TPT-3388: Separated GET and POST/PUT options structs where needed (#969)

* Separated GET and POST/PUT options structs where needed

* Separated additional structs that were reused for options and response

* More struct fixes

* Fix lint

* Rename FirewallRule structs

* integration test fixes

* Addressed PR comments

* FirewallRuleSetRule options; test updates; fixture refreshed

* Address more PR comments

---------

Co-authored-by: Zhiwei Liang <zliang@akamai.com>

Author: ezilber-akamai

firewall_rules.go

@@ -22,27 +22,69 @@ type NetworkAddresses struct {
 	IPv6 []string `json:"ipv6,omitzero"`
 }
 
-// A FirewallRule is a whitelist of ports, protocols, and addresses for which traffic should be allowed.
-// The ipv4/ipv6 address lists may contain Prefix List tokens (for example, "pl::..." or "pl:system:...")
-// in addition to literal IP addresses.
-type FirewallRule struct {
+type FirewallRuleInbound struct {
 	Action      string           `json:"action"`
 	Label       string           `json:"label"`
 	Description string           `json:"description,omitzero"`
 	Ports       string           `json:"ports,omitzero"`
 	Protocol    NetworkProtocol  `json:"protocol"`
 	Addresses   NetworkAddresses `json:"addresses"`
 
-	// FirewallRule references one `Rule Set` by ID. When provided, this entry
+	// FirewallRuleInbound references one `Rule Set` by ID. When provided, this entry
 	// represents a reference and should be mutually exclusive with ordinary
 	// rule fields according to the API contract.
 	RuleSet int `json:"ruleset,omitzero"`
 }
 
-// MarshalJSON ensures that when a rule references a Rule Set (RuleSet != 0),
+type FirewallRuleOutbound struct {
+	Action      string           `json:"action"`
+	Label       string           `json:"label"`
+	Description string           `json:"description,omitzero"`
+	Ports       string           `json:"ports,omitzero"`
+	Protocol    NetworkProtocol  `json:"protocol"`
+	Addresses   NetworkAddresses `json:"addresses"`
+
+	// FirewallRuleOutbound references one `Rule Set` by ID. When provided, this entry
+	// represents a reference and should be mutually exclusive with ordinary
+	// rule fields according to the API contract.
+	RuleSet int `json:"ruleset,omitzero"`
+}
+
+// MarshalJSON ensures that when a rule references a Rule Set (FirewallRuleSet != 0),
+// only the reference shape { "ruleset": <id> } is emitted. Otherwise, the
+// ordinary rule fields are emitted without the ruleset key.
+func (r FirewallRuleInbound) MarshalJSON() ([]byte, error) {
+	if r.RuleSet != 0 {
+		type rulesetOnly struct {
+			RuleSet int `json:"ruleset"`
+		}
+
+		return json.Marshal(rulesetOnly{RuleSet: r.RuleSet})
+	}
+
+	type normal struct {
+		Action      string           `json:"action"`
+		Label       string           `json:"label"`
+		Description string           `json:"description,omitzero"`
+		Ports       string           `json:"ports,omitzero"`
+		Protocol    NetworkProtocol  `json:"protocol"`
+		Addresses   NetworkAddresses `json:"addresses"`
+	}
+
+	return json.Marshal(normal{
+		Action:      r.Action,
+		Label:       r.Label,
+		Description: r.Description,
+		Ports:       r.Ports,
+		Protocol:    r.Protocol,
+		Addresses:   r.Addresses,
+	})
+}
+
+// MarshalJSON ensures that when a rule references a Rule Set (FirewallRuleSet != 0),
 // only the reference shape { "ruleset": <id> } is emitted. Otherwise, the
 // ordinary rule fields are emitted without the ruleset key.
-func (r FirewallRule) MarshalJSON() ([]byte, error) {
+func (r FirewallRuleOutbound) MarshalJSON() ([]byte, error) {
 	if r.RuleSet != 0 {
 		type rulesetOnly struct {
 			RuleSet int `json:"ruleset"`
@@ -70,34 +112,36 @@ func (r FirewallRule) MarshalJSON() ([]byte, error) {
 	})
 }
 
-// FirewallRuleSet is a pair of inbound and outbound rules that specify what network traffic should be allowed.
-type FirewallRuleSet struct {
-	Inbound        []FirewallRule `json:"inbound"`
-	InboundPolicy  string         `json:"inbound_policy"`
-	Outbound       []FirewallRule `json:"outbound"`
-	OutboundPolicy string         `json:"outbound_policy"`
-
-	// TODO: separate request and response types in linodego v2
-	// read-only, can't be used in creating or updating a Firewall
-	Version int `json:"version,omitzero"`
-	// read-only, can't be used in creating or updating a Firewall
-	Fingerprint string `json:"fingerprint,omitzero"`
+// FirewallRules is a pair of inbound and outbound rules that specify what network traffic should be allowed.
+type FirewallRules struct {
+	Inbound        []FirewallRuleInbound  `json:"inbound"`
+	InboundPolicy  string                 `json:"inbound_policy"`
+	Outbound       []FirewallRuleOutbound `json:"outbound"`
+	OutboundPolicy string                 `json:"outbound_policy"`
+	Version        int                    `json:"version,omitzero"`
+	Fingerprint    string                 `json:"fingerprint,omitzero"`
+}
+type FirewallRulesUpdateOptions struct {
+	Inbound        []FirewallRuleInbound  `json:"inbound"`
+	InboundPolicy  string                 `json:"inbound_policy"`
+	Outbound       []FirewallRuleOutbound `json:"outbound"`
+	OutboundPolicy string                 `json:"outbound_policy"`
 }
 
-// GetFirewallRules gets the FirewallRuleSet for the given Firewall.
-func (c *Client) GetFirewallRules(ctx context.Context, firewallID int) (*FirewallRuleSet, error) {
+// GetFirewallRules gets the FirewallRules for the given Firewall.
+func (c *Client) GetFirewallRules(ctx context.Context, firewallID int) (*FirewallRules, error) {
 	e := formatAPIPath("networking/firewalls/%d/rules", firewallID)
-	return doGETRequest[FirewallRuleSet](ctx, c, e)
+	return doGETRequest[FirewallRules](ctx, c, e)
 }
 
-// GetFirewallRulesExpansion gets the expanded FirewallRuleSet for the given Firewall.
-func (c *Client) GetFirewallRulesExpansion(ctx context.Context, firewallID int) (*FirewallRuleSet, error) {
+// GetFirewallRulesExpansion gets the expanded FirewallRules for the given Firewall.
+func (c *Client) GetFirewallRulesExpansion(ctx context.Context, firewallID int) (*FirewallRules, error) {
 	e := formatAPIPath("networking/firewalls/%d/rules/expansion", firewallID)
-	return doGETRequest[FirewallRuleSet](ctx, c, e)
+	return doGETRequest[FirewallRules](ctx, c, e)
 }
 
-// UpdateFirewallRules updates the FirewallRuleSet for the given Firewall
-func (c *Client) UpdateFirewallRules(ctx context.Context, firewallID int, rules FirewallRuleSet) (*FirewallRuleSet, error) {
+// UpdateFirewallRules updates the FirewallRules for the given Firewall
+func (c *Client) UpdateFirewallRules(ctx context.Context, firewallID int, rules FirewallRulesUpdateOptions) (*FirewallRules, error) {
 	e := formatAPIPath("networking/firewalls/%d/rules", firewallID)
-	return doPUTRequest[FirewallRuleSet](ctx, c, e, rules)
+	return doPUTRequest[FirewallRules](ctx, c, e, rules)
 }

firewall_rulesets.go

@@ -17,25 +17,54 @@ const (
 	FirewallRuleSetTypeOutbound FirewallRuleSetType = "outbound"
 )
 
-// RuleSet represents the Rule Set resource.
+// FirewallRuleSet represents the Rule Set resource.
 // Note: created/updated/deleted are parsed via UnmarshalJSON into time.Time pointers.
-type RuleSet struct {
-	ID               int                 `json:"id"`
-	Label            string              `json:"label"`
-	Description      string              `json:"description,omitzero"`
-	Type             FirewallRuleSetType `json:"type"`
-	Rules            []FirewallRule      `json:"rules"`
-	IsServiceDefined bool                `json:"is_service_defined"`
-	Version          int                 `json:"version"`
+type FirewallRuleSet struct {
+	ID               int                   `json:"id"`
+	Label            string                `json:"label"`
+	Description      string                `json:"description,omitzero"`
+	Type             FirewallRuleSetType   `json:"type"`
+	Rules            []FirewallRuleSetRule `json:"rules"`
+	IsServiceDefined bool                  `json:"is_service_defined"`
+	Version          int                   `json:"version"`
 
 	Created *time.Time `json:"-"`
 	Updated *time.Time `json:"-"`
 	Deleted *time.Time `json:"-"`
 }
 
-// UnmarshalJSON implements custom timestamp parsing for RuleSet.
-func (r *RuleSet) UnmarshalJSON(b []byte) error {
-	type Mask RuleSet
+// A FirewallRuleSetRule is a whitelist of ports, protocols, and addresses for which traffic should be allowed.
+// The ipv4/ipv6 address lists may contain Prefix List tokens (for example, "pl::..." or "pl:system:...")
+// in addition to literal IP addresses.
+type FirewallRuleSetRule struct {
+	Action    string           `json:"action"`
+	Label     string           `json:"label"`
+	Ports     string           `json:"ports,omitzero"`
+	Protocol  NetworkProtocol  `json:"protocol"`
+	Addresses NetworkAddresses `json:"addresses"`
+}
+
+// FirewallRuleSetRuleCreateOptions fields accepted in Firewall Rule Set create payloads.
+type FirewallRuleSetRuleCreateOptions struct {
+	Action    string           `json:"action"`
+	Label     string           `json:"label"`
+	Ports     string           `json:"ports,omitzero"`
+	Protocol  NetworkProtocol  `json:"protocol"`
+	Addresses NetworkAddresses `json:"addresses"`
+}
+
+// FirewallRuleSetRuleUpdateOptions fields accepted in Firewall Rule Set update payloads.
+type FirewallRuleSetRuleUpdateOptions struct {
+	Action    string           `json:"action"`
+	Label     string           `json:"label"`
+	Ports     string           `json:"ports,omitzero"`
+	Protocol  NetworkProtocol  `json:"protocol"`
+	Addresses NetworkAddresses `json:"addresses"`
+}
+
+// UnmarshalJSON implements custom timestamp parsing for FirewallRuleSet.
+func (r *FirewallRuleSet) UnmarshalJSON(b []byte) error {
+	type Mask FirewallRuleSet
 
 	aux := struct {
 		*Mask
@@ -66,44 +95,44 @@ func (r *RuleSet) UnmarshalJSON(b []byte) error {
 	return nil
 }
 
-// RuleSetCreateOptions fields accepted by CreateRuleSet.
-type RuleSetCreateOptions struct {
-	Label       string              `json:"label"`
-	Description string              `json:"description,omitzero"`
-	Type        FirewallRuleSetType `json:"type"`
-	Rules       []FirewallRule      `json:"rules"`
+// FirewallRuleSetCreateOptions fields accepted by CreateRuleSet.
+type FirewallRuleSetCreateOptions struct {
+	Label       string                             `json:"label"`
+	Description string                             `json:"description,omitzero"`
+	Type        FirewallRuleSetType                `json:"type"`
+	Rules       []FirewallRuleSetRuleCreateOptions `json:"rules"`
 }
 
-// RuleSetUpdateOptions fields accepted by UpdateRuleSet.
+// FirewallRuleSetUpdateOptions fields accepted by UpdateRuleSet.
 // Omit a top-level field to leave it unchanged. If Rules is provided, it
 // replaces the entire ordered rules array.
-type RuleSetUpdateOptions struct {
-	Label       *string        `json:"label,omitzero"`
-	Description *string        `json:"description,omitzero"`
-	Rules       []FirewallRule `json:"rules,omitzero"`
+type FirewallRuleSetUpdateOptions struct {
+	Label       *string                            `json:"label,omitzero"`
+	Description *string                            `json:"description,omitzero"`
+	Rules       []FirewallRuleSetRuleUpdateOptions `json:"rules,omitzero"`
 }
 
 // ListFirewallRuleSets returns a paginated list of Rule Sets.
 // Supports filtering (e.g., by label) via ListOptions.Filter.
-func (c *Client) ListFirewallRuleSets(ctx context.Context, opts *ListOptions) ([]RuleSet, error) {
-	return getPaginatedResults[RuleSet](ctx, c, "networking/firewalls/rulesets", opts)
+func (c *Client) ListFirewallRuleSets(ctx context.Context, opts *ListOptions) ([]FirewallRuleSet, error) {
+	return getPaginatedResults[FirewallRuleSet](ctx, c, "networking/firewalls/rulesets", opts)
 }
 
 // CreateFirewallRuleSet creates a new Rule Set.
-func (c *Client) CreateFirewallRuleSet(ctx context.Context, opts RuleSetCreateOptions) (*RuleSet, error) {
-	return doPOSTRequest[RuleSet](ctx, c, "networking/firewalls/rulesets", opts)
+func (c *Client) CreateFirewallRuleSet(ctx context.Context, opts FirewallRuleSetCreateOptions) (*FirewallRuleSet, error) {
+	return doPOSTRequest[FirewallRuleSet](ctx, c, "networking/firewalls/rulesets", opts)
 }
 
 // GetFirewallRuleSet fetches a Rule Set by ID.
-func (c *Client) GetFirewallRuleSet(ctx context.Context, rulesetID int) (*RuleSet, error) {
+func (c *Client) GetFirewallRuleSet(ctx context.Context, rulesetID int) (*FirewallRuleSet, error) {
 	e := formatAPIPath("networking/firewalls/rulesets/%d", rulesetID)
-	return doGETRequest[RuleSet](ctx, c, e)
+	return doGETRequest[FirewallRuleSet](ctx, c, e)
 }
 
 // UpdateFirewallRuleSet updates a Rule Set by ID.
-func (c *Client) UpdateFirewallRuleSet(ctx context.Context, rulesetID int, opts RuleSetUpdateOptions) (*RuleSet, error) {
+func (c *Client) UpdateFirewallRuleSet(ctx context.Context, rulesetID int, opts FirewallRuleSetUpdateOptions) (*FirewallRuleSet, error) {
 	e := formatAPIPath("networking/firewalls/rulesets/%d", rulesetID)
-	return doPUTRequest[RuleSet](ctx, c, e, opts)
+	return doPUTRequest[FirewallRuleSet](ctx, c, e, opts)
 }
 
 // DeleteFirewallRuleSet deletes a Rule Set by ID.

firewall_templates.go

@@ -5,8 +5,8 @@ import (
 )
 
 type FirewallTemplate struct {
-	Slug  string          `json:"slug"`
-	Rules FirewallRuleSet `json:"rules"`
+	Slug  string        `json:"slug"`
+	Rules FirewallRules `json:"rules"`
 }
 
 // GetFirewallTemplate gets a FirewallTemplate given a slug.

firewalls.go

@@ -24,7 +24,7 @@ type Firewall struct {
 	Label    string                 `json:"label"`
 	Status   FirewallStatus         `json:"status"`
 	Tags     []string               `json:"tags"`
-	Rules    FirewallRuleSet        `json:"rules"`
+	Rules    FirewallRules          `json:"rules"`
 	Entities []FirewallDeviceEntity `json:"entities"`
 	Created  *time.Time             `json:"-"`
 	Updated  *time.Time             `json:"-"`
@@ -39,10 +39,17 @@ type DevicesCreationOptions struct {
 
 // FirewallCreateOptions fields are those accepted by CreateFirewall
 type FirewallCreateOptions struct {
-	Label   string                 `json:"label,omitzero"`
-	Rules   FirewallRuleSet        `json:"rules"`
-	Tags    []string               `json:"tags,omitzero"`
-	Devices DevicesCreationOptions `json:"devices,omitzero"`
+	Label   string                     `json:"label,omitzero"`
+	Rules   FirewallRulesCreateOptions `json:"rules"`
+	Tags    []string                   `json:"tags,omitzero"`
+	Devices DevicesCreationOptions     `json:"devices,omitzero"`
+}
+
+type FirewallRulesCreateOptions struct {
+	Inbound        []FirewallRuleInbound  `json:"inbound"`
+	InboundPolicy  string                 `json:"inbound_policy"`
+	Outbound       []FirewallRuleOutbound `json:"outbound"`
+	OutboundPolicy string                 `json:"outbound_policy"`
 }
 
 // FirewallUpdateOptions is an options struct used when Updating a Firewall

instance_config_interfaces.go

@@ -49,13 +49,23 @@ type VPCIPv4 struct {
 	NAT1To1 *string `json:"nat_1_1,omitzero"`
 }
 
+type VPCIPv4CreateOptions struct {
+	VPC     string  `json:"vpc,omitzero"`
+	NAT1To1 *string `json:"nat_1_1,omitzero"`
+}
+
+type VPCIPv4UpdateOptions struct {
+	VPC     string  `json:"vpc,omitzero"`
+	NAT1To1 *string `json:"nat_1_1,omitzero"`
+}
+
 type InstanceConfigInterfaceCreateOptions struct {
 	IPAMAddress string                 `json:"ipam_address,omitzero"`
 	Label       string                 `json:"label,omitzero"`
 	Purpose     ConfigInterfacePurpose `json:"purpose,omitzero"`
 	Primary     bool                   `json:"primary,omitzero"`
 	SubnetID    *int                   `json:"subnet_id,omitzero"`
-	IPv4        *VPCIPv4               `json:"ipv4,omitzero"`
+	IPv4        *VPCIPv4CreateOptions  `json:"ipv4,omitzero"`
 
 	// NOTE: IPv6 interfaces may not currently be available to all users.
 	IPv6 *InstanceConfigInterfaceCreateOptionsIPv6 `json:"ipv6,omitzero"`
@@ -87,8 +97,8 @@ type InstanceConfigInterfaceCreateOptionsIPv6Range struct {
 }
 
 type InstanceConfigInterfaceUpdateOptions struct {
-	Primary bool     `json:"primary,omitzero"`
-	IPv4    *VPCIPv4 `json:"ipv4,omitzero"`
+	Primary bool                  `json:"primary,omitzero"`
+	IPv4    *VPCIPv4UpdateOptions `json:"ipv4,omitzero"`
 
 	// NOTE: IPv6 interfaces may not currently be available to all users.
 	IPv6 *InstanceConfigInterfaceUpdateOptionsIPv6 `json:"ipv6,omitzero"`
@@ -147,7 +157,7 @@ func (i InstanceConfigInterface) GetCreateOptions() InstanceConfigInterfaceCreat
 	}
 
 	if i.IPv4 != nil {
-		opts.IPv4 = &VPCIPv4{
+		opts.IPv4 = &VPCIPv4CreateOptions{
 			VPC:     i.IPv4.VPC,
 			NAT1To1: i.IPv4.NAT1To1,
 		}
@@ -189,7 +199,7 @@ func (i InstanceConfigInterface) GetUpdateOptions() InstanceConfigInterfaceUpdat
 
 	if i.Purpose == InterfacePurposeVPC {
 		if i.IPv4 != nil {
-			opts.IPv4 = &VPCIPv4{
+			opts.IPv4 = &VPCIPv4UpdateOptions{
 				VPC:     i.IPv4.VPC,
 				NAT1To1: i.IPv4.NAT1To1,
 			}