diff --git a/VERSION b/VERSION index ca2eb8f..0a8bf80 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.26.3 +v0.27.0 diff --git a/api/models/v1_firewall_allocate_request.go b/api/models/v1_firewall_allocate_request.go new file mode 100644 index 0000000..76e5c24 --- /dev/null +++ b/api/models/v1_firewall_allocate_request.go @@ -0,0 +1,109 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// V1FirewallAllocateRequest v1 firewall allocate request +// +// swagger:model v1.FirewallAllocateRequest +type V1FirewallAllocateRequest struct { + + // optional egress and ingress firewall rules to deploy during firewall allocation + FirewallRules *V1FirewallRules `json:"firewall_rules,omitempty" yaml:"firewall_rules,omitempty"` +} + +// Validate validates this v1 firewall allocate request +func (m *V1FirewallAllocateRequest) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateFirewallRules(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1FirewallAllocateRequest) validateFirewallRules(formats strfmt.Registry) error { + if swag.IsZero(m.FirewallRules) { // not required + return nil + } + + if m.FirewallRules != nil { + if err := m.FirewallRules.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("firewall_rules") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("firewall_rules") + } + return err + } + } + + return nil +} + +// ContextValidate validate this v1 firewall allocate request based on the context it is used +func (m *V1FirewallAllocateRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := m.contextValidateFirewallRules(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1FirewallAllocateRequest) contextValidateFirewallRules(ctx context.Context, formats strfmt.Registry) error { + + if m.FirewallRules != nil { + + if swag.IsZero(m.FirewallRules) { // not required + return nil + } + + if err := m.FirewallRules.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("firewall_rules") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("firewall_rules") + } + return err + } + } + + return nil +} + +// MarshalBinary interface implementation +func (m *V1FirewallAllocateRequest) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *V1FirewallAllocateRequest) UnmarshalBinary(b []byte) error { + var res V1FirewallAllocateRequest + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/api/models/v1_firewall_create_request.go b/api/models/v1_firewall_create_request.go index 5d0906a..fdb8599 100644 --- a/api/models/v1_firewall_create_request.go +++ b/api/models/v1_firewall_create_request.go @@ -26,8 +26,8 @@ type V1FirewallCreateRequest struct { // the filesystemlayout id to assing to this machine Filesystemlayoutid string `json:"filesystemlayoutid,omitempty" yaml:"filesystemlayoutid,omitempty"` - // if set to true, this firewall is set up in a High Available manner - Ha bool `json:"ha,omitempty" yaml:"ha,omitempty"` + // optional egress and ingress firewall rules to deploy during firewall allocation + FirewallRules *V1FirewallRules `json:"firewall_rules,omitempty" yaml:"firewall_rules,omitempty"` // the hostname for the allocated machine (defaults to metal) Hostname string `json:"hostname,omitempty" yaml:"hostname,omitempty"` @@ -78,6 +78,10 @@ type V1FirewallCreateRequest struct { func (m *V1FirewallCreateRequest) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateFirewallRules(formats); err != nil { + res = append(res, err) + } + if err := m.validateImageid(formats); err != nil { res = append(res, err) } @@ -108,6 +112,25 @@ func (m *V1FirewallCreateRequest) Validate(formats strfmt.Registry) error { return nil } +func (m *V1FirewallCreateRequest) validateFirewallRules(formats strfmt.Registry) error { + if swag.IsZero(m.FirewallRules) { // not required + return nil + } + + if m.FirewallRules != nil { + if err := m.FirewallRules.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("firewall_rules") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("firewall_rules") + } + return err + } + } + + return nil +} + func (m *V1FirewallCreateRequest) validateImageid(formats strfmt.Registry) error { if err := validate.Required("imageid", "body", m.Imageid); err != nil { @@ -183,6 +206,10 @@ func (m *V1FirewallCreateRequest) validateSSHPubKeys(formats strfmt.Registry) er func (m *V1FirewallCreateRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error { var res []error + if err := m.contextValidateFirewallRules(ctx, formats); err != nil { + res = append(res, err) + } + if err := m.contextValidateNetworks(ctx, formats); err != nil { res = append(res, err) } @@ -193,6 +220,27 @@ func (m *V1FirewallCreateRequest) ContextValidate(ctx context.Context, formats s return nil } +func (m *V1FirewallCreateRequest) contextValidateFirewallRules(ctx context.Context, formats strfmt.Registry) error { + + if m.FirewallRules != nil { + + if swag.IsZero(m.FirewallRules) { // not required + return nil + } + + if err := m.FirewallRules.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("firewall_rules") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("firewall_rules") + } + return err + } + } + + return nil +} + func (m *V1FirewallCreateRequest) contextValidateNetworks(ctx context.Context, formats strfmt.Registry) error { for i := 0; i < len(m.Networks); i++ { diff --git a/api/models/v1_firewall_egress_rule.go b/api/models/v1_firewall_egress_rule.go new file mode 100644 index 0000000..8a3150f --- /dev/null +++ b/api/models/v1_firewall_egress_rule.go @@ -0,0 +1,142 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "encoding/json" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// V1FirewallEgressRule v1 firewall egress rule +// +// swagger:model v1.FirewallEgressRule +type V1FirewallEgressRule struct { + + // an optional comment describing what this rule is used for + Comment string `json:"comment,omitempty" yaml:"comment,omitempty"` + + // the ports affected by this rule + // Required: true + Ports []int32 `json:"ports" yaml:"ports"` + + // the protocol for the rule, defaults to tcp + // Enum: [tcp udp] + Protocol string `json:"protocol,omitempty" yaml:"protocol,omitempty"` + + // the cidrs affected by this rule + // Required: true + To []string `json:"to" yaml:"to"` +} + +// Validate validates this v1 firewall egress rule +func (m *V1FirewallEgressRule) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validatePorts(formats); err != nil { + res = append(res, err) + } + + if err := m.validateProtocol(formats); err != nil { + res = append(res, err) + } + + if err := m.validateTo(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1FirewallEgressRule) validatePorts(formats strfmt.Registry) error { + + if err := validate.Required("ports", "body", m.Ports); err != nil { + return err + } + + return nil +} + +var v1FirewallEgressRuleTypeProtocolPropEnum []interface{} + +func init() { + var res []string + if err := json.Unmarshal([]byte(`["tcp","udp"]`), &res); err != nil { + panic(err) + } + for _, v := range res { + v1FirewallEgressRuleTypeProtocolPropEnum = append(v1FirewallEgressRuleTypeProtocolPropEnum, v) + } +} + +const ( + + // V1FirewallEgressRuleProtocolTCP captures enum value "tcp" + V1FirewallEgressRuleProtocolTCP string = "tcp" + + // V1FirewallEgressRuleProtocolUDP captures enum value "udp" + V1FirewallEgressRuleProtocolUDP string = "udp" +) + +// prop value enum +func (m *V1FirewallEgressRule) validateProtocolEnum(path, location string, value string) error { + if err := validate.EnumCase(path, location, value, v1FirewallEgressRuleTypeProtocolPropEnum, true); err != nil { + return err + } + return nil +} + +func (m *V1FirewallEgressRule) validateProtocol(formats strfmt.Registry) error { + if swag.IsZero(m.Protocol) { // not required + return nil + } + + // value enum + if err := m.validateProtocolEnum("protocol", "body", m.Protocol); err != nil { + return err + } + + return nil +} + +func (m *V1FirewallEgressRule) validateTo(formats strfmt.Registry) error { + + if err := validate.Required("to", "body", m.To); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this v1 firewall egress rule based on context it is used +func (m *V1FirewallEgressRule) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *V1FirewallEgressRule) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *V1FirewallEgressRule) UnmarshalBinary(b []byte) error { + var res V1FirewallEgressRule + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/api/models/v1_firewall_ingress_rule.go b/api/models/v1_firewall_ingress_rule.go new file mode 100644 index 0000000..eb837ed --- /dev/null +++ b/api/models/v1_firewall_ingress_rule.go @@ -0,0 +1,159 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "encoding/json" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" + "github.com/go-openapi/validate" +) + +// V1FirewallIngressRule v1 firewall ingress rule +// +// swagger:model v1.FirewallIngressRule +type V1FirewallIngressRule struct { + + // an optional comment describing what this rule is used for + Comment string `json:"comment,omitempty" yaml:"comment,omitempty"` + + // the cidrs affected by this rule + // Required: true + From []string `json:"from" yaml:"from"` + + // the ports affected by this rule + // Required: true + Ports []int32 `json:"ports" yaml:"ports"` + + // the protocol for the rule, defaults to tcp + // Enum: [tcp udp] + Protocol string `json:"protocol,omitempty" yaml:"protocol,omitempty"` + + // the cidrs affected by this rule + // Required: true + To []string `json:"to" yaml:"to"` +} + +// Validate validates this v1 firewall ingress rule +func (m *V1FirewallIngressRule) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateFrom(formats); err != nil { + res = append(res, err) + } + + if err := m.validatePorts(formats); err != nil { + res = append(res, err) + } + + if err := m.validateProtocol(formats); err != nil { + res = append(res, err) + } + + if err := m.validateTo(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1FirewallIngressRule) validateFrom(formats strfmt.Registry) error { + + if err := validate.Required("from", "body", m.From); err != nil { + return err + } + + return nil +} + +func (m *V1FirewallIngressRule) validatePorts(formats strfmt.Registry) error { + + if err := validate.Required("ports", "body", m.Ports); err != nil { + return err + } + + return nil +} + +var v1FirewallIngressRuleTypeProtocolPropEnum []interface{} + +func init() { + var res []string + if err := json.Unmarshal([]byte(`["tcp","udp"]`), &res); err != nil { + panic(err) + } + for _, v := range res { + v1FirewallIngressRuleTypeProtocolPropEnum = append(v1FirewallIngressRuleTypeProtocolPropEnum, v) + } +} + +const ( + + // V1FirewallIngressRuleProtocolTCP captures enum value "tcp" + V1FirewallIngressRuleProtocolTCP string = "tcp" + + // V1FirewallIngressRuleProtocolUDP captures enum value "udp" + V1FirewallIngressRuleProtocolUDP string = "udp" +) + +// prop value enum +func (m *V1FirewallIngressRule) validateProtocolEnum(path, location string, value string) error { + if err := validate.EnumCase(path, location, value, v1FirewallIngressRuleTypeProtocolPropEnum, true); err != nil { + return err + } + return nil +} + +func (m *V1FirewallIngressRule) validateProtocol(formats strfmt.Registry) error { + if swag.IsZero(m.Protocol) { // not required + return nil + } + + // value enum + if err := m.validateProtocolEnum("protocol", "body", m.Protocol); err != nil { + return err + } + + return nil +} + +func (m *V1FirewallIngressRule) validateTo(formats strfmt.Registry) error { + + if err := validate.Required("to", "body", m.To); err != nil { + return err + } + + return nil +} + +// ContextValidate validates this v1 firewall ingress rule based on context it is used +func (m *V1FirewallIngressRule) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + return nil +} + +// MarshalBinary interface implementation +func (m *V1FirewallIngressRule) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *V1FirewallIngressRule) UnmarshalBinary(b []byte) error { + var res V1FirewallIngressRule + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/api/models/v1_firewall_rules.go b/api/models/v1_firewall_rules.go new file mode 100644 index 0000000..42f5078 --- /dev/null +++ b/api/models/v1_firewall_rules.go @@ -0,0 +1,183 @@ +// Code generated by go-swagger; DO NOT EDIT. + +package models + +// This file was generated by the swagger tool. +// Editing this file might prove futile when you re-run the swagger generate command + +import ( + "context" + "strconv" + + "github.com/go-openapi/errors" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/swag" +) + +// V1FirewallRules v1 firewall rules +// +// swagger:model v1.FirewallRules +type V1FirewallRules struct { + + // list of egress rules to be deployed during firewall allocation + Egress []*V1FirewallEgressRule `json:"egress" yaml:"egress"` + + // list of ingress rules to be deployed during firewall allocation + Ingress []*V1FirewallIngressRule `json:"ingress" yaml:"ingress"` +} + +// Validate validates this v1 firewall rules +func (m *V1FirewallRules) Validate(formats strfmt.Registry) error { + var res []error + + if err := m.validateEgress(formats); err != nil { + res = append(res, err) + } + + if err := m.validateIngress(formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1FirewallRules) validateEgress(formats strfmt.Registry) error { + if swag.IsZero(m.Egress) { // not required + return nil + } + + for i := 0; i < len(m.Egress); i++ { + if swag.IsZero(m.Egress[i]) { // not required + continue + } + + if m.Egress[i] != nil { + if err := m.Egress[i].Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("egress" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("egress" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +func (m *V1FirewallRules) validateIngress(formats strfmt.Registry) error { + if swag.IsZero(m.Ingress) { // not required + return nil + } + + for i := 0; i < len(m.Ingress); i++ { + if swag.IsZero(m.Ingress[i]) { // not required + continue + } + + if m.Ingress[i] != nil { + if err := m.Ingress[i].Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("ingress" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("ingress" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// ContextValidate validate this v1 firewall rules based on the context it is used +func (m *V1FirewallRules) ContextValidate(ctx context.Context, formats strfmt.Registry) error { + var res []error + + if err := m.contextValidateEgress(ctx, formats); err != nil { + res = append(res, err) + } + + if err := m.contextValidateIngress(ctx, formats); err != nil { + res = append(res, err) + } + + if len(res) > 0 { + return errors.CompositeValidationError(res...) + } + return nil +} + +func (m *V1FirewallRules) contextValidateEgress(ctx context.Context, formats strfmt.Registry) error { + + for i := 0; i < len(m.Egress); i++ { + + if m.Egress[i] != nil { + + if swag.IsZero(m.Egress[i]) { // not required + return nil + } + + if err := m.Egress[i].ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("egress" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("egress" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +func (m *V1FirewallRules) contextValidateIngress(ctx context.Context, formats strfmt.Registry) error { + + for i := 0; i < len(m.Ingress); i++ { + + if m.Ingress[i] != nil { + + if swag.IsZero(m.Ingress[i]) { // not required + return nil + } + + if err := m.Ingress[i].ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("ingress" + "." + strconv.Itoa(i)) + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("ingress" + "." + strconv.Itoa(i)) + } + return err + } + } + + } + + return nil +} + +// MarshalBinary interface implementation +func (m *V1FirewallRules) MarshalBinary() ([]byte, error) { + if m == nil { + return nil, nil + } + return swag.WriteJSON(m) +} + +// UnmarshalBinary interface implementation +func (m *V1FirewallRules) UnmarshalBinary(b []byte) error { + var res V1FirewallRules + if err := swag.ReadJSON(b, &res); err != nil { + return err + } + *m = res + return nil +} diff --git a/api/models/v1_machine_allocation.go b/api/models/v1_machine_allocation.go index a9868ae..45cd1a9 100644 --- a/api/models/v1_machine_allocation.go +++ b/api/models/v1_machine_allocation.go @@ -43,6 +43,10 @@ type V1MachineAllocation struct { // filesystemlayout to create on this machine Filesystemlayout *V1FilesystemLayoutResponse `json:"filesystemlayout,omitempty" yaml:"filesystemlayout,omitempty"` + // a set of firewall rules to apply + // Required: true + FirewallRules *V1FirewallRules `json:"firewall_rules" yaml:"firewall_rules"` + // the hostname which will be used when creating the machine // Required: true Hostname *string `json:"hostname" yaml:"hostname"` @@ -111,6 +115,10 @@ func (m *V1MachineAllocation) Validate(formats strfmt.Registry) error { res = append(res, err) } + if err := m.validateFirewallRules(formats); err != nil { + res = append(res, err) + } + if err := m.validateHostname(formats); err != nil { res = append(res, err) } @@ -226,6 +234,26 @@ func (m *V1MachineAllocation) validateFilesystemlayout(formats strfmt.Registry) return nil } +func (m *V1MachineAllocation) validateFirewallRules(formats strfmt.Registry) error { + + if err := validate.Required("firewall_rules", "body", m.FirewallRules); err != nil { + return err + } + + if m.FirewallRules != nil { + if err := m.FirewallRules.Validate(formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("firewall_rules") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("firewall_rules") + } + return err + } + } + + return nil +} + func (m *V1MachineAllocation) validateHostname(formats strfmt.Registry) error { if err := validate.Required("hostname", "body", m.Hostname); err != nil { @@ -400,6 +428,10 @@ func (m *V1MachineAllocation) ContextValidate(ctx context.Context, formats strfm res = append(res, err) } + if err := m.contextValidateFirewallRules(ctx, formats); err != nil { + res = append(res, err) + } + if err := m.contextValidateImage(ctx, formats); err != nil { res = append(res, err) } @@ -460,6 +492,23 @@ func (m *V1MachineAllocation) contextValidateFilesystemlayout(ctx context.Contex return nil } +func (m *V1MachineAllocation) contextValidateFirewallRules(ctx context.Context, formats strfmt.Registry) error { + + if m.FirewallRules != nil { + + if err := m.FirewallRules.ContextValidate(ctx, formats); err != nil { + if ve, ok := err.(*errors.Validation); ok { + return ve.ValidateName("firewall_rules") + } else if ce, ok := err.(*errors.CompositeError); ok { + return ce.ValidateName("firewall_rules") + } + return err + } + } + + return nil +} + func (m *V1MachineAllocation) contextValidateImage(ctx context.Context, formats strfmt.Registry) error { if m.Image != nil { diff --git a/metal-api.json b/metal-api.json index 8f7af83..d6d639b 100644 --- a/metal-api.json +++ b/metal-api.json @@ -623,8 +623,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -829,8 +828,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "logicalvolumes": { "description": "list of logicalvolumes to create", @@ -905,8 +903,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "logicalvolumes": { "description": "list of logicalvolumes to create", @@ -981,8 +978,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "logicalvolumes": { "description": "list of logicalvolumes to create", @@ -1015,6 +1011,14 @@ "id" ] }, + "v1.FirewallAllocateRequest": { + "properties": { + "firewall_rules": { + "$ref": "#/definitions/v1.FirewallRules", + "description": "optional egress and ingress firewall rules to deploy during firewall allocation" + } + } + }, "v1.FirewallCreateRequest": { "properties": { "description": { @@ -1025,9 +1029,9 @@ "description": "the filesystemlayout id to assing to this machine", "type": "string" }, - "ha": { - "description": "if set to true, this firewall is set up in a High Available manner", - "type": "boolean" + "firewall_rules": { + "$ref": "#/definitions/v1.FirewallRules", + "description": "optional egress and ingress firewall rules to deploy during firewall allocation" }, "hostname": { "description": "the hostname for the allocated machine (defaults to metal)", @@ -1105,6 +1109,41 @@ "ssh_pub_keys" ] }, + "v1.FirewallEgressRule": { + "properties": { + "comment": { + "description": "an optional comment describing what this rule is used for", + "type": "string" + }, + "ports": { + "description": "the ports affected by this rule", + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array" + }, + "protocol": { + "description": "the protocol for the rule, defaults to tcp", + "enum": [ + "tcp", + "udp" + ], + "type": "string" + }, + "to": { + "description": "the cidrs affected by this rule", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "ports", + "to" + ] + }, "v1.FirewallFindRequest": { "properties": { "allocation_hostname": { @@ -1287,6 +1326,49 @@ } } }, + "v1.FirewallIngressRule": { + "properties": { + "comment": { + "description": "an optional comment describing what this rule is used for", + "type": "string" + }, + "from": { + "description": "the cidrs affected by this rule", + "items": { + "type": "string" + }, + "type": "array" + }, + "ports": { + "description": "the ports affected by this rule", + "items": { + "format": "int32", + "type": "integer" + }, + "type": "array" + }, + "protocol": { + "description": "the protocol for the rule, defaults to tcp", + "enum": [ + "tcp", + "udp" + ], + "type": "string" + }, + "to": { + "description": "the cidrs affected by this rule", + "items": { + "type": "string" + }, + "type": "array" + } + }, + "required": [ + "from", + "ports", + "to" + ] + }, "v1.FirewallResponse": { "properties": { "allocation": { @@ -1323,8 +1405,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "ledstate": { "$ref": "#/definitions/v1.ChassisIdentifyLEDState", @@ -1376,6 +1457,24 @@ "tags" ] }, + "v1.FirewallRules": { + "properties": { + "egress": { + "description": "list of egress rules to be deployed during firewall allocation", + "items": { + "$ref": "#/definitions/v1.FirewallEgressRule" + }, + "type": "array" + }, + "ingress": { + "description": "list of ingress rules to be deployed during firewall allocation", + "items": { + "$ref": "#/definitions/v1.FirewallIngressRule" + }, + "type": "array" + } + } + }, "v1.FirmwaresResponse": { "properties": { "revisions": { @@ -1437,7 +1536,6 @@ "type": "array" }, "type": { - "default": "static", "description": "the ip type, ephemeral leads to automatic cleanup of the ip address, static will enable re-use of the ip at a later point in time", "enum": [ "ephemeral", @@ -1470,7 +1568,6 @@ "type": "array" }, "type": { - "default": "static", "description": "the ip type, ephemeral leads to automatic cleanup of the ip address, static will enable re-use of the ip at a later point in time", "enum": [ "ephemeral", @@ -1537,8 +1634,7 @@ }, "ipaddress": { "description": "the address (ipv4 or ipv6) of this ip", - "type": "string", - "uniqueItems": true + "type": "string" } }, "required": [ @@ -1570,8 +1666,7 @@ }, "ipaddress": { "description": "the address (ipv4 or ipv6) of this ip", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -1593,7 +1688,6 @@ "type": "array" }, "type": { - "default": "static", "description": "the ip type, ephemeral leads to automatic cleanup of the ip address, static will enable re-use of the ip at a later point in time", "enum": [ "ephemeral", @@ -1619,8 +1713,7 @@ }, "ipaddress": { "description": "the address (ipv4 or ipv6) of this ip", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -1651,8 +1744,7 @@ "properties": { "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" } }, "required": [ @@ -1718,8 +1810,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -1801,8 +1892,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -1849,8 +1939,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -2023,6 +2112,10 @@ "$ref": "#/definitions/v1.FilesystemLayoutResponse", "description": "filesystemlayout to create on this machine" }, + "firewall_rules": { + "$ref": "#/definitions/v1.FirewallRules", + "description": "a set of firewall rules to apply" + }, "hostname": { "description": "the hostname which will be used when creating the machine", "type": "string" @@ -2083,6 +2176,7 @@ "allocationuuid", "created", "creator", + "firewall_rules", "hostname", "name", "networks", @@ -2240,8 +2334,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -2616,8 +2709,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "ipmi": { "$ref": "#/definitions/v1.MachineIPMI", @@ -3165,8 +3257,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "imageid": { "description": "the image id to be installed", @@ -3218,8 +3309,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "ledstate": { "$ref": "#/definitions/v1.ChassisIdentifyLEDState", @@ -3334,8 +3424,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "ssh_pub_keys": { "description": "the public ssh keys to access the machine with", @@ -3495,8 +3584,7 @@ }, "id": { "description": "the unique ID of this entity, auto-generated if left empty", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -3691,8 +3779,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -3779,8 +3866,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -3898,8 +3984,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -3942,8 +4027,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -3997,8 +4081,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -4040,8 +4123,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -4379,8 +4461,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -4432,8 +4513,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -4456,8 +4536,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -4495,8 +4574,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "name": { "description": "a readable name for this entity", @@ -4637,8 +4715,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -4691,8 +4768,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "labels": { "additionalProperties": { @@ -4839,8 +4915,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "last_sync": { "$ref": "#/definitions/v1.SwitchSync", @@ -4887,8 +4962,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "management_ip": { "description": "the ip address of the management interface of the switch", @@ -4964,8 +5038,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "last_sync": { "$ref": "#/definitions/v1.SwitchSync", @@ -5053,8 +5126,7 @@ }, "id": { "description": "the unique ID of this entity", - "type": "string", - "uniqueItems": true + "type": "string" }, "management_ip": { "description": "the ip address of the management interface of the switch", @@ -5329,7 +5401,7 @@ "url": "https://www.gnu.org/licenses/agpl-3.0.de.html" }, "title": "metal-api", - "version": "v0.26.3" + "version": "v0.27.0" }, "paths": { "/v1/audit/find": {