isle/go/cmd/entrypoint/vpn_firewall.go

86 lines
2.0 KiB
Go
Raw Normal View History

package main
import (
"errors"
"fmt"
"isle/daemon/daecommon"
)
const vpnFirewallConfigChangeStagerName = "vpn-firewall-config"
type firewallRuleView struct {
Index int `yaml:"index"`
daecommon.ConfigFirewallRule `yaml:",inline"`
}
func newFirewallRuleViews(
rules []daecommon.ConfigFirewallRule,
) []firewallRuleView {
views := make([]firewallRuleView, len(rules))
for i := range rules {
views[i] = firewallRuleView{
Index: i,
ConfigFirewallRule: rules[i],
}
}
return views
}
type firewallView struct {
Outbound []firewallRuleView `yaml:"outbound"`
Inbound []firewallRuleView `yaml:"inbound"`
}
func newFirewallView(firewallConfig daecommon.ConfigFirewall) firewallView {
return firewallView{
Outbound: newFirewallRuleViews(firewallConfig.Outbound),
Inbound: newFirewallRuleViews(firewallConfig.Inbound),
}
}
var subCmdVPNFirewallList = subCmd{
name: "list",
descr: "List all currently configured firewall rules",
do: doWithOutput(func(ctx subCmdCtx) (any, error) {
staged := ctx.flags.Bool(
"staged",
false,
"Return the firewall configuration with staged changes included",
)
ctx, err := ctx.withParsedFlags()
if err != nil {
return nil, fmt.Errorf("parsing flags: %w", err)
}
var firewallConfig daecommon.ConfigFirewall
if !*staged {
config, err := ctx.getDaemonRPC().GetConfig(ctx)
if err != nil {
return nil, fmt.Errorf("getting network config: %w", err)
}
firewallConfig = config.VPN.Firewall
} else if ok, err := ctx.opts.changeStager.get(
&firewallConfig, vpnFirewallConfigChangeStagerName,
); err != nil {
return nil, fmt.Errorf("checking for staged changes: %w", err)
} else if !ok {
return nil, errors.New("no firewall configuration changes have been staged")
}
return newFirewallView(firewallConfig), nil
}),
}
var subCmdVPNFirewall = subCmd{
name: "firewall",
descr: "Sub-commands related to this host's VPN firewall",
do: func(ctx subCmdCtx) error {
return ctx.doSubCmd(
subCmdVPNFirewallList,
)
},
}