Merge pull request #65 from nstapelbroek/notes-on-firewall-rules

Add optional notes to firewall rules

cmd/commands_firewall.go

@@ -83,14 +83,15 @@ func firewallGroupList(cmd *cli.Cmd) {
 }
 
 func firewallRuleCreate(cmd *cli.Cmd) {
-	cmd.Spec = "-g -n ((--tcp --port) | (--udp --port) | --icmp | --gre)"
+	cmd.Spec = "-g -n ((--tcp --port) | (--udp --port) | --icmp | --gre) [--notes]"
 	gid := cmd.StringOpt("g group-id", "", "Firewall group ID (see <firewall group list>)")
 	cidr := cmd.StringOpt("n network", "0.0.0.0/0", "IPv4/IPv6 network in CIDR notation")
 	tcp := cmd.BoolOpt("tcp", false, "TCP protocol")
 	udp := cmd.BoolOpt("udp", false, "UDP protocol")
 	icmp := cmd.BoolOpt("icmp", false, "ICMP protocol")
 	gre := cmd.BoolOpt("gre", false, "GRE protocol")
 	port := cmd.StringOpt("port", "", "Port number or port range (TCP/UDP only)")
+	notes := cmd.StringOpt("notes", "", "Optional note")
 
 	cmd.Action = func() {
 		var protocol string
@@ -110,15 +111,15 @@ func firewallRuleCreate(cmd *cli.Cmd) {
 			log.Fatalf("Invalid network CIDR: %s", *cidr)
 		}
 
-		ruleNum, err := GetClient().CreateFirewallRule(*gid, protocol, *port, network)
+		ruleNum, err := GetClient().CreateFirewallRule(*gid, protocol, *port, network, *notes)
 		if err != nil {
 			log.Fatal(err)
 		}
 
 		fmt.Printf("Firewall rule created\n\n")
-		lengths := []int{10, 10, 10, 12, 20}
-		tabsPrint(columns{"GROUP_ID", "RULE_NUM", "PROTOCOL", "PORT", "NETWORK"}, lengths)
-		tabsPrint(columns{*gid, ruleNum, protocol, *port, network}, lengths)
+		lengths := []int{10, 10, 10, 12, 20, 30}
+		tabsPrint(columns{"GROUP_ID", "RULE_NUM", "PROTOCOL", "PORT", "NETWORK", "NOTES"}, lengths)
+		tabsPrint(columns{*gid, ruleNum, protocol, *port, network, *notes}, lengths)
 		tabsFlush()
 	}
 }
@@ -154,15 +155,16 @@ func firewallRuleList(cmd *cli.Cmd) {
 			return
 		}
 
-		lengths := []int{10, 10, 8, 12, 20}
-		tabsPrint(columns{"RULE_NUM", "ACTION", "PROTOCOL", "PORT", "NETWORK"}, lengths)
+		lengths := []int{10, 10, 8, 12, 20, 30}
+		tabsPrint(columns{"RULE_NUM", "ACTION", "PROTOCOL", "PORT", "NETWORK", "NOTES"}, lengths)
 		for _, r := range rules {
 			tabsPrint(columns{
 				r.RuleNumber,
 				r.Action,
 				r.Protocol,
 				r.Port,
 				r.Network.String(),
+				r.Notes,
 			}, lengths)
 		}
 		tabsFlush()

lib/firewall.go

@@ -28,6 +28,7 @@ type FirewallRule struct {
 	Protocol   string `json:"protocol"`
 	Port       string `json:"port"`
 	Network    *net.IPNet
+	Notes      string `json:"notes"`
 }
 
 type firewallGroups []FirewallGroup
@@ -83,6 +84,7 @@ func (r *FirewallRule) UnmarshalJSON(data []byte) (err error) {
 	r.Action = fmt.Sprintf("%v", fields["action"])
 	r.Protocol = fmt.Sprintf("%v", fields["protocol"])
 	r.Port = fmt.Sprintf("%v", fields["port"])
+	r.Notes = fmt.Sprintf("%v", fields["notes"])
 	subnet := fmt.Sprintf("%v", fields["subnet"])
 	if subnet == "<nil>" {
 		subnet = ""
@@ -198,7 +200,7 @@ func (c *Client) GetFirewallRules(groupID string) ([]FirewallRule, error) {
 // protocol must be one of: "icmp", "tcp", "udp", "gre"
 // port can be a port number or colon separated port range (TCP/UDP only)
 func (c *Client) CreateFirewallRule(groupID, protocol, port string,
-	network *net.IPNet) (int, error) {
+	network *net.IPNet, notes string) (int, error) {
 	ip := network.IP.String()
 	maskBits, _ := network.Mask.Size()
 	if ip == "<nil>" {
@@ -230,6 +232,10 @@ func (c *Client) CreateFirewallRule(groupID, protocol, port string,
 		values.Add("port", port)
 	}
 
+	if len(notes) > 0 {
+		values.Add("notes", notes)
+	}
+
 	var result FirewallRule
 	err := c.post(`firewall/rule_create`, values, &result)
 	if err != nil {

lib/firewall_test.go

@@ -178,7 +178,7 @@ func Test_Firewall_CreateRule_Ok(t *testing.T) {
 	defer server.Close()
 
 	_, netw, _ := net.ParseCIDR("10.234.22.0/24")
-	num, err := client.CreateFirewallRule("1a", "tcp", "80", netw)
+	num, err := client.CreateFirewallRule("1a", "tcp", "80", netw, "some-example-note")
 	if err != nil {
 		t.Error(err)
 	}