Example #1
0
def cli(env, context_id, friendly_name, remote_peer, preshared_key,
        phase1_auth, phase1_crypto, phase1_dh, phase1_key_ttl, phase2_auth,
        phase2_crypto, phase2_dh, phase2_forward_secrecy, phase2_key_ttl):
    """Update tunnel context properties.

    Updates are made atomically, so either all are accepted or none are.

    Key life values must be in the range 120-172800.

    Phase 2 perfect forward secrecy must be in the range 0-1.

    A separate configuration request should be made to realize changes on
    network devices.
    """
    manager = SoftLayer.IPSECManager(env.client)
    succeeded = manager.update_tunnel_context(
        context_id,
        friendly_name=friendly_name,
        remote_peer=remote_peer,
        preshared_key=preshared_key,
        phase1_auth=phase1_auth,
        phase1_crypto=phase1_crypto,
        phase1_dh=phase1_dh,
        phase1_key_ttl=phase1_key_ttl,
        phase2_auth=phase2_auth,
        phase2_crypto=phase2_crypto,
        phase2_dh=phase2_dh,
        phase2_forward_secrecy=phase2_forward_secrecy,
        phase2_key_ttl=phase2_key_ttl)
    if succeeded:
        env.out('Updated context #{}'.format(context_id))
    else:
        raise CLIHalt('Failed to update context #{}'.format(context_id))
Example #2
0
def cli(env, context_id, include):
    """List IPSEC VPN tunnel context details.

    Additional resources can be joined using multiple instances of the
    include option, for which the following choices are available.

    \b
    at: address translations
    is: internal subnets
    rs: remote subnets
    sr: statically routed subnets
    ss: service subnets
    """
    mask = _get_tunnel_context_mask(('at' in include),
                                    ('is' in include),
                                    ('rs' in include),
                                    ('sr' in include),
                                    ('ss' in include))
    manager = SoftLayer.IPSECManager(env.client)
    context = manager.get_tunnel_context(context_id, mask=mask)

    env.fout(_get_context_table(context))

    for relation in include:
        if relation == 'at':
            env.fout(_get_address_translations_table(context.get('addressTranslations', [])))
        elif relation == 'is':
            env.fout(_get_subnets_table(context.get('internalSubnets', []), title="Internal Subnets"))
        elif relation == 'rs':
            env.fout(_get_subnets_table(context.get('customerSubnets', []), title="Remote Subnets"))
        elif relation == 'sr':
            env.fout(_get_subnets_table(context.get('staticRouteSubnets', []), title="Static Subnets"))
        elif relation == 'ss':
            env.fout(_get_subnets_table(context.get('serviceSubnets', []), title="Service Subnets"))
Example #3
0
def cli(env, context_id, subnet_id, subnet_type):
    """Remove a subnet from an IPSEC tunnel context.

    The subnet id to remove must be specified.

    Remote subnets are deleted upon removal from a tunnel context.

    A separate configuration request should be made to realize changes on
    network devices.
    """
    manager = SoftLayer.IPSECManager(env.client)
    # ensure context can be retrieved by given id
    manager.get_tunnel_context(context_id)

    succeeded = False
    if subnet_type == 'internal':
        succeeded = manager.remove_internal_subnet(context_id, subnet_id)
    elif subnet_type == 'remote':
        succeeded = manager.remove_remote_subnet(context_id, subnet_id)
    elif subnet_type == 'service':
        succeeded = manager.remove_service_subnet(context_id, subnet_id)

    if succeeded:
        env.out('Removed {} subnet #{}'.format(subnet_type, subnet_id))
    else:
        raise CLIHalt('Failed to remove {} subnet #{}'.format(
            subnet_type, subnet_id))
Example #4
0
def cli(env, context_id, subnet_id, subnet_type, network_identifier):
    """Add a subnet to an IPSEC tunnel context.

    A subnet id may be specified to link to the existing tunnel context.

    Otherwise, a network identifier in CIDR notation should be specified,
    indicating that a subnet resource should first be created before associating
    it with the tunnel context. Note that this is only supported for remote
    subnets, which are also deleted upon failure to attach to a context.

    A separate configuration request should be made to realize changes on
    network devices.
    """
    create_remote = False
    if subnet_id is None:
        if network_identifier is None:
            raise ArgumentError('Either a network identifier or subnet id '
                                'must be provided.')
        if subnet_type != 'remote':
            raise ArgumentError('Unable to create {} subnets'
                                .format(subnet_type))
        create_remote = True

    manager = SoftLayer.IPSECManager(env.client)
    context = manager.get_tunnel_context(context_id)

    if create_remote:
        subnet = manager.create_remote_subnet(context['accountId'],
                                              identifier=network_identifier[0],
                                              cidr=network_identifier[1])
        subnet_id = subnet['id']
        env.out('Created subnet {}/{} #{}'
                .format(network_identifier[0],
                        network_identifier[1],
                        subnet_id))

    succeeded = False
    if subnet_type == 'internal':
        succeeded = manager.add_internal_subnet(context_id, subnet_id)
    elif subnet_type == 'remote':
        succeeded = manager.add_remote_subnet(context_id, subnet_id)
    elif subnet_type == 'service':
        succeeded = manager.add_service_subnet(context_id, subnet_id)

    if succeeded:
        env.out('Added {} subnet #{}'.format(subnet_type, subnet_id))
    else:
        raise CLIHalt('Failed to add {} subnet #{}'
                      .format(subnet_type, subnet_id))
Example #5
0
def cli(env, context_id, translation_id):
    """Remove a translation entry from an IPSEC tunnel context.

    A separate configuration request should be made to realize changes on
    network devices.
    """
    manager = SoftLayer.IPSECManager(env.client)
    # ensure translation can be retrieved by given id
    manager.get_translation(context_id, translation_id)

    succeeded = manager.remove_translation(context_id, translation_id)
    if succeeded:
        env.out('Removed translation #{}'.format(translation_id))
    else:
        raise CLIHalt(
            'Failed to remove translation #{}'.format(translation_id))
Example #6
0
def cli(env, context_id, static_ip, remote_ip, note):
    """Add an address translation to an IPSEC tunnel context.

    A separate configuration request should be made to realize changes on
    network devices.
    """
    manager = SoftLayer.IPSECManager(env.client)
    # ensure context can be retrieved by given id
    manager.get_tunnel_context(context_id)

    translation = manager.create_translation(context_id,
                                             static_ip=static_ip,
                                             remote_ip=remote_ip,
                                             notes=note)
    env.out('Created translation from {} to {} #{}'.format(
        static_ip, remote_ip, translation['id']))
Example #7
0
def cli(env, context_id, translation_id, static_ip, remote_ip, note):
    """Update an address translation for an IPSEC tunnel context.

    A separate configuration request should be made to realize changes on
    network devices.
    """
    manager = SoftLayer.IPSECManager(env.client)
    succeeded = manager.update_translation(context_id,
                                           translation_id,
                                           static_ip=static_ip,
                                           remote_ip=remote_ip,
                                           notes=note)
    if succeeded:
        env.out('Updated translation #{}'.format(translation_id))
    else:
        raise CLIHalt('Failed to update translation #{}'.format(translation_id))
Example #8
0
def cli(env, context_id):
    """Request configuration of a tunnel context.

    This action will update the advancedConfigurationFlag on the context
    instance and further modifications against the context will be prevented
    until all changes can be propgated to network devices.
    """
    manager = SoftLayer.IPSECManager(env.client)
    # ensure context can be retrieved by given id
    manager.get_tunnel_context(context_id)

    succeeded = manager.apply_configuration(context_id)
    if succeeded:
        env.out('Configuration request received for context #{}'.format(
            context_id))
    else:
        raise CLIHalt(
            'Failed to enqueue configuration request for context #{}'.format(
                context_id))
Example #9
0
def cli(env):
    """List IPSec VPN tunnel contexts"""
    manager = SoftLayer.IPSECManager(env.client)
    contexts = manager.get_tunnel_contexts()

    table = formatting.Table([
        'id', 'name', 'friendly name', 'internal peer IP address',
        'remote peer IP address', 'created'
    ])
    for context in contexts:
        table.add_row([
            context.get('id', ''),
            context.get('name', ''),
            context.get('friendlyName', ''),
            context.get('internalPeerIpAddress', ''),
            context.get('customerPeerIpAddress', ''),
            context.get('createDate', '')
        ])
    env.fout(table)
Example #10
0
 def set_up(self):
     self.ipsec = SoftLayer.IPSECManager(self.client)