def _get_firewall_rules(firewall_rules):
'''
Construct a list of optional firewall rules from the cloud profile.
'''
ret = []
for key, value in firewall_rules.iteritems():
# Verify the required 'protocol' property is present in the cloud
# profile config
if 'protocol' not in firewall_rules[key].keys():
raise SaltCloudConfigError(
'The firewall rule \'{0}\' is missing \'protocol\''.format(key)
)
ret.append(FirewallRule(
name=key,
protocol=firewall_rules[key].get('protocol', None),
source_mac=firewall_rules[key].get('source_mac', None),
source_ip=firewall_rules[key].get('source_ip', None),
target_ip=firewall_rules[key].get('target_ip', None),
port_range_start=firewall_rules[key].get('port_range_start', None),
port_range_end=firewall_rules[key].get('port_range_end', None),
icmp_type=firewall_rules[key].get('icmp_type', None),
icmp_code=firewall_rules[key].get('icmp_code', None)
))
return ret
def _get_firewall_rules(firewall_rules):
"""
Construct a list of optional firewall rules from the cloud profile.
"""
ret = []
for key, value in firewall_rules.items():
# Verify the required 'protocol' property is present in the cloud
# profile config
if "protocol" not in firewall_rules[key].keys():
raise SaltCloudConfigError(
"The firewall rule '{}' is missing 'protocol'".format(key))
ret.append(
FirewallRule(
name=key,
protocol=firewall_rules[key].get("protocol", None),
source_mac=firewall_rules[key].get("source_mac", None),
source_ip=firewall_rules[key].get("source_ip", None),
target_ip=firewall_rules[key].get("target_ip", None),
port_range_start=firewall_rules[key].get(
"port_range_start", None),
port_range_end=firewall_rules[key].get("port_range_end", None),
icmp_type=firewall_rules[key].get("icmp_type", None),
icmp_code=firewall_rules[key].get("icmp_code", None),
))
return ret
def getFwRuleObject(defdict=None):
if not defdict or not isinstance(defdict, dict):
raise ValueError("argument 'defdict' must be non-empty dict")
# AARGH! some of NIC's fields have different names -> need to convert manually
# so make a copy and let source as is
props = dict()
for k, v in defdict['properties'].items():
if k == 'sourceMac':
props['source_mac'] = v
continue
if k == 'sourceIp':
props['source_ip'] = v
continue
if k == 'targetIp':
props['target_ip'] = v
continue
if k == 'portRangeStart':
props['port_range_start'] = v
continue
if k == 'portRangeEnd':
props['port_range_end'] = v
continue
if k == 'icmpType':
props['icmp_type'] = v
continue
if k == 'icmpCode':
props['icmp_code'] = v
continue
props[k] = v
# end for(defdict)
apiobj = FirewallRule(**props)
return apiobj
def test_create_failure(self):
try:
fwrule = FirewallRule(name=self.resource['fwrule']['name'])
self.client.create_firewall_rule(
datacenter_id=self.datacenter['id'],
server_id=self.server['id'],
nic_id=self.nic1['id'],
firewall_rule=fwrule)
except PBError as e:
self.assertIn(
self.resource['missing_attribute_error'] % 'protocol',
e.content[0]['message'])
def setUpClass(cls):
cls.resource = resource()
cls.client = ProfitBricksService(username=configuration.USERNAME,
password=configuration.PASSWORD,
headers=configuration.HEADERS)
# Create test datacenter.
cls.datacenter = cls.client.create_datacenter(datacenter=Datacenter(
**cls.resource['datacenter']))
cls.client.wait_for_completion(cls.datacenter)
# Create test LAN.
cls.lan = cls.client.create_lan(datacenter_id=cls.datacenter['id'],
lan=LAN(**cls.resource['lan']))
cls.client.wait_for_completion(cls.lan)
# Create test server.
cls.server = cls.client.create_server(
datacenter_id=cls.datacenter['id'],
server=Server(**cls.resource['server']))
cls.client.wait_for_completion(cls.server)
# Create test NIC1.
nic1 = NIC(**cls.resource['nic'])
nic1.lan = cls.lan['id']
cls.nic1 = cls.client.create_nic(datacenter_id=cls.datacenter['id'],
server_id=cls.server['id'],
nic=nic1)
cls.client.wait_for_completion(cls.nic1)
# Create test Firewall Rule
fwrule = FirewallRule(**cls.resource['fwrule'])
cls.fwrule = cls.client.create_firewall_rule(
datacenter_id=cls.datacenter['id'],
server_id=cls.server['id'],
nic_id=cls.nic1['id'],
firewall_rule=fwrule)
cls.client.wait_for_completion(cls.fwrule)
# Create test Firewall Rule 2
fwrule2 = FirewallRule(**cls.resource['fwrule'])
fwrule2.port_range_start = 8080
fwrule2.port_range_end = 8080
fwrule2.name = "8080"
cls.fwrule2 = cls.client.create_firewall_rule(
datacenter_id=cls.datacenter['id'],
server_id=cls.server['id'],
nic_id=cls.nic1['id'],
firewall_rule=fwrule2)
cls.client.wait_for_completion(cls.fwrule2)
def test_create_composite(self):
fwrule = FirewallRule(**self.resource['fwrule'])
nic = NIC(firewall_rules=[fwrule], **self.resource['nic'])
volume = Volume(image=self.image['id'],
image_password='******',
ssh_keys=['ssh-rsa AAAAB3NzaC1'],
**self.resource['volume'])
volume.availability_zone = 'ZONE_3'
server = Server(nics=[nic],
create_volumes=[volume],
**self.resource['server'])
composite_server = self.client.create_server(
datacenter_id=self.datacenter['id'], server=server)
self.client.wait_for_completion(composite_server, timeout=600)
composite_server = self.client.get_server(
datacenter_id=self.datacenter['id'],
server_id=composite_server['id'])
assertRegex(self, composite_server['id'], self.resource['uuid_match'])
self.assertEqual(composite_server['properties']['name'],
self.resource['server']['name'])
self.assertEqual(composite_server['properties']['cores'],
self.resource['server']['cores'])
self.assertEqual(composite_server['properties']['ram'],
self.resource['server']['ram'])
self.assertEqual(composite_server['properties']['availabilityZone'],
'ZONE_1')
self.assertIn(composite_server['properties']['vmState'],
self.resource['vm_states'])
self.assertGreater(
len(composite_server['entities']['volumes']['items']), 0)
self.assertGreater(len(composite_server['entities']['nics']['items']),
0)
from profitbricks.client import Datacenter, Volume, Server # noqa
i = Datacenter(name='dc1', description='My New Datacenter', location='de/fkb')
response = client.create_datacenter(datacenter=i)
"""Create Complex Datacenter
"""
from profitbricks.client import ProfitBricksService # noqa
from profitbricks.client import Datacenter, LAN, NIC, LoadBalancer, FirewallRule # noqa
image_id = 'df8382a1-0f40-11e6-ab6b-52540005ab80'
fwrule1 = FirewallRule(name='Open SSH port',
protocol='TCP',
source_mac='01:23:45:67:89:00',
port_range_start=22,
port_range_end=22)
fwrule2 = FirewallRule(name='Allow PING',
protocol='ICMP',
icmp_type=8,
icmp_code=0)
fw_rules = [fwrule1, fwrule2]
nic1 = NIC(name='nic1',
ips=['10.2.2.3'],
dhcp='true',
lan=1,
firewall_active=True,
def create_firewall_rule(module, profitbricks):
"""
Creates a firewall rule.
module : AnsibleModule object
profitbricks: authenticated profitbricks object.
Returns:
The firewall rule instance being created
"""
datacenter = module.params.get('datacenter')
server = module.params.get('server')
nic = module.params.get('nic')
name = module.params.get('name')
protocol = module.params.get('protocol')
source_mac = module.params.get('source_mac')
source_ip = module.params.get('source_ip')
target_ip = module.params.get('target_ip')
port_range_start = module.params.get('port_range_start')
port_range_end = module.params.get('port_range_end')
icmp_type = module.params.get('icmp_type')
icmp_code = module.params.get('icmp_code')
wait = module.params.get('wait')
wait_timeout = module.params.get('wait_timeout')
# Locate UUID for virtual datacenter
datacenter_list = profitbricks.list_datacenters()
datacenter_id = _get_resource_id(datacenter_list, datacenter, module,
"Data center")
# Locate UUID for server
server_list = profitbricks.list_servers(datacenter_id)
server_id = _get_resource_id(server_list, server, module, "Server")
# Locate UUID for NIC
nic_list = profitbricks.list_nics(datacenter_id, server_id)
nic_id = _get_resource_id(nic_list, nic, module, "NIC")
fw_list = profitbricks.get_firewall_rules(datacenter_id, server_id, nic_id)
f = None
for fw in fw_list['items']:
if name == fw['properties']['name']:
f = fw
break
should_change = f is None
if module.check_mode:
module.exit_json(changed=should_change)
if not should_change:
return {'changed': should_change, 'firewall_rule': f}
try:
profitbricks.update_nic(datacenter_id,
server_id,
nic_id,
firewall_active=True)
except Exception as e:
module.fail_json(msg='Unable to activate the NIC firewall.' %
to_native(e))
f = FirewallRule(name=name,
protocol=protocol,
source_mac=source_mac,
source_ip=source_ip,
target_ip=target_ip,
port_range_start=port_range_start,
port_range_end=port_range_end,
icmp_type=icmp_type,
icmp_code=icmp_code)
try:
firewall_rule_response = profitbricks.create_firewall_rule(
datacenter_id, server_id, nic_id, f)
if wait:
_wait_for_completion(profitbricks, firewall_rule_response,
wait_timeout, "create_firewall_rule")
return {'changed': True, 'firewall_rule': firewall_rule_response}
except Exception as e:
module.fail_json(msg="failed to create the firewall rule: %s" %
to_native(e))
def create_firewall_rule(module, profitbricks):
"""
Creates a firewall rule.
module : AnsibleModule object
profitbricks: authenticated profitbricks object.
Returns:
True if the firewal rule creates, false otherwise
"""
datacenter = module.params.get('datacenter')
server = module.params.get('server')
nic = module.params.get('nic')
name = module.params.get('name')
protocol = module.params.get('protocol')
source_mac = module.params.get('source_mac')
source_ip = module.params.get('source_ip')
target_ip = module.params.get('target_ip')
port_range_start = module.params.get('port_range_start')
port_range_end = module.params.get('port_range_end')
icmp_type = module.params.get('icmp_type')
icmp_code = module.params.get('icmp_code')
wait = module.params.get('wait')
wait_timeout = module.params.get('wait_timeout')
# Locate UUID for virtual datacenter
datacenter_list = profitbricks.list_datacenters()
datacenter_id = _get_resource_id(datacenter_list, datacenter)
if not datacenter_id:
module.fail_json(msg='Virtual data center \'%s\' not found.' %
str(datacenter))
# Locate UUID for server
server_list = profitbricks.list_servers(datacenter_id)
server_id = _get_resource_id(server_list, server)
# Locate UUID for NIC
nic_list = profitbricks.list_nics(datacenter_id, server_id)
nic_id = _get_resource_id(nic_list, nic)
try:
profitbricks.update_nic(datacenter_id,
server_id,
nic_id,
firewall_active=True)
except Exception as e:
module.fail_json(msg='Unable to activate the NIC firewall.' % str(e))
f = FirewallRule(name=name,
protocol=protocol,
source_mac=source_mac,
source_ip=source_ip,
target_ip=target_ip,
port_range_start=port_range_start,
port_range_end=port_range_end,
icmp_type=icmp_type,
icmp_code=icmp_code)
try:
firewall_rule_response = profitbricks.create_firewall_rule(
datacenter_id, server_id, nic_id, f)
if wait:
_wait_for_completion(profitbricks, firewall_rule_response,
wait_timeout, "create_firewall_rule")
return firewall_rule_response
except Exception as e:
module.fail_json(msg="failed to create the firewall rule: %s" % str(e))
