Skip to content

Commit

Permalink
Merge pull request #140 from hetznercloud/add-description-field-to-fi…
Browse files Browse the repository at this point in the history 
…rewall-rules

Add description field to firewall rules
  • Loading branch information
@Adi146
Adi146 authored Aug 3, 2021
2 parents 647cd79 + 84dc5c7 commit f500ba6
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 12 deletions.
2 changes: 1 addition & 1 deletion hcloud/firewalls/client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ def __init__(self, client, data, complete=True):
rules = data.get('rules', [])
if rules:
rules = [FirewallRule(direction=rule["direction"], source_ips=rule["source_ips"],
destination_ips=rule["destination_ips"], protocol=rule['protocol'], port=rule["port"])
destination_ips=rule["destination_ips"], protocol=rule['protocol'], port=rule["port"], description=rule["description"])
for rule in rules]
data['rules'] = rules

Expand Down
9 changes: 8 additions & 1 deletion hcloud/firewalls/domain.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,13 +60,16 @@ class FirewallRule:
List of permitted IPv4/IPv6 addresses in CIDR notation. Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses. You can specify 100 CIDRs at most.
:param destination_ips: List[str]
List of permitted IPv4/IPv6 addresses in CIDR notation. Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses. You can specify 100 CIDRs at most.
:param description: str
Short description of the firewall rule
"""
__slots__ = (
"direction",
"port",
"protocol",
"source_ips",
"destination_ips"
"destination_ips",
"description"
)

DIRECTION_IN = "in"
Expand All @@ -92,12 +95,14 @@ def __init__(
source_ips, # type: List[str]
port=None, # type: Optional[str]
destination_ips=None, # type: Optional[List[str]]
description=None, # type: Optional[str]
):
self.direction = direction
self.port = port
self.protocol = protocol
self.source_ips = source_ips
self.destination_ips = destination_ips or []
self.description = description

def to_payload(self):
payload = {
Expand All @@ -109,6 +114,8 @@ def to_payload(self):
payload.update({"destination_ips": self.destination_ips})
if self.port is not None:
payload.update({"port": self.port})
if self.description is not None:
payload.update({"description": self.description})
return payload


Expand Down
24 changes: 16 additions & 8 deletions tests/unit/firewalls/conftest.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ def response_create_firewall():
],
"destination_ips": [],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": None
},
{
"direction": "out",
Expand All @@ -30,7 +31,8 @@ def response_create_firewall():
"ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": "allow http out"
}
],
"applied_to": [
Expand Down Expand Up @@ -111,7 +113,8 @@ def firewall_response():
],
"destination_ips": [],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": "allow http in"
},
{
"direction": "out",
Expand All @@ -122,7 +125,8 @@ def firewall_response():
"ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": "allow http out"
}
],
"applied_to": [
Expand Down Expand Up @@ -162,7 +166,8 @@ def two_firewalls_response():
],
"destination_ips": [],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": "allow http in"
}
],
"applied_to": [
Expand All @@ -189,7 +194,8 @@ def two_firewalls_response():
"ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
],
"protocol": "tcp",
"port": "443"
"port": "443",
"description": "allow https in"
}
],
"applied_to": [
Expand Down Expand Up @@ -224,7 +230,8 @@ def one_firewalls_response():
"ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": "allow http in"
}
],
"applied_to": [
Expand Down Expand Up @@ -258,7 +265,8 @@ def response_update_firewall():
],
"destination_ips": [],
"protocol": "tcp",
"port": "80"
"port": "80",
"description": "allow http in"
}
],
"applied_to": [
Expand Down
6 changes: 4 additions & 2 deletions tests/unit/firewalls/test_client.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ def test_bound_firewall_init(self, firewall_response):
]
assert isinstance(firewall_in_rule.destination_ips, list)
assert len(firewall_in_rule.destination_ips) == 0
assert firewall_in_rule.description == "allow http in"

firewall_out_rule = bound_firewall.rules[1]
assert isinstance(firewall_out_rule, FirewallRule)
Expand All @@ -61,6 +62,7 @@ def test_bound_firewall_init(self, firewall_response):
"28.239.14.0/24",
"ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
]
assert firewall_out_rule.description == "allow http out"

@pytest.mark.parametrize(
"params",
Expand Down Expand Up @@ -123,9 +125,9 @@ def test_set_rules(self, hetzner_client, bound_firewall, response_set_rules):
hetzner_client.request.return_value = response_set_rules
actions = bound_firewall.set_rules([
FirewallRule(direction=FirewallRule.DIRECTION_IN, protocol=FirewallRule.PROTOCOL_ICMP,
source_ips=["0.0.0.0/0", "::/0"])])
source_ips=["0.0.0.0/0", "::/0"], description="New firewall description")])
hetzner_client.request.assert_called_with(url="/firewalls/1/actions/set_rules", method="POST", json={
"rules": [{"direction": "in", "protocol": "icmp", "source_ips": ["0.0.0.0/0", "::/0"]}]})
"rules": [{"direction": "in", "protocol": "icmp", "source_ips": ["0.0.0.0/0", "::/0"], "description": "New firewall description"}]})

assert actions[0].id == 13
assert actions[0].progress == 100
Expand Down

0 comments on commit f500ba6

Please sign in to comment.