syntax = "proto3";

package yandex.cloud.vpc.v1;

import "google/protobuf/timestamp.proto";
import "yandex/cloud/validation.proto";

option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/vpc/v1;vpc";
option java_package = "yandex.cloud.api.vpc.v1";

message SecurityGroup {

    enum Status {
        STATUS_UNSPECIFIED = 0;
        CREATING = 1;
        ACTIVE = 2;
        // updating is a long operation because we must update all instances in SG
        UPDATING = 3;
        DELETING = 4;
    }

    string id = 1;
    string folder_id = 2;
    google.protobuf.Timestamp created_at = 3;
    string name = 4;
    string description = 5;
    map<string, string> labels = 6;

    string network_id = 7;
    Status status = 8;

    repeated SecurityGroupRule rules = 9;

    bool default_for_network = 10;
}

message SecurityGroupRule {
    string id = 1; //generated by api server after rule creation

    string description = 2;
    map<string, string> labels = 3;

    Direction direction = 4 [(required) = true];
    PortRange ports = 5; // null value means any

    // null value means any protocol
    // values from https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
    string protocol_name = 6;
    int64 protocol_number = 7;

    oneof target {
        option (exactly_one) = true;

        CidrBlocks cidr_blocks = 8;
        string security_group_id = 9;
        string predefined_target = 10;
    }

    enum Direction {
        DIRECTION_UNSPECIFIED = 0;
        INGRESS = 1;
        EGRESS = 2;
    }
}

message PortRange {
    int64 from_port = 1 [(value) = "0-65535"];
    int64 to_port = 2 [(value) = "0-65535"];
}

message CidrBlocks {
    repeated string v4_cidr_blocks = 1;
    repeated string v6_cidr_blocks = 2;
}
