diff --git a/api/v1beta2/types.go b/api/v1beta2/types.go index b1fa3c7e5..b45a6070e 100644 --- a/api/v1beta2/types.go +++ b/api/v1beta2/types.go @@ -190,62 +190,62 @@ var ( ResourceTypeResourceGroup = ResourceType("resourceGroup") ) -// SecurityGroupRuleAction represents the actions for a Security Group Rule. +// VPCSecurityGroupRuleAction represents the actions for a Security Group Rule. // +kubebuilder:validation:Enum=allow;deny -type SecurityGroupRuleAction string +type VPCSecurityGroupRuleAction string const ( // SecurityGroupRuleActionAllow defines that the Rule should allow traffic. - SecurityGroupRuleActionAllow SecurityGroupRuleAction = vpcv1.NetworkACLRuleActionAllowConst + SecurityGroupRuleActionAllow VPCSecurityGroupRuleAction = vpcv1.NetworkACLRuleActionAllowConst // SecurityGroupRuleActionDeny defines that the Rule should deny traffic. - SecurityGroupRuleActionDeny SecurityGroupRuleAction = vpcv1.NetworkACLRuleActionDenyConst + SecurityGroupRuleActionDeny VPCSecurityGroupRuleAction = vpcv1.NetworkACLRuleActionDenyConst ) -// SecurityGroupRuleDirection represents the directions for a Security Group Rule. +// VPCSecurityGroupRuleDirection represents the directions for a Security Group Rule. // +kubebuilder:validation:Enum=inbound;outbound -type SecurityGroupRuleDirection string +type VPCSecurityGroupRuleDirection string const ( // SecurityGroupRuleDirectionInbound defines the Rule is for inbound traffic. - SecurityGroupRuleDirectionInbound SecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionInboundConst + SecurityGroupRuleDirectionInbound VPCSecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionInboundConst // SecurityGroupRuleDirectionOutbound defines the Rule is for outbound traffic. - SecurityGroupRuleDirectionOutbound SecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionOutboundConst + SecurityGroupRuleDirectionOutbound VPCSecurityGroupRuleDirection = vpcv1.NetworkACLRuleDirectionOutboundConst ) -// SecurityGroupRuleProtocol represents the protocols for a Security Group Rule. +// VPCSecurityGroupRuleProtocol represents the protocols for a Security Group Rule. // +kubebuilder:validation:Enum=all;icmp;tcp;udp -type SecurityGroupRuleProtocol string +type VPCSecurityGroupRuleProtocol string const ( // SecurityGroupRuleProtocolAll defines the Rule is for all network protocols. - SecurityGroupRuleProtocolAll SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolAllConst + SecurityGroupRuleProtocolAll VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolAllConst // SecurityGroupRuleProtocolIcmp defiens the Rule is for ICMP network protocol. - SecurityGroupRuleProtocolIcmp SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolIcmpConst + SecurityGroupRuleProtocolIcmp VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolIcmpConst // SecurityGroupRuleProtocolTCP defines the Rule is for TCP network protocol. - SecurityGroupRuleProtocolTCP SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolTCPConst + SecurityGroupRuleProtocolTCP VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolTCPConst // SecurityGroupRuleProtocolUDP defines the Rule is for UDP network protocol. - SecurityGroupRuleProtocolUDP SecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolUDPConst + SecurityGroupRuleProtocolUDP VPCSecurityGroupRuleProtocol = vpcv1.NetworkACLRuleProtocolUDPConst ) -// SecurityGroupRuleRemoteType represents the type of Security Group Rule's destination or source is -// intended. This is intended to define the SecurityGroupRulePrototype subtype. +// VPCSecurityGroupRuleRemoteType represents the type of Security Group Rule's destination or source is +// intended. This is intended to define the VPCSecurityGroupRulePrototype subtype. // For example: // - any - Any source or destination (0.0.0.0/0) // - cidr - A CIDR representing a set of IP's (10.0.0.0/28) // - ip - A specific IP address (192.168.0.1) // - sg - A Security Group. // +kubebuilder:validation:Enum=any;cidr;ip;sg -type SecurityGroupRuleRemoteType string +type VPCSecurityGroupRuleRemoteType string const ( // SecurityGroupRuleRemoteTypeAny defines the destination or source for the Rule is anything/anywhere. - SecurityGroupRuleRemoteTypeAny SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("any") + SecurityGroupRuleRemoteTypeAny VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("any") // SecurityGroupRuleRemoteTypeCIDR defines the destination or source for the Rule is a CIDR block. - SecurityGroupRuleRemoteTypeCIDR SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("cidr") + SecurityGroupRuleRemoteTypeCIDR VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("cidr") // SecurityGroupRuleRemoteTypeIP defines the destination or source for the Rule is an IP address. - SecurityGroupRuleRemoteTypeIP SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("ip") + SecurityGroupRuleRemoteTypeIP VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("ip") // SecurityGroupRuleRemoteTypeSG defines the destination or source for the Rule is a VPC Security Group. - SecurityGroupRuleRemoteTypeSG SecurityGroupRuleRemoteType = SecurityGroupRuleRemoteType("sg") + SecurityGroupRuleRemoteTypeSG VPCSecurityGroupRuleRemoteType = VPCSecurityGroupRuleRemoteType("sg") ) // NetworkInterface holds the network interface information like subnet id. @@ -268,9 +268,9 @@ type PortRange struct { MinimumPort int64 `json:"minimumPort,omitempty"` } -// SecurityGroup defines a VPC Security Group that should exist or be created within the specified VPC, with the specified Security Group Rules. +// VPCSecurityGroup defines a VPC Security Group that should exist or be created within the specified VPC, with the specified Security Group Rules. // +kubebuilder:validation:XValidation:rule="has(self.id) || has(self.name)",message="either an id or name must be specified" -type SecurityGroup struct { +type VPCSecurityGroup struct { // id of the Security Group. // +optional ID *string `json:"id,omitempty"` @@ -279,60 +279,52 @@ type SecurityGroup struct { // +optional Name *string `json:"name,omitempty"` - // resourceGroup of the Security Group. - // +optional - ResourceGroup *string `json:"resourceGroup,omitempty"` - // rules are the Security Group Rules for the Security Group. // +optional - Rules []*SecurityGroupRule `json:"rules,omitempty"` + Rules []*VPCSecurityGroupRule `json:"rules,omitempty"` // tags are tags to add to the Security Group. // +optional Tags []*string `json:"tags,omitempty"` - - // vpc is the IBM Cloud VPC for the Security Group. - // +optional - VPC *VPCResourceReference `json:"vpc,omitempty"` } -// SecurityGroupRule defines a VPC Security Group Rule for a specified Security Group. +// VPCSecurityGroupRule defines a VPC Security Group Rule for a specified Security Group. // +kubebuilder:validation:XValidation:rule="(has(self.destination) && !has(self.source)) || (!has(self.destination) && has(self.source))",message="both destination and source cannot be provided" // +kubebuilder:validation:XValidation:rule="self.direction == 'inbound' ? has(self.source) : true",message="source must be set for SecurityGroupRuleDirectionInbound direction" // +kubebuilder:validation:XValidation:rule="self.direction == 'inbound' ? !has(self.destination) : true",message="destination is not valid for SecurityGroupRuleDirectionInbound direction" // +kubebuilder:validation:XValidation:rule="self.direction == 'outbound' ? has(self.destination) : true",message="destination must be set for SecurityGroupRuleDirectionOutbound direction" // +kubebuilder:validation:XValidation:rule="self.direction == 'outbound' ? !has(self.source) : true",message="source is not valid for SecurityGroupRuleDirectionOutbound direction" -type SecurityGroupRule struct { +type VPCSecurityGroupRule struct { // action defines whether to allow or deny traffic defined by the Security Group Rule. // +required - Action SecurityGroupRuleAction `json:"action"` + Action VPCSecurityGroupRuleAction `json:"action"` - // destination is a SecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. + // destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule. // Only used when direction is SecurityGroupRuleDirectionOutbound. // +optional - Destination *SecurityGroupRulePrototype `json:"destination,omitempty"` + Destination *VPCSecurityGroupRulePrototype `json:"destination,omitempty"` // direction defines whether the traffic is inbound or outbound for the Security Group Rule. // +required - Direction SecurityGroupRuleDirection `json:"direction"` + Direction VPCSecurityGroupRuleDirection `json:"direction"` // securityGroupID is the ID of the Security Group for the Security Group Rule. // +optional SecurityGroupID *string `json:"securityGroupID,omitempty"` - // source is a SecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. + // source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule. // Only used when direction is SecurityGroupRuleDirectionInbound. // +optional - Source *SecurityGroupRulePrototype `json:"source,omitempty"` + Source *VPCSecurityGroupRulePrototype `json:"source,omitempty"` } -// SecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. +// VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details. // The type of remote defines the additional remote details where are used for defining the remote. // +kubebuilder:validation:XValidation:rule="self.remoteType == 'any' ? (!has(self.cidrSubnetName) && !has(self.ip) && !has(self.securityGroupName)) : true",message="cidrSubnetName, ip, and securityGroupName are not valid for SecurityGroupRuleRemoteTypeAny remoteType" // +kubebuilder:validation:XValidation:rule="self.remoteType == 'cidr' ? (has(self.cidrSubnetName) && !has(self.ip) && !has(self.securityGroupName)) : true",message="only cidrSubnetName is valid for SecurityGroupRuleRemoteTypeCIDR remoteType" // +kubebuilder:validation:XValidation:rule="self.remoteType == 'ip' ? (has(self.ip) && !has(self.cidrSubnetName) && !has(self.securityGroupName)) : true",message="only ip is valid for SecurityGroupRuleRemoteTypeIP remoteType" // +kubebuilder:validation:XValidation:rule="self.remoteType == 'sg' ? (has(self.securityGroupName) && !has(self.cidrSubnetName) && !has(self.ip)) : true",message="only securityGroupName is valid for SecurityGroupRuleRemoteTypeSG remoteType" -type SecurityGroupRuleRemote struct { +type VPCSecurityGroupRuleRemote struct { // cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source. // Only used when remoteType is SecurityGroupRuleRemoteTypeCIDR. // +optional @@ -345,7 +337,7 @@ type SecurityGroupRuleRemote struct { // remoteType defines the type of filter to define for the remote's destination/source. // +required - RemoteType SecurityGroupRuleRemoteType `json:"remoteType"` + RemoteType VPCSecurityGroupRuleRemoteType `json:"remoteType"` // securityGroupName is the name of the VPC Security Group to use for the remote's destination/source. // Only used when remoteType is SecurityGroupRuleRemoteTypeSG @@ -353,11 +345,11 @@ type SecurityGroupRuleRemote struct { SecurityGroupName *string `json:"securityGroupName,omitempty"` } -// SecurityGroupRulePrototype defines a VPC Security Group Rule's traffic specifics for a series of remotes (destinations or sources). +// VPCSecurityGroupRulePrototype defines a VPC Security Group Rule's traffic specifics for a series of remotes (destinations or sources). // +kubebuilder:validation:XValidation:rule="self.protocol != 'icmp' ? (!has(self.icmpCode) && !has(self.icmpType)) : true",message="icmpCode and icmpType are only supported for SecurityGroupRuleProtocolIcmp protocol" // +kubebuilder:validation:XValidation:rule="self.protocol == 'all' ? !has(self.portRange) : true",message="portRange is not valid for SecurityGroupRuleProtocolAll protocol" // +kubebuilder:validation:XValidation:rule="self.protocol == 'icmp' ? !has(self.portRange) : true",message="portRange is not valid for SecurityGroupRuleProtocolIcmp protocol" -type SecurityGroupRulePrototype struct { +type VPCSecurityGroupRulePrototype struct { // icmpCode is the ICMP code for the Rule. // Only used when Protocol is SecurityGroupProtocolICMP. // +optional @@ -374,12 +366,12 @@ type SecurityGroupRulePrototype struct { // protocol defines the traffic protocol used for the Security Group Rule. // +required - Protocol SecurityGroupRuleProtocol `json:"protocol"` + Protocol VPCSecurityGroupRuleProtocol `json:"protocol"` - // remotes is a set of SecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. - // Specifying multiple SecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. + // remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote. + // Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc. // This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc. - Remotes []SecurityGroupRuleRemote `json:"remotes"` + Remotes []VPCSecurityGroupRuleRemote `json:"remotes"` } // Subnet describes a subnet. diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go index 20a61a028..2d3dd3de6 100644 --- a/api/v1beta2/zz_generated.deepcopy.go +++ b/api/v1beta2/zz_generated.deepcopy.go @@ -1316,160 +1316,6 @@ func (in *ResourceReference) DeepCopy() *ResourceReference { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityGroup) DeepCopyInto(out *SecurityGroup) { - *out = *in - if in.ID != nil { - in, out := &in.ID, &out.ID - *out = new(string) - **out = **in - } - if in.Name != nil { - in, out := &in.Name, &out.Name - *out = new(string) - **out = **in - } - if in.ResourceGroup != nil { - in, out := &in.ResourceGroup, &out.ResourceGroup - *out = new(string) - **out = **in - } - if in.Rules != nil { - in, out := &in.Rules, &out.Rules - *out = make([]*SecurityGroupRule, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(SecurityGroupRule) - (*in).DeepCopyInto(*out) - } - } - } - if in.Tags != nil { - in, out := &in.Tags, &out.Tags - *out = make([]*string, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(string) - **out = **in - } - } - } - if in.VPC != nil { - in, out := &in.VPC, &out.VPC - *out = new(VPCResourceReference) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroup. -func (in *SecurityGroup) DeepCopy() *SecurityGroup { - if in == nil { - return nil - } - out := new(SecurityGroup) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityGroupRule) DeepCopyInto(out *SecurityGroupRule) { - *out = *in - if in.Destination != nil { - in, out := &in.Destination, &out.Destination - *out = new(SecurityGroupRulePrototype) - (*in).DeepCopyInto(*out) - } - if in.SecurityGroupID != nil { - in, out := &in.SecurityGroupID, &out.SecurityGroupID - *out = new(string) - **out = **in - } - if in.Source != nil { - in, out := &in.Source, &out.Source - *out = new(SecurityGroupRulePrototype) - (*in).DeepCopyInto(*out) - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroupRule. -func (in *SecurityGroupRule) DeepCopy() *SecurityGroupRule { - if in == nil { - return nil - } - out := new(SecurityGroupRule) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityGroupRulePrototype) DeepCopyInto(out *SecurityGroupRulePrototype) { - *out = *in - if in.ICMPCode != nil { - in, out := &in.ICMPCode, &out.ICMPCode - *out = new(int64) - **out = **in - } - if in.ICMPType != nil { - in, out := &in.ICMPType, &out.ICMPType - *out = new(int64) - **out = **in - } - if in.PortRange != nil { - in, out := &in.PortRange, &out.PortRange - *out = new(PortRange) - **out = **in - } - if in.Remotes != nil { - in, out := &in.Remotes, &out.Remotes - *out = make([]SecurityGroupRuleRemote, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroupRulePrototype. -func (in *SecurityGroupRulePrototype) DeepCopy() *SecurityGroupRulePrototype { - if in == nil { - return nil - } - out := new(SecurityGroupRulePrototype) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *SecurityGroupRuleRemote) DeepCopyInto(out *SecurityGroupRuleRemote) { - *out = *in - if in.CIDRSubnetName != nil { - in, out := &in.CIDRSubnetName, &out.CIDRSubnetName - *out = new(string) - **out = **in - } - if in.IP != nil { - in, out := &in.IP, &out.IP - *out = new(string) - **out = **in - } - if in.SecurityGroupName != nil { - in, out := &in.SecurityGroupName, &out.SecurityGroupName - *out = new(string) - **out = **in - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecurityGroupRuleRemote. -func (in *SecurityGroupRuleRemote) DeepCopy() *SecurityGroupRuleRemote { - if in == nil { - return nil - } - out := new(SecurityGroupRuleRemote) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Subnet) DeepCopyInto(out *Subnet) { *out = *in @@ -1665,6 +1511,150 @@ func (in *VPCResourceReference) DeepCopy() *VPCResourceReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSecurityGroup) DeepCopyInto(out *VPCSecurityGroup) { + *out = *in + if in.ID != nil { + in, out := &in.ID, &out.ID + *out = new(string) + **out = **in + } + if in.Name != nil { + in, out := &in.Name, &out.Name + *out = new(string) + **out = **in + } + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]*VPCSecurityGroupRule, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(VPCSecurityGroupRule) + (*in).DeepCopyInto(*out) + } + } + } + if in.Tags != nil { + in, out := &in.Tags, &out.Tags + *out = make([]*string, len(*in)) + for i := range *in { + if (*in)[i] != nil { + in, out := &(*in)[i], &(*out)[i] + *out = new(string) + **out = **in + } + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSecurityGroup. +func (in *VPCSecurityGroup) DeepCopy() *VPCSecurityGroup { + if in == nil { + return nil + } + out := new(VPCSecurityGroup) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSecurityGroupRule) DeepCopyInto(out *VPCSecurityGroupRule) { + *out = *in + if in.Destination != nil { + in, out := &in.Destination, &out.Destination + *out = new(VPCSecurityGroupRulePrototype) + (*in).DeepCopyInto(*out) + } + if in.SecurityGroupID != nil { + in, out := &in.SecurityGroupID, &out.SecurityGroupID + *out = new(string) + **out = **in + } + if in.Source != nil { + in, out := &in.Source, &out.Source + *out = new(VPCSecurityGroupRulePrototype) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSecurityGroupRule. +func (in *VPCSecurityGroupRule) DeepCopy() *VPCSecurityGroupRule { + if in == nil { + return nil + } + out := new(VPCSecurityGroupRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSecurityGroupRulePrototype) DeepCopyInto(out *VPCSecurityGroupRulePrototype) { + *out = *in + if in.ICMPCode != nil { + in, out := &in.ICMPCode, &out.ICMPCode + *out = new(int64) + **out = **in + } + if in.ICMPType != nil { + in, out := &in.ICMPType, &out.ICMPType + *out = new(int64) + **out = **in + } + if in.PortRange != nil { + in, out := &in.PortRange, &out.PortRange + *out = new(PortRange) + **out = **in + } + if in.Remotes != nil { + in, out := &in.Remotes, &out.Remotes + *out = make([]VPCSecurityGroupRuleRemote, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSecurityGroupRulePrototype. +func (in *VPCSecurityGroupRulePrototype) DeepCopy() *VPCSecurityGroupRulePrototype { + if in == nil { + return nil + } + out := new(VPCSecurityGroupRulePrototype) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *VPCSecurityGroupRuleRemote) DeepCopyInto(out *VPCSecurityGroupRuleRemote) { + *out = *in + if in.CIDRSubnetName != nil { + in, out := &in.CIDRSubnetName, &out.CIDRSubnetName + *out = new(string) + **out = **in + } + if in.IP != nil { + in, out := &in.IP, &out.IP + *out = new(string) + **out = **in + } + if in.SecurityGroupName != nil { + in, out := &in.SecurityGroupName, &out.SecurityGroupName + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPCSecurityGroupRuleRemote. +func (in *VPCSecurityGroupRuleRemote) DeepCopy() *VPCSecurityGroupRuleRemote { + if in == nil { + return nil + } + out := new(VPCSecurityGroupRuleRemote) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VPCVolume) DeepCopyInto(out *VPCVolume) { *out = *in