From a56836cba0f9828dd1934ff954bfaaed216fd3e3 Mon Sep 17 00:00:00 2001 From: Scaleway Bot Date: Fri, 10 Jan 2025 15:38:14 +0100 Subject: [PATCH] feat(vpcgw): add support BastionAllowedIPs (#1703) Co-authored-by: Laure-di <62625835+Laure-di@users.noreply.github.com> --- packages/clients/src/api/vpcgw/v2/api.gen.ts | 64 +++++++++++++++++++ .../clients/src/api/vpcgw/v2/index.gen.ts | 5 ++ .../src/api/vpcgw/v2/marshalling.gen.ts | 47 ++++++++++++++ .../clients/src/api/vpcgw/v2/types.gen.ts | 42 ++++++++++++ 4 files changed, 158 insertions(+) diff --git a/packages/clients/src/api/vpcgw/v2/api.gen.ts b/packages/clients/src/api/vpcgw/v2/api.gen.ts index cddf0d7a4..1c3965ee4 100644 --- a/packages/clients/src/api/vpcgw/v2/api.gen.ts +++ b/packages/clients/src/api/vpcgw/v2/api.gen.ts @@ -13,16 +13,19 @@ import { GATEWAY_TRANSIENT_STATUSES, } from './content.gen' import { + marshalAddBastionAllowedIPsRequest, marshalCreateGatewayNetworkRequest, marshalCreateGatewayRequest, marshalCreateIPRequest, marshalCreatePatRuleRequest, + marshalSetBastionAllowedIPsRequest, marshalSetPatRulesRequest, marshalUpdateGatewayNetworkRequest, marshalUpdateGatewayRequest, marshalUpdateIPRequest, marshalUpdatePatRuleRequest, marshalUpgradeGatewayRequest, + unmarshalAddBastionAllowedIPsResponse, unmarshalGateway, unmarshalGatewayNetwork, unmarshalIP, @@ -32,13 +35,17 @@ import { unmarshalListIPsResponse, unmarshalListPatRulesResponse, unmarshalPatRule, + unmarshalSetBastionAllowedIPsResponse, unmarshalSetPatRulesResponse, } from './marshalling.gen' import type { + AddBastionAllowedIPsRequest, + AddBastionAllowedIPsResponse, CreateGatewayNetworkRequest, CreateGatewayRequest, CreateIPRequest, CreatePatRuleRequest, + DeleteBastionAllowedIPsRequest, DeleteGatewayNetworkRequest, DeleteGatewayRequest, DeleteIPRequest, @@ -62,6 +69,8 @@ import type { ListPatRulesResponse, PatRule, RefreshSSHKeysRequest, + SetBastionAllowedIPsRequest, + SetBastionAllowedIPsResponse, SetPatRulesRequest, SetPatRulesResponse, UpdateGatewayNetworkRequest, @@ -660,4 +669,59 @@ export class API extends ParentAPI { }, unmarshalGateway, ) + + /** + * Add allowed IP range to SSH bastion. Add an IP range (in CIDR notation) to + * be allowed to connect to the SSH bastion. + * + * @param request - The request {@link AddBastionAllowedIPsRequest} + * @returns A Promise of AddBastionAllowedIPsResponse + */ + addBastionAllowedIPs = (request: Readonly) => + this.client.fetch( + { + body: JSON.stringify( + marshalAddBastionAllowedIPsRequest(request, this.client.settings), + ), + headers: jsonContentHeaders, + method: 'POST', + path: `/vpc-gw/v2/zones/${validatePathParam('zone', request.zone ?? this.client.settings.defaultZone)}/gateways/${validatePathParam('gatewayId', request.gatewayId)}/bastion-allowed-ips`, + }, + unmarshalAddBastionAllowedIPsResponse, + ) + + /** + * Set all IP ranges allowed for SSH bastion. Set a definitive list of IP + * ranges (in CIDR notation) allowed to connect to the SSH bastion. + * + * @param request - The request {@link SetBastionAllowedIPsRequest} + * @returns A Promise of SetBastionAllowedIPsResponse + */ + setBastionAllowedIPs = (request: Readonly) => + this.client.fetch( + { + body: JSON.stringify( + marshalSetBastionAllowedIPsRequest(request, this.client.settings), + ), + headers: jsonContentHeaders, + method: 'PUT', + path: `/vpc-gw/v2/zones/${validatePathParam('zone', request.zone ?? this.client.settings.defaultZone)}/gateways/${validatePathParam('gatewayId', request.gatewayId)}/bastion-allowed-ips`, + }, + unmarshalSetBastionAllowedIPsResponse, + ) + + /** + * Delete allowed IP range from SSH bastion. Delete an IP range (defined in + * CIDR notation) from SSH bastion, so that it is no longer allowed to + * connect. + * + * @param request - The request {@link DeleteBastionAllowedIPsRequest} + */ + deleteBastionAllowedIPs = ( + request: Readonly, + ) => + this.client.fetch({ + method: 'DELETE', + path: `/vpc-gw/v2/zones/${validatePathParam('zone', request.zone ?? this.client.settings.defaultZone)}/gateways/${validatePathParam('gatewayId', request.gatewayId)}/bastion-allowed-ips/${validatePathParam('ipRange', request.ipRange)}`, + }) } diff --git a/packages/clients/src/api/vpcgw/v2/index.gen.ts b/packages/clients/src/api/vpcgw/v2/index.gen.ts index b0270c213..5e780f03c 100644 --- a/packages/clients/src/api/vpcgw/v2/index.gen.ts +++ b/packages/clients/src/api/vpcgw/v2/index.gen.ts @@ -3,10 +3,13 @@ export { API } from './api.gen' export * from './content.gen' export type { + AddBastionAllowedIPsRequest, + AddBastionAllowedIPsResponse, CreateGatewayNetworkRequest, CreateGatewayRequest, CreateIPRequest, CreatePatRuleRequest, + DeleteBastionAllowedIPsRequest, DeleteGatewayNetworkRequest, DeleteGatewayRequest, DeleteIPRequest, @@ -38,6 +41,8 @@ export type { PatRule, PatRuleProtocol, RefreshSSHKeysRequest, + SetBastionAllowedIPsRequest, + SetBastionAllowedIPsResponse, SetPatRulesRequest, SetPatRulesRequestRule, SetPatRulesResponse, diff --git a/packages/clients/src/api/vpcgw/v2/marshalling.gen.ts b/packages/clients/src/api/vpcgw/v2/marshalling.gen.ts index a02ec2db5..98591df96 100644 --- a/packages/clients/src/api/vpcgw/v2/marshalling.gen.ts +++ b/packages/clients/src/api/vpcgw/v2/marshalling.gen.ts @@ -8,6 +8,8 @@ import { } from '../../../bridge' import type { DefaultValues } from '../../../bridge' import type { + AddBastionAllowedIPsRequest, + AddBastionAllowedIPsResponse, CreateGatewayNetworkRequest, CreateGatewayRequest, CreateIPRequest, @@ -22,6 +24,8 @@ import type { ListIPsResponse, ListPatRulesResponse, PatRule, + SetBastionAllowedIPsRequest, + SetBastionAllowedIPsResponse, SetPatRulesRequest, SetPatRulesRequestRule, SetPatRulesResponse, @@ -84,6 +88,7 @@ export const unmarshalGateway = (data: unknown): Gateway => { return { bandwidth: data.bandwidth, + bastionAllowedIps: data.bastion_allowed_ips, bastionEnabled: data.bastion_enabled, bastionPort: data.bastion_port, canUpgradeTo: data.can_upgrade_to, @@ -128,6 +133,20 @@ export const unmarshalPatRule = (data: unknown): PatRule => { } as PatRule } +export const unmarshalAddBastionAllowedIPsResponse = ( + data: unknown, +): AddBastionAllowedIPsResponse => { + if (!isJSONObject(data)) { + throw new TypeError( + `Unmarshalling the type 'AddBastionAllowedIPsResponse' failed as data isn't a dictionary.`, + ) + } + + return { + ipRanges: data.ip_ranges, + } as AddBastionAllowedIPsResponse +} + export const unmarshalListGatewayNetworksResponse = ( data: unknown, ): ListGatewayNetworksResponse => { @@ -217,6 +236,20 @@ export const unmarshalListPatRulesResponse = ( } as ListPatRulesResponse } +export const unmarshalSetBastionAllowedIPsResponse = ( + data: unknown, +): SetBastionAllowedIPsResponse => { + if (!isJSONObject(data)) { + throw new TypeError( + `Unmarshalling the type 'SetBastionAllowedIPsResponse' failed as data isn't a dictionary.`, + ) + } + + return { + ipRanges: data.ip_ranges, + } as SetBastionAllowedIPsResponse +} + export const unmarshalSetPatRulesResponse = ( data: unknown, ): SetPatRulesResponse => { @@ -231,6 +264,13 @@ export const unmarshalSetPatRulesResponse = ( } as SetPatRulesResponse } +export const marshalAddBastionAllowedIPsRequest = ( + request: AddBastionAllowedIPsRequest, + defaults: DefaultValues, +): Record => ({ + ip_range: request.ipRange, +}) + export const marshalCreateGatewayNetworkRequest = ( request: CreateGatewayNetworkRequest, defaults: DefaultValues, @@ -275,6 +315,13 @@ export const marshalCreatePatRuleRequest = ( public_port: request.publicPort, }) +export const marshalSetBastionAllowedIPsRequest = ( + request: SetBastionAllowedIPsRequest, + defaults: DefaultValues, +): Record => ({ + ip_ranges: request.ipRanges, +}) + const marshalSetPatRulesRequestRule = ( request: SetPatRulesRequestRule, defaults: DefaultValues, diff --git a/packages/clients/src/api/vpcgw/v2/types.gen.ts b/packages/clients/src/api/vpcgw/v2/types.gen.ts index 7951d0f24..720d6f94e 100644 --- a/packages/clients/src/api/vpcgw/v2/types.gen.ts +++ b/packages/clients/src/api/vpcgw/v2/types.gen.ts @@ -160,6 +160,8 @@ export interface Gateway { smtpEnabled: boolean /** Defines whether the gateway uses non-IPAM IP configurations. */ isLegacy: boolean + /** Ranges of IP addresses allowed to connect to the gateway's SSH bastion. */ + bastionAllowedIps: string[] /** Zone of the gateway. */ zone: Zone } @@ -199,6 +201,20 @@ export interface SetPatRulesRequestRule { protocol: PatRuleProtocol } +export type AddBastionAllowedIPsRequest = { + /** Zone to target. If none is passed will use default zone from the config. */ + zone?: Zone + /** ID of the gateway to add the allowed IP range to. */ + gatewayId: string + /** IP range allowed to connect to the SSH bastion. */ + ipRange: string +} + +export interface AddBastionAllowedIPsResponse { + /** Ranges of IP addresses allowed to connect to the gateway's SSH bastion. */ + ipRanges: string[] +} + export type CreateGatewayNetworkRequest = { /** Zone to target. If none is passed will use default zone from the config. */ zone?: Zone @@ -259,6 +275,15 @@ export type CreatePatRuleRequest = { protocol?: PatRuleProtocol } +export type DeleteBastionAllowedIPsRequest = { + /** Zone to target. If none is passed will use default zone from the config. */ + zone?: Zone + /** ID of the gateway on which to delete the allowed IP range. */ + gatewayId: string + /** IP range to delete from SSH bastion's list of allowed IPs. */ + ipRange: string +} + export type DeleteGatewayNetworkRequest = { /** Zone to target. If none is passed will use default zone from the config. */ zone?: Zone @@ -452,6 +477,23 @@ export type RefreshSSHKeysRequest = { gatewayId: string } +export type SetBastionAllowedIPsRequest = { + /** Zone to target. If none is passed will use default zone from the config. */ + zone?: Zone + /** ID of the gateway on which to set the allowed IP range. */ + gatewayId: string + /** + * New list of IP ranges (each range in CIDR notation) allowed to connect to + * the SSH bastion. + */ + ipRanges?: string[] +} + +export interface SetBastionAllowedIPsResponse { + /** Ranges of IP addresses allowed to connect to the gateway's SSH bastion. */ + ipRanges: string[] +} + export type SetPatRulesRequest = { /** Zone to target. If none is passed will use default zone from the config. */ zone?: Zone