VM防火墙规则更新
[英]VM firewall rules update
问题描述
Is there an API to update the firewall rules using NodeJS, an example would be really appreciated. 
是否有使用NodeJS更新防火墙规则的API,我们将不胜感激一个示例。
Requirement: I have a list of CDN trusted IPs around 1700, to be allowed to access specific VM in GCP on port 80. 要求:我有一个大约1700个CDN可信IP的列表,被允许访问端口80上GCP中的特定VM。
As I understand, we can have a maximum of 256 source ips per firewall rule. 据我了解,每个防火墙规则最多可以有256个源IP。 I can create and update 8 of them, and tag with the same name, 我可以创建和更新其中的8个,并使用相同的名称进行标记,
Question: can we do it using NodeJS API? 问题:我们可以使用NodeJS API做到吗?
This API doesn't return firewall rules. 该 API不返回防火墙规则。
Equivalent of cli commands is as below 等效的cli命令如下
gcloud compute firewall-rules describe alltraffic
gcloud compute firewall-rules update alltraffic --source-ranges="14.201.176.140/32","14.201.176.144/32"
gcloud compute firewall-rules create ramtest1 --allow="tcp:80" --description="ramtest1" --source-ranges="205.251.192.0/19","52.95.174.0/24" --target-tags="tcp-111"
https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/ https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/
don't see the update command in the nodejs api https://cloud.google.com/nodejs/docs/reference/compute/0.10.x/Firewall#create https://cloud.google.com/nodejs/docs/reference/compute/0.10.x/Compute#createFirewall 在nodejs api https://cloud.google.com/nodejs/docs/reference/compute/0.10.x/Firewall#create https://cloud.google.com/nodejs/docs/中看不到更新命令参考/计算/0.10.x/计算#create防火墙
exports.run_process = async (req, res) => {
const Compute = require('@google-cloud/compute');
const compute = new Compute();
const network = compute.network('default');
const firewalls = (await network.getFirewalls())[0];
for(const firewall of firewalls) {
// console.log('firewall == '+JSON.stringify(firewall));
console.log('firewall = '+firewall.metadata.name);
if(firewall.metadata.name === 'alltraffic') {
console.log(' xxxxxxxxxxxxxxxxxxxx changing all traffic xxxxxxxxxxxxxx ');
}
}
return res.status(200).send('ok');
};
This code above lists the firewall rule, NFI why its called as firewall, when in the console its called as firewall rules, it's so confusing 上面的代码列出了防火墙规则,NFI为什么将其称为防火墙,而在控制台中将其称为防火墙规则,却是如此令人困惑
1 个解决方案
解决方案1
0 2019-10-20 20:36:33
You should use the setMetadata function to update a firewall rule. 您应该使用setMetadata函数更新防火墙规则。 For example, take this nodejs snippet which reads and updates the description of a firewall rule: 例如,请使用以下nodejs片段,该片段读取并更新防火墙规则的描述:
async function doit() {
const Compute = require('@google-cloud/compute');
const compute = new Compute();
const f = compute.firewall('default-allow-10000');
f.get().then(data => {
const firewall = data[0];
console.log('initial description: ' + firewall.metadata.description);
const metadata = {
description: 'new description for this rule'
};
return firewall.setMetadata(metadata);
}).then(data => {
const firewall = data[0];
console.log('description set');
return compute.firewall('default-allow-10000').get();
}).then(data => {
const firewall = data[0];
console.log('current description: ' + firewall.metadata.description);
});
}
doit();
In my example, this gives the output of: 在我的示例中,输出为:
initial description: old description description set current description: new description for this rule
To see what exists on the metadata object, you should look at the definition of the Firewall resource in the REST API. 要查看元数据对象上存在的内容,应查看REST API中防火墙资源的定义 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.