +// +kubebuilder:printcolumn:name="SYNCED",type="string",JSONPath=".status.conditions[?(@.type=='Synced')].status" +// +kubebuilder:printcolumn:name="STATE",type="string",JSONPath=".status.state" +// +kubebuilder:printcolumn:name="LOCATION",type="string",JSONPath=".spec.location" +// +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Cluster,categories={crossplane,managed,azure} +type AzureFirewall struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec AzureFirewallSpec `json:"spec"` + Status AzureFirewallStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// AzureFirewallList contains a list of Security Groups +type AzureFirewallList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AzureFirewall `json:"items"` +} + +// A AzureFirewallSpec defines the desired state of a AzureFirewall. +type AzureFirewallSpec struct { + runtimev1alpha1.ResourceSpec `json:",inline"` + + // ResourceGroupName - Name of the SecurityGroup's resource group. + ResourceGroupName string `json:"resourceGroupName,omitempty"` + + // ResourceGroupNameRef - A reference to the the SecurityGroup's resource + // group. + ResourceGroupNameRef *runtimev1alpha1.Reference `json:"resourceGroupNameRef,omitempty"` + + // ResourceGroupNameSelector - Select a reference to the the Azure Firewall + // resource group. + ResourceGroupNameSelector *runtimev1alpha1.Selector `json:"resourceGroupNameSelector,omitempty"` + + // Location - Resource location. + Location string `json:"location"` + + // AzureFirewallPropertiesFormat - Properties of AzureFirewall + AzureFirewallPropertiesFormat `json:"properties,omitempty"` + + // Tags - Resource tags. + // +optional + Tags map[string]string `json:"tags,omitempty"` + + // Zones - A list of availability zones denoting where the resource needs to come from. + Zones []string `json:"zones,omitempty"` + + // Etag - Gets a unique string that changes whenever the resource is updated. + Etag string `json:"etag,omitempty"` + + // ID - Resource ID. + ID string `json:"id,omitempty"` + + // Name - Resource name. + Name string `json:"name,omitempty"` + + // Type - Resource type. + Type string `json:"type,omitempty"` +} + +// AzureFirewallPropertiesFormat properties of the Azure Firewall. +type AzureFirewallPropertiesFormat struct { + // ApplicationRuleCollections - Collection of application rule collections used by Azure Firewall. + ApplicationRuleCollections *[]AzureFirewallApplicationRuleCollection `json:"applicationRuleCollections,omitempty"` + // NatRuleCollections - Collection of NAT rule collections used by Azure Firewall. + NatRuleCollections *[]AzureFirewallNatRuleCollection `json:"natRuleCollections,omitempty"` + // NetworkRuleCollections - Collection of network rule collections used by Azure Firewall. + NetworkRuleCollections *[]AzureFirewallNetworkRuleCollection `json:"networkRuleCollections,omitempty"` + // IPConfigurations - IP configuration of the Azure Firewall resource. + IPConfigurations *[]AzureFirewallIPConfiguration `json:"ipConfigurations,omitempty"` + // ProvisioningState - The provisioning state of the resource. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed' + ProvisioningState string `json:"provisioningState,omitempty"` + // ThreatIntelMode - The operation mode for Threat Intelligence. Possible values include: 'AzureFirewallThreatIntelModeAlert', 'AzureFirewallThreatIntelModeDeny', 'AzureFirewallThreatIntelModeOff' + ThreatIntelMode string `json:"threatIntelMode,omitempty"` + // VirtualHub - The virtualHub to which the firewall belongs. + VirtualHub *SubResource `json:"virtualHub,omitempty"` + // FirewallPolicy - The firewallPolicy associated with this azure firewall. + FirewallPolicy *SubResource `json:"firewallPolicy,omitempty"` + // HubIPAddresses - IP addresses associated with AzureFirewall. + HubIPAddresses *HubIPAddresses `json:"hubIpAddresses,omitempty"` +} + +// AzureFirewallApplicationRuleCollection application rule collection resource. +type AzureFirewallApplicationRuleCollection struct { + // AzureFirewallApplicationRuleCollectionPropertiesFormat - Properties of the azure firewall application rule collection. + Properties AzureFirewallApplicationRuleCollectionPropertiesFormat `json:"properties,omitempty"` + // Name - Gets name of the resource that is unique within a resource group. This name can be used to access the resource. + Name string `json:"name,omitempty"` + // Etag - READ-ONLY; Gets a unique read-only string that changes whenever the resource is updated. + Etag string `json:"etag,omitempty"` + // ID - Resource ID. + ID string `json:"id,omitempty"` +} + +// AzureFirewallApplicationRuleCollectionPropertiesFormat properties of the application rule collection. +type AzureFirewallApplicationRuleCollectionPropertiesFormat struct { + // Priority - Priority of the application rule collection resource. + Priority int32 `json:"priority,omitempty"` + // Action - The action type of a rule collection. + Action string `json:"action,omitempty"` + // Rules - Collection of rules used by a application rule collection. + Rules []AzureFirewallApplicationRule `json:"rules,omitempty"` + // ProvisioningState - The provisioning state of the resource. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed' + ProvisioningState string `json:"provisioningState,omitempty"` +} + +// AzureFirewallApplicationRule properties of an application rule. +type AzureFirewallApplicationRule struct { + // Name - Name of the application rule. + Name string `json:"name,omitempty"` + // Description - Description of the rule. + Description string `json:"description,omitempty"` + // SourceAddresses - List of source IP addresses for this rule. + SourceAddresses []string `json:"sourceAddresses,omitempty"` + // Protocols - Array of ApplicationRuleProtocols. + Protocols []AzureFirewallApplicationRuleProtocol `json:"protocols,omitempty"` + // TargetFqdns - List of FQDNs for this rule. + TargetFqdns []string `json:"targetFqdns,omitempty"` + // FqdnTags - List of FQDN Tags for this rule. + FqdnTags []string `json:"fqdnTags,omitempty"` +} + +// AzureFirewallApplicationRuleProtocol properties of the application rule protocol. +type AzureFirewallApplicationRuleProtocol struct { + // ProtocolType - Protocol type. Possible values include: 'AzureFirewallApplicationRuleProtocolTypeHTTP', 'AzureFirewallApplicationRuleProtocolTypeHTTPS' + ProtocolType string `json:"protocolType,omitempty"` + // Port - Port number for the protocol, cannot be greater than 64000. This field is optional. + Port int32 `json:"port,omitempty"` +} + +// AzureFirewallIPConfiguration IP configuration of an Azure Firewall. +type AzureFirewallIPConfiguration struct { + // AzureFirewallIPConfigurationPropertiesFormat - Properties of the azure firewall IP configuration. + AzureFirewallIPConfigurationPropertiesFormat AzureFirewallIPConfigurationPropertiesFormat `json:"properties,omitempty"` + // Name - Name of the resource that is unique within a resource group. This name can be used to access the resource. + Name *string `json:"name,omitempty"` + // Etag - A unique string that changes whenever the resource is updated. + Etag *string `json:"etag,omitempty"` + // ID - Resource ID. + ID *string `json:"id,omitempty"` +} + +// AzureFirewallIPConfigurationPropertiesFormat properties of IP configuration of an Azure Firewall. +type AzureFirewallIPConfigurationPropertiesFormat struct { + // PrivateIPAddress - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes. + PrivateIPAddress *string `json:"privateIPAddress,omitempty"` + // Subnet - Reference of the subnet resource. This resource must be named 'AzureFirewallSubnet'. + Subnet *SubResource `json:"subnet,omitempty"` + // PublicIPAddress - Reference of the PublicIP resource. This field is a mandatory input if subnet is not null. + PublicIPAddress *SubResource `json:"publicIPAddress,omitempty"` + // ProvisioningState - The provisioning state of the resource. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed' + ProvisioningState *string `json:"provisioningState,omitempty"` +} + +// SubResource reference to another subresource. +type SubResource struct { + // ID - Resource ID. + ID string `json:"id,omitempty"` +} + +// HubIPAddresses IP addresses associated with azure firewall. +type HubIPAddresses struct { + // PublicIPAddresses - List of Public IP addresses associated with azure firewall. + PublicIPAddresses []AzureFirewallPublicIPAddress `json:"publicIPAddresses,omitempty"` + // PrivateIPAddress - Private IP Address associated with azure firewall. + PrivateIPAddress string `json:"privateIPAddress,omitempty"` +} + +// AzureFirewallPublicIPAddress public IP Address associated with azure firewall. +type AzureFirewallPublicIPAddress struct { + // Address - Public IP Address value. + Address *string `json:"address,omitempty"` +} + +// A AzureFirewallStatus represents theĀ observed status of a AzureFirewall. +type AzureFirewallStatus struct { + runtimev1alpha1.ResourceStatus `json:",inline"` + + // State of this SecurityGroup. + State string `json:"state,omitempty"` + + // A Message providing detail about the state of this AzureFirewall, if + // any. + Message string `json:"message,omitempty"` + + // ID of this AzureFirewall. + ID string `json:"id,omitempty"` + + // Etag - A unique string that changes whenever the resource is + // updated. + Etag string `json:"etag,omitempty"` + + // ResourceGUID - The GUID of this AzureFirewall. + ResourceGUID string `json:"resourceGuid,omitempty"` + + // Type of this AzureFirewall. + Type string `json:"type,omitempty"` +} + +//Rules Structs +// AzureFirewallNatRule properties of a NAT rule. +type AzureFirewallNatRule struct { + // Name - Name of the NAT rule. + Name string `json:"name,omitempty"` + // Description - Description of the rule. + Description string `json:"description,omitempty"` + // SourceAddresses - List of source IP addresses for this rule. + SourceAddresses []string `json:"sourceAddresses,omitempty"` + // DestinationAddresses - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags. + DestinationAddresses []string `json:"destinationAddresses,omitempty"` + // DestinationPorts - List of destination ports. + DestinationPorts []string `json:"destinationPorts,omitempty"` + // Protocols - Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule. + Protocols []string `json:"protocols,omitempty"` + // TranslatedAddress - The translated address for this NAT rule. + TranslatedAddress string `json:"translatedAddress,omitempty"` + // TranslatedPort - The translated port for this NAT rule. + TranslatedPort string `json:"translatedPort,omitempty"` +} + +// AzureFirewallNatRuleCollectionProperties properties of the NAT rule collection. +type AzureFirewallNatRuleCollectionProperties struct { + // Priority - Priority of the NAT rule collection resource. + Priority int32 `json:"priority,omitempty"` + // Action - The action type of a NAT rule collection. + Action string `json:"action,omitempty"` + // Rules - Collection of rules used by a NAT rule collection. + Rules []AzureFirewallNatRule `json:"rules,omitempty"` + // ProvisioningState - The provisioning state of the resource. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed' + ProvisioningState string `json:"provisioningState,omitempty"` +} + +// AzureFirewallNatRuleCollection NAT rule collection resource. +type AzureFirewallNatRuleCollection struct { + // AzureFirewallNatRuleCollectionProperties - Properties of the azure firewall NAT rule collection. + Properties AzureFirewallNatRuleCollectionProperties `json:"properties,omitempty"` + // Name - Gets name of the resource that is unique within a resource group. This name can be used to access the resource. + Name string `json:"name,omitempty"` + // Etag - Gets a unique string that changes whenever the resource is updated. + Etag string `json:"etag,omitempty"` + // ID - Resource ID. + ID string `json:"id,omitempty"` +} + +// AzureFirewallNetworkRuleCollection network rule collection resource. +type AzureFirewallNetworkRuleCollection struct { + // AzureFirewallNetworkRuleCollectionPropertiesFormat - Properties of the azure firewall network rule collection. + Properties AzureFirewallNetworkRuleCollectionPropertiesFormat `json:"properties,omitempty"` + // Name - Gets name of the resource that is unique within a resource group. This name can be used to access the resource. + Name string `json:"name,omitempty"` + // Etag - Gets a unique string that changes whenever the resource is updated. + Etag string `json:"etag,omitempty"` + // ID - Resource ID. + ID string `json:"id,omitempty"` +} + +// AzureFirewallNetworkRuleCollectionPropertiesFormat properties of the network rule collection. +type AzureFirewallNetworkRuleCollectionPropertiesFormat struct { + // Priority - Priority of the network rule collection resource. + Priority int32 `json:"priority,omitempty"` + // Action - The action type of a rule collection. + Action string `json:"action,omitempty"` + // Rules - Collection of rules used by a network rule collection. + Rules []AzureFirewallNetworkRule `json:"rules,omitempty"` + // ProvisioningState - The provisioning state of the resource. Possible values include: 'Succeeded', 'Updating', 'Deleting', 'Failed' + ProvisioningState string `json:"provisioningState,omitempty"` +} + +// AzureFirewallNetworkRule properties of the network rule. +type AzureFirewallNetworkRule struct { + // Name - Name of the network rule. + Name string `json:"name,omitempty"` + // Description - Description of the rule. + Description string `json:"description,omitempty"` + // Protocols - Array of AzureFirewallNetworkRuleProtocols. + Protocols []string `json:"protocols,omitempty"` + // SourceAddresses - List of source IP addresses for this rule. + SourceAddresses []string `json:"sourceAddresses,omitempty"` + // DestinationAddresses - List of destination IP addresses. + DestinationAddresses []string `json:"destinationAddresses,omitempty"` + // DestinationPorts - List of destination ports. + DestinationPorts []string `json:"destinationPorts,omitempty"` +} diff --git a/apis/network/v1alpha3/zz_generated.deepcopy.go b/apis/network/v1alpha3/zz_generated.deepcopy.go index dbc22f7c..8820cbc1 100644 --- a/apis/network/v1alpha3/zz_generated.deepcopy.go +++ b/apis/network/v1alpha3/zz_generated.deepcopy.go @@ -45,6 +45,536 @@ func (in *AddressSpace) DeepCopy() *AddressSpace { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewall) DeepCopyInto(out *AzureFirewall) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewall. +func (in *AzureFirewall) DeepCopy() *AzureFirewall { + if in == nil { + return nil + } + out := new(AzureFirewall) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AzureFirewall) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallApplicationRule) DeepCopyInto(out *AzureFirewallApplicationRule) { + *out = *in + if in.SourceAddresses != nil { + in, out := &in.SourceAddresses, &out.SourceAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Protocols != nil { + in, out := &in.Protocols, &out.Protocols + *out = make([]AzureFirewallApplicationRuleProtocol, len(*in)) + copy(*out, *in) + } + if in.TargetFqdns != nil { + in, out := &in.TargetFqdns, &out.TargetFqdns + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.FqdnTags != nil { + in, out := &in.FqdnTags, &out.FqdnTags + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallApplicationRule. +func (in *AzureFirewallApplicationRule) DeepCopy() *AzureFirewallApplicationRule { + if in == nil { + return nil + } + out := new(AzureFirewallApplicationRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallApplicationRuleCollection) DeepCopyInto(out *AzureFirewallApplicationRuleCollection) { + *out = *in + in.Properties.DeepCopyInto(&out.Properties) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallApplicationRuleCollection. +func (in *AzureFirewallApplicationRuleCollection) DeepCopy() *AzureFirewallApplicationRuleCollection { + if in == nil { + return nil + } + out := new(AzureFirewallApplicationRuleCollection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallApplicationRuleCollectionPropertiesFormat) DeepCopyInto(out *AzureFirewallApplicationRuleCollectionPropertiesFormat) { + *out = *in + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]AzureFirewallApplicationRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallApplicationRuleCollectionPropertiesFormat. +func (in *AzureFirewallApplicationRuleCollectionPropertiesFormat) DeepCopy() *AzureFirewallApplicationRuleCollectionPropertiesFormat { + if in == nil { + return nil + } + out := new(AzureFirewallApplicationRuleCollectionPropertiesFormat) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallApplicationRuleProtocol) DeepCopyInto(out *AzureFirewallApplicationRuleProtocol) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallApplicationRuleProtocol. +func (in *AzureFirewallApplicationRuleProtocol) DeepCopy() *AzureFirewallApplicationRuleProtocol { + if in == nil { + return nil + } + out := new(AzureFirewallApplicationRuleProtocol) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallIPConfiguration) DeepCopyInto(out *AzureFirewallIPConfiguration) { + *out = *in + in.AzureFirewallIPConfigurationPropertiesFormat.DeepCopyInto(&out.AzureFirewallIPConfigurationPropertiesFormat) + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Etag != nil { + in, out := &in.Etag, &out.Etag + *out = new(string) + **out = **in + } + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallIPConfiguration. +func (in *AzureFirewallIPConfiguration) DeepCopy() *AzureFirewallIPConfiguration { + if in == nil { + return nil + } + out := new(AzureFirewallIPConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallIPConfigurationPropertiesFormat) DeepCopyInto(out *AzureFirewallIPConfigurationPropertiesFormat) { + *out = *in + if in.PrivateIPAddress != nil { + in, out := &in.PrivateIPAddress, &out.PrivateIPAddress + *out = new(string) + **out = **in + } + if in.Subnet != nil { + in, out := &in.Subnet, &out.Subnet + *out = new(SubResource) + **out = **in + } + if in.PublicIPAddress != nil { + in, out := &in.PublicIPAddress, &out.PublicIPAddress + *out = new(SubResource) + **out = **in + } + if in.ProvisioningState != nil { + in, out := &in.ProvisioningState, &out.ProvisioningState + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallIPConfigurationPropertiesFormat. +func (in *AzureFirewallIPConfigurationPropertiesFormat) DeepCopy() *AzureFirewallIPConfigurationPropertiesFormat { + if in == nil { + return nil + } + out := new(AzureFirewallIPConfigurationPropertiesFormat) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallList) DeepCopyInto(out *AzureFirewallList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AzureFirewall, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallList. +func (in *AzureFirewallList) DeepCopy() *AzureFirewallList { + if in == nil { + return nil + } + out := new(AzureFirewallList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AzureFirewallList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallNatRule) DeepCopyInto(out *AzureFirewallNatRule) { + *out = *in + if in.SourceAddresses != nil { + in, out := &in.SourceAddresses, &out.SourceAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DestinationAddresses != nil { + in, out := &in.DestinationAddresses, &out.DestinationAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DestinationPorts != nil { + in, out := &in.DestinationPorts, &out.DestinationPorts + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Protocols != nil { + in, out := &in.Protocols, &out.Protocols + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallNatRule. +func (in *AzureFirewallNatRule) DeepCopy() *AzureFirewallNatRule { + if in == nil { + return nil + } + out := new(AzureFirewallNatRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallNatRuleCollection) DeepCopyInto(out *AzureFirewallNatRuleCollection) { + *out = *in + in.Properties.DeepCopyInto(&out.Properties) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallNatRuleCollection. +func (in *AzureFirewallNatRuleCollection) DeepCopy() *AzureFirewallNatRuleCollection { + if in == nil { + return nil + } + out := new(AzureFirewallNatRuleCollection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallNatRuleCollectionProperties) DeepCopyInto(out *AzureFirewallNatRuleCollectionProperties) { + *out = *in + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]AzureFirewallNatRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallNatRuleCollectionProperties. +func (in *AzureFirewallNatRuleCollectionProperties) DeepCopy() *AzureFirewallNatRuleCollectionProperties { + if in == nil { + return nil + } + out := new(AzureFirewallNatRuleCollectionProperties) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallNetworkRule) DeepCopyInto(out *AzureFirewallNetworkRule) { + *out = *in + if in.Protocols != nil { + in, out := &in.Protocols, &out.Protocols + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.SourceAddresses != nil { + in, out := &in.SourceAddresses, &out.SourceAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DestinationAddresses != nil { + in, out := &in.DestinationAddresses, &out.DestinationAddresses + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.DestinationPorts != nil { + in, out := &in.DestinationPorts, &out.DestinationPorts + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallNetworkRule. +func (in *AzureFirewallNetworkRule) DeepCopy() *AzureFirewallNetworkRule { + if in == nil { + return nil + } + out := new(AzureFirewallNetworkRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallNetworkRuleCollection) DeepCopyInto(out *AzureFirewallNetworkRuleCollection) { + *out = *in + in.Properties.DeepCopyInto(&out.Properties) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallNetworkRuleCollection. +func (in *AzureFirewallNetworkRuleCollection) DeepCopy() *AzureFirewallNetworkRuleCollection { + if in == nil { + return nil + } + out := new(AzureFirewallNetworkRuleCollection) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallNetworkRuleCollectionPropertiesFormat) DeepCopyInto(out *AzureFirewallNetworkRuleCollectionPropertiesFormat) { + *out = *in + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]AzureFirewallNetworkRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallNetworkRuleCollectionPropertiesFormat. +func (in *AzureFirewallNetworkRuleCollectionPropertiesFormat) DeepCopy() *AzureFirewallNetworkRuleCollectionPropertiesFormat { + if in == nil { + return nil + } + out := new(AzureFirewallNetworkRuleCollectionPropertiesFormat) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallPropertiesFormat) DeepCopyInto(out *AzureFirewallPropertiesFormat) { + *out = *in + if in.ApplicationRuleCollections != nil { + in, out := &in.ApplicationRuleCollections, &out.ApplicationRuleCollections + *out = new([]AzureFirewallApplicationRuleCollection) + if **in != nil { + in, out := *in, *out + *out = make([]AzureFirewallApplicationRuleCollection, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + if in.NatRuleCollections != nil { + in, out := &in.NatRuleCollections, &out.NatRuleCollections + *out = new([]AzureFirewallNatRuleCollection) + if **in != nil { + in, out := *in, *out + *out = make([]AzureFirewallNatRuleCollection, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + if in.NetworkRuleCollections != nil { + in, out := &in.NetworkRuleCollections, &out.NetworkRuleCollections + *out = new([]AzureFirewallNetworkRuleCollection) + if **in != nil { + in, out := *in, *out + *out = make([]AzureFirewallNetworkRuleCollection, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + if in.IPConfigurations != nil { + in, out := &in.IPConfigurations, &out.IPConfigurations + *out = new([]AzureFirewallIPConfiguration) + if **in != nil { + in, out := *in, *out + *out = make([]AzureFirewallIPConfiguration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + } + if in.VirtualHub != nil { + in, out := &in.VirtualHub, &out.VirtualHub + *out = new(SubResource) + **out = **in + } + if in.FirewallPolicy != nil { + in, out := &in.FirewallPolicy, &out.FirewallPolicy + *out = new(SubResource) + **out = **in + } + if in.HubIPAddresses != nil { + in, out := &in.HubIPAddresses, &out.HubIPAddresses + *out = new(HubIPAddresses) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallPropertiesFormat. +func (in *AzureFirewallPropertiesFormat) DeepCopy() *AzureFirewallPropertiesFormat { + if in == nil { + return nil + } + out := new(AzureFirewallPropertiesFormat) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallPublicIPAddress) DeepCopyInto(out *AzureFirewallPublicIPAddress) { + *out = *in + if in.Address != nil { + in, out := &in.Address, &out.Address + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallPublicIPAddress. +func (in *AzureFirewallPublicIPAddress) DeepCopy() *AzureFirewallPublicIPAddress { + if in == nil { + return nil + } + out := new(AzureFirewallPublicIPAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallSpec) DeepCopyInto(out *AzureFirewallSpec) { + *out = *in + in.ResourceSpec.DeepCopyInto(&out.ResourceSpec) + if in.ResourceGroupNameRef != nil { + in, out := &in.ResourceGroupNameRef, &out.ResourceGroupNameRef + *out = new(v1alpha1.Reference) + **out = **in + } + if in.ResourceGroupNameSelector != nil { + in, out := &in.ResourceGroupNameSelector, &out.ResourceGroupNameSelector + *out = new(v1alpha1.Selector) + (*in).DeepCopyInto(*out) + } + in.AzureFirewallPropertiesFormat.DeepCopyInto(&out.AzureFirewallPropertiesFormat) + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Zones != nil { + in, out := &in.Zones, &out.Zones + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallSpec. +func (in *AzureFirewallSpec) DeepCopy() *AzureFirewallSpec { + if in == nil { + return nil + } + out := new(AzureFirewallSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AzureFirewallStatus) DeepCopyInto(out *AzureFirewallStatus) { + *out = *in + in.ResourceStatus.DeepCopyInto(&out.ResourceStatus) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureFirewallStatus. +func (in *AzureFirewallStatus) DeepCopy() *AzureFirewallStatus { + if in == nil { + return nil + } + out := new(AzureFirewallStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HubIPAddresses) DeepCopyInto(out *HubIPAddresses) { + *out = *in + if in.PublicIPAddresses != nil { + in, out := &in.PublicIPAddresses, &out.PublicIPAddresses + *out = make([]AzureFirewallPublicIPAddress, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HubIPAddresses. +func (in *HubIPAddresses) DeepCopy() *HubIPAddresses { + if in == nil { + return nil + } + out := new(HubIPAddresses) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ServiceEndpointPropertiesFormat) DeepCopyInto(out *ServiceEndpointPropertiesFormat) { *out = *in @@ -65,6 +595,21 @@ func (in *ServiceEndpointPropertiesFormat) DeepCopy() *ServiceEndpointProperties return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SubResource) DeepCopyInto(out *SubResource) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubResource. +func (in *SubResource) DeepCopy() *SubResource { + if in == nil { + return nil + } + out := new(SubResource) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Subnet) DeepCopyInto(out *Subnet) { *out = *in diff --git a/apis/network/v1alpha3/zz_generated.managed.go b/apis/network/v1alpha3/zz_generated.managed.go index 7907f88a..057ffff9 100644 --- a/apis/network/v1alpha3/zz_generated.managed.go +++ b/apis/network/v1alpha3/zz_generated.managed.go @@ -20,6 +20,62 @@ package v1alpha3 import runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1" +// GetCondition of this AzureFirewall. +func (mg *AzureFirewall) GetCondition(ct runtimev1alpha1.ConditionType) runtimev1alpha1.Condition { + return mg.Status.GetCondition(ct) +} + +// GetDeletionPolicy of this AzureFirewall. +func (mg *AzureFirewall) GetDeletionPolicy() runtimev1alpha1.DeletionPolicy { + return mg.Spec.DeletionPolicy +} + +// GetProviderConfigReference of this AzureFirewall. +func (mg *AzureFirewall) GetProviderConfigReference() *runtimev1alpha1.Reference { + return mg.Spec.ProviderConfigReference +} + +/* +GetProviderReference of this AzureFirewall. +Deprecated: Use GetProviderConfigReference. +*/ +func (mg *AzureFirewall) GetProviderReference() *runtimev1alpha1.Reference { + return mg.Spec.ProviderReference +} + +// GetWriteConnectionSecretToReference of this AzureFirewall. +func (mg *AzureFirewall) GetWriteConnectionSecretToReference() *runtimev1alpha1.SecretReference { + return mg.Spec.WriteConnectionSecretToReference +} + +// SetConditions of this AzureFirewall. +func (mg *AzureFirewall) SetConditions(c ...runtimev1alpha1.Condition) { + mg.Status.SetConditions(c...) +} + +// SetDeletionPolicy of this AzureFirewall. +func (mg *AzureFirewall) SetDeletionPolicy(r runtimev1alpha1.DeletionPolicy) { + mg.Spec.DeletionPolicy = r +} + +// SetProviderConfigReference of this AzureFirewall. +func (mg *AzureFirewall) SetProviderConfigReference(r *runtimev1alpha1.Reference) { + mg.Spec.ProviderConfigReference = r +} + +/* +SetProviderReference of this AzureFirewall. +Deprecated: Use SetProviderConfigReference. +*/ +func (mg *AzureFirewall) SetProviderReference(r *runtimev1alpha1.Reference) { + mg.Spec.ProviderReference = r +} + +// SetWriteConnectionSecretToReference of this AzureFirewall. +func (mg *AzureFirewall) SetWriteConnectionSecretToReference(r *runtimev1alpha1.SecretReference) { + mg.Spec.WriteConnectionSecretToReference = r +} + // GetCondition of this Subnet. func (mg *Subnet) GetCondition(ct runtimev1alpha1.ConditionType) runtimev1alpha1.Condition { return mg.Status.GetCondition(ct) diff --git a/apis/network/v1alpha3/zz_generated.managedlist.go b/apis/network/v1alpha3/zz_generated.managedlist.go index d10ff992..9e0b07db 100644 --- a/apis/network/v1alpha3/zz_generated.managedlist.go +++ b/apis/network/v1alpha3/zz_generated.managedlist.go @@ -20,6 +20,15 @@ package v1alpha3 import resource "github.com/crossplane/crossplane-runtime/pkg/resource" +// GetItems of this AzureFirewallList. +func (l *AzureFirewallList) GetItems() []resource.Managed { + items := make([]resource.Managed, len(l.Items)) + for i := range l.Items { + items[i] = &l.Items[i] + } + return items +} + // GetItems of this SubnetList. func (l *SubnetList) GetItems() []resource.Managed { items := make([]resource.Managed, len(l.Items)) diff --git a/examples/network/azurefirewall.yaml b/examples/network/azurefirewall.yaml new file mode 100644 index 00000000..dea3e2da --- /dev/null +++ b/examples/network/azurefirewall.yaml @@ -0,0 +1,53 @@ +apiVersion: network.azure.crossplane.io/v1alpha3 +kind: AzureFirewall +metadata: + name: cerberus-firewall-cp +status: + id: d5e6f50a + resourceGuid: 1234567890 +spec: + location: westus + reclaimPolicy: Delete + resourceGroupName: Cerberus_Squad_FW_Test_Shrey + providerRef: + name: azure-provider + resourceGroupNameRef: + name: Cerberus_Squad_FW_Test_Shrey + name: cerb-cp-fw + type: Microsoft.Network/azureFirewalls + properties: + threatIntelMode: Alert + ipConfigurations: + - name: CerbFWPubIP + properties: + privateIPAddress: 172.19.2.4 + subnet: + id: /subscriptions/1234567890/resourceGroups/Cerberus_Squad_FW_Test_Shrey/providers/Microsoft.Network/virtualNetworks/Cerb-CP-FW-Test-Vnet/subnets/AzureFirewallSubnet + publicIPAddress: + id: /subscriptions/1234567890/resourceGroups/cerberus-squad-crossplane-poc/providers/Microsoft.Network/publicIPAddresses/CerbFWPubIp + natRuleCollections: + - name: cerb-fw-nat-rule + properties: + priority: 110 + action: Dnat + rules: + - name: SSH + description: 'Some SSH DNAT actions' + sourceAddresses: ['*'] + destinationAddresses: ['40.81.15.247'] + destinationPorts: ['220'] + protocols: ['TCP'] + translatedAddress: '172.23.1.4' + translatedPort: '22' + networkRuleCollections: + - name: PostgreDB + properties: + priority: 100 + action: Allow + rules: + - name: postgredb + description: 'Some network rule actions' + protocols: ['Any'] + sourceAddresses: ['*'] + destinationAddresses: ['Sql'] + destinationPorts: ['5432'] diff --git a/go.mod b/go.mod index 6fcf8c2b..8d022b77 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/Azure/go-autorest/autorest/date v0.2.0 github.com/Azure/go-autorest/autorest/to v0.3.0 github.com/Azure/go-autorest/autorest/validation v0.2.0 // indirect - github.com/crossplane/crossplane-runtime v0.10.0 + github.com/crossplane/crossplane-runtime v0.11.0 github.com/crossplane/crossplane-tools v0.0.0-20201007233256-88b291e145bb github.com/go-logr/zapr v0.1.1 // indirect github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect diff --git a/go.sum b/go.sum index cdca5b05..c48a07cb 100644 --- a/go.sum +++ b/go.sum @@ -101,8 +101,8 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/crossplane/crossplane-runtime v0.10.0 h1:H8YvMcrm1uzZYpwU/BpxjRQfceVulxgYJMx4rmX38Hg= -github.com/crossplane/crossplane-runtime v0.10.0/go.mod h1:cJl5ZZONisre4v6wTmbrC8Jh3AI+erq/lNaxZzv9tnU= +github.com/crossplane/crossplane-runtime v0.11.0 h1:hLDWsGYhU/CUVQ1sU7NHF5bnP6WT6wA6Nu2SaBSSe6w= +github.com/crossplane/crossplane-runtime v0.11.0/go.mod h1:cJl5ZZONisre4v6wTmbrC8Jh3AI+erq/lNaxZzv9tnU= github.com/crossplane/crossplane-tools v0.0.0-20201007233256-88b291e145bb h1:j09j/Gk1qH64HUtf/fcTjMAxLxUdOuQXySWu46WTVTU= github.com/crossplane/crossplane-tools v0.0.0-20201007233256-88b291e145bb/go.mod h1:C735A9X0x0lR8iGVOOxb49Mt70Ua4EM2b7PGaRPBLd4= github.com/dave/jennifer v1.3.0 h1:p3tl41zjjCZTNBytMwrUuiAnherNUZktlhPTKoF/sEk= diff --git a/package/crds/network.azure.crossplane.io_azurefirewalls.yaml b/package/crds/network.azure.crossplane.io_azurefirewalls.yaml new file mode 100644 index 00000000..be443194 --- /dev/null +++ b/package/crds/network.azure.crossplane.io_azurefirewalls.yaml @@ -0,0 +1,489 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.3.0 + creationTimestamp: null + name: azurefirewalls.network.azure.crossplane.io +spec: + group: network.azure.crossplane.io + names: + categories: + - crossplane + - managed + - azure + kind: AzureFirewall + listKind: AzureFirewallList + plural: azurefirewalls + singular: azurefirewall + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: READY + type: string + - jsonPath: .status.conditions[?(@.type=='Synced')].status + name: SYNCED + type: string + - jsonPath: .status.state + name: STATE + type: string + - jsonPath: .spec.location + name: LOCATION + type: string + - jsonPath: .metadata.creationTimestamp + name: AGE + type: date + name: v1alpha3 + schema: + openAPIV3Schema: + description: Azure Firewall Structs A AzureFirewall is a managed resource that represents an Azure Firewall + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: A AzureFirewallSpec defines the desired state of a AzureFirewall. + properties: + deletionPolicy: + description: DeletionPolicy specifies what will happen to the underlying external when this managed resource is deleted - either "Delete" or "Orphan" the external resource. The "Delete" policy is the default when no policy is specified. + enum: + - Orphan + - Delete + type: string + etag: + description: Etag - Gets a unique string that changes whenever the resource is updated. + type: string + id: + description: ID - Resource ID. + type: string + location: + description: Location - Resource location. + type: string + name: + description: Name - Resource name. + type: string + properties: + description: AzureFirewallPropertiesFormat - Properties of AzureFirewall + properties: + applicationRuleCollections: + description: ApplicationRuleCollections - Collection of application rule collections used by Azure Firewall. + items: + description: AzureFirewallApplicationRuleCollection application rule collection resource. + properties: + etag: + description: Etag - READ-ONLY; Gets a unique read-only string that changes whenever the resource is updated. + type: string + id: + description: ID - Resource ID. + type: string + name: + description: Name - Gets name of the resource that is unique within a resource group. This name can be used to access the resource. + type: string + properties: + description: AzureFirewallApplicationRuleCollectionPropertiesFormat - Properties of the azure firewall application rule collection. + properties: + action: + description: Action - The action type of a rule collection. + type: string + priority: + description: Priority - Priority of the application rule collection resource. + format: int32 + type: integer + provisioningState: + description: 'ProvisioningState - The provisioning state of the resource. Possible values include: ''Succeeded'', ''Updating'', ''Deleting'', ''Failed''' + type: string + rules: + description: Rules - Collection of rules used by a application rule collection. + items: + description: AzureFirewallApplicationRule properties of an application rule. + properties: + description: + description: Description - Description of the rule. + type: string + fqdnTags: + description: FqdnTags - List of FQDN Tags for this rule. + items: + type: string + type: array + name: + description: Name - Name of the application rule. + type: string + protocols: + description: Protocols - Array of ApplicationRuleProtocols. + items: + description: AzureFirewallApplicationRuleProtocol properties of the application rule protocol. + properties: + port: + description: Port - Port number for the protocol, cannot be greater than 64000. This field is optional. + format: int32 + type: integer + protocolType: + description: 'ProtocolType - Protocol type. Possible values include: ''AzureFirewallApplicationRuleProtocolTypeHTTP'', ''AzureFirewallApplicationRuleProtocolTypeHTTPS''' + type: string + type: object + type: array + sourceAddresses: + description: SourceAddresses - List of source IP addresses for this rule. + items: + type: string + type: array + targetFqdns: + description: TargetFqdns - List of FQDNs for this rule. + items: + type: string + type: array + type: object + type: array + type: object + type: object + type: array + firewallPolicy: + description: FirewallPolicy - The firewallPolicy associated with this azure firewall. + properties: + id: + description: ID - Resource ID. + type: string + type: object + hubIpAddresses: + description: HubIPAddresses - IP addresses associated with AzureFirewall. + properties: + privateIPAddress: + description: PrivateIPAddress - Private IP Address associated with azure firewall. + type: string + publicIPAddresses: + description: PublicIPAddresses - List of Public IP addresses associated with azure firewall. + items: + description: AzureFirewallPublicIPAddress public IP Address associated with azure firewall. + properties: + address: + description: Address - Public IP Address value. + type: string + type: object + type: array + type: object + ipConfigurations: + description: IPConfigurations - IP configuration of the Azure Firewall resource. + items: + description: AzureFirewallIPConfiguration IP configuration of an Azure Firewall. + properties: + etag: + description: Etag - A unique string that changes whenever the resource is updated. + type: string + id: + description: ID - Resource ID. + type: string + name: + description: Name - Name of the resource that is unique within a resource group. This name can be used to access the resource. + type: string + properties: + description: AzureFirewallIPConfigurationPropertiesFormat - Properties of the azure firewall IP configuration. + properties: + privateIPAddress: + description: PrivateIPAddress - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes. + type: string + provisioningState: + description: 'ProvisioningState - The provisioning state of the resource. Possible values include: ''Succeeded'', ''Updating'', ''Deleting'', ''Failed''' + type: string + publicIPAddress: + description: PublicIPAddress - Reference of the PublicIP resource. This field is a mandatory input if subnet is not null. + properties: + id: + description: ID - Resource ID. + type: string + type: object + subnet: + description: Subnet - Reference of the subnet resource. This resource must be named 'AzureFirewallSubnet'. + properties: + id: + description: ID - Resource ID. + type: string + type: object + type: object + type: object + type: array + natRuleCollections: + description: NatRuleCollections - Collection of NAT rule collections used by Azure Firewall. + items: + description: AzureFirewallNatRuleCollection NAT rule collection resource. + properties: + etag: + description: Etag - Gets a unique string that changes whenever the resource is updated. + type: string + id: + description: ID - Resource ID. + type: string + name: + description: Name - Gets name of the resource that is unique within a resource group. This name can be used to access the resource. + type: string + properties: + description: AzureFirewallNatRuleCollectionProperties - Properties of the azure firewall NAT rule collection. + properties: + action: + description: Action - The action type of a NAT rule collection. + type: string + priority: + description: Priority - Priority of the NAT rule collection resource. + format: int32 + type: integer + provisioningState: + description: 'ProvisioningState - The provisioning state of the resource. Possible values include: ''Succeeded'', ''Updating'', ''Deleting'', ''Failed''' + type: string + rules: + description: Rules - Collection of rules used by a NAT rule collection. + items: + description: Rules Structs AzureFirewallNatRule properties of a NAT rule. + properties: + description: + description: Description - Description of the rule. + type: string + destinationAddresses: + description: DestinationAddresses - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags. + items: + type: string + type: array + destinationPorts: + description: DestinationPorts - List of destination ports. + items: + type: string + type: array + name: + description: Name - Name of the NAT rule. + type: string + protocols: + description: Protocols - Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule. + items: + type: string + type: array + sourceAddresses: + description: SourceAddresses - List of source IP addresses for this rule. + items: + type: string + type: array + translatedAddress: + description: TranslatedAddress - The translated address for this NAT rule. + type: string + translatedPort: + description: TranslatedPort - The translated port for this NAT rule. + type: string + type: object + type: array + type: object + type: object + type: array + networkRuleCollections: + description: NetworkRuleCollections - Collection of network rule collections used by Azure Firewall. + items: + description: AzureFirewallNetworkRuleCollection network rule collection resource. + properties: + etag: + description: Etag - Gets a unique string that changes whenever the resource is updated. + type: string + id: + description: ID - Resource ID. + type: string + name: + description: Name - Gets name of the resource that is unique within a resource group. This name can be used to access the resource. + type: string + properties: + description: AzureFirewallNetworkRuleCollectionPropertiesFormat - Properties of the azure firewall network rule collection. + properties: + action: + description: Action - The action type of a rule collection. + type: string + priority: + description: Priority - Priority of the network rule collection resource. + format: int32 + type: integer + provisioningState: + description: 'ProvisioningState - The provisioning state of the resource. Possible values include: ''Succeeded'', ''Updating'', ''Deleting'', ''Failed''' + type: string + rules: + description: Rules - Collection of rules used by a network rule collection. + items: + description: AzureFirewallNetworkRule properties of the network rule. + properties: + description: + description: Description - Description of the rule. + type: string + destinationAddresses: + description: DestinationAddresses - List of destination IP addresses. + items: + type: string + type: array + destinationPorts: + description: DestinationPorts - List of destination ports. + items: + type: string + type: array + name: + description: Name - Name of the network rule. + type: string + protocols: + description: Protocols - Array of AzureFirewallNetworkRuleProtocols. + items: + type: string + type: array + sourceAddresses: + description: SourceAddresses - List of source IP addresses for this rule. + items: + type: string + type: array + type: object + type: array + type: object + type: object + type: array + provisioningState: + description: 'ProvisioningState - The provisioning state of the resource. Possible values include: ''Succeeded'', ''Updating'', ''Deleting'', ''Failed''' + type: string + threatIntelMode: + description: 'ThreatIntelMode - The operation mode for Threat Intelligence. Possible values include: ''AzureFirewallThreatIntelModeAlert'', ''AzureFirewallThreatIntelModeDeny'', ''AzureFirewallThreatIntelModeOff''' + type: string + virtualHub: + description: VirtualHub - The virtualHub to which the firewall belongs. + properties: + id: + description: ID - Resource ID. + type: string + type: object + type: object + providerConfigRef: + description: ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured. + properties: + name: + description: Name of the referenced object. + type: string + required: + - name + type: object + providerRef: + description: 'ProviderReference specifies the provider that will be used to create, observe, update, and delete this managed resource. Deprecated: Please use ProviderConfigReference, i.e. `providerConfigRef`' + properties: + name: + description: Name of the referenced object. + type: string + required: + - name + type: object + resourceGroupName: + description: ResourceGroupName - Name of the SecurityGroup's resource group. + type: string + resourceGroupNameRef: + description: ResourceGroupNameRef - A reference to the the SecurityGroup's resource group. + properties: + name: + description: Name of the referenced object. + type: string + required: + - name + type: object + resourceGroupNameSelector: + description: ResourceGroupNameSelector - Select a reference to the the Azure Firewall resource group. + properties: + matchControllerRef: + description: MatchControllerRef ensures an object with the same controller reference as the selecting object is selected. + type: boolean + matchLabels: + additionalProperties: + type: string + description: MatchLabels ensures an object with matching labels is selected. + type: object + type: object + tags: + additionalProperties: + type: string + description: Tags - Resource tags. + type: object + type: + description: Type - Resource type. + type: string + writeConnectionSecretToRef: + description: WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. + properties: + name: + description: Name of the secret. + type: string + namespace: + description: Namespace of the secret. + type: string + required: + - name + - namespace + type: object + zones: + description: Zones - A list of availability zones denoting where the resource needs to come from. + items: + type: string + type: array + required: + - location + type: object + status: + description: A AzureFirewallStatus represents theĀ observed status of a AzureFirewall. + properties: + conditions: + description: Conditions of the resource. + items: + description: A Condition that may apply to a resource. + properties: + lastTransitionTime: + description: LastTransitionTime is the last time this condition transitioned from one status to another. + format: date-time + type: string + message: + description: A Message containing details about this condition's last transition from one status to another, if any. + type: string + reason: + description: A Reason for this condition's last transition from one status to another. + type: string + status: + description: Status of this condition; is it currently True, False, or Unknown? + type: string + type: + description: Type of this condition. At most one of each condition type may apply to a resource at any point in time. + type: string + required: + - lastTransitionTime + - reason + - status + - type + type: object + type: array + etag: + description: Etag - A unique string that changes whenever the resource is updated. + type: string + id: + description: ID of this AzureFirewall. + type: string + message: + description: A Message providing detail about the state of this AzureFirewall, if any. + type: string + resourceGuid: + description: ResourceGUID - The GUID of this AzureFirewall. + type: string + state: + description: State of this SecurityGroup. + type: string + type: + description: Type of this AzureFirewall. + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/package/crds/network.azure.crossplane.io_virtualnetworks.yaml b/package/crds/network.azure.crossplane.io_virtualnetworks.yaml index 0cafefbc..1aedfefc 100644 --- a/package/crds/network.azure.crossplane.io_virtualnetworks.yaml +++ b/package/crds/network.azure.crossplane.io_virtualnetworks.yaml @@ -176,7 +176,7 @@ spec: type: object type: array etag: - description: Etag - A unique read-only string that changes whenever the resource is updated. + description: Etag - A unique string that changes whenever the resource is updated. type: string id: description: ID of this VirtualNetwork. diff --git a/pkg/clients/network/azurefirewall.go b/pkg/clients/network/azurefirewall.go new file mode 100644 index 00000000..8a0f9b7d --- /dev/null +++ b/pkg/clients/network/azurefirewall.go @@ -0,0 +1,299 @@ +/* +Copyright 2019 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package network + +import ( + networkmgmt "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-06-01/network" + "github.com/crossplane/provider-azure/apis/network/v1alpha3" + azure "github.com/crossplane/provider-azure/pkg/clients" + "reflect" +) + +// UpdateAzureFirewallStatusFromAzure updates the status related to the external +// Azure Firewall in the AzureFirewallStatus +func UpdateAzureFirewallStatusFromAzure(v *v1alpha3.AzureFirewall, az networkmgmt.AzureFirewall) { + v.Status.State = toStringProvisioningState(az.ProvisioningState) + v.Status.ID = azure.ToString(az.ID) + v.Status.Etag = azure.ToString(az.Etag) + v.Status.Type = azure.ToString(az.Type) +} + +func toStringProvisioningState(provisioningState networkmgmt.ProvisioningState) string { + return string(provisioningState) +} + +func setHubIpAddresses(addresses *v1alpha3.HubIPAddresses) *networkmgmt.HubIPAddresses { + var hubIpAddresses = new(networkmgmt.HubIPAddresses) + if nil != addresses { + hubIpAddresses.PrivateIPAddress = azure.ToStringPtr(addresses.PrivateIPAddress) + for _, publicIpAddress := range addresses.PublicIPAddresses { + var azureFirewallPublicIPAddress = networkmgmt.AzureFirewallPublicIPAddress{} + azureFirewallPublicIPAddress.Address = publicIpAddress.Address + *hubIpAddresses.PublicIPAddresses = append(*hubIpAddresses.PublicIPAddresses, azureFirewallPublicIPAddress) + } + } + return hubIpAddresses +} + +func setIPConfigurations(configurations *[]v1alpha3.AzureFirewallIPConfiguration) *[]networkmgmt.AzureFirewallIPConfiguration { + var azipc = new([]networkmgmt.AzureFirewallIPConfiguration) + for _, c := range *configurations { + var config = networkmgmt.AzureFirewallIPConfiguration{} + config.Etag = c.Etag + config.ID = c.ID + config.Name = c.Name + config.AzureFirewallIPConfigurationPropertiesFormat = new(networkmgmt.AzureFirewallIPConfigurationPropertiesFormat) + if c.AzureFirewallIPConfigurationPropertiesFormat.PrivateIPAddress != nil { + config.PrivateIPAddress = c.AzureFirewallIPConfigurationPropertiesFormat.PrivateIPAddress + } + if c.AzureFirewallIPConfigurationPropertiesFormat.ProvisioningState != nil { + config.ProvisioningState = networkmgmt.ProvisioningState(*c.AzureFirewallIPConfigurationPropertiesFormat.ProvisioningState) + } + + if nil != setSubResource(c.AzureFirewallIPConfigurationPropertiesFormat.PublicIPAddress) { + config.AzureFirewallIPConfigurationPropertiesFormat.PublicIPAddress = setSubResource(c.AzureFirewallIPConfigurationPropertiesFormat.PublicIPAddress) + } + if nil != setSubResource(c.AzureFirewallIPConfigurationPropertiesFormat.Subnet) { + config.AzureFirewallIPConfigurationPropertiesFormat.Subnet = setSubResource(c.AzureFirewallIPConfigurationPropertiesFormat.Subnet) + } + *azipc = append(*azipc, config) + } + return azipc +} + +func setSubResource(sr *v1alpha3.SubResource) *networkmgmt.SubResource { + if nil != sr { + if nil != azure.ToStringPtr(sr.ID) { + var subResource = new(networkmgmt.SubResource) + subResource.ID = azure.ToStringPtr(sr.ID) + return subResource + } + } + return nil +} + +func AzureFirewallNeedsUpdate(firewall *v1alpha3.AzureFirewall, az networkmgmt.AzureFirewall) bool { + if !reflect.DeepEqual(firewall.Name, az.Name) { + return true + } + if !reflect.DeepEqual(firewall.Spec.Location, az.Location) { + return true + } + if !reflect.DeepEqual(firewall.Spec.Zones, az.Zones) { + return true + } + if !reflect.DeepEqual(firewall.Spec.Etag, az.Etag) { + return true + } + if !reflect.DeepEqual(firewall.Spec.FirewallPolicy, az.FirewallPolicy) { + return true + } + if !reflect.DeepEqual(firewall.Spec.HubIPAddresses, az.HubIPAddresses) { + return true + } + if !reflect.DeepEqual(firewall.Spec.VirtualHub, az.VirtualHub) { + return true + } + if !reflect.DeepEqual(firewall.Spec.Type, az.Type) { + return true + } + if !reflect.DeepEqual(firewall.Spec.ThreatIntelMode, az.ThreatIntelMode) { + return true + } + if !reflect.DeepEqual(firewall.Spec.Tags, az.Tags) { + return true + } + if !reflect.DeepEqual(firewall.Spec.NatRuleCollections, az.AzureFirewallPropertiesFormat.NatRuleCollections) { + return true + } + if !reflect.DeepEqual(firewall.Spec.NetworkRuleCollections, az.AzureFirewallPropertiesFormat.NetworkRuleCollections) { + return true + } + if !reflect.DeepEqual(firewall.Spec.ApplicationRuleCollections, az.AzureFirewallPropertiesFormat.ApplicationRuleCollections) { + return true + } + return false +} + +// NewSecurityGroupParameters returns an Azure SecurityGroup object from a Security Group Spec +func NewAzureFirewallParameters(v *v1alpha3.AzureFirewall) networkmgmt.AzureFirewall { + return networkmgmt.AzureFirewall{ + Zones: azure.ToStringArrayPtr(v.Spec.Zones), + Etag: azure.ToStringPtr(v.Spec.Etag), + ID: azure.ToStringPtr(v.Spec.ID), + Name: azure.ToStringPtr(v.Name), + Type: azure.ToStringPtr(v.Spec.Type), + Location: azure.ToStringPtr(v.Spec.Location), + Tags: azure.ToStringPtrMap(v.Spec.Tags), + AzureFirewallPropertiesFormat: &networkmgmt.AzureFirewallPropertiesFormat{ + ApplicationRuleCollections: setApplicationRulesCollections(v.Spec.ApplicationRuleCollections), + NatRuleCollections: setNatRulesCollections(v.Spec.NatRuleCollections), + NetworkRuleCollections: setNetworkRulesCollections(v.Spec.NetworkRuleCollections), + IPConfigurations: setIPConfigurations(v.Spec.IPConfigurations), + ProvisioningState: networkmgmt.ProvisioningState(v.Spec.ProvisioningState), + ThreatIntelMode: networkmgmt.AzureFirewallThreatIntelMode(v.Spec.ThreatIntelMode), + VirtualHub: setSubResource(v.Spec.VirtualHub), + FirewallPolicy: setSubResource(v.Spec.FirewallPolicy), + HubIPAddresses: setHubIpAddresses(v.Spec.HubIPAddresses), + }, + } +} + +func setApplicationRulesCollections(applicationRulesCollections *[]v1alpha3.AzureFirewallApplicationRuleCollection) *[]networkmgmt.AzureFirewallApplicationRuleCollection { + if nil != applicationRulesCollections { + var afarc = new([]networkmgmt.AzureFirewallApplicationRuleCollection) + for _, arc := range *applicationRulesCollections { + var applicationRuleCollection = networkmgmt.AzureFirewallApplicationRuleCollection{} + applicationRuleCollection.ID = azure.ToStringPtr(arc.ID) + applicationRuleCollection.Name = azure.ToStringPtr(arc.Name) + applicationRuleCollection.Etag = azure.ToStringPtr(arc.Etag) + applicationRuleCollection.AzureFirewallApplicationRuleCollectionPropertiesFormat = &networkmgmt.AzureFirewallApplicationRuleCollectionPropertiesFormat{ + Priority: azure.ToInt32Ptr(int(arc.Properties.Priority)), + Action: &networkmgmt.AzureFirewallRCAction{Type: networkmgmt.AzureFirewallRCActionType(arc.Properties.Action)}, + Rules: setApplicationRules(arc.Properties.Rules), + ProvisioningState: networkmgmt.ProvisioningState(arc.Properties.ProvisioningState), + } + *afarc = append(*afarc, applicationRuleCollection) + } + return afarc + } + return nil +} + +func setApplicationRules(rules []v1alpha3.AzureFirewallApplicationRule) *[]networkmgmt.AzureFirewallApplicationRule { + if nil != rules { + var afar = new([]networkmgmt.AzureFirewallApplicationRule) + for _, rule := range rules { + var r = networkmgmt.AzureFirewallApplicationRule{} + r.Name = azure.ToStringPtr(rule.Name) + r.Description = azure.ToStringPtr(rule.Description) + r.FqdnTags = azure.ToStringArrayPtr(rule.FqdnTags) + r.SourceAddresses = azure.ToStringArrayPtr(rule.SourceAddresses) + r.TargetFqdns = azure.ToStringArrayPtr(rule.TargetFqdns) + r.Protocols = setApplicationRuleProtocols(rule.Protocols) + *afar = append(*afar, r) + } + return afar + } + return nil +} + +func setNetworkRulesCollections(networkRulesCollections *[]v1alpha3.AzureFirewallNetworkRuleCollection) *[]networkmgmt.AzureFirewallNetworkRuleCollection { + if nil != networkRulesCollections { + var afnrc = new([]networkmgmt.AzureFirewallNetworkRuleCollection) + for _, nrc := range *networkRulesCollections { + var networkRuleCollection = networkmgmt.AzureFirewallNetworkRuleCollection{} + networkRuleCollection.ID = azure.ToStringPtr(nrc.ID) + networkRuleCollection.Name = azure.ToStringPtr(nrc.Name) + networkRuleCollection.Etag = azure.ToStringPtr(nrc.Etag) + networkRuleCollection.AzureFirewallNetworkRuleCollectionPropertiesFormat = &networkmgmt.AzureFirewallNetworkRuleCollectionPropertiesFormat{ + Priority: azure.ToInt32Ptr(int(nrc.Properties.Priority)), + Action: &networkmgmt.AzureFirewallRCAction{Type: networkmgmt.AzureFirewallRCActionType(nrc.Properties.Action)}, + Rules: setNetworkRules(nrc.Properties.Rules), + ProvisioningState: networkmgmt.ProvisioningState(nrc.Properties.ProvisioningState), + } + *afnrc = append(*afnrc, networkRuleCollection) + } + return afnrc + } + return nil +} + +func setNatRulesCollections(natRuleCollections *[]v1alpha3.AzureFirewallNatRuleCollection) *[]networkmgmt.AzureFirewallNatRuleCollection { + if nil != natRuleCollections { + var afnrc = new([]networkmgmt.AzureFirewallNatRuleCollection) + for _, nrc := range *natRuleCollections { + var natRuleCollection = networkmgmt.AzureFirewallNatRuleCollection{} + natRuleCollection.Name = azure.ToStringPtr(nrc.Name) + natRuleCollection.ID = azure.ToStringPtr(nrc.ID) + natRuleCollection.Etag = azure.ToStringPtr(nrc.Etag) + natRuleCollection.AzureFirewallNatRuleCollectionProperties = &networkmgmt.AzureFirewallNatRuleCollectionProperties{ + Priority: azure.ToInt32Ptr(int(nrc.Properties.Priority)), + Action: &networkmgmt.AzureFirewallNatRCAction{ + Type: networkmgmt.AzureFirewallNatRCActionType(nrc.Properties.Action), + }, + Rules: setNATRules(nrc.Properties.Rules), + ProvisioningState: networkmgmt.ProvisioningState(nrc.Properties.ProvisioningState), + } + *afnrc = append(*afnrc, natRuleCollection) + } + return afnrc + } + return nil +} + +func setNetworkRules(rules []v1alpha3.AzureFirewallNetworkRule) *[]networkmgmt.AzureFirewallNetworkRule { + if nil != rules { + var afnr = new([]networkmgmt.AzureFirewallNetworkRule) + for _, rule := range rules { + var r = networkmgmt.AzureFirewallNetworkRule{} + r.Name = azure.ToStringPtr(rule.Name) + r.Description = azure.ToStringPtr(rule.Description) + r.Protocols = setProtocols(rule.Protocols) + r.SourceAddresses = azure.ToStringArrayPtr(rule.SourceAddresses) + r.DestinationAddresses = azure.ToStringArrayPtr(rule.DestinationAddresses) + r.DestinationPorts = azure.ToStringArrayPtr(rule.DestinationPorts) + *afnr = append(*afnr, r) + } + return afnr + } + return nil +} + +func setNATRules(rules []v1alpha3.AzureFirewallNatRule) *[]networkmgmt.AzureFirewallNatRule { + if nil != rules { + var afnr = new([]networkmgmt.AzureFirewallNatRule) + for _, rule := range rules { + var r = networkmgmt.AzureFirewallNatRule{} + r.Name = azure.ToStringPtr(rule.Name) + r.Description = azure.ToStringPtr(rule.Description) + r.SourceAddresses = azure.ToStringArrayPtr(rule.SourceAddresses) + r.DestinationAddresses = azure.ToStringArrayPtr(rule.DestinationAddresses) + r.DestinationPorts = azure.ToStringArrayPtr(rule.DestinationPorts) + r.TranslatedAddress = azure.ToStringPtr(rule.TranslatedAddress) + r.TranslatedPort = azure.ToStringPtr(rule.TranslatedPort) + r.Protocols = setProtocols(rule.Protocols) + *afnr = append(*afnr, r) + } + return afnr + } + return nil +} + +func setProtocols(protocols []string) *[]networkmgmt.AzureFirewallNetworkRuleProtocol { + if nil != protocols { + var afnrp = new([]networkmgmt.AzureFirewallNetworkRuleProtocol) + for _, protocol := range protocols { + *afnrp = append(*afnrp, networkmgmt.AzureFirewallNetworkRuleProtocol(protocol)) + } + return afnrp + } + return nil +} + +func setApplicationRuleProtocols(protocols []v1alpha3.AzureFirewallApplicationRuleProtocol) *[]networkmgmt.AzureFirewallApplicationRuleProtocol { + if nil != protocols { + var afarp = new([]networkmgmt.AzureFirewallApplicationRuleProtocol) + for _, protocol := range protocols { + var p = networkmgmt.AzureFirewallApplicationRuleProtocol{} + p.Port = azure.ToInt32Ptr(int(protocol.Port)) + p.ProtocolType = networkmgmt.AzureFirewallApplicationRuleProtocolType(protocol.ProtocolType) + *afarp = append(*afarp, p) + } + return afarp + } + return nil +} diff --git a/pkg/controller/azure.go b/pkg/controller/azure.go index 15b4f9ef..b81a99de 100644 --- a/pkg/controller/azure.go +++ b/pkg/controller/azure.go @@ -17,6 +17,7 @@ limitations under the License. package controller import ( + "github.com/crossplane/provider-azure/pkg/controller/network/AzureFirewall" ctrl "sigs.k8s.io/controller-runtime" "github.com/crossplane/crossplane-runtime/pkg/logging" @@ -56,6 +57,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger) error { resourcegroup.Setup, account.Setup, container.Setup, + AzureFirewall.Setup, } { if err := setup(mgr, l); err != nil { return err diff --git a/pkg/controller/network/AzureFirewall/managed.go b/pkg/controller/network/AzureFirewall/managed.go new file mode 100644 index 00000000..3aae3252 --- /dev/null +++ b/pkg/controller/network/AzureFirewall/managed.go @@ -0,0 +1,149 @@ +/* +Copyright 2019 The Crossplane Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package AzureFirewall + +import ( + "context" + azurenetwork "github.com/Azure/azure-sdk-for-go/services/network/mgmt/2019-06-01/network" + runtimev1alpha1 "github.com/crossplane/crossplane-runtime/apis/core/v1alpha1" + "github.com/crossplane/crossplane-runtime/pkg/event" + "github.com/crossplane/crossplane-runtime/pkg/logging" + "github.com/crossplane/crossplane-runtime/pkg/meta" + "github.com/crossplane/crossplane-runtime/pkg/reconciler/managed" + "github.com/crossplane/crossplane-runtime/pkg/resource" + "github.com/crossplane/provider-azure/apis/network/v1alpha3" + azureclients "github.com/crossplane/provider-azure/pkg/clients" + azurefirewall "github.com/crossplane/provider-azure/pkg/clients/network" + "github.com/pkg/errors" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// Error strings. +const ( + errNotAzureFirewall = "managed resource is not an AzureFirewall" + errCreateAzureFirewall = "cannot create AzureFirewall" + errUpdateAzureFirewall = "cannot update AzureFirewall" + errGetAzureFirewall = "cannot get AzureFirewall" + errDeleteAzureFirewall = "cannot delete AzureFirewall" +) + +// Setup adds a controller that reconciles Security Group. +func Setup(mgr ctrl.Manager, l logging.Logger) error { + name := managed.ControllerName(v1alpha3.AzureFirewallKind) + + return ctrl.NewControllerManagedBy(mgr). + Named(name). + For(&v1alpha3.AzureFirewall{}). + Complete(managed.NewReconciler(mgr, + resource.ManagedKind(v1alpha3.AzureFirewallGroupVersionKind), + managed.WithConnectionPublishers(), + managed.WithExternalConnecter(&connecter{client: mgr.GetClient()}), + managed.WithReferenceResolver(managed.NewAPISimpleReferenceResolver(mgr.GetClient())), + managed.WithLogger(l.WithValues("controller", name)), + managed.WithRecorder(event.NewAPIRecorder(mgr.GetEventRecorderFor(name))))) +} + +type connecter struct { + client client.Client +} + +func (c *connecter) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) { + creds, auth, err := azureclients.GetAuthInfo(ctx, c.client, mg) + if err != nil { + return nil, err + } + cl := azurenetwork.NewAzureFirewallsClient(creds[azureclients.CredentialsKeySubscriptionID]) + cl.Authorizer = auth + return &external{client: cl}, nil +} + +type external struct { + client azurenetwork.AzureFirewallsClient +} + +func (e *external) Observe(ctx context.Context, mg resource.Managed) (managed.ExternalObservation, error) { + v, ok := mg.(*v1alpha3.AzureFirewall) + if !ok { + return managed.ExternalObservation{}, errors.New(errNotAzureFirewall) + } + az, err := e.client.Get(ctx, v.Spec.ResourceGroupName, v.Name) + + if azureclients.IsNotFound(err) { + return managed.ExternalObservation{ResourceExists: false}, nil + } + if err != nil { + return managed.ExternalObservation{}, errors.Wrap(err, errGetAzureFirewall) + } + + if az.Name != nil { + azurefirewall.UpdateAzureFirewallStatusFromAzure(v, az) + } + + v.SetConditions(runtimev1alpha1.Available()) + + o := managed.ExternalObservation{ + ResourceExists: true, + ConnectionDetails: managed.ConnectionDetails{}, + } + return o, nil +} + +func (e *external) Create(ctx context.Context, mg resource.Managed) (managed.ExternalCreation, error) { + v, ok := mg.(*v1alpha3.AzureFirewall) + if !ok { + return managed.ExternalCreation{}, errors.New(errNotAzureFirewall) + } + v.Status.SetConditions(runtimev1alpha1.Creating()) + + af := azurefirewall.NewAzureFirewallParameters(v) + + if _, err := e.client.CreateOrUpdate(ctx, v.Spec.ResourceGroupName, meta.GetExternalName(v), af); err != nil { + return managed.ExternalCreation{}, errors.Wrap(err, errCreateAzureFirewall) + } + + return managed.ExternalCreation{}, nil +} + +func (e *external) Update(ctx context.Context, mg resource.Managed) (managed.ExternalUpdate, error) { + v, ok := mg.(*v1alpha3.AzureFirewall) + if !ok { + return managed.ExternalUpdate{}, errors.New(errNotAzureFirewall) + } + az, err := e.client.Get(ctx, v.Spec.ResourceGroupName, v.Name) + if err != nil { + return managed.ExternalUpdate{}, errors.Wrap(err, errNotAzureFirewall) + } + if azurefirewall.AzureFirewallNeedsUpdate(v, az) { + vnet := azurefirewall.NewAzureFirewallParameters(v) + if _, err := e.client.CreateOrUpdate(ctx, v.Spec.ResourceGroupName, meta.GetExternalName(v), vnet); err != nil { + return managed.ExternalUpdate{}, errors.Wrap(err, errUpdateAzureFirewall) + } + } + return managed.ExternalUpdate{}, nil +} + +func (e *external) Delete(ctx context.Context, mg resource.Managed) error { + v, ok := mg.(*v1alpha3.AzureFirewall) + if !ok { + return errors.New(errNotAzureFirewall) + } + + mg.SetConditions(runtimev1alpha1.Deleting()) + + _, err := e.client.Delete(ctx, v.Spec.ResourceGroupName, meta.GetExternalName(v)) + return errors.Wrap(resource.Ignore(azureclients.IsNotFound, err), errDeleteAzureFirewall) +}