feat(vpc): enable acl cli generation (#4594)

Co-authored-by: Rémy Léone <[email protected]>

Author: scaleway-bot

cmd/scw/testdata/test-all-usage-vpc-rule-get-usage.golden

@@ -0,0 +1,20 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Retrieve a list of ACL rules for a VPC, specified by its VPC ID.
+
+USAGE:
+  scw vpc rule get [arg=value ...]
+
+ARGS:
+  vpc-id            ID of the Network ACL's VPC
+  is-ipv6           Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.
+  [region=fr-par]   Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for get
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use

cmd/scw/testdata/test-all-usage-vpc-rule-set-usage.golden

@@ -0,0 +1,30 @@
+🎲🎲🎲 EXIT CODE: 0 🎲🎲🎲
+🟥🟥🟥 STDERR️️ 🟥🟥🟥️
+Set the list of ACL rules and the default routing policy for a VPC.
+
+USAGE:
+  scw vpc rule set [arg=value ...]
+
+ARGS:
+  vpc-id                        ID of the Network ACL's VPC
+  rules.{index}.protocol        Protocol to which this rule applies (ANY | TCP | UDP | ICMP)
+  rules.{index}.source          Source IP range to which this rule applies (CIDR notation with subnet mask)
+  rules.{index}.src-port-low    Starting port of the source port range to which this rule applies (inclusive)
+  rules.{index}.src-port-high   Ending port of the source port range to which this rule applies (inclusive)
+  rules.{index}.destination     Destination IP range to which this rule applies (CIDR notation with subnet mask)
+  rules.{index}.dst-port-low    Starting port of the destination port range to which this rule applies (inclusive)
+  rules.{index}.dst-port-high   Ending port of the destination port range to which this rule applies (inclusive)
+  rules.{index}.action          Policy to apply to the packet (unknown_action | accept | drop)
+  rules.{index}.description     Rule description
+  is-ipv6                       Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.
+  default-policy                Action to take for packets which do not match any rules (unknown_action | accept | drop)
+  [region=fr-par]               Region to target. If none is passed will use default region from the config (fr-par | nl-ams | pl-waw)
+
+FLAGS:
+  -h, --help   help for set
+
+GLOBAL FLAGS:
+  -c, --config string    The path to the config file
+  -D, --debug            Enable debug mode
+  -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
+  -p, --profile string   The config profile to use

cmd/scw/testdata/test-all-usage-vpc-rule-usage.golden

@@ -3,7 +3,11 @@
 Acl Rules.
 
 USAGE:
-  scw vpc rule
+  scw vpc rule <command>
+
+AVAILABLE COMMANDS:
+  get         Get Acl Rules for VPC
+  set         Set VPC ACL rules
 
 FLAGS:
   -h, --help   help for rule
@@ -13,3 +17,5 @@ GLOBAL FLAGS:
   -D, --debug            Enable debug mode
   -o, --output string    Output format: json or human, see 'scw help output' for more info (default "human")
   -p, --profile string   The config profile to use
+
+Use "scw vpc rule [command] --help" for more information about a command.

docs/commands/vpc.md

@@ -17,6 +17,8 @@ This API allows you to manage your Virtual Private Clouds (VPCs) and Private Net
   - [Return routes with associated next hop data](#return-routes-with-associated-next-hop-data)
   - [Update Route](#update-route)
 - [Rule management command](#rule-management-command)
+  - [Get Acl Rules for VPC](#get-acl-rules-for-vpc)
+  - [Set VPC ACL rules](#set-vpc-acl-rules)
 - [Subnet management command](#subnet-management-command)
 - [VPC management command](#vpc-management-command)
   - [Create a VPC](#create-a-vpc)
@@ -313,15 +315,58 @@ scw vpc route update <route-id ...> [arg=value ...]
 
 Acl Rules.
 
-Acl Rules.
+
+### Get Acl Rules for VPC
+
+Retrieve a list of ACL rules for a VPC, specified by its VPC ID.
+
+**Usage:**
+
+```
+scw vpc rule get [arg=value ...]
+```
+
+
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| vpc-id | Required | ID of the Network ACL's VPC |
+| is-ipv6 | Required | Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type. |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
+
+### Set VPC ACL rules
+
+Set the list of ACL rules and the default routing policy for a VPC.
 
 **Usage:**
 
 ```
-scw vpc rule
+scw vpc rule set [arg=value ...]
 ```
 
 
+**Args:**
+
+| Name |   | Description |
+|------|---|-------------|
+| vpc-id | Required | ID of the Network ACL's VPC |
+| rules.{index}.protocol | Required<br />One of: `ANY`, `TCP`, `UDP`, `ICMP` | Protocol to which this rule applies |
+| rules.{index}.source | Required | Source IP range to which this rule applies (CIDR notation with subnet mask) |
+| rules.{index}.src-port-low | Required | Starting port of the source port range to which this rule applies (inclusive) |
+| rules.{index}.src-port-high | Required | Ending port of the source port range to which this rule applies (inclusive) |
+| rules.{index}.destination | Required | Destination IP range to which this rule applies (CIDR notation with subnet mask) |
+| rules.{index}.dst-port-low | Required | Starting port of the destination port range to which this rule applies (inclusive) |
+| rules.{index}.dst-port-high | Required | Ending port of the destination port range to which this rule applies (inclusive) |
+| rules.{index}.action | Required<br />One of: `unknown_action`, `accept`, `drop` | Policy to apply to the packet |
+| rules.{index}.description | Required | Rule description |
+| is-ipv6 | Required | Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type. |
+| default-policy | Required<br />One of: `unknown_action`, `accept`, `drop` | Action to take for packets which do not match any rules |
+| region | Default: `fr-par`<br />One of: `fr-par`, `nl-ams`, `pl-waw` | Region to target. If none is passed will use default region from the config |
+
+
 
 ## Subnet management command
 

go.mod

@@ -25,7 +25,7 @@ require (
 	github.com/mattn/go-isatty v0.0.20
 	github.com/moby/buildkit v0.13.2
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250317081556-ba26a9f2b785
+	github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250318071030-c9219eeb27a0
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6

go.sum

@@ -462,8 +462,8 @@ github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUz
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI=
 github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250317081556-ba26a9f2b785 h1:exmunaUMPq9jpmmQgKuuNUn3akjLodGtBNQLNiVYenI=
-github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250317081556-ba26a9f2b785/go.mod h1:792k1RTU+5JeMXm35/e2Wgp71qPH/DmDoZrRc+EFZDk=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250318071030-c9219eeb27a0 h1:PETheFa72UbxYylRz9ZNY0oUs1CkY3YHfQwv9o6EpCM=
+github.com/scaleway/scaleway-sdk-go v1.0.0-beta.32.0.20250318071030-c9219eeb27a0/go.mod h1:792k1RTU+5JeMXm35/e2Wgp71qPH/DmDoZrRc+EFZDk=
 github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8=
 github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM=
 github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA=

internal/namespaces/vpc/v2/vpc_cli.go

@@ -41,6 +41,8 @@ func GetGeneratedCommands() *core.Commands {
 		vpcRouteGet(),
 		vpcRouteUpdate(),
 		vpcRouteDelete(),
+		vpcRuleGet(),
+		vpcRuleSet(),
 		vpcRouteList(),
 	)
 }
@@ -848,6 +850,153 @@ func vpcRouteDelete() *core.Command {
 	}
 }
 
+func vpcRuleGet() *core.Command {
+	return &core.Command{
+		Short:     `Get Acl Rules for VPC`,
+		Long:      `Retrieve a list of ACL rules for a VPC, specified by its VPC ID.`,
+		Namespace: "vpc",
+		Resource:  "rule",
+		Verb:      "get",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(vpc.GetACLRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "vpc-id",
+				Short:      `ID of the Network ACL's VPC`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "is-ipv6",
+				Short:      `Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw),
+		},
+		Run: func(ctx context.Context, args interface{}) (i interface{}, e error) {
+			request := args.(*vpc.GetACLRequest)
+
+			client := core.ExtractClient(ctx)
+			api := vpc.NewAPI(client)
+			return api.GetACL(request)
+
+		},
+	}
+}
+
+func vpcRuleSet() *core.Command {
+	return &core.Command{
+		Short:     `Set VPC ACL rules`,
+		Long:      `Set the list of ACL rules and the default routing policy for a VPC.`,
+		Namespace: "vpc",
+		Resource:  "rule",
+		Verb:      "set",
+		// Deprecated:    false,
+		ArgsType: reflect.TypeOf(vpc.SetACLRequest{}),
+		ArgSpecs: core.ArgSpecs{
+			{
+				Name:       "vpc-id",
+				Short:      `ID of the Network ACL's VPC`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.protocol",
+				Short:      `Protocol to which this rule applies`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{"ANY", "TCP", "UDP", "ICMP"},
+			},
+			{
+				Name:       "rules.{index}.source",
+				Short:      `Source IP range to which this rule applies (CIDR notation with subnet mask)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.src-port-low",
+				Short:      `Starting port of the source port range to which this rule applies (inclusive)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.src-port-high",
+				Short:      `Ending port of the source port range to which this rule applies (inclusive)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.destination",
+				Short:      `Destination IP range to which this rule applies (CIDR notation with subnet mask)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.dst-port-low",
+				Short:      `Starting port of the destination port range to which this rule applies (inclusive)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.dst-port-high",
+				Short:      `Ending port of the destination port range to which this rule applies (inclusive)`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "rules.{index}.action",
+				Short:      `Policy to apply to the packet`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{"unknown_action", "accept", "drop"},
+			},
+			{
+				Name:       "rules.{index}.description",
+				Short:      `Rule description`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "is-ipv6",
+				Short:      `Defines whether this set of ACL rules is for IPv6 (false = IPv4). Each Network ACL can have rules for only one IP type.`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+			},
+			{
+				Name:       "default-policy",
+				Short:      `Action to take for packets which do not match any rules`,
+				Required:   true,
+				Deprecated: false,
+				Positional: false,
+				EnumValues: []string{"unknown_action", "accept", "drop"},
+			},
+			core.RegionArgSpec(scw.RegionFrPar, scw.RegionNlAms, scw.RegionPlWaw),
+		},
+		Run: func(ctx context.Context, args interface{}) (i interface{}, e error) {
+			request := args.(*vpc.SetACLRequest)
+
+			client := core.ExtractClient(ctx)
+			api := vpc.NewAPI(client)
+			return api.SetACL(request)
+
+		},
+	}
+}
+
 func vpcRouteList() *core.Command {
 	return &core.Command{
 		Short:     `Return routes with associated next hop data`,