def test_get_vm_ip(self):
"""
check get vm ip from conected networks
"""
fake_client = self.generate_client(vms_networks=[])
fake_ctx = self.generate_relation_context()
fake_ctx._source.node.properties = {
'vcloud_config': {
'edge_gateway': 'some_edge_gateway',
'vdc': 'vdc_name'
}
}
fake_ctx._source.instance.runtime_properties = {
network_plugin.VCLOUD_VAPP_NAME: "name"
}
# empty connections/no connection name
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.get_vm_ip(
fake_client, fake_ctx, fake_client._vdc_gateway
)
vms_networks = [{
'is_connected': True,
'network_name': 'network_name',
'is_primary': True,
'ip': '1.1.1.1'
}]
fake_client = self.generate_client(vms_networks=vms_networks)
# not routed
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.get_vm_ip(
fake_client, fake_ctx, fake_client._vdc_gateway
)
# routed
self.set_network_routed_in_client(fake_client)
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
self.assertEqual(
network_plugin.get_vm_ip(
fake_client, fake_ctx, fake_client._vdc_gateway
),
'1.1.1.1'
)
# no networks
fake_client._vapp.get_vms_network_info = mock.MagicMock(
return_value=[]
)
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.get_vm_ip(
fake_client, fake_ctx, fake_client._vdc_gateway
)
# no vapp
fake_client.get_vapp = mock.MagicMock(return_value=None)
with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
with self.assertRaises(cfy_exc.NonRecoverableError):
network_plugin.get_vm_ip(
fake_client, fake_ctx, fake_client._vdc_gateway
)
def prepare_server_operation(vca_client, operation):
"""
generate nat rules by current list of rules in node
"""
try:
gateway = get_gateway(
vca_client, ctx.target.node.properties['nat']['edge_gateway'])
public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
private_ip = get_vm_ip(vca_client, ctx, gateway)
has_snat = False
for rule in ctx.target.node.properties['rules']:
rule_type = rule['type']
if has_snat and _is_snat(rule_type):
ctx.logger.info("Rules list must contains only one SNAT rule.")
continue
protocol = rule.get('protocol', "any")
original_port = rule.get('original_port', "any")
translated_port = rule.get('translated_port', "any")
nat_network_operation(
vca_client, gateway, operation,
rule_type, public_ip,
private_ip, original_port, translated_port, protocol)
if _is_snat(rule_type):
has_snat = True
except KeyError as e:
raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
return _save_configuration(gateway, vca_client, operation, public_ip)
def prepare_server_operation(vca_client, operation):
"""
generate nat rules by current list of rules in node
"""
try:
gateway = get_gateway(
vca_client, ctx.target.node.properties['nat']['edge_gateway'])
public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
private_ip = get_vm_ip(vca_client, ctx, gateway)
has_snat = False
for rule in ctx.target.node.properties['rules']:
rule_type = rule['type']
if has_snat and _is_snat(rule_type):
ctx.logger.info("Rules list must contains only one SNAT rule.")
continue
protocol = rule.get('protocol', "any")
original_port = rule.get('original_port', "any")
translated_port = rule.get('translated_port', "any")
nat_network_operation(vca_client, gateway, operation, rule_type,
public_ip, private_ip, original_port,
translated_port, protocol)
if _is_snat(rule_type):
has_snat = True
except KeyError as e:
raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
return _save_configuration(gateway, vca_client, operation, public_ip)
def _rule_operation(operation, vca_client):
"""
create/delete firewall rules in gateway for current node
"""
gateway = get_gateway(
vca_client, _get_gateway_name(ctx.target.node.properties))
if gateway.is_busy():
return False
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external")
if not _is_literal_ip(source_ip):
check_ip(source_ip)
elif _is_host_ip(source_ip):
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any"))
dest_ip = rule.get("destination", "external")
if not _is_literal_ip(dest_ip):
check_ip(dest_ip)
elif _is_host_ip(dest_ip):
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any'))
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(
True, description, action, protocol, dest_port, dest_ip,
source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip,
source_port, source_ip)
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
return save_gateway_configuration(gateway, vca_client)
def _floatingip_operation(operation, vca_client, ctx):
"""
create/release floating ip by nat rules for this ip with
relation to internal ip for current node,
save selected public_ip in runtime properties
"""
service_type = get_vcloud_config().get('service_type')
gateway = get_gateway(
vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
internal_ip = get_vm_ip(vca_client, ctx, gateway)
nat_operation = None
public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
if operation == CREATE:
CheckAssignedInternalIp(internal_ip, gateway)
if public_ip:
CheckAssignedExternalIp(public_ip, gateway)
else:
public_ip = get_public_ip(vca_client, gateway, service_type, ctx)
nat_operation = _add_nat_rule
elif operation == DELETE:
if not public_ip:
ctx.logger.info("Can't get external IP".format(public_ip))
return
nat_operation = _del_nat_rule
else:
raise cfy_exc.NonRecoverableError(
"Unknown operation {0}".format(operation)
)
external_ip = check_ip(public_ip)
nat_operation(gateway, "SNAT", internal_ip, external_ip)
nat_operation(gateway, "DNAT", external_ip, internal_ip)
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
else:
if is_ondemand(service_type):
if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client,
gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP],
ctx)
del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _rule_operation(operation, vca_client):
"""
create/delete firewall rules in gateway for current node
"""
gateway = get_gateway(vca_client,
_get_gateway_name(ctx.target.node.properties))
if gateway.is_busy():
return False
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external")
if not _is_literal_ip(source_ip):
check_ip(source_ip)
elif _is_host_ip(source_ip):
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any"))
dest_ip = rule.get("destination", "external")
if not _is_literal_ip(dest_ip):
check_ip(dest_ip)
elif _is_host_ip(dest_ip):
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any'))
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(True, description, action, protocol, dest_port,
dest_ip, source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port,
source_ip)
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
return save_gateway_configuration(gateway, vca_client)
def _floatingip_operation(operation, vca_client, ctx):
"""
create/release floating ip by nat rules for this ip with
relation to internal ip for current node,
save selected public_ip in runtime properties
"""
service_type = get_vcloud_config().get('service_type')
gateway = get_gateway(
vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
if gateway.is_busy():
return False
internal_ip = get_vm_ip(vca_client, ctx, gateway)
nat_operation = None
public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
if operation == CREATE:
CheckAssignedInternalIp(internal_ip, gateway)
if public_ip:
CheckAssignedExternalIp(public_ip, gateway)
else:
public_ip = get_public_ip(vca_client, gateway, service_type, ctx)
nat_operation = _add_nat_rule
elif operation == DELETE:
if not public_ip:
ctx.logger.info("Can't get external IP".format(public_ip))
return
nat_operation = _del_nat_rule
else:
raise cfy_exc.NonRecoverableError(
"Unknown operation {0}".format(operation))
external_ip = check_ip(public_ip)
nat_operation(gateway, "SNAT", internal_ip, external_ip)
nat_operation(gateway, "DNAT", external_ip, internal_ip)
success = save_gateway_configuration(gateway, vca_client)
if not success:
return False
if operation == CREATE:
ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
else:
if is_ondemand(service_type):
if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
del_ondemand_public_ip(
vca_client, gateway,
ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
del ctx.target.instance.runtime_properties[PUBLIC_IP]
return True
def _rule_operation(operation, vca_client):
gateway = get_gateway(
vca_client, _get_gateway_name(ctx.target.node.properties))
for rule in ctx.target.node.properties['rules']:
description = rule.get('description', "Rule added by pyvcloud").strip()
source_ip = rule.get("source", "external").capitalize()
if source_ip not in ADDRESS_LITERALS:
check_ip(source_ip)
elif source_ip == ADDRESS_LITERALS[-1]:
source_ip = get_vm_ip(vca_client, ctx, gateway)
source_port = str(rule.get("source_port", "any")).capitalize()
dest_ip = rule.get("destination", "external").capitalize()
if dest_ip not in ADDRESS_LITERALS:
check_ip(dest_ip)
elif dest_ip == ADDRESS_LITERALS[-1]:
dest_ip = get_vm_ip(vca_client, ctx, gateway)
dest_port = str(rule.get('destination_port', 'any')).capitalize()
protocol = rule.get('protocol', 'any').capitalize()
action = rule.get("action", "allow")
log = rule.get('log_traffic', False)
if operation == CREATE_RULE:
gateway.add_fw_rule(
True, description, action, protocol, dest_port, dest_ip,
source_port, source_ip, log)
ctx.logger.info(
"Firewall rule has been created: {0}".format(description))
elif operation == DELETE_RULE:
gateway.delete_fw_rule(protocol, dest_port, dest_ip.lower(),
source_port, source_ip.lower())
ctx.logger.info(
"Firewall rule has been deleted: {0}".format(description))
if not save_gateway_configuration(gateway, vca_client):
return ctx.operation.retry(message='Waiting for gateway.',
retry_after=10)
def prepare_server_operation(vca_client, operation):
try:
gateway = get_gateway(vca_client, ctx.target.node.properties['nat']['edge_gateway'])
public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
private_ip = get_vm_ip(vca_client, ctx, gateway)
for rule in ctx.target.node.properties['rules']:
rule_type = rule['type']
protocol = rule.get('protocol', "any")
original_port = rule.get('original_port', "any")
translated_port = rule.get('translated_port', "any")
nat_network_operation(vca_client, gateway, operation, rule_type, public_ip,
private_ip, original_port, translated_port,
protocol)
except KeyError as e:
raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
_save_configuration(gateway, vca_client, operation, public_ip)
def prepare_server_operation(vca_client, operation):
"""
generate nat rules by current list of rules in node
"""
try:
gateway = get_gateway(
vca_client, ctx.target.node.properties['nat']['edge_gateway'])
public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
private_ip = get_vm_ip(vca_client, ctx, gateway)
for rule in ctx.target.node.properties['rules']:
rule_type = rule['type']
protocol = rule.get('protocol', "any")
original_port = rule.get('original_port', "any")
translated_port = rule.get('translated_port', "any")
nat_network_operation(vca_client, gateway, operation, rule_type,
public_ip, private_ip, original_port,
translated_port, protocol)
except KeyError as e:
raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
_save_configuration(gateway, vca_client, operation, public_ip)