def undo(self, workflow_dict):
try:
if 'databaseinfra' not in workflow_dict:
return False
action = 'deny'
database = workflow_dict['databaseinfra'].databases.get()
for database_bind in database.acl_binds.all():
acl_environment, acl_vlan = database_bind.bind_address.split(
'/')
data = {"kind": "object#acl", "rules": []}
default_options = {
"protocol": "tcp",
"source": "",
"destination": "",
"description": "{} access for database {} in {}".format(database_bind.bind_address,
database.name,
database.environment.name),
"action": action,
"l4-options": {"dest-port-start": "",
"dest-port-op": "eq"}
}
LOG.info("Default options: {}".format(default_options))
databaseinfra = database.infra
infra_instances_binds = DatabaseInfraInstanceBind.objects.filter(
databaseinfra=databaseinfra,
bind_address=database_bind.bind_address)
for infra_instance_bind in infra_instances_binds:
custom_options = copy.deepcopy(default_options)
custom_options['source'] = database_bind.bind_address
custom_options[
'destination'] = infra_instance_bind.instance + '/32'
custom_options[
'l4-options']['dest-port-start'] = infra_instance_bind.instance_port
data['rules'].append(custom_options)
acl_credential = get_credentials_for(environment=database.environment,
credential_type=CredentialType.ACLAPI)
acl_client = AclClient(acl_credential.endpoint,
acl_credential.user,
acl_credential.password)
LOG.info("Data used on payload: {}".format(data))
acl_client.revoke_acl_for(environment=acl_environment,
vlan=acl_vlan, payload=data)
infra_instances_binds.delete()
database_bind.delete()
return True
except Exception:
traceback = full_stack()
workflow_dict['exceptions']['error_codes'].append(DBAAS_0019)
workflow_dict['exceptions']['traceback'].append(traceback)
return False
def undo(self, workflow_dict):
try:
if not 'databaseinfra' in workflow_dict:
return False
action = 'deny'
database = workflow_dict['databaseinfra'].databases.get()
for database_bind in database.acl_binds.all():
acl_environment, acl_vlan = database_bind.bind_address.split('/')
data = {"kind":"object#acl", "rules":[]}
default_options = {"protocol": "tcp",
"source": "",
"destination": "",
"description": "{} access for database {} in {}".\
format(database_bind.bind_address, database.name,
database.environment.name),
"action": action,
"l4-options":{ "dest-port-start":"",
"dest-port-op":"eq"
}
}
LOG.info("Default options: {}".format(default_options))
databaseinfra = database.infra
infra_instances_binds = DatabaseInfraInstanceBind.objects.\
filter(databaseinfra= databaseinfra,bind_address= database_bind.bind_address)
for infra_instance_bind in infra_instances_binds:
custom_options = copy.deepcopy(default_options)
custom_options['source'] = database_bind.bind_address
custom_options['destination'] = infra_instance_bind.instance + '/32'
custom_options['l4-options']['dest-port-start'] = infra_instance_bind.instance_port
data['rules'].append(custom_options)
acl_credential = get_credentials_for(environment= database.environment,
credential_type=CredentialType.ACLAPI)
acl_client = AclClient(acl_credential.endpoint, acl_credential.user,
acl_credential.password)
LOG.info("Data used on payload: {}".format(data))
acl_client.revoke_acl_for(environment= acl_environment,
vlan= acl_vlan, payload=data)
infra_instances_binds.delete()
database_bind.delete()
return True
except Exception:
traceback = full_stack()
workflow_dict['exceptions']['error_codes'].append(DBAAS_0019)
workflow_dict['exceptions']['traceback'].append(traceback)
return False
def undo(self, workflow_dict):
try:
if 'databaseinfra' not in workflow_dict:
return False
database = workflow_dict['databaseinfra'].databases.get()
databaseinfra = database.databaseinfra
acl_credential = get_credentials_for(
environment=database.environment,
credential_type=CredentialType.ACLAPI)
acl_client = AclClient(acl_credential.endpoint,
acl_credential.user,
acl_credential.password,
database.environment)
for database_bind in database.acl_binds.all():
infra_instances_binds = DatabaseInfraInstanceBind.objects.filter(
databaseinfra=databaseinfra,
bind_address=database_bind.bind_address)
try:
helpers.unbind_address(database_bind, acl_client,
infra_instances_binds)
except Exception as e:
LOG.warn(e)
continue
return True
except Exception:
traceback = full_stack()
workflow_dict['exceptions']['error_codes'].append(DBAAS_0019)
workflow_dict['exceptions']['traceback'].append(traceback)
return False
def undo(self, workflow_dict):
LOG.info("Running undo...")
try:
database = workflow_dict['database']
databaseinfra = workflow_dict['databaseinfra']
acl_credential = get_credentials_for(
environment=database.environment,
credential_type=CredentialType.ACLAPI)
acl_client = AclClient(acl_credential.endpoint,
acl_credential.user,
acl_credential.password,
database.environment)
instances = databaseinfra.instances.filter(
future_instance__isnull=False)
databaseinfraattr_instances = DatabaseInfraAttr.objects.filter(
databaseinfra=databaseinfra,
equivalent_dbinfraattr__isnull=False)
instance_address_list = []
for instance in instances:
instance_address_list.append(instance.address)
for instance in databaseinfraattr_instances:
instance_address_list.append(instance.ip)
for database_bind in database.acl_binds.all():
if helpers.bind_address(
database_bind,
acl_client,
instances=instances,
infra_attr_instances=databaseinfraattr_instances):
continue
else:
LOG.error("The AclApi is not working properly.")
database_bind.bind_status = ERROR
database_bind.save()
DatabaseInfraInstanceBind.objects.filter(
databaseinfra=databaseinfra,
bind_address=database_bind.bind_address,
instance__in=instance_address_list).update(
bind_status=ERROR)
return True
except Exception:
traceback = full_stack()
workflow_dict['exceptions']['error_codes'].append(DBAAS_0020)
workflow_dict['exceptions']['traceback'].append(traceback)
return False
def __init__(self, instance):
super(ACLStep, self).__init__(instance)
try:
acl_credential = get_credentials_for(
environment=self.environment,
credential_type=CredentialType.ACLAPI)
except (IndexError, GetCredentialException):
self.acl_client = None
else:
self.acl_client = AclClient(acl_credential.endpoint,
acl_credential.user,
acl_credential.password,
self.environment)
def __init__(self, instance):
super(ACLStep, self).__init__(instance)
self.databaseinfra = self.instance.databaseinfra
self.environment = self.databaseinfra.environment
self.database = self.databaseinfra.databases.first()
acl_credential = get_credentials_for(
environment=self.environment,
credential_type=CredentialType.ACLAPI)
self.acl_client = AclClient(
acl_credential.endpoint,
acl_credential.user,
acl_credential.password,
self.environment)
def do(self, workflow_dict):
try:
database = workflow_dict['database']
databaseinfra = workflow_dict['databaseinfra']
acl_credential = get_credentials_for(
environment=database.environment,
credential_type=CredentialType.ACLAPI)
acl_client = AclClient(acl_credential.endpoint,
acl_credential.user,
acl_credential.password,
database.environment)
instances = databaseinfra.instances.filter(
future_instance__isnull=False)
databaseinfraattr_instances = DatabaseInfraAttr.objects.filter(
databaseinfra=databaseinfra,
equivalent_dbinfraattr__isnull=False)
instance_address_list = []
for instance in instances:
instance_address_list.append(instance.address)
for instance in databaseinfraattr_instances:
instance_address_list.append(instance.ip)
for database_bind in database.acl_binds.all():
infra_instances_binds = DatabaseInfraInstanceBind.objects.filter(
databaseinfra=databaseinfra,
instance__in=instance_address_list,
bind_address=database_bind.bind_address)
if helpers.unbind_address(database_bind, acl_client,
infra_instances_binds):
continue
return True
except Exception:
traceback = full_stack()
workflow_dict['exceptions']['error_codes'].append(DBAAS_0020)
workflow_dict['exceptions']['traceback'].append(traceback)
return False
def undo(self, workflow_dict):
LOG.info("Running undo...")
try:
action = 'permit'
database = workflow_dict['database']
databaseinfra = workflow_dict['databaseinfra']
acl_credential = get_credentials_for(environment=database.environment,
credential_type=CredentialType.ACLAPI)
acl_client = AclClient(acl_credential.endpoint,
acl_credential.user,
acl_credential.password)
instances = databaseinfra.instances.filter(
future_instance__isnull=False)
port = instances[0].port
databaseinfraattr_instances = DatabaseInfraAttr.objects.filter(databaseinfra=databaseinfra,
equivalent_dbinfraattr__isnull=False)
instance_address_list = []
for instance in instances:
instance_address_list.append(instance.address)
for instance in databaseinfraattr_instances:
instance_address_list.append(instance.ip)
for database_bind in database.acl_binds.all():
acl_environment, acl_vlan = database_bind.bind_address.split(
'/')
data = {"kind": "object#acl", "rules": []}
default_options = {
"protocol": "tcp",
"source": "",
"destination": "",
"description": "{} access for database {} in {}".format(database_bind.bind_address,
database.name,
database.environment.name),
"action": action,
"l4-options": {"dest-port-start": "",
"dest-port-op": "eq"}
}
LOG.info("Default options: {}".format(default_options))
for instance in instances:
custom_options = copy.deepcopy(default_options)
custom_options['source'] = database_bind.bind_address
custom_options['destination'] = instance.address + '/32'
custom_options[
'l4-options']['dest-port-start'] = instance.port
data['rules'].append(custom_options)
LOG.debug(
"Creating bind for instance: {}".format(instance))
instance_bind = DatabaseInfraInstanceBind(instance=instance.address,
databaseinfra=databaseinfra,
bind_address=database_bind.bind_address,
instance_port=instance.port)
instance_bind.save()
LOG.debug("InstanceBind: {}".format(instance_bind))
LOG.debug("Instance binds created!")
for instance in databaseinfraattr_instances:
custom_options = copy.deepcopy(default_options)
custom_options['source'] = database_bind.bind_address
custom_options['destination'] = instance.ip + '/32'
custom_options['l4-options']['dest-port-start'] = port
data['rules'].append(custom_options)
LOG.debug(
"Creating bind for instance: {}".format(instance))
instance_bind = DatabaseInfraInstanceBind(instance=instance.ip,
databaseinfra=databaseinfra,
bind_address=database_bind.bind_address,
instance_port=port)
instance_bind.save()
LOG.debug(
"DatabaseInraAttrInstanceBind: {}".format(instance_bind))
LOG.info("Data used on payload: {}".format(data))
response = acl_client.grant_acl_for(environment=acl_environment,
vlan=acl_vlan,
payload=data)
if 'job' in response:
monitor_acl_job(job_id=response['job'],
database_bind=database_bind,
instances=instances + databaseinfraattr_instances)
else:
LOG.error("The AclApi is not working properly.")
database_bind.bind_status = ERROR
database_bind.save()
DatabaseInfraInstanceBind.objects.filter(databaseinfra=databaseinfra,
bind_address=database_bind.bind_address,
instance__in=instance_address_list
).update(bind_status=ERROR)
return True
except Exception:
traceback = full_stack()
workflow_dict['exceptions']['error_codes'].append(DBAAS_0020)
workflow_dict['exceptions']['traceback'].append(traceback)
return False
