def test_actions():
"""
Tests Actions
"""
endpoint = endpoint_factory('foo')
endpoint.endpoint_data = {
'mac': '00:00:00:00:00:00',
'segment': 'foo',
'port': '1'
}
s = get_sdn_connect(logger)
a = Actions(endpoint, s.sdnc)
a.mirror_endpoint()
a.unmirror_endpoint()
a.coprocess_endpoint()
a.uncoprocess_endpoint()
def test_actions_nosdn():
"""
Tests Actions with no SDN controller
"""
endpoint = endpoint_factory('foo')
endpoint.endpoint_data = {
'mac': '00:00:00:00:00:00',
'segment': 'foo',
'port': '1'
}
s = get_sdn_connect(logger)
s.sdnc = None
a = Actions(endpoint, s.sdnc)
a.mirror_endpoint()
a.unmirror_endpoint()
a.coprocess_endpoint()
a.uncoprocess_endpoint()
def unmirror_endpoint(self, endpoint):
''' unmirror an endpoint. '''
if endpoint.operation_active():
status = Actions(endpoint, self.sdnc).unmirror_endpoint()
if not status:
self.logger.warning(
'Unable to unmirror the endpoint: {0}'.format(endpoint.name))
endpoint.force_unknown()
else:
self.logger.info('Not unmirroring endpoint {0} in state {1}'.format(
endpoint.name, endpoint.state))
def handler_action_update_acls(my_obj):
for ip in my_obj:
rules = my_obj[ip]
endpoints = self.sdnc.endpoints_by_ip(ip)
if endpoints:
endpoint = endpoints[0]
try:
status = Actions(
endpoint, self.sdnc.sdnc).update_acls(
rules_file=self.config['RULES_FILE'], endpoints=endpoints, force_apply_rules=rules)
if not status:
self.logger.warning(
'Unable to apply rules: {0} to endpoint: {1}'.format(rules, endpoint.name))
except Exception as e:
self.logger.error(
'Unable to apply rules: {0} to endpoint: {1} because {2}'.format(rules, endpoint.name, str(e)))
return {}
def mirror_endpoint(self, endpoint):
''' mirror an endpoint. '''
status = Actions(endpoint, self.sdnc).mirror_endpoint()
if not status:
self.logger.warning(
'Unable to mirror the endpoint: {0}'.format(endpoint.name))
def find_new_machines(self, machines):
'''parse switch structure to find new machines added to network
since last call'''
change_acls = False
machine_ips = set()
for machine in machines:
machine['ether_vendor'] = get_ether_vendor(
machine['mac'], '/poseidon/src/core/core/metadata/nmap-mac-prefixes.txt')
machine_ips.update(self._parse_machine_ip(machine))
if 'controller_type' not in machine:
machine.update({
'controller_type': 'none',
'controller': ''})
if machine_ips:
self.logger.debug('resolving %s' % machine_ips)
resolved_machine_ips = self.dns_resolver.resolve_ips(
list(machine_ips))
self.logger.debug('resolver results %s', resolved_machine_ips)
for machine in machines:
self._update_machine_rdns(machine, resolved_machine_ips)
for machine in machines:
trunk = False
for sw in self.trunk_ports:
if sw == machine['segment'] and self.trunk_ports[sw].split(',')[1] == str(machine['port']) and self.trunk_ports[sw].split(',')[0] == machine['mac']:
trunk = True
h = Endpoint.make_hash(machine, trunk=trunk)
ep = self.endpoints.get(h, None)
if ep is None:
change_acls = True
m = endpoint_factory(h)
m.endpoint_data = deepcopy(machine)
m.touch()
self.endpoints[m.name] = m
self.logger.info(
'Detected new endpoint: {0}:{1}'.format(m.name, machine))
continue
self.merge_machine_ip(ep.endpoint_data, machine)
if ep.endpoint_data != machine and not ep.ignore:
diff_txt = self._diff_machine(ep.endpoint_data, machine)
self.logger.info(
'Endpoint changed: {0}:\n{1}'.format(h, diff_txt))
change_acls = True
ep.endpoint_data = deepcopy(machine)
ep.touch()
if change_acls and self.config['AUTOMATED_ACLS']:
status = Actions(None, self.sdnc).update_acls(
rules_file=self.config['RULES_FILE'],
endpoints=self.endpoints.values())
if isinstance(status, list):
self.logger.info(
'Automated ACLs did the following: {0}'.format(status[1]))
for item in status[1]:
machine = {'mac': item[1],
'segment': item[2], 'port': item[3]}
h = Endpoint.make_hash(machine)
ep = self.endpoints.get(h, None)
if ep:
ep.acl_data.append(
((item[0], item[4], item[5]), int(time.time())))