34 var util = require('util');
35 var validators = require('./validators');
36 var verror = require('verror');
37
38
39
40 // --- Globals
41
42
43
44 var DIRECTIONS = ['to', 'from'];
45 // Exported fields that can be in the serialized rule:
46 var FIELDS = [
47 'created_by',
48 'description',
49 'enabled',
50 'global',
51 'owner_uuid',
52 'rule',
53 'uuid',
54 'version'
55 ];
56 // Maximum number of targets per side:
57 var MAX_TARGETS_PER_SIDE = 24;
58 // Maximum number of protocol targets:
59 var MAX_PROTOCOL_TARGETS = 24;
60 // Minimum version for using a larger list of protocol targets:
61 var MINVER_LGPROTOTARG = 4;
62 // The old maximum number of protocol targets:
63 var OLD_MAX_PORTS = 8;
64 var STRING_PROPS = ['created_by', 'description'];
65 var TARGET_TYPES = ['wildcard', 'ip', 'subnet', 'tag', 'vm'];
66
67 var icmpr = /^icmp6?$/;
68
69 // --- Internal functions
70
71
72 /**
73 * Safely check if an object has a property
74 */
362 errs.push(new validators.InvalidParamError('owner_uuid',
363 'Invalid owner UUID'));
364 }
365 this.owner_uuid = data.owner_uuid;
366 } else {
367 // No owner: this rule will affect all VMs
368 this.global = true;
369 }
370
371 if (hasOwnProperty(data, 'enabled')) {
372 if (!validators.bool(data.enabled)) {
373 errs.push(new validators.InvalidParamError('enabled',
374 'enabled must be true or false'));
375 }
376
377 this.enabled = data.enabled;
378 } else {
379 this.enabled = false;
380 }
381
382 for (var s in STRING_PROPS) {
383 var str = STRING_PROPS[s];
384 if (hasOwnProperty(data, str)) {
385 try {
386 validators.validateString(str, data[str]);
387 this[str] = data[str];
388 } catch (valErr) {
389 errs.push(valErr);
390 }
391 }
392 }
393
394 if (opts.enforceGlobal) {
395 if (hasOwnProperty(data, 'global') && !validators.bool(data.global)) {
396 errs.push(new validators.InvalidParamError('global',
397 'global must be true or false'));
398 }
399
400 if (hasOwnProperty(data, 'global') &&
401 hasOwnProperty(data, 'owner_uuid') && data.global) {
579 // affect VMs?
580 if (!this.allVMs && this.tags.length === 0 && this.vms.length === 0) {
581 throw new validators.InvalidParamError('rule',
582 'rule does not affect VMs');
583 }
584 }
585
586
587 /**
588 * Returns the internal representation of the rule
589 */
590 FwRule.prototype.raw = function () {
591 var raw = {
592 action: this.action,
593 enabled: this.enabled,
594 from: this.from,
595 priority: this.priority,
596 protocol: this.protocol,
597 to: this.to,
598 uuid: this.uuid,
599 version: this.version
600 };
601
602 if (this.owner_uuid) {
603 raw.owner_uuid = this.owner_uuid;
604 }
605
606 switch (this.protocol) {
607 case 'icmp':
608 case 'icmp6':
609 raw.types = this.types;
610 break;
611 case 'ah':
612 case 'esp':
613 break;
614 case 'tcp':
615 case 'udp':
616 raw.ports = this.ports;
617 break;
618 default:
619 throw new Error('unknown protocol: ' + this.protocol);
|
34 var util = require('util');
35 var validators = require('./validators');
36 var verror = require('verror');
37
38
39
40 // --- Globals
41
42
43
44 var DIRECTIONS = ['to', 'from'];
45 // Exported fields that can be in the serialized rule:
46 var FIELDS = [
47 'created_by',
48 'description',
49 'enabled',
50 'global',
51 'owner_uuid',
52 'rule',
53 'uuid',
54 'version',
55 'log'
56 ];
57 // Maximum number of targets per side:
58 var MAX_TARGETS_PER_SIDE = 24;
59 // Maximum number of protocol targets:
60 var MAX_PROTOCOL_TARGETS = 24;
61 // Minimum version for using a larger list of protocol targets:
62 var MINVER_LGPROTOTARG = 4;
63 // The old maximum number of protocol targets:
64 var OLD_MAX_PORTS = 8;
65 var STRING_PROPS = ['created_by', 'description'];
66 var TARGET_TYPES = ['wildcard', 'ip', 'subnet', 'tag', 'vm'];
67
68 var icmpr = /^icmp6?$/;
69
70 // --- Internal functions
71
72
73 /**
74 * Safely check if an object has a property
75 */
363 errs.push(new validators.InvalidParamError('owner_uuid',
364 'Invalid owner UUID'));
365 }
366 this.owner_uuid = data.owner_uuid;
367 } else {
368 // No owner: this rule will affect all VMs
369 this.global = true;
370 }
371
372 if (hasOwnProperty(data, 'enabled')) {
373 if (!validators.bool(data.enabled)) {
374 errs.push(new validators.InvalidParamError('enabled',
375 'enabled must be true or false'));
376 }
377
378 this.enabled = data.enabled;
379 } else {
380 this.enabled = false;
381 }
382
383 if (hasOwnProperty(data, 'log')) {
384 if (!validators.bool(data.log)) {
385 errs.push(new validators.InvalidParamError('log',
386 'log must be true or false'));
387 }
388
389 this.log = data.log;
390 } else {
391 this.log = false;
392 }
393
394 for (var s in STRING_PROPS) {
395 var str = STRING_PROPS[s];
396 if (hasOwnProperty(data, str)) {
397 try {
398 validators.validateString(str, data[str]);
399 this[str] = data[str];
400 } catch (valErr) {
401 errs.push(valErr);
402 }
403 }
404 }
405
406 if (opts.enforceGlobal) {
407 if (hasOwnProperty(data, 'global') && !validators.bool(data.global)) {
408 errs.push(new validators.InvalidParamError('global',
409 'global must be true or false'));
410 }
411
412 if (hasOwnProperty(data, 'global') &&
413 hasOwnProperty(data, 'owner_uuid') && data.global) {
591 // affect VMs?
592 if (!this.allVMs && this.tags.length === 0 && this.vms.length === 0) {
593 throw new validators.InvalidParamError('rule',
594 'rule does not affect VMs');
595 }
596 }
597
598
599 /**
600 * Returns the internal representation of the rule
601 */
602 FwRule.prototype.raw = function () {
603 var raw = {
604 action: this.action,
605 enabled: this.enabled,
606 from: this.from,
607 priority: this.priority,
608 protocol: this.protocol,
609 to: this.to,
610 uuid: this.uuid,
611 version: this.version,
612 log: this.log
613 };
614
615 if (this.owner_uuid) {
616 raw.owner_uuid = this.owner_uuid;
617 }
618
619 switch (this.protocol) {
620 case 'icmp':
621 case 'icmp6':
622 raw.types = this.types;
623 break;
624 case 'ah':
625 case 'esp':
626 break;
627 case 'tcp':
628 case 'udp':
629 raw.ports = this.ports;
630 break;
631 default:
632 throw new Error('unknown protocol: ' + this.protocol);
|