def _dhcp_operation(vca_client, network_name, operation):
    """
        update dhcp setting for network
    """
    dhcp_settings = ctx.node.properties['network'].get('dhcp')
    if dhcp_settings is None:
        return True
    gateway_name = ctx.node.properties["network"]['edge_gateway']
    gateway = get_gateway(vca_client, gateway_name)
    if gateway.is_busy():
        return False
    if operation == ADD_POOL:
        ip = _split_adresses(dhcp_settings['dhcp_range'])
        low_ip_address = check_ip(ip.start)
        hight_ip_address = check_ip(ip.end)
        default_lease = dhcp_settings.get('default_lease')
        max_lease = dhcp_settings.get('max_lease')
        gateway.add_dhcp_pool(network_name, low_ip_address, hight_ip_address,
                              default_lease, max_lease)
        if save_gateway_configuration(gateway, vca_client, ctx):
            ctx.logger.info("DHCP rule successful created for network {0}"
                            .format(network_name))
            return True

    if operation == DELETE_POOL:
        gateway.delete_dhcp_pool(network_name)
        if save_gateway_configuration(gateway, vca_client, ctx):
            ctx.logger.info("DHCP rule successful deleted for network {0}"
                            .format(network_name))
            return True
    return False
def creation_validation(vca_client, **kwargs):
    """
        validate port settings,
        ip_allocation_mode must be in 'manual', 'dhcp', 'pool',
        and valid ip_address if set
    """
    port = get_mandatory(ctx.node.properties, "port")
    ip_allocation_mode = port.get("ip_allocation_mode")
    if ip_allocation_mode:
        if ip_allocation_mode.lower() not in ["manual", "dhcp", "pool"]:
            raise cfy_exc.NonRecoverableError("Unknown allocation mode {0}".format(ip_allocation_mode))
        ip_address = port.get("ip_address")
        if ip_address:
            check_ip(ip_address)
Exemple #3
0
def creation_validation(vca_client, **kwargs):
    """
        validate firewall rules for node
    """
    getaway = get_gateway(
        vca_client, _get_gateway_name(ctx.node.properties)
    )
    if not getaway.is_fw_enabled():
        raise cfy_exc.NonRecoverableError(
            "Gateway firewall is disabled. Please, enable firewall.")
    rules = get_mandatory(ctx.node.properties, 'rules')
    for rule in rules:
        description = rule.get("description")
        if description and not isinstance(description, basestring):
            raise cfy_exc.NonRecoverableError(
                "Parameter 'description' must be string.")

        source = rule.get("source")
        if source:
            if not isinstance(source, basestring):
                raise cfy_exc.NonRecoverableError(
                    "Parameter 'source' must be valid IP address string.")
            if not _is_literal_ip(source):
                check_ip(source)

        utils.check_port(rule.get('source_port'))

        destination = rule.get('destination')
        if destination:
            if not isinstance(destination, basestring):
                raise cfy_exc.NonRecoverableError(
                    "Parameter 'destination' must be valid IP address string.")
            if not _is_literal_ip(destination):
                check_ip(destination)

        utils.check_port(rule.get('destination_port'))

        utils.check_protocol(rule.get('protocol'))

        action = get_mandatory(rule, "action")
        if (not isinstance(action, basestring)
                or action.lower() not in ACTIONS):
            raise cfy_exc.NonRecoverableError(
                "Action must be on of{0}.".format(ACTIONS))

        log = rule.get('log_traffic')
        if log and not isinstance(log, bool):
            raise cfy_exc.NonRecoverableError(
                "Parameter 'log_traffic' must be boolean.")
def creation_validation(vca_client, **kwargs):
    """
        validate port settings,
        ip_allocation_mode must be in 'manual', 'dhcp', 'pool',
        and valid ip_address if set
    """
    port = get_mandatory(ctx.node.properties, 'port')
    ip_allocation_mode = port.get('ip_allocation_mode')
    if ip_allocation_mode:
        if ip_allocation_mode.lower() not in ['manual', 'dhcp', 'pool']:
            raise cfy_exc.NonRecoverableError(
                "Unknown allocation mode {0}".format(ip_allocation_mode))
        ip_address = port.get('ip_address')
        if ip_address:
            check_ip(ip_address)
 def test_check_ip(self):
     """
         check ip code
     """
     # wrong type
     with self.assertRaises(cfy_exc.NonRecoverableError):
         vcloud_network_plugin.check_ip({'wrong': None})
     # wrong value
     with self.assertRaises(cfy_exc.NonRecoverableError):
         vcloud_network_plugin.check_ip("1.1.1.400")
     # good case
     self.assertEqual(
         vcloud_network_plugin.check_ip("1.1.1.40"),
         "1.1.1.40"
     )
def _floatingip_operation(operation, vca_client, ctx):
    """
        create/release floating ip by nat rules for this ip with
        relation to internal ip for current node,
        save selected public_ip in runtime properties
    """
    service_type = get_vcloud_config().get('service_type')
    gateway = get_gateway(
        vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
    internal_ip = get_vm_ip(vca_client, ctx, gateway)

    nat_operation = None
    public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
                 or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
    if operation == CREATE:
        CheckAssignedInternalIp(internal_ip, gateway)
        if public_ip:
            CheckAssignedExternalIp(public_ip, gateway)
        else:
            public_ip = get_public_ip(vca_client, gateway, service_type, ctx)

        nat_operation = _add_nat_rule
    elif operation == DELETE:
        if not public_ip:
            ctx.logger.info("Can't get external IP".format(public_ip))
            return True
        nat_operation = _del_nat_rule
    else:
        raise cfy_exc.NonRecoverableError(
            "Unknown operation {0}".format(operation)
        )

    external_ip = check_ip(public_ip)

    nat_operation(gateway, "SNAT", internal_ip, external_ip)
    nat_operation(gateway, "DNAT", external_ip, internal_ip)
    success = save_gateway_configuration(gateway, vca_client, ctx)
    if not success:
        return False
    if operation == CREATE:
        ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
        save_ssh_parameters(ctx, '22', external_ip)
    else:
        if is_ondemand(service_type):
            if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
                del_ondemand_public_ip(
                    vca_client,
                    gateway,
                    ctx.target.instance.runtime_properties[PUBLIC_IP],
                    ctx)
        if PUBLIC_IP in ctx.target.instance.runtime_properties:
            del ctx.target.instance.runtime_properties[PUBLIC_IP]
        if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties:
            del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP]
        if SSH_PORT in ctx.target.instance.runtime_properties:
            del ctx.source.instance.runtime_properties[SSH_PORT]
    return True
def _split_adresses(address_range):
    """
        split network addresses from 1.1.1.1-2.2.2.2 representation to
        separate (start,end) tuple
    """
    adresses = [ip.strip() for ip in address_range.split('-')]
    IPRange = collections.namedtuple('IPRange', 'start end')
    try:
        start = check_ip(adresses[0])
        end = check_ip(adresses[1])
        if not is_valid_ip_range(start, end):
            raise cfy_exc.NonRecoverableError(
                "Start address {0} is greater than end address: {1}"
                .format(start, end))
        return IPRange(start=start, end=end)
    except IndexError:
        raise cfy_exc.NonRecoverableError("Can't parse IP range:{0}".
                                          format(address_range))
def _floatingip_operation(operation, vca_client, ctx):
    """
        create/release floating ip by nat rules for this ip with
        relation to internal ip for current node,
        save selected public_ip in runtime properties
    """
    service_type = get_vcloud_config().get('service_type')
    gateway = get_gateway(
        vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
    internal_ip = get_vm_ip(vca_client, ctx, gateway)

    nat_operation = None
    public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
                 or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
    if operation == CREATE:
        CheckAssignedInternalIp(internal_ip, gateway)
        if public_ip:
            CheckAssignedExternalIp(public_ip, gateway)
        else:
            public_ip = get_public_ip(vca_client, gateway, service_type, ctx)

        nat_operation = _add_nat_rule
    elif operation == DELETE:
        if not public_ip:
            ctx.logger.info("Can't get external IP".format(public_ip))
            return True
        nat_operation = _del_nat_rule
    else:
        raise cfy_exc.NonRecoverableError(
            "Unknown operation {0}".format(operation))

    external_ip = check_ip(public_ip)

    nat_operation(gateway, "SNAT", internal_ip, external_ip)
    nat_operation(gateway, "DNAT", external_ip, internal_ip)
    success = save_gateway_configuration(gateway, vca_client, ctx)
    if not success:
        return False
    if operation == CREATE:
        ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
        save_ssh_parameters(ctx, '22', external_ip)
    else:
        if is_ondemand(service_type):
            if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
                del_ondemand_public_ip(
                    vca_client, gateway,
                    ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
        if PUBLIC_IP in ctx.target.instance.runtime_properties:
            del ctx.target.instance.runtime_properties[PUBLIC_IP]
        if SSH_PUBLIC_IP in ctx.source.instance.runtime_properties:
            del ctx.source.instance.runtime_properties[SSH_PUBLIC_IP]
        if SSH_PORT in ctx.source.instance.runtime_properties:
            del ctx.source.instance.runtime_properties[SSH_PORT]
    return True
def creation_validation(vca_client, **kwargs):
    """
        validate node context,
        fields from floatingip dict:
        * edge_gateway - mandatory,
        * public_ip - prefered ip for node, can be empty
        fields from vcloud_config:
        * service_type - ondemand, subscription
        also check availability of public ip if set or exist some free
        ip in subscription case
    """
    floatingip = get_mandatory(ctx.node.properties, 'floatingip')
    edge_gateway = get_mandatory(floatingip, 'edge_gateway')
    gateway = get_gateway(vca_client, edge_gateway)
    service_type = get_vcloud_config().get('service_type')
    public_ip = floatingip.get(PUBLIC_IP)
    if public_ip:
        check_ip(public_ip)
        CheckAssignedExternalIp(public_ip, gateway)
    else:
        if is_subscription(service_type):
            getFreeIP(gateway)
def creation_validation(vca_client, **kwargs):
    """
        validate node context,
        fields from floatingip dict:
        * edge_gateway - mandatory,
        * public_ip - prefered ip for node, can be empty
        fields from vcloud_config:
        * service_type - ondemand, subscription
        also check availability of public ip if set or exist some free
        ip in subscription case
    """
    floatingip = get_mandatory(ctx.node.properties, 'floatingip')
    edge_gateway = get_mandatory(floatingip, 'edge_gateway')
    gateway = get_gateway(vca_client, edge_gateway)
    service_type = get_vcloud_config().get('service_type')
    public_ip = floatingip.get(PUBLIC_IP)
    if public_ip:
        check_ip(public_ip)
        CheckAssignedExternalIp(public_ip, gateway)
    else:
        if is_subscription(service_type):
            getFreeIP(gateway)
Exemple #11
0
def _rule_operation(operation, vca_client):
    """
        create/delete firewall rules in gateway for current node
    """
    gateway_name = _get_gateway_name(ctx.target.node.properties)
    gateway = get_gateway(vca_client, gateway_name)
    for rule in ctx.target.node.properties['rules']:
        description = rule.get('description', "Rule added by pyvcloud").strip()
        source_ip = rule.get("source", "external")
        if not _is_literal_ip(source_ip):
            check_ip(source_ip)
        elif _is_host_ip(source_ip):
            source_ip = get_vm_ip(vca_client, ctx, gateway)
        source_port = str(rule.get("source_port", "any"))
        dest_ip = rule.get("destination", "external")
        if not _is_literal_ip(dest_ip):
            check_ip(dest_ip)
        elif _is_host_ip(dest_ip):
            dest_ip = get_vm_ip(vca_client, ctx, gateway)
        dest_port = str(rule.get('destination_port', 'any'))
        protocol = rule.get('protocol', 'any').capitalize()
        action = rule.get("action", "allow")
        log = rule.get('log_traffic', False)

        if operation == CREATE_RULE:
            gateway.add_fw_rule(
                True, description, action, protocol, dest_port, dest_ip,
                source_port, source_ip, log)
            ctx.logger.info(
                "Firewall rule has been created: {0}".format(description))
        elif operation == DELETE_RULE:
            gateway.delete_fw_rule(protocol, dest_port, dest_ip,
                                   source_port, source_ip)
            ctx.logger.info(
                "Firewall rule has been deleted: {0}".format(description))

    ctx.logger.info("Saving security group configuration")
    return save_gateway_configuration(gateway, vca_client, ctx)
def creation_validation(vca_client, **kwargs):
    """
        validate nat rules in node properties
    """
    nat = get_mandatory(ctx.node.properties, 'nat')
    gateway = get_gateway(vca_client, get_mandatory(nat, 'edge_gateway'))
    service_type = get_vcloud_config().get('service_type')
    public_ip = nat.get(PUBLIC_IP)
    if public_ip:
        check_ip(public_ip)
    else:
        if is_subscription(service_type):
            getFreeIP(gateway)
    for rule in get_mandatory(ctx.node.properties, 'rules'):
        if _is_dnat(rule['type']):
            utils.check_protocol(rule.get('protocol'))
            original_port = rule.get('original_port')
            if original_port and not isinstance(original_port, int):
                raise cfy_exc.NonRecoverableError(
                    "Parameter 'original_port' must be integer")
            translated_port = rule.get('translated_port')
            if translated_port and not isinstance(translated_port, int):
                raise cfy_exc.NonRecoverableError(
                    "Parameter 'translated_port' must be integer")
Exemple #13
0
def creation_validation(vca_client, **kwargs):
    """
        validate nat rules in node properties
    """
    nat = get_mandatory(ctx.node.properties, 'nat')
    gateway = get_gateway(vca_client, get_mandatory(nat, 'edge_gateway'))
    service_type = get_vcloud_config().get('service_type')
    public_ip = nat.get(PUBLIC_IP)
    if public_ip:
        check_ip(public_ip)
    else:
        if is_subscription(service_type):
            getFreeIP(gateway)
    for rule in get_mandatory(ctx.node.properties, 'rules'):
        if _is_dnat(rule['type']):
            utils.check_protocol(rule.get('protocol'))
            original_port = rule.get('original_port')
            if original_port and not isinstance(original_port, int):
                raise cfy_exc.NonRecoverableError(
                    "Parameter 'original_port' must be integer")
            translated_port = rule.get('translated_port')
            if translated_port and not isinstance(translated_port, int):
                raise cfy_exc.NonRecoverableError(
                    "Parameter 'translated_port' must be integer")
def creation_validation(vca_client, **kwargs):
    """
        check network description from node description
    """
    network_name = get_network_name(ctx.node.properties)
    ctx.logger.info("Validation cloudify.vcloud.nodes.Network node: {0}"
                    .format(network_name))
    if is_network_exists(vca_client, network_name):
        if ctx.node.properties.get('use_external_resource'):
            # TODO: check: default gateway must exists
            return
        else:
            raise cfy_exc.NonRecoverableError(
                "Network already exsists: {0}".format(network_name))

    net_prop = get_mandatory(ctx.node.properties, "network")
    gateway_name = get_mandatory(net_prop, 'edge_gateway')
    if not vca_client.get_gateway(get_vcloud_config()['vdc'], gateway_name):
        raise cfy_exc.NonRecoverableError(
            "Gateway {0} not found".format(gateway_name))

    static_ip = _split_adresses(get_mandatory(net_prop, 'static_range'))
    check_ip(static_ip.start)
    check_ip(static_ip.end)
    dns_list = net_prop.get("dns")
    if dns_list:
        for ip in dns_list:
            check_ip(ip)
    gateway_ip = check_ip(get_mandatory(net_prop, "gateway_ip"))
    netmask = check_ip(get_mandatory(net_prop, "netmask"))

    ips = [gateway_ip, static_ip.start, static_ip.end]
    dhcp = net_prop.get("dhcp")
    if dhcp:
        dhcp_range = get_mandatory(net_prop["dhcp"], "dhcp_range")
        dhcp_ip = _split_adresses(dhcp_range)
        if not is_separate_ranges(static_ip, dhcp_ip):
            raise cfy_exc.NonRecoverableError(
                "Static_range and dhcp_range is overlapped.")
        ips.extend([dhcp_ip.start, dhcp_ip.end])
    if not is_ips_in_same_subnet(ips, netmask):
            raise cfy_exc.NonRecoverableError(
                "IP addresses in different subnets.")