def get_default_region_ip(request):
"""Returns the default reply address for the given HTTP request."""
remote_ip = get_remote_ip(request)
default_region_ip = None
if remote_ip is not None:
default_region_ip = get_source_address(remote_ip)
return default_region_ip
def create_audit_event(event_type,
endpoint,
request,
system_id=None,
description=None):
"""Helper to register Audit events.
These are events that have an event type level of AUDIT."""
event_description = description if description is not None else ""
# Retrieve Django request's user agent if it is set.
user_agent = request.META.get("HTTP_USER_AGENT", "")
ip_address = get_remote_ip(request)
user = None if isinstance(request.user, AnonymousUser) else request.user
Event.objects.register_event_and_event_type(
type_name=event_type,
type_description=EVENT_DETAILS[event_type].description,
type_level=AUDIT,
event_description=event_description,
system_id=system_id,
user=user,
ip_address=ip_address,
endpoint=endpoint,
user_agent=user_agent,
)
def test_fallsback_to_REMOTE_ADDR_for_invalid_X_FORWARDED_FOR(self):
ip_address = factory.make_ipv4_address()
request = HttpRequest()
request.META = {
"HTTP_X_FORWARDED_FOR": factory.make_name("garbage ip"),
"REMOTE_ADDR": ip_address,
}
self.assertEqual(ip_address, get_remote_ip(request))
def test__fallsback_to_REMOTE_ADDR_for_invalid_X_FORWARDED_FOR(self):
ip_address = factory.make_ipv4_address()
request = HttpRequest()
request.META = {
'HTTP_X_FORWARDED_FOR': factory.make_name('garbage ip'),
'REMOTE_ADDR': ip_address,
}
self.assertEquals(ip_address, get_remote_ip(request))
def get_apt_proxy(request, rack_controller=None, node=None):
"""Return the APT proxy for the `rack_controller`."""
config = Config.objects.get_configs([
"enable_http_proxy",
"http_proxy",
"use_peer_proxy",
"maas_proxy_port",
"maas_internal_domain",
"use_rack_proxy",
])
if config["enable_http_proxy"]:
http_proxy = config["http_proxy"]
if http_proxy is not None:
http_proxy = http_proxy.strip()
use_peer_proxy = config["use_peer_proxy"]
if http_proxy and not use_peer_proxy:
return http_proxy
else:
# Ensure the proxy port is the default if not set.
maas_proxy_port = config["maas_proxy_port"]
if not maas_proxy_port:
maas_proxy_port = 8000
# Use the client requesting the preseed to determine how they
# should access the APT proxy.
subnet = None
remote_ip = get_remote_ip(request)
if remote_ip is not None:
subnet = Subnet.objects.get_best_subnet_for_ip(remote_ip)
use_dns = (subnet is not None and not subnet.dns_servers
and subnet.vlan.dhcp_on)
if config["use_rack_proxy"] and use_dns:
# Client can use the MAAS proxy on the rack controller with
# DNS resolution providing better HA.
return "http://%s.%s:%d/" % (
get_resource_name_for_subnet(subnet),
config["maas_internal_domain"],
maas_proxy_port,
)
elif (config["use_rack_proxy"] and node is not None
and node.boot_cluster_ip):
# Client can use the MAAS proxy on the rack controller with
# IP address, instead of DNS.
return "http://%s:%d/" % (
node.boot_cluster_ip,
maas_proxy_port,
)
else:
# Fallback to sending the APT directly to the
# region controller.
region_ip = get_default_region_ip(request)
url = "http://:%d/" % maas_proxy_port
return compose_URL(
url,
get_maas_facing_server_host(rack_controller,
default_region_ip=region_ip),
)
else:
return None
def test_gets_client_ip_for_X_FORWARDED_FOR_with_proxies(self):
ip_address = factory.make_ipv4_address()
proxy1 = factory.make_ipv4_address()
proxy2 = factory.make_ipv4_address()
request = HttpRequest()
request.META = {
"HTTP_X_FORWARDED_FOR": "%s, %s, %s" % (ip_address, proxy1, proxy2)
}
self.assertEqual(ip_address, get_remote_ip(request))
def get_apt_proxy(request, rack_controller=None):
"""Return the APT proxy for the `rack_controller`."""
config = Config.objects.get_configs([
'enable_http_proxy', 'http_proxy', 'use_peer_proxy', 'maas_proxy_port',
'maas_internal_domain', 'use_rack_proxy'
])
if config["enable_http_proxy"]:
http_proxy = config["http_proxy"]
if http_proxy is not None:
http_proxy = http_proxy.strip()
use_peer_proxy = config["use_peer_proxy"]
if http_proxy and not use_peer_proxy:
return http_proxy
else:
# Ensure the proxy port is the default if not set.
maas_proxy_port = config["maas_proxy_port"]
if not maas_proxy_port:
maas_proxy_port = 8000
# Use the client requesting the preseed to determine how they
# should access the APT proxy.
subnet = None
remote_ip = get_remote_ip(request)
if remote_ip is not None:
subnet = Subnet.objects.get_best_subnet_for_ip(remote_ip)
if (config['use_rack_proxy'] and subnet is not None
and not subnet.dns_servers):
# Client can use the MAAS proxy on the rack controller.
return "http://%s.%s:%d/" % (get_resource_name_for_subnet(
subnet), config["maas_internal_domain"], maas_proxy_port)
else:
# Client cannot use the MAAS proxy on the rack controller
# because rack proxy is disabled, the subnet the IP belongs to
# is unknown or the subnet is using DNS servers that are not
# MAAS. Fallback to using the old way pre MAAS 2.5.
region_ip = get_default_region_ip(request)
url = "http://:%d/" % maas_proxy_port
return compose_URL(
url,
get_maas_facing_server_host(rack_controller,
default_region_ip=region_ip))
else:
return None
def test_returns_None_empty_META(self):
request = HttpRequest()
request.META = {}
self.assertIsNone(get_remote_ip(request))
def test_returns_None_for_invalid_ip(self):
ip_address = factory.make_name("garbage ip")
request = HttpRequest()
request.META = {"REMOTE_ADDR": ip_address}
self.assertIsNone(get_remote_ip(request))
def test_gets_client_ipv6_for_REMOTE_ADDR(self):
ip_address = factory.make_ipv6_address()
request = HttpRequest()
request.META = {"REMOTE_ADDR": ip_address}
self.assertEqual(ip_address, get_remote_ip(request))
def test_gets_client_ipv6_for_HTTP_X_FORWARDED_FOR(self):
ip_address = factory.make_ipv6_address()
request = HttpRequest()
request.META = {"HTTP_X_FORWARDED_FOR": ip_address}
self.assertEqual(ip_address, get_remote_ip(request))
