Merge pull request #140 from hetznercloud/add-description-field-to-firewall-rules

Adi146 · web-flow · commit f500ba6f444b · 2021-08-03T14:12:06.000+02:00
Add description field to firewall rules
diff --git a/hcloud/firewalls/client.py b/hcloud/firewalls/client.py
@@ -14,7 +14,7 @@ def __init__(self, client, data, complete=True):
         rules = data.get('rules', [])
         if rules:
             rules = [FirewallRule(direction=rule["direction"], source_ips=rule["source_ips"],
-                                  destination_ips=rule["destination_ips"], protocol=rule['protocol'], port=rule["port"])
+                                  destination_ips=rule["destination_ips"], protocol=rule['protocol'], port=rule["port"], description=rule["description"])
                      for rule in rules]
             data['rules'] = rules
 
diff --git a/hcloud/firewalls/domain.py b/hcloud/firewalls/domain.py
@@ -60,13 +60,16 @@ class FirewallRule:
             List of permitted IPv4/IPv6 addresses in CIDR notation. Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses. You can specify 100 CIDRs at most.
     :param destination_ips: List[str]
            List of permitted IPv4/IPv6 addresses in CIDR notation. Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses. You can specify 100 CIDRs at most.
+    :param description: str
+           Short description of the firewall rule
     """
     __slots__ = (
         "direction",
         "port",
         "protocol",
         "source_ips",
-        "destination_ips"
+        "destination_ips",
+        "description"
     )
 
     DIRECTION_IN = "in"
@@ -92,12 +95,14 @@ def __init__(
             source_ips,  # type: List[str]
             port=None,  # type: Optional[str]
             destination_ips=None,  # type: Optional[List[str]]
+            description=None,  # type: Optional[str]
     ):
         self.direction = direction
         self.port = port
         self.protocol = protocol
         self.source_ips = source_ips
         self.destination_ips = destination_ips or []
+        self.description = description
 
     def to_payload(self):
         payload = {
@@ -109,6 +114,8 @@ def to_payload(self):
             payload.update({"destination_ips": self.destination_ips})
         if self.port is not None:
             payload.update({"port": self.port})
+        if self.description is not None:
+            payload.update({"description": self.description})
         return payload
 
 
diff --git a/tests/unit/firewalls/conftest.py b/tests/unit/firewalls/conftest.py
@@ -19,7 +19,8 @@ def response_create_firewall():
                     ],
                     "destination_ips": [],
                     "protocol": "tcp",
-                    "port": "80"
+                    "port": "80",
+                    "description": None
                 },
                 {
                     "direction": "out",
@@ -30,7 +31,8 @@ def response_create_firewall():
                         "ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
                     ],
                     "protocol": "tcp",
-                    "port": "80"
+                    "port": "80",
+                    "description": "allow http out"
                 }
             ],
             "applied_to": [
@@ -111,7 +113,8 @@ def firewall_response():
                     ],
                     "destination_ips": [],
                     "protocol": "tcp",
-                    "port": "80"
+                    "port": "80",
+                    "description": "allow http in"
                 },
                 {
                     "direction": "out",
@@ -122,7 +125,8 @@ def firewall_response():
                         "ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
                     ],
                     "protocol": "tcp",
-                    "port": "80"
+                    "port": "80",
+                    "description": "allow http out"
                 }
             ],
             "applied_to": [
@@ -162,7 +166,8 @@ def two_firewalls_response():
                         ],
                         "destination_ips": [],
                         "protocol": "tcp",
-                        "port": "80"
+                        "port": "80",
+                        "description": "allow http in"
                     }
                 ],
                 "applied_to": [
@@ -189,7 +194,8 @@ def two_firewalls_response():
                             "ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
                         ],
                         "protocol": "tcp",
-                        "port": "443"
+                        "port": "443",
+                        "description": "allow https in"
                     }
                 ],
                 "applied_to": [
@@ -224,7 +230,8 @@ def one_firewalls_response():
                             "ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
                         ],
                         "protocol": "tcp",
-                        "port": "80"
+                        "port": "80",
+                        "description": "allow http in"
                     }
                 ],
                 "applied_to": [
@@ -258,7 +265,8 @@ def response_update_firewall():
                     ],
                     "destination_ips": [],
                     "protocol": "tcp",
-                    "port": "80"
+                    "port": "80",
+                    "description": "allow http in"
                 }
             ],
             "applied_to": [
diff --git a/tests/unit/firewalls/test_client.py b/tests/unit/firewalls/test_client.py
@@ -46,6 +46,7 @@ def test_bound_firewall_init(self, firewall_response):
         ]
         assert isinstance(firewall_in_rule.destination_ips, list)
         assert len(firewall_in_rule.destination_ips) == 0
+        assert firewall_in_rule.description == "allow http in"
 
         firewall_out_rule = bound_firewall.rules[1]
         assert isinstance(firewall_out_rule, FirewallRule)
@@ -61,6 +62,7 @@ def test_bound_firewall_init(self, firewall_response):
             "28.239.14.0/24",
             "ff21:1eac:9a3b:ee58:5ca:990c:8bc9:c03b/128"
         ]
+        assert firewall_out_rule.description == "allow http out"
 
     @pytest.mark.parametrize(
         "params",
@@ -123,9 +125,9 @@ def test_set_rules(self, hetzner_client, bound_firewall, response_set_rules):
         hetzner_client.request.return_value = response_set_rules
         actions = bound_firewall.set_rules([
             FirewallRule(direction=FirewallRule.DIRECTION_IN, protocol=FirewallRule.PROTOCOL_ICMP,
-                         source_ips=["0.0.0.0/0", "::/0"])])
+                         source_ips=["0.0.0.0/0", "::/0"], description="New firewall description")])
         hetzner_client.request.assert_called_with(url="/firewalls/1/actions/set_rules", method="POST", json={
-            "rules": [{"direction": "in", "protocol": "icmp", "source_ips": ["0.0.0.0/0", "::/0"]}]})
+            "rules": [{"direction": "in", "protocol": "icmp", "source_ips": ["0.0.0.0/0", "::/0"], "description": "New firewall description"}]})
 
         assert actions[0].id == 13
         assert actions[0].progress == 100
