class VPNEndpointRemoteSiteSerializer(ConsulSerializer): """Serializer for VPNEndpointRemoteSite""" consul_model = VPNEndpointRemoteSite # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) peer_address = serializers.CharField(max_length=255, validators=[check_ipaddress_or_fqdn]) peer_cidrs = serializers.ListField(child=serializers.CharField(), validators=[check_cidrs]) vpncertificate_id = CustomUUIDField(format='hex_verbose', validators=[check_vpncertificate_id], required=False, default='') @staticmethod def validate_peer_cidrs(value): return remove_duplicates_from_list(value)
class VPNBindLocalSiteToRemoteSiteSerializer(ConsulSerializer): """Serializer for VPNBindLocalSiteToRemoteSite This is applicable to both localsite-remotesite and remotesite-localsite bind. """ consul_model = VPNBindLocalSiteToRemoteSite # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) vpnendpointlocalsite_id = CustomUUIDField( validators=[check_vpnendpointlocalsite_id]) peer_vpnendpointremotesite_id = CustomUUIDField(validators= [check_peer_vpnendpointremotesite_id]) admin_state_up = serializers.BooleanField(default=True) dpd_action = serializers.ChoiceField(choices=BIND_DPD_ACTION, default='hold') dpd_interval = serializers.IntegerField(max_value=None, min_value=1, default=30) dpd_timeout = serializers.IntegerField(max_value=None, min_value=1, default=120) auth_mode = serializers.ChoiceField(BIND_AUTH_MODE, default='psk') psk = serializers.CharField(allow_blank=False) initiator = serializers.ChoiceField(choices=BIND_INITIATOR, default='bi-directional') status = serializers.ChoiceField(choices=BIND_SITE_STATUS, default='PENDING_CREATE') ikepolicy_id = CustomUUIDField(format='hex_verbose', validators=[check_ikepolicy_id]) ipsecpolicy_id = CustomUUIDField(format='hex_verbose', validators=[check_ipsecpolicy_id]) def validate(self, attrs): if attrs['auth_mode'] == 'cert': attrs['psk'] = '' return attrs
class VPNBindGroupToGroupSerializer(ConsulSerializer): """Serializer for VPNBindGroupToGroup""" consul_model = VPNBindGroupToGroup # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) vpnendpointgroup_id = CustomUUIDField( format='hex_verbose', validators=[check_vpnendpointgroup_id]) peer_vpnendpointgroup_id = CustomUUIDField( format='hex_verbose', validators=[check_peer_vpnendpointgroup_id]) admin_state_up = serializers.BooleanField(default=True) dpd_action = serializers.ChoiceField(choices=BIND_DPD_ACTION, default='hold') dpd_interval = serializers.IntegerField(max_value=None, min_value=1, default=30) dpd_timeout = serializers.IntegerField(max_value=None, min_value=1, default=120) auth_mode = serializers.ChoiceField(choices=BIND_AUTH_MODE, default='psk') psk = serializers.CharField(default='', required=False) initiator = serializers.ChoiceField(choices=BIND_INITIATOR, default='bi-directional') ikepolicy_id = CustomUUIDField(format='hex_verbose', validators=[check_ikepolicy_id]) ipsecpolicy_id = CustomUUIDField(format='hex_verbose', validators=[check_ipsecpolicy_id]) def validate(self, attrs): if attrs.get('auth_mode', None) == 'cert': attrs['psk'] = '' return attrs
class VPNEndpointGroupSerializer(ConsulSerializer): """Serializer for VPNEndpointGroup""" consul_model = VPNEndpointGroup # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) vpncertificate_id = CustomUUIDField(format='hex_verbose', validators=[check_vpncertificate_id], required=False, default='')
class VPNCertificateSerializer(ConsulSerializer): """Serializer for VPNCertificate""" consul_model = VPNCertificate # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) certificate = serializers.FileField() # TODO: Private Key is stored in plain text key = serializers.FileField() right_id = serializers.CharField(allow_blank=False) vpncacertificate_id = CustomUUIDField(format='hex_verbose', validators=[check_vpncacertificate_id])
class VPNCACertificateSerializer(ConsulSerializer): """Serializer for VPNCACertificate""" consul_model = VPNCACertificate # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) ca_certificate = serializers.FileField()
class IPsecPolicySerializer(ConsulSerializer): """Serializer for IPsecPolicy""" consul_model = IPsecPolicy # IPsecPolicy Attributes' Choices _IKE_ENCRYPTION_ALGORITHM = list( set(IPSEC_IKEV1_ENCRYPTION_ALGORITHM + IPSEC_IKEV2_ENCRYPTION_ALGORITHM)) _IKE_INTEGRITY_ALGORITHM = list( set(IPSEC_IKEV1_INTEGRITY_ALGORITHM + IPSEC_IKEV2_INTEGRITY_ALGORITHM)) _IPSEC_ESN_MODE = ( 'esn', 'noesn', ) _IPSEC_TRANSFORM_PROTOCOL = ( 'ah', 'esp', ) _IPSEC_ENCAPSULATION_MODE = ( 'transport', 'tunnel', ) # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) transform_protocol = serializers.ChoiceField( choices=_IPSEC_TRANSFORM_PROTOCOL, default='esp') encryption_algorithm = serializers.MultipleChoiceField( choices=_IKE_ENCRYPTION_ALGORITHM, default=['aes128']) integrity_algorithm = serializers.MultipleChoiceField( choices=_IKE_INTEGRITY_ALGORITHM, default=['sha1']) dh_group = serializers.MultipleChoiceField(choices=DH_GROUP, default=['modp1536']) esn_mode = serializers.ChoiceField(choices=_IPSEC_ESN_MODE, default='noesn') encapsulation_mode = serializers.ChoiceField( choices=_IPSEC_ENCAPSULATION_MODE, default='tunnel') lifetime_value = serializers.IntegerField(max_value=None, min_value=1, default=3600) lifetime_units = serializers.ChoiceField(choices=LIFETIME_UNITS, default='seconds')
class IPsecEnforcerRegistrationSerializer(ConsulSerializer): """Serializer for IPsecEnforcerRegistration""" consul_model = IPsecEnforcerRegistration # IPsecEnforcerRegistration Attributes' Choices _VPN_ENDPOINT_TYPE = ( 'group', 'localsite', ) # Validators for all the record fields # 'id' is a UUID field which is auto-generated while creating a new # record id = CustomUUIDField(format='hex_verbose', default=generate_uuid) description = serializers.CharField(allow_blank=True, default='') endpoint_name = serializers.ListField(child=serializers.CharField()) endpoint_type = serializers.ListField(child=serializers.ChoiceField( choices=_VPN_ENDPOINT_TYPE)) instance_id = serializers.CharField(allow_blank=True) # FQDN of VPN Tunnel Interface fqdn_tunnel = serializers.CharField() # FQDN of IPsec EMS Interface fqdn = serializers.CharField() macaddress = serializers.CharField(max_length=255, allow_blank=True) def validate(self, attrs): """Check that the endpoint_name is valid""" endpoint_name = attrs['endpoint_name'] endpoint_type = attrs['endpoint_type'] if len(endpoint_name) != len(set(endpoint_name)): raise serializers.ValidationError( _("Duplicates are not allowed in " "the list of endpoint_name")) if len(endpoint_name) != len(endpoint_type): raise serializers.ValidationError( _("Number of entries in the list " "of endpoint_type and " "endpoint_name should be same")) for endpoint_name, endpoint_type in izip_longest( endpoint_name, endpoint_type): if endpoint_type == 'group': record = storage.plugin.get_records_by_secondary_index( 'vpnendpointgroups', 'name', endpoint_name) elif endpoint_type == 'localsite': record = storage.plugin.get_records_by_secondary_index( 'vpnendpointlocalsites', 'name', endpoint_name) elif endpoint_type == 'remotesite': record = storage.plugin.get_records_by_secondary_index( 'vpnendpointremotesites', 'name', endpoint_name) if (record is None) or (not record): raise serializers.ValidationError( ("endpoint_name {0} is not " "a valid endpoint_type " "{1}").format(endpoint_name, endpoint_type)) else: IPsecEnforcerInfo().put_ipsecenforcer_to_vpnendpoint_map( attrs['id'], { 'endpoint_id': record[0]['id'], 'endpoint_type': endpoint_type }, temp=True) return attrs
class IKEPolicySerializer(ConsulSerializer): """Serializer for IKEPolicy""" consul_model = IKEPolicy # # IKEPolicy Attributes' Choices # _IKE_ENCRYPTION_ALGORITHM = list( set(IKEV1_ENCRYPTION_ALGORITHM + IKEV2_ENCRYPTION_ALGORITHM)) _IKE_INTEGRITY_ALGORITHM = list( set(IKEV1_INTEGRITY_ALGORITHM + IKEV2_INTEGRITY_ALGORITHM)) _IKE_PHASE1_MODE = ( 'aggressive', 'main', ) _IKE_VERSION = ( 'v1', 'v2', ) _IKE_REKEY = ( 'yes', 'no', ) _IKE_REAUTH = ( 'yes', 'no', ) # # Validators for all the resource fields # id = CustomUUIDField(format='hex_verbose', default=generate_uuid) name = serializers.CharField() description = serializers.CharField(required=False) ike_version = serializers.ChoiceField(choices=_IKE_VERSION, default='v2') encryption_algorithm = serializers.MultipleChoiceField( choices=_IKE_ENCRYPTION_ALGORITHM, default=['aes128']) integrity_algorithm = serializers.MultipleChoiceField( choices=_IKE_INTEGRITY_ALGORITHM, default=['sha1']) dh_group = serializers.MultipleChoiceField(choices=DH_GROUP, default=['modp1536']) phase1_negotiation_mode = serializers.ChoiceField(choices=_IKE_PHASE1_MODE, default='main') lifetime_value = serializers.IntegerField(max_value=None, min_value=1, default=3, required=False) lifetime_units = serializers.ChoiceField(choices=LIFETIME_UNITS, default='hours') rekey = serializers.ChoiceField(choices=_IKE_REKEY, default='yes') reauth = serializers.ChoiceField(choices=_IKE_REAUTH, default='yes')