From c3f6d5fc726849c26cc20bda4a19b6cfcba11594 Mon Sep 17 00:00:00 2001 From: Amos Paul Date: Wed, 1 Jun 2022 12:53:03 -0700 Subject: [PATCH] Updating API usage of IPsec tunnels --- magic_transit_ipsec_tunnel.go | 59 +++++++++++++++++++++++++---- magic_transit_ipsec_tunnel_test.go | 37 ++++++++++++++++++ magic_transit_tunnel_healthcheck.go | 8 ++++ 3 files changed, 96 insertions(+), 8 deletions(-) create mode 100644 magic_transit_tunnel_healthcheck.go diff --git a/magic_transit_ipsec_tunnel.go b/magic_transit_ipsec_tunnel.go index 7ec5531ef4..1838b6a1c6 100644 --- a/magic_transit_ipsec_tunnel.go +++ b/magic_transit_ipsec_tunnel.go @@ -16,16 +16,31 @@ const ( errMagicTransitIPsecTunnelNotDeleted = "When trying to delete IPsec tunnel, API returned deleted: false" ) +type RemoteIdentities struct { + HexID string `json:"hex_id"` + FQDNID string `json:"fqdn_id"` + UserID string `json:"user_id"` +} + +// MagicTransitIPsecTunnelPskMetadata contains metadata associated with PSK. +type MagicTransitIPsecTunnelPskMetadata struct { + LastGeneratedOn *time.Time `json:"last_generated_on,omitempty"` +} + // MagicTransitIPsecTunnel contains information about an IPsec tunnel. type MagicTransitIPsecTunnel struct { - ID string `json:"id,omitempty"` - CreatedOn *time.Time `json:"created_on,omitempty"` - ModifiedOn *time.Time `json:"modified_on,omitempty"` - Name string `json:"name"` - CustomerEndpoint string `json:"customer_endpoint"` - CloudflareEndpoint string `json:"cloudflare_endpoint"` - InterfaceAddress string `json:"interface_address"` - Description string `json:"description,omitempty"` + ID string `json:"id,omitempty"` + CreatedOn *time.Time `json:"created_on,omitempty"` + ModifiedOn *time.Time `json:"modified_on,omitempty"` + Name string `json:"name"` + CustomerEndpoint string `json:"customer_endpoint"` + CloudflareEndpoint string `json:"cloudflare_endpoint"` + InterfaceAddress string `json:"interface_address"` + Description string `json:"description,omitempty"` + HealthCheck *MagicTransitTunnelHealthcheck `json:"health_check,omitempty"` + Psk string `json:"psk,omitempty"` + PskMetadata *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata,omitempty"` + RemoteIdentities *RemoteIdentities `json:"remote_identities,omitempty"` } // ListMagicTransitIPsecTunnelsResponse contains a response including IPsec tunnels. @@ -67,6 +82,15 @@ type DeleteMagicTransitIPsecTunnelResponse struct { } `json:"result"` } +// GenerateMagicTransitIPsecTunnelPSKResponse contains a response after generating IPsec Tunnel. +type GenerateMagicTransitIPsecTunnelPSKResponse struct { + Response + Result struct { + Psk string `json:"psk"` + PskMetadata *MagicTransitIPsecTunnelPskMetadata `json:"psk_metadata"` + } `json:"result"` +} + // ListMagicTransitIPsecTunnels lists all IPsec tunnels for a given account // // API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-list-ipsec-tunnels @@ -169,3 +193,22 @@ func (api *API) DeleteMagicTransitIPsecTunnel(ctx context.Context, accountID str return result.Result.DeletedIPsecTunnel, nil } + +// GenerateMagicTransitIPsecTunnelPSK generates a pre shared key (psk) for an IPsec tunnel +// +// API reference: https://api.cloudflare.com/#magic-ipsec-tunnels-generate-pre-shared-key-psk-for-ipsec-tunnels +func (api *API) GenerateMagicTransitIPsecTunnelPSK(ctx context.Context, accountID string, id string) (string, *MagicTransitIPsecTunnelPskMetadata, error) { + uri := fmt.Sprintf("/accounts/%s/magic/ipsec_tunnels/%s/psk_generate", accountID, id) + res, err := api.makeRequestContext(ctx, http.MethodPost, uri, nil) + + if err != nil { + return "", nil, err + } + + result := GenerateMagicTransitIPsecTunnelPSKResponse{} + if err := json.Unmarshal(res, &result); err != nil { + return "", nil, errors.Wrap(err, errUnmarshalError) + } + + return result.Result.Psk, result.Result.PskMetadata, nil +} diff --git a/magic_transit_ipsec_tunnel_test.go b/magic_transit_ipsec_tunnel_test.go index 26b7b2556d..8384292065 100644 --- a/magic_transit_ipsec_tunnel_test.go +++ b/magic_transit_ipsec_tunnel_test.go @@ -257,3 +257,40 @@ func TestDeleteMagicTransitIPsecTunnel(t *testing.T) { assert.Equal(t, want, actual) } } + +func TestMagicTransitIPsecTunnelGeneratePSK(t *testing.T) { + setup() + defer teardown() + + handler := func(w http.ResponseWriter, r *http.Request) { + assert.Equal(t, http.MethodPost, r.Method, "Expected method 'POST', got %s", r.Method) + w.Header().Set("content-type", "application/json") + fmt.Fprint(w, `{ + "success": true, + "errors": [], + "messages": [], + "result": { + "psk": "itworks", + "psk_metadata": { + "last_generated_on": "2017-06-14T05:20:00Z" + } + } + }`) + } + + mux.HandleFunc("/accounts/"+testAccountID+"/magic/ipsec_tunnels/c4a7362d577a6c3019a474fd6f485821/psk_generate", handler) + + lastGeneratedOn, _ := time.Parse(time.RFC3339, "2017-06-14T05:20:00Z") + + want := MagicTransitIPsecTunnelPskMetadata{ + LastGeneratedOn: lastGeneratedOn, + } + + want_psk := "itworks" + + psk, actual, err := client.GenerateMagicTransitIPsecTunnelPSK(context.Background(), testAccountID, "c4a7362d577a6c3019a474fd6f485821") + if assert.NoError(t, err) { + assert.Equal(t, want, *actual) + assert.Equal(t, want_psk, psk) + } +} diff --git a/magic_transit_tunnel_healthcheck.go b/magic_transit_tunnel_healthcheck.go new file mode 100644 index 0000000000..f79761e192 --- /dev/null +++ b/magic_transit_tunnel_healthcheck.go @@ -0,0 +1,8 @@ +package cloudflare + +// MagicTransitTunnelHealthcheck contains information about a tunnel health check. +type MagicTransitTunnelHealthcheck struct { + Enabled bool `json:"enabled"` + Target string `json:"target,omitempty"` + Type string `json:"type,omitempty"` +}