/**
* Create a Meraki REST API wrapper for the mx-l3-firewall ressource. See the
* [online documentation]{@link https://dashboard.meraki.com/api_docs#mx-l3-firewall} for more information.
*
* @module meraki/rest/mxL3Firewall
* @param { string } [apiKey=''] The Meraki api key
* @param { string } [target='api'] The Meraki target
* @param { string } [basePath='/'] The Meraki base path for the mx-l3-firewall ressource
* @param { string } [baseUrl='https://api.meraki.com'] The Meraki base url for the ressource
* @param { string } rateLimiter The rate limiter (bottleneck) configuration
* @param { object } [logger] Logger to use if logging is enabled
* @return { Object } The initialized Meraki REST API wrapper for the mx-l3-firewall ressource
* @example
* const apiKey = 'secret meraki api key'
* const organizationId = 'meraki organization id'
* const version = 'v0'
* const target = 'n12'
* const basePath = `/${target}/${version}/network`
* const rateLimiter = {
* enabled: true
* }
* const mxL3FirewallEndpoints = require('./lib/rest/mxL3Firewall')({ apiKey, target, basePath, baseUrl, rateLimiter })
*/
function createMxL3FirewallEndpoints ({
apiKey = '',
target = 'api',
basePath = '/',
baseUrl = 'https://api.meraki.com',
rateLimiter,
logger
}) {
const axios = require('./axios')({ baseUrl, rateLimiter, logger })
/**
* List the L3 firewall rules for a MX network.
*
* @memberof module:meraki/rest/mxL3Firewall
* @param { string } [apiKey] Optional custom apiKey for this request (if not set will take the inital apiKey)
* @param { string } [target] Optional custom target for this request (if not set will take the inital target)
* @param { string } [scope] Optional custom scope for rate limiter
* @param { string } networkId The id of the MX network for which to list the L3 firewall rules
* @return { Promise } A promise holding the L3 firewall rules this MX network
* @example <caption>Example response</caption>
* [
* {
* "comment": "Allow TCP traffic to subnet with HTTP servers.",
* "policy": "allow",
* "protocol": "tcp",
* "destPort": 443,
* "destCidr": "192.168.1.0/24",
* "srcPort": "Any",
* "srcCidr": "Any",
* "syslogEnabled": false
* }
* ]
*/
function listMxL3FirewallRules ({
apiKey: localApiKey,
target: localTarget,
scope,
networkId
}) {
if (!networkId) {
return Promise.reject(new Error('The parameter networkId is mandatory'))
}
return axios._get(
localApiKey || apiKey,
localTarget || target,
scope,
`${basePath}/${networkId}/l3FirewallRules`
)
}
/**
* Update the L3 firewall rules of an MX network. Pass an empty array to remove all rules but the default rule.
* If the network is bound to a template you have to pass the template id instead of the network id.
*
* @memberof module:meraki/rest/mxL3Firewall
* @param { string } [apiKey] Optional custom apiKey for this request (if not set will take the inital apiKey)
* @param { string } [target] Optional custom target for this request (if not set will take the inital target)
* @param { string } [scope] Optional custom scope for rate limiter
* @param { string } networkId The id of the MX network for which to list the L3 firewall rules
* @param { array } rules
* @param { string } [rules.comment] Description of the rule
* @param { string } rules.policy 'Allow' or 'Deny' traffic specified by this rule
* @param { string } rules.protocol The type of protocol (must be 'tcp', 'udp', 'icmp' or 'any')
* @param { string } rules.srcPort Comma-separated list of source port(s) (integer in the range 1-65535), or 'any'
* @param { string } rules.srcCidr Comma-separated list of source IP address(es) (in IP or CIDR notation), or 'any' (note: FQDN not supported for source addresses)
* @param { string } rules.destPort Comma-separated list of destination port(s) (integer in the range 1-65535), or 'any'
* @param { string } rules.destCidr Comma-separated list of destination IP address(es) (in IP or CIDR notation), fully-qualified domain names (FQDN) or 'any'
* @param { string } rules.syslogEnabled Log this rule to syslog (true or false, boolean value) - only applicable if a syslog has been configured (optional)
* @param { boolean } [syslogDefaultRule] Log the special default rule (boolean value - enable only if you've configured a syslog server)
* @return { Promise } A promise holding the updated L3 firewall rules this MX network
* @example <caption>Example request data</caption>
* {
* "comment": "Allow TCP traffic to subnet with HTTP servers.",
* "policy": "allow",
* "protocol": "tcp",
* "destPort": 443,
* "destCidr": "192.168.1.0/24",
* "srcPort": "Any",
* "srcCidr": "Any",
* "syslogEnabled": false
* }
* @example <caption>Example response</caption>
* [
* {
* "comment": "Allow TCP traffic to subnet with HTTP servers.",
* "policy": "allow",
* "protocol": "tcp",
* "destPort": 443,
* "destCidr": "192.168.1.0/24",
* "srcPort": "Any",
* "srcCidr": "Any",
* "syslogEnabled": false
* }
* ]
*/
function updateMxL3FirewallRule ({
apiKey: localApiKey,
target: localTarget,
scope,
networkId,
rules,
syslogDefaultRule
}) {
if (!networkId) {
return Promise.reject(new Error('The parameter networkId is mandatory'))
} else if (!rules) {
return Promise.reject(new Error('The parameter rules is mandatory'))
} else if (!Array.isArray(rules)) {
return Promise.reject(
new Error('The parameter rules must be of type array')
)
}
return axios._put(
localApiKey || apiKey,
localTarget || target,
scope,
`${basePath}/${networkId}/l3FirewallRules`,
{ rules, syslogDefaultRule }
)
}
return {
listMxL3FirewallRules,
updateMxL3FirewallRule
}
}
module.exports = createMxL3FirewallEndpoints