diff --git a/cmd/scw/testdata/test-all-usage-k8s-acl-add-usage.golden b/cmd/scw/testdata/test-all-usage-k8s-acl-add-usage.golden new file mode 100644 index 000000000..8fc1e7914 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-k8s-acl-add-usage.golden @@ -0,0 +1,22 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +Add new ACL rules for a specific cluster. + +USAGE: + scw k8s acl add [arg=value ...] + +ARGS: + cluster-id ID of the cluster whose ACLs will be added + [acls.{index}.ip] IP subnet to allow + [acls.{index}.scaleway-ranges] Allow access to cluster from all Scaleway ranges as defined in https://www.scaleway.com/en/docs/console/account/reference-content/scaleway-network-information/#ip-ranges-used-by-scaleway. + [acls.{index}.description] Description of the ACL + [region=fr-par] Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw) + +FLAGS: + -h, --help help for add + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use diff --git a/cmd/scw/testdata/test-all-usage-k8s-acl-delete-usage.golden b/cmd/scw/testdata/test-all-usage-k8s-acl-delete-usage.golden new file mode 100644 index 000000000..1735828b9 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-k8s-acl-delete-usage.golden @@ -0,0 +1,19 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +Delete an existing ACL. + +USAGE: + scw k8s acl delete [arg=value ...] + +ARGS: + acl-id ID of the ACL rule to delete + [region=fr-par] Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw) + +FLAGS: + -h, --help help for delete + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use diff --git a/cmd/scw/testdata/test-all-usage-k8s-acl-list-usage.golden b/cmd/scw/testdata/test-all-usage-k8s-acl-list-usage.golden new file mode 100644 index 000000000..e82c2e452 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-k8s-acl-list-usage.golden @@ -0,0 +1,19 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +List ACLs for a specific cluster. + +USAGE: + scw k8s acl list [arg=value ...] + +ARGS: + cluster-id ID of the cluster whose ACLs will be listed + [region=fr-par] Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw | all) + +FLAGS: + -h, --help help for list + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use diff --git a/cmd/scw/testdata/test-all-usage-k8s-acl-set-usage.golden b/cmd/scw/testdata/test-all-usage-k8s-acl-set-usage.golden new file mode 100644 index 000000000..195e77660 --- /dev/null +++ b/cmd/scw/testdata/test-all-usage-k8s-acl-set-usage.golden @@ -0,0 +1,22 @@ +🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲 +πŸŸ₯πŸŸ₯πŸŸ₯ STDERR️️ πŸŸ₯πŸŸ₯πŸŸ₯️ +Set new ACL rules for a specific cluster. + +USAGE: + scw k8s acl set [arg=value ...] + +ARGS: + cluster-id ID of the cluster whose ACLs will be set + [acls.{index}.ip] IP subnet to allow + [acls.{index}.scaleway-ranges] Allow access to cluster from all Scaleway ranges as defined in https://www.scaleway.com/en/docs/console/account/reference-content/scaleway-network-information/#ip-ranges-used-by-scaleway. + [acls.{index}.description] Description of the ACL + [region=fr-par] Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw) + +FLAGS: + -h, --help help for set + +GLOBAL FLAGS: + -c, --config string The path to the config file + -D, --debug Enable debug mode + -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") + -p, --profile string The config profile to use diff --git a/cmd/scw/testdata/test-all-usage-k8s-acl-usage.golden b/cmd/scw/testdata/test-all-usage-k8s-acl-usage.golden index ed9561c3a..13173ea63 100644 --- a/cmd/scw/testdata/test-all-usage-k8s-acl-usage.golden +++ b/cmd/scw/testdata/test-all-usage-k8s-acl-usage.golden @@ -3,7 +3,13 @@ Network Access Control Lists (ACLs) allow you to manage inbound network traffic by setting up ACL rules. USAGE: - scw k8s acl + scw k8s acl + +AVAILABLE COMMANDS: + add Add new ACLs + delete Delete an existing ACL + list List ACLs + set Set new ACLs FLAGS: -h, --help help for acl @@ -13,3 +19,5 @@ GLOBAL FLAGS: -D, --debug Enable debug mode -o, --output string Output format: json or human, see 'scw help output' for more info (default "human") -p, --profile string The config profile to use + +Use "scw k8s acl [command] --help" for more information about a command. diff --git a/docs/commands/k8s.md b/docs/commands/k8s.md index e50d9a296..580e09aeb 100644 --- a/docs/commands/k8s.md +++ b/docs/commands/k8s.md @@ -3,6 +3,10 @@ This API allows you to manage Kubernetes Kapsule and Kosmos clusters. - [Access Control List (ACL) management commands](#access-control-list-(acl)-management-commands) + - [Add new ACLs](#add-new-acls) + - [Delete an existing ACL](#delete-an-existing-acl) + - [List ACLs](#list-acls) + - [Set new ACLs](#set-new-acls) - [Kapsule cluster management commands](#kapsule-cluster-management-commands) - [Create a new Cluster](#create-a-new-cluster) - [Delete a Cluster](#delete-a-cluster) @@ -46,15 +50,92 @@ This API allows you to manage Kubernetes Kapsule and Kosmos clusters. Network Access Control Lists (ACLs) allow you to manage inbound network traffic by setting up ACL rules. -Network Access Control Lists (ACLs) allow you to manage inbound network traffic by setting up ACL rules. + +### Add new ACLs + +Add new ACL rules for a specific cluster. + +**Usage:** + +``` +scw k8s acl add [arg=value ...] +``` + + +**Args:** + +| Name | | Description | +|------|---|-------------| +| cluster-id | Required | ID of the cluster whose ACLs will be added | +| acls.{index}.ip | | IP subnet to allow | +| acls.{index}.scaleway-ranges | | Allow access to cluster from all Scaleway ranges as defined in https://www.scaleway.com/en/docs/console/account/reference-content/scaleway-network-information/#ip-ranges-used-by-scaleway. | +| acls.{index}.description | | Description of the ACL | +| region | Default: `fr-par`
One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config | + + + +### Delete an existing ACL + +Delete an existing ACL. + +**Usage:** + +``` +scw k8s acl delete [arg=value ...] +``` + + +**Args:** + +| Name | | Description | +|------|---|-------------| +| acl-id | Required | ID of the ACL rule to delete | +| region | Default: `fr-par`
One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config | + + + +### List ACLs + +List ACLs for a specific cluster. **Usage:** ``` -scw k8s acl +scw k8s acl list [arg=value ...] ``` +**Args:** + +| Name | | Description | +|------|---|-------------| +| cluster-id | Required | ID of the cluster whose ACLs will be listed | +| region | Default: `fr-par`
One of: `fr-par`, `nl-ams`, `pl-waw`, `all` | Region to target. If none is passed will use default region from the config | + + + +### Set new ACLs + +Set new ACL rules for a specific cluster. + +**Usage:** + +``` +scw k8s acl set [arg=value ...] +``` + + +**Args:** + +| Name | | Description | +|------|---|-------------| +| cluster-id | Required | ID of the cluster whose ACLs will be set | +| acls.{index}.ip | | IP subnet to allow | +| acls.{index}.scaleway-ranges | | Allow access to cluster from all Scaleway ranges as defined in https://www.scaleway.com/en/docs/console/account/reference-content/scaleway-network-information/#ip-ranges-used-by-scaleway. | +| acls.{index}.description | | Description of the ACL | +| region | Default: `fr-par`
One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config | + + ## Kapsule cluster management commands diff --git a/internal/namespaces/k8s/v1/k8s_cli.go b/internal/namespaces/k8s/v1/k8s_cli.go index 67a51a414..fb008d0c5 100644 --- a/internal/namespaces/k8s/v1/k8s_cli.go +++ b/internal/namespaces/k8s/v1/k8s_cli.go @@ -37,6 +37,10 @@ func GetGeneratedCommands() *core.Commands { k8sClusterListAvailableTypes(), k8sClusterResetAdminToken(), k8sClusterMigrateToSbsCsi(), + k8sACLList(), + k8sACLAdd(), + k8sACLSet(), + k8sACLDelete(), k8sPoolList(), k8sPoolCreate(), k8sPoolGet(), @@ -1196,6 +1200,183 @@ func k8sClusterMigrateToSbsCsi() *core.Command { } } +func k8sACLList() *core.Command { + return &core.Command{ + Short: `List ACLs`, + Long: `List ACLs for a specific cluster.`, + Namespace: "k8s", + Resource: "acl", + Verb: "list", + // Deprecated: false, + ArgsType: reflect.TypeOf(k8s.ListClusterACLRulesRequest{}), + ArgSpecs: core.ArgSpecs{ + { + Name: "cluster-id", + Short: `ID of the cluster whose ACLs will be listed`, + Required: true, + Deprecated: false, + Positional: false, + }, + core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw, scw.Region(core.AllLocalities)), + }, + Run: func(ctx context.Context, args interface{}) (i interface{}, e error) { + request := args.(*k8s.ListClusterACLRulesRequest) + + client := core.ExtractClient(ctx) + api := k8s.NewAPI(client) + opts := []scw.RequestOption{scw.WithAllPages()} + if request.Region == scw.Region(core.AllLocalities) { + opts = append(opts, scw.WithRegions(api.Regions()...)) + request.Region = "" + } + resp, err := api.ListClusterACLRules(request, opts...) + if err != nil { + return nil, err + } + return resp.Rules, nil + + }, + } +} + +func k8sACLAdd() *core.Command { + return &core.Command{ + Short: `Add new ACLs`, + Long: `Add new ACL rules for a specific cluster.`, + Namespace: "k8s", + Resource: "acl", + Verb: "add", + // Deprecated: false, + ArgsType: reflect.TypeOf(k8s.AddClusterACLRulesRequest{}), + ArgSpecs: core.ArgSpecs{ + { + Name: "cluster-id", + Short: `ID of the cluster whose ACLs will be added`, + Required: true, + Deprecated: false, + Positional: false, + }, + { + Name: "acls.{index}.ip", + Short: `IP subnet to allow`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "acls.{index}.scaleway-ranges", + Short: `Allow access to cluster from all Scaleway ranges as defined in https://www.scaleway.com/en/docs/console/account/reference-content/scaleway-network-information/#ip-ranges-used-by-scaleway.`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "acls.{index}.description", + Short: `Description of the ACL`, + Required: false, + Deprecated: false, + Positional: false, + }, + core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw), + }, + Run: func(ctx context.Context, args interface{}) (i interface{}, e error) { + request := args.(*k8s.AddClusterACLRulesRequest) + + client := core.ExtractClient(ctx) + api := k8s.NewAPI(client) + return api.AddClusterACLRules(request) + + }, + } +} + +func k8sACLSet() *core.Command { + return &core.Command{ + Short: `Set new ACLs`, + Long: `Set new ACL rules for a specific cluster.`, + Namespace: "k8s", + Resource: "acl", + Verb: "set", + // Deprecated: false, + ArgsType: reflect.TypeOf(k8s.SetClusterACLRulesRequest{}), + ArgSpecs: core.ArgSpecs{ + { + Name: "cluster-id", + Short: `ID of the cluster whose ACLs will be set`, + Required: true, + Deprecated: false, + Positional: false, + }, + { + Name: "acls.{index}.ip", + Short: `IP subnet to allow`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "acls.{index}.scaleway-ranges", + Short: `Allow access to cluster from all Scaleway ranges as defined in https://www.scaleway.com/en/docs/console/account/reference-content/scaleway-network-information/#ip-ranges-used-by-scaleway.`, + Required: false, + Deprecated: false, + Positional: false, + }, + { + Name: "acls.{index}.description", + Short: `Description of the ACL`, + Required: false, + Deprecated: false, + Positional: false, + }, + core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw), + }, + Run: func(ctx context.Context, args interface{}) (i interface{}, e error) { + request := args.(*k8s.SetClusterACLRulesRequest) + + client := core.ExtractClient(ctx) + api := k8s.NewAPI(client) + return api.SetClusterACLRules(request) + + }, + } +} + +func k8sACLDelete() *core.Command { + return &core.Command{ + Short: `Delete an existing ACL`, + Long: `Delete an existing ACL.`, + Namespace: "k8s", + Resource: "acl", + Verb: "delete", + // Deprecated: false, + ArgsType: reflect.TypeOf(k8s.DeleteACLRuleRequest{}), + ArgSpecs: core.ArgSpecs{ + { + Name: "acl-id", + Short: `ID of the ACL rule to delete`, + Required: true, + Deprecated: false, + Positional: false, + }, + core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw), + }, + Run: func(ctx context.Context, args interface{}) (i interface{}, e error) { + request := args.(*k8s.DeleteACLRuleRequest) + + client := core.ExtractClient(ctx) + api := k8s.NewAPI(client) + e = api.DeleteACLRule(request) + if e != nil { + return nil, e + } + return &core.SuccessResult{ + Resource: "acl", + Verb: "delete", + }, nil + }, + } +} + func k8sPoolList() *core.Command { return &core.Command{ Short: `List Pools in a Cluster`,