def isipaddress(data): """ Checks if the passed string is a valid IPv4 or IPv6 address """ isipaddress = True try: ipaddress.ip_address(data) except ValueError: isipaddress = False return isipaddress
def netmask(self): if self._values['netmask'] is None: return None try: result = int(self._values['netmask']) # CIDRs between 0 and 128 are allowed if 0 <= result <= 128: return result else: raise F5ModuleError( "The provided netmask must be between 0 and 32 for IPv4, or " "0 and 128 for IPv6.") except ValueError: # not a number, but that's ok. Further processing necessary pass if not is_valid_ip(self._values['netmask']): raise F5ModuleError( 'The provided netmask {0} is neither in IP or CIDR format'. format(result)) # Create a temporary address to check if the netmask IP is v4 or v6 addr = ip_address(u'{0}'.format(str(self._values['netmask']))) if addr.version == 4: # Create a more real v4 address using a wildcard, so that we can determine # the CIDR value from it. ip = ip_network(u'0.0.0.0/%s' % str(self._values['netmask'])) result = ip.prefixlen else: result = ipv6_netmask_to_cidr(self._values['netmask']) return result
def _normalize_san(self, san): if san.startswith('IP Address:'): san = 'IP:' + san[len('IP Address:'):] if san.startswith('IP:'): ip = compat_ipaddress.ip_address(san[3:]) san = 'IP:{0}'.format(ip.compressed) return san
def address(self): if self._values['address'] is None: return None if is_valid_ip(self._values['address']): ip = str(ip_address(u'{0}'.format(self._values['address']))) return ip raise F5ModuleError("Specified 'address' is not an IP address.")
def is_ipv6_address(address): """ test if address is a valid ipv6 address """ try: addr = ip_address(u'{0}'.format(address)) return isinstance(addr, IPv6Address) except ValueError: pass return False
def _normalize_san(self, san): # apparently openssl returns 'IP address' not 'IP' as specifier when converting the subjectAltName to string # although it won't accept this specifier when generating the CSR. (https://github.com/openssl/openssl/issues/4004) if san.startswith('IP Address:'): san = 'IP:' + san[len('IP Address:'):] if san.startswith('IP:'): ip = compat_ipaddress.ip_address(san[3:]) san = 'IP:{0}'.format(ip.compressed) return san
def check_params(self): rules_by_host = {} for host in self.hosts: rules_by_host[host.name] = self.firewall_facts[host.name].keys() for rule_option in self.rule_options: rule_name = rule_option.get('name') if rule_name is None: self.module.fail_json( msg="Please specify rule.name for rule set" " as it is required parameter.") hosts_with_rule_name = [ h for h, r in rules_by_host.items() if rule_name in r ] hosts_without_rule_name = set([i.name for i in self.hosts ]) - set(hosts_with_rule_name) if hosts_without_rule_name: self.module.fail_json( msg="rule named '%s' wasn't found on hosts: %s" % (rule_name, hosts_without_rule_name)) if 'enabled' not in rule_option: self.module.fail_json( msg="Please specify rules.enabled for rule set" " %s as it is required parameter." % rule_name) allowed_hosts = rule_option.get('allowed_hosts', {}) ip_addresses = allowed_hosts.get('ip_address', []) ip_networks = allowed_hosts.get('ip_network', []) for ip_address in ip_addresses: try: ipaddress.ip_address(ip_address) except ValueError: self.module.fail_json( msg="The provided IP address %s is not a valid IP" " for the rule %s" % (ip_address, rule_name)) for ip_network in ip_networks: try: ipaddress.ip_network(ip_network) except ValueError: self.module.fail_json( msg="The provided IP network %s is not a valid network" " for the rule %s" % (ip_network, rule_name))
def normalize_ip(ip, ip_version): if ip is None: return ip if '/' in ip: ip, range = ip.split('/') else: ip, range = ip, '' ip_addr = to_native(compat_ipaddress.ip_address(to_text(ip)).compressed) if range == '': range = '32' if ip_version.lower() == 'ipv4' else '128' return ip_addr + '/' + range
def address_ranges(self): result = [] for item in self._values['addresses']: if '-' not in item['name']: continue start, stop = item['name'].split('-') start = start.strip() stop = stop.strip() start = ip_address(u'{0}'.format(start)) stop = ip_address(u'{0}'.format(stop)) if start.version != stop.version: raise F5ModuleError( "When specifying a range, IP addresses must be of the same type; IPv4 or IPv6." ) if int(start) > int(stop): stop, start = start, stop item = '{0}-{1}'.format(str(start), str(stop)) result.append(item) result = sorted(result) return result
def is_ipv4_address(data): """ Checks if the passed string is a valid IPv4 address """ if "/" in data: data = data.split("/")[0] if not isipaddress(to_text(data)): raise ValueError("{0} is not a valid IP address".format(data)) return ipaddress.ip_address(to_text(data)).version == 4
def get_ip_address_version(address): """ This function returns the version of IP address :param address: IP address :return: """ try: address = unicode(address) except NameError: address = str(address) version = ipaddress.ip_address(address.split("/")[0]).version return version
def addresses(self): if self._values['addresses'] is None: return None result = [] for x in self._values['addresses']: if is_valid_ip(x): result.append(str(ip_address(u'{0}'.format(x)))) elif is_valid_ip_interface(x): result.append(str(ip_interface(u'{0}'.format(x)))) else: raise F5ModuleError( "Address {0} must be either an IPv4 or IPv6 address or network." .format(x)) result = sorted(result) return result
def is_within_local_networks(self, address): """ test if address is contained in our local networks """ networks = self.get_interfaces_networks() try: addr = ip_address(u'{0}'.format(address)) except ValueError: return False for network in networks: try: net = ip_network(u'{0}'.format(network), strict=False) if addr in net: return True except ValueError: pass return False
def netmask(self): if self._values['netmask'] is None: return None result = -1 try: result = int(self._values['netmask']) if 0 < result < 256: pass except ValueError: if is_valid_ip(self._values['netmask']): addr = ip_address(u'{0}'.format(str(self._values['netmask']))) if addr.version == 4: ip = ip_network(u'0.0.0.0/%s' % str(self._values['netmask'])) result = ip.prefixlen else: result = ipv6_netmask_to_cidr(self._values['netmask']) if result < 0: raise F5ModuleError( 'The provided netmask {0} is neither in IP or CIDR format'.format(result) ) return result
def _check_subnet(self): """ check if addr lies into interface subnets """ def _check_vips(): virtualips = self.pfsense.get_element('virtualip') if virtualips is None: return False for vip_elt in virtualips: if vip_elt.find('interface').text != self.interface_elt.tag or vip_elt.find('mode').text != 'other' or vip_elt.find('type').text != 'network': continue subnet = ip_network(u'{0}/{1}'.format(vip_elt.find('subnet').text, vip_elt.find('subnet_bits').text), strict=False) if addr in subnet: return True return False if self.params['ipprotocol'] == 'inet': inet_type = 'IPv4' f1_elt = self.interface_elt.find('ipaddr') f2_elt = self.interface_elt.find('subnet') else: inet_type = 'IPv6' f1_elt = self.interface_elt.find('ipaddrv6') f2_elt = self.interface_elt.find('subnetv6') if f1_elt is None or f1_elt.text is None or f2_elt is None or f2_elt.text is None: self.module.fail_json(msg='Cannot add {0} Gateway Address because no {0} address could be found on the interface.'.format(inet_type)) try: if self.params['nonlocalgateway']: return addr = ip_address(u'{0}'.format(self.params['gateway'])) subnet = ip_network(u'{0}/{1}'.format(f1_elt.text, f2_elt.text), strict=False) if addr in subnet or _check_vips(): return self.module.fail_json(msg="The gateway address {0} does not lie within one of the chosen interface's subnets.".format(self.params['gateway'])) except ValueError: self.module.fail_json(msg='Cannot add {0} Gateway Address because no {0} address could be found on the interface.'.format(inet_type))
def parse_attribs(self, conf): config = {} ipaddrs = re.findall(r"address (\S+)", conf, re.M) config["ipv4"] = [] config["ipv6"] = [] for item in ipaddrs: item = item.strip("'") if item == "dhcp": config["ipv4"].append({"address": item}) elif item == "dhcpv6": config["ipv6"].append({"address": item}) else: ip_version = ipaddress.ip_address(item.split("/")[0]).version if ip_version == 4: config["ipv4"].append({"address": item}) else: config["ipv6"].append({"address": item}) for key, value in iteritems(config): if value == []: config[key] = None return utils.remove_empties(config)
def _normalize_ip(ip): try: return to_native(compat_ipaddress.ip_address(to_text(ip)).compressed) except ValueError: # We don't want to error out on something IPAddress() can't parse return ip