1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
package firewall
import (
"encoding/json"
"fmt"
"io/ioutil"
"net"
"os"
"github.com/spf13/cobra"
"github.com/hetznercloud/cli/internal/cmd/util"
"github.com/hetznercloud/cli/internal/state"
"github.com/hetznercloud/hcloud-go/v2/hcloud"
"github.com/hetznercloud/hcloud-go/v2/hcloud/schema"
)
func newCreateCommand(cli *state.State) *cobra.Command {
cmd := &cobra.Command{
Use: "create FLAGS",
Short: "Create a Firewall",
Args: cobra.NoArgs,
TraverseChildren: true,
DisableFlagsInUseLine: true,
PreRunE: util.ChainRunE(cli.EnsureToken),
RunE: cli.Wrap(runFirewallCreate),
}
cmd.Flags().String("name", "", "Name")
cmd.MarkFlagRequired("name")
cmd.Flags().StringToString("label", nil, "User-defined labels ('key=value') (can be specified multiple times)")
cmd.Flags().String("rules-file", "", "JSON file containing your routes (use - to read from stdin). The structure of the file needs to be the same as within the API: https://docs.hetzner.cloud/#firewalls-get-a-firewall ")
return cmd
}
func runFirewallCreate(cli *state.State, cmd *cobra.Command, args []string) error {
name, _ := cmd.Flags().GetString("name")
labels, _ := cmd.Flags().GetStringToString("label")
opts := hcloud.FirewallCreateOpts{
Name: name,
Labels: labels,
}
rulesFile, _ := cmd.Flags().GetString("rules-file")
if len(rulesFile) > 0 {
var data []byte
var err error
if rulesFile == "-" {
data, err = ioutil.ReadAll(os.Stdin)
} else {
data, err = ioutil.ReadFile(rulesFile)
}
if err != nil {
return err
}
var rules []schema.FirewallRule
err = json.Unmarshal(data, &rules)
if err != nil {
return err
}
for _, rule := range rules {
var sourceNets []net.IPNet
for i, sourceIP := range rule.SourceIPs {
_, sourceNet, err := net.ParseCIDR(sourceIP)
if err != nil {
return fmt.Errorf("invalid CIDR on index %d : %s", i, err)
}
sourceNets = append(sourceNets, *sourceNet)
}
opts.Rules = append(opts.Rules, hcloud.FirewallRule{
Direction: hcloud.FirewallRuleDirection(rule.Direction),
SourceIPs: sourceNets,
Protocol: hcloud.FirewallRuleProtocol(rule.Protocol),
Port: rule.Port,
Description: rule.Description,
})
}
}
result, _, err := cli.Client().Firewall.Create(cli.Context, opts)
if err != nil {
return err
}
fmt.Printf("Firewall %d created\n", result.Firewall.ID)
return nil
}
|
