Implementing MEP-6: Clusters with private networks only / DMZ (#171)

metal-stack · Mar 3, 2021 · 1360c4d · 1360c4d
1 parent 695a33b
commit 1360c4d
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 7 deletions.
diff --git a/cmd/metal-api/internal/service/network-service.go b/cmd/metal-api/internal/service/network-service.go
@@ -415,10 +415,14 @@ func (r networkResource) allocateNetwork(request *restful.Request, response *res
 	if requestPayload.PartitionID != nil {
 		partitionID = *requestPayload.PartitionID
 	}
-	shared := false
+	var shared bool
 	if requestPayload.Shared != nil {
 		shared = *requestPayload.Shared
 	}
+	var nat bool
+	if requestPayload.Nat != nil {
+		nat = *requestPayload.Nat
+	}
 
 	if projectID == "" {
 		if checkError(request, response, utils.CurrentFuncName(), fmt.Errorf("projectid should not be empty")) {
@@ -448,15 +452,28 @@ func (r networkResource) allocateNetwork(request *restful.Request, response *res
 		return
 	}
 
+	destPrefixes := metal.Prefixes{}
+	for _, p := range requestPayload.DestinationPrefixes {
+		prefix, err := metal.NewPrefixFromCIDR(p)
+		if err != nil {
+			if checkError(request, response, utils.CurrentFuncName(), fmt.Errorf("given prefix %v is not a valid ip with mask: %v", p, err)) {
+				return
+			}
+		}
+		destPrefixes = append(destPrefixes, *prefix)
+	}
+
 	nwSpec := &metal.Network{
 		Base: metal.Base{
 			Name:        name,
 			Description: description,
 		},
-		PartitionID: partition.ID,
-		ProjectID:   project.GetProject().GetMeta().GetId(),
-		Labels:      requestPayload.Labels,
-		Shared:      shared,
+		PartitionID:         partition.ID,
+		ProjectID:           project.GetProject().GetMeta().GetId(),
+		Labels:              requestPayload.Labels,
+		DestinationPrefixes: destPrefixes,
+		Shared:              shared,
+		Nat:                 nat,
 	}
 
 	nw, err := createChildNetwork(r.ds, r.ipamer, nwSpec, &superNetwork, partition.PrivateNetworkPrefixLength)
@@ -493,10 +510,10 @@ func createChildNetwork(ds *datastore.RethinkStore, ipamer ipam.IPAMer, nwSpec *
 			Description: nwSpec.Description,
 		},
 		Prefixes:            metal.Prefixes{*childPrefix},
-		DestinationPrefixes: metal.Prefixes{},
+		DestinationPrefixes: nwSpec.DestinationPrefixes,
 		PartitionID:         parent.PartitionID,
 		ProjectID:           nwSpec.ProjectID,
-		Nat:                 false,
+		Nat:                 nwSpec.Nat,
 		PrivateSuper:        false,
 		Underlay:            false,
 		Shared:              nwSpec.Shared,

diff --git a/cmd/metal-api/internal/service/v1/network.go b/cmd/metal-api/internal/service/v1/network.go
@@ -45,6 +45,8 @@ type NetworkCreateRequest struct {
 type NetworkAllocateRequest struct {
 	Describable
 	NetworkBase
+	DestinationPrefixes []string `json:"destinationprefixes" description:"the destination prefixes of this network" optional:"true"`
+	Nat                 *bool    `json:"nat" description:"if set to true, packets leaving this network get masqueraded behind interface ip" optional:"true"`
 }
 
 // NetworkFindRequest is used to find a Network with different criteria.

diff --git a/spec/metal-api.json b/spec/metal-api.json
@@ -2000,6 +2000,13 @@
           "description": "a description for this entity",
           "type": "string"
         },
+        "destinationprefixes": {
+          "description": "the destination prefixes of this network",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "labels": {
           "additionalProperties": {
             "type": "string"
@@ -2011,6 +2018,10 @@
           "description": "a readable name for this entity",
           "type": "string"
         },
+        "nat": {
+          "description": "if set to true, packets leaving this network get masqueraded behind interface ip",
+          "type": "boolean"
+        },
         "partitionid": {
           "description": "the partition this network belongs to",
           "type": "string"