API refinement

cmd/metal-api/internal/service/machine-service.go

@@ -1039,10 +1039,10 @@ func createMachineAllocationSpec(ds *datastore.RethinkStore, machineRequest v1.M
 		role    = metal.RoleMachine
 	)
 
-	if firewallRequest != nil {
+	if firewallRequest != nil && firewallRequest.FirewallRules != nil {
 		role = metal.RoleFirewall
 
-		for _, ruleSpec := range firewallRequest.Egress {
+		for _, ruleSpec := range firewallRequest.FirewallRules.Egress {
 			ruleSpec := ruleSpec
 
 			protocol, err := metal.ProtocolFromString(ruleSpec.Protocol)
@@ -1064,7 +1064,7 @@ func createMachineAllocationSpec(ds *datastore.RethinkStore, machineRequest v1.M
 			egress = append(egress, rule)
 		}
 
-		for _, ruleSpec := range firewallRequest.Ingress {
+		for _, ruleSpec := range firewallRequest.FirewallRules.Ingress {
 			ruleSpec := ruleSpec
 
 			protocol, err := metal.ProtocolFromString(ruleSpec.Protocol)

cmd/metal-api/internal/service/v1/firewall.go

@@ -6,8 +6,7 @@ type FirewallCreateRequest struct {
 }
 
 type FirewallAllocateRequest struct {
-	Egress  []FirewallEgressRule  `json:"egress,omitempty" description:"list of egress rules to be deployed during firewall allocation" optional:"true"`
-	Ingress []FirewallIngressRule `json:"ingress,omitempty" description:"list of ingress rules to be deployed during firewall allocation" optional:"true"`
+	FirewallRules *FirewallRules `json:"firewall_rules" description:"optional egress and ingress firewall rules to deploy during firewall allocation" optional:"true"`
 }
 
 type FirewallEgressRule struct {

cmd/metal-api/internal/service/v1/machine.go

@@ -47,8 +47,8 @@ type MachineAllocation struct {
 }
 
 type FirewallRules struct {
-	Egress  []*FirewallEgressRule  `json:"egress"`
-	Ingress []*FirewallIngressRule `json:"ingress"`
+	Egress  []FirewallEgressRule  `json:"egress,omitempty" description:"list of egress rules to be deployed during firewall allocation" optional:"true"`
+	Ingress []FirewallIngressRule `json:"ingress,omitempty" description:"list of ingress rules to be deployed during firewall allocation" optional:"true"`
 }
 
 type BootInfo struct {
@@ -521,13 +521,13 @@ func NewMachineResponse(m *metal.Machine, s *metal.Size, p *metal.Partition, i *
 		var firewallRules *FirewallRules
 		if m.Allocation.Role == metal.RoleFirewall {
 			var (
-				egressRules  []*FirewallEgressRule
-				ingressRules []*FirewallIngressRule
+				egressRules  []FirewallEgressRule
+				ingressRules []FirewallIngressRule
 			)
 
 			for _, r := range m.Allocation.Egress {
 				r := r
-				egressRules = append(egressRules, &FirewallEgressRule{
+				egressRules = append(egressRules, FirewallEgressRule{
 					Protocol: string(r.Protocol),
 					Ports:    r.Ports,
 					ToCIDRs:  r.ToCIDRs,
@@ -536,7 +536,7 @@ func NewMachineResponse(m *metal.Machine, s *metal.Size, p *metal.Partition, i *
 			}
 			for _, r := range m.Allocation.Ingress {
 				r := r
-				egressRules = append(egressRules, &FirewallEgressRule{
+				egressRules = append(egressRules, FirewallEgressRule{
 					Protocol: string(r.Protocol),
 					Ports:    r.Ports,
 					ToCIDRs:  r.FromCIDRs,

spec/metal-api.json

@@ -1017,19 +1017,9 @@
     },
     "v1.FirewallAllocateRequest": {
       "properties": {
-        "egress": {
-          "description": "list of egress rules to be deployed during firewall allocation",
-          "items": {
-            "$ref": "#/definitions/v1.FirewallEgressRule"
-          },
-          "type": "array"
-        },
-        "ingress": {
-          "description": "list of ingress rules to be deployed during firewall allocation",
-          "items": {
-            "$ref": "#/definitions/v1.FirewallIngressRule"
-          },
-          "type": "array"
+        "firewall_rules": {
+          "$ref": "#/definitions/v1.FirewallRules",
+          "description": "optional egress and ingress firewall rules to deploy during firewall allocation"
         }
       }
     },
@@ -1039,17 +1029,14 @@
           "description": "a description for this entity",
           "type": "string"
         },
-        "egress": {
-          "description": "list of egress rules to be deployed during firewall allocation",
-          "items": {
-            "$ref": "#/definitions/v1.FirewallEgressRule"
-          },
-          "type": "array"
-        },
         "filesystemlayoutid": {
           "description": "the filesystemlayout id to assing to this machine",
           "type": "string"
         },
+        "firewall_rules": {
+          "$ref": "#/definitions/v1.FirewallRules",
+          "description": "optional egress and ingress firewall rules to deploy during firewall allocation"
+        },
         "hostname": {
           "description": "the hostname for the allocated machine (defaults to metal)",
           "type": "string"
@@ -1058,13 +1045,6 @@
           "description": "the image id to assign this machine to",
           "type": "string"
         },
-        "ingress": {
-          "description": "list of ingress rules to be deployed during firewall allocation",
-          "items": {
-            "$ref": "#/definitions/v1.FirewallIngressRule"
-          },
-          "type": "array"
-        },
         "ips": {
           "description": "the ips to attach to this machine additionally",
           "items": {
@@ -1477,22 +1457,20 @@
     "v1.FirewallRules": {
       "properties": {
         "egress": {
+          "description": "list of egress rules to be deployed during firewall allocation",
           "items": {
             "$ref": "#/definitions/v1.FirewallEgressRule"
           },
           "type": "array"
         },
         "ingress": {
+          "description": "list of ingress rules to be deployed during firewall allocation",
           "items": {
             "$ref": "#/definitions/v1.FirewallIngressRule"
           },
           "type": "array"
         }
-      },
-      "required": [
-        "egress",
-        "ingress"
-      ]
+      }
     },
     "v1.FirmwaresResponse": {
       "properties": {