def editgroup(self, group_name, members):
"""
Edit a group only if it exists and replace and add with the new values.
group_name - group_name of the group (str)
members - members to add: @domain.com, account@, [email protected], a.b.c.d, a.b.c.d/cidr
"""
is_valid_redis_key(group_name)
group_name = group_name.lower()
group, groupips = self.getgroup(group_name)
if not group and not groupips:
raise GroupError('Group "%s" does not exists' % group_name)
if type(members) is not list:
raise TypeError('Expect a list. Found: %s' % type(members))
gmembers, ipmembers = [], []
for member in members:
data = isvalidtype(member)
if type(data) is IPNetwork:
ipmembers.append(str(data))
else:
gmembers.append(member)
if 'any' in members:
raise ValueError('Could not add "any" type members')
key = self.namespace(group_name)
ipkey = self.ipnamespace(group_name)
with self.redis.pipeline() as pipe:
if gmembers:
pipe.sadd(key, *gmembers)
if ipmembers:
pipe.sadd(ipkey, *ipmembers)
pipe.sadd(':'.join(('list', 'groups')), key)
pipe.execute()
def remove_pool(self, pool_name):
is_valid_redis_key(pool_name)
pool_namespace = ':'.join(('pool', pool_name))
with self.redis.pipeline() as pipe:
pipe.delete(pool_namespace)
pipe.srem('list:pools', pool_namespace)
del_result, _ = pipe.execute()
if not del_result:
raise ValueError('Could not find pool name %s' % pool_name)
def remove_pool(self, pool_name):
is_valid_redis_key(pool_name)
pool_namespace = ':'.join(('pool', pool_name))
with self.redis.pipeline() as pipe:
pipe.delete(pool_namespace)
pipe.srem('list:pools', pool_namespace)
del_result, _ = pipe.execute()
if not del_result:
raise ValueError('Could not find pool name %s' % pool_name)
def delgroup(self, group_name):
is_valid_redis_key(group_name)
group = self.namespace(group_name)
with self.redis.pipeline() as pipe:
pipe.delete(group)
pipe.delete(self.ipnamespace(group_name))
pipe.srem('list:groups', group)
delgroup, delgroup_ip, _ = pipe.execute()
if not delgroup and not delgroup_ip:
raise GroupError('Group "%s" does not exists' % group_name)
def remove_server_from_pool(self, pool_name, servers):
is_valid_redis_key(pool_name)
pool_namespace = ':'.join(('pool', pool_name))
if type(servers) is not list:
raise TypeError('Wrong type of parameters, expect list, found: %s' % type(servers))
if len(servers) >= len(self.redis.smembers(pool_namespace)):
raise IndexError('You MUST NOT remove all the servers, remove the pool instead')
result = self.redis.srem(pool_namespace, *servers)
if not result:
raise ValueError('Could not find any servers to delete: %s' % servers)
return result
def delgroup_member(self, group_name, members):
is_valid_redis_key(group_name)
if type(members) is not list:
raise TypeError('Expect a list. Found: %s' % type(members))
replaced_members, ip_members = self.getgroup(group_name)
replaced_members += ip_members
[replaced_members.remove(del_member) for del_member in members if del_member in replaced_members]
if not replaced_members:
raise GroupError('There only one member left. Remove group instead.')
self.delgroup(group_name)
self.setgroup(group_name, replaced_members)
def editpool(self, pool_name, servers):
is_valid_redis_key(pool_name)
self.getpool(pool_name)
for server in servers:
# http://stackoverflow.com/questions/11809631/fully-qualified-domain-name-validation?answertab=votes#tab-top
if not re.match(r'(?=^.{4,255}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)', server):
raise ValueError('Is not a qualified server: %s' % server)
pool_namespace = ':'.join(('pool', pool_name))
with self.redis.pipeline() as pipe:
pipe.sadd(pool_namespace, *servers)
pipe.sadd('list:pools', pool_namespace)
pipe.execute()
def remove_server_from_pool(self, pool_name, servers):
is_valid_redis_key(pool_name)
pool_namespace = ':'.join(('pool', pool_name))
if type(servers) is not list:
raise TypeError(
'Wrong type of parameters, expect list, found: %s' %
type(servers))
if len(servers) >= len(self.redis.smembers(pool_namespace)):
raise IndexError(
'You MUST NOT remove all the servers, remove the pool instead')
result = self.redis.srem(pool_namespace, *servers)
if not result:
raise ValueError('Could not find any servers to delete: %s' %
servers)
return result
def editpool(self, pool_name, servers):
is_valid_redis_key(pool_name)
self.getpool(pool_name)
for server in servers:
# http://stackoverflow.com/questions/11809631/fully-qualified-domain-name-validation?answertab=votes#tab-top
if not re.match(
r'(?=^.{4,255}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)',
server):
raise ValueError('Is not a qualified server: %s' % server)
pool_namespace = ':'.join(('pool', pool_name))
with self.redis.pipeline() as pipe:
pipe.sadd(pool_namespace, *servers)
pipe.sadd('list:pools', pool_namespace)
pipe.execute()
def addpool(self, pool_name, servers):
is_valid_redis_key(pool_name)
if pool_name in RESERVERD_KEYWORDS:
raise ValueError('Reserved word found: %s. Use another name' % ', '.join(RESERVERD_KEYWORDS))
try:
self.getpool(pool_name)
raise ValueError('Pool "%s" already exists' % pool_name)
except Exception:
pass
for server in servers:
# http://stackoverflow.com/questions/11809631/fully-qualified-domain-name-validation?answertab=votes#tab-top
if not re.match(r'(?=^.{4,255}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)', server):
raise ValueError('Is not a qualified server: %s' % server)
pool_namespace = ':'.join(('pool', pool_name))
with self.redis.pipeline() as pipe:
pipe.sadd(pool_namespace, *servers)
pipe.sadd('list:pools', pool_namespace)
pipe.execute()
def setgroup(self, group_name, members):
"""
Set a new group with the specified members. If the group exists it will append to it
group_name - group_name of the group (str)
members - members to add: @domain.com, account@, [email protected], a.b.c.d, a.b.c.d/cidr
"""
is_valid_redis_key(group_name)
if 'all' in group_name:
raise ValueError('Choose another group name, reserverd word: "all"')
group_name = group_name.lower()
try:
self.getgroup(group_name)
except ValueError:
# If does not exists, move to the next step
pass
else:
raise GroupError('Group already exists')
if type(members) is not list:
raise TypeError('Expect a list. Found: %s' % type(members))
if 'any' in members:
raise ValueError('Wrong member identified, reserverd word: "any"')
gmembers, ipmembers = [], []
for member in members:
data = isvalidtype(member)
if type(data) is IPNetwork:
ipmembers.append(str(data))
else:
gmembers.append(member)
key = self.namespace(group_name)
ipkey = self.ipnamespace(group_name)
with self.redis.pipeline() as pipe:
if gmembers:
pipe.sadd(key, *gmembers)
if ipmembers:
pipe.sadd(ipkey, *ipmembers)
pipe.sadd(':'.join(('list', 'groups')), key)
pipe.execute()
def do_init(self):
is_valid_redis_key(self.policy_name)
if self.policy_name in RESERVERD_KEYWORDS:
raise ValueError('Reserved word found: %s. Use another name' % ', '.join(RESERVERD_KEYWORDS))
self.policy_namespace = ':'.join(('policy', self.policy_name))
self.pool_policy = False
if ':' in self.policy_name:
self.pool_policy = True
split_policy = self.policy_name.split(':')
if len(split_policy) > 2:
raise ValueError('Accept only one colon for policy name')
self.pool_name, _ = split_policy
self._validate()
self._check_jailspec()
self._check_inverted()
self._check_action_headers()
self.is_destination_any = 'any' in self.destination
self.is_source_any = 'any' in self.source
def do_init(self):
is_valid_redis_key(self.policy_name)
if self.policy_name in RESERVERD_KEYWORDS:
raise ValueError('Reserved word found: %s. Use another name' %
', '.join(RESERVERD_KEYWORDS))
self.policy_namespace = ':'.join(('policy', self.policy_name))
self.pool_policy = False
if ':' in self.policy_name:
self.pool_policy = True
split_policy = self.policy_name.split(':')
if len(split_policy) > 2:
raise ValueError('Accept only one colon for policy name')
self.pool_name, _ = split_policy
self._validate()
self._check_jailspec()
self._check_inverted()
self._check_action_headers()
self.is_destination_any = 'any' in self.destination
self.is_source_any = 'any' in self.source
def addpool(self, pool_name, servers):
is_valid_redis_key(pool_name)
if pool_name in RESERVERD_KEYWORDS:
raise ValueError('Reserved word found: %s. Use another name' %
', '.join(RESERVERD_KEYWORDS))
try:
self.getpool(pool_name)
raise ValueError('Pool "%s" already exists' % pool_name)
except Exception:
pass
for server in servers:
# http://stackoverflow.com/questions/11809631/fully-qualified-domain-name-validation?answertab=votes#tab-top
if not re.match(
r'(?=^.{4,255}$)(^((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)+[a-zA-Z]{2,63}$)',
server):
raise ValueError('Is not a qualified server: %s' % server)
pool_namespace = ':'.join(('pool', pool_name))
with self.redis.pipeline() as pipe:
pipe.sadd(pool_namespace, *servers)
pipe.sadd('list:pools', pool_namespace)
pipe.execute()