Пример #1
0
 def test_get_vm_ip(self):
     """
         check get vm ip from conected networks
     """
     fake_client = self.generate_client(vms_networks=[])
     fake_ctx = self.generate_relation_context()
     fake_ctx._source.node.properties = {
         'vcloud_config': {
             'edge_gateway': 'some_edge_gateway',
             'vdc': 'vdc_name'
         }
     }
     fake_ctx._source.instance.runtime_properties = {
         network_plugin.VCLOUD_VAPP_NAME: "name"
     }
     # empty connections/no connection name
     with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
         with self.assertRaises(cfy_exc.NonRecoverableError):
             network_plugin.get_vm_ip(
                 fake_client, fake_ctx, fake_client._vdc_gateway
             )
     vms_networks = [{
         'is_connected': True,
         'network_name': 'network_name',
         'is_primary': True,
         'ip': '1.1.1.1'
     }]
     fake_client = self.generate_client(vms_networks=vms_networks)
     # not routed
     with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
         with self.assertRaises(cfy_exc.NonRecoverableError):
             network_plugin.get_vm_ip(
                 fake_client, fake_ctx, fake_client._vdc_gateway
             )
     # routed
     self.set_network_routed_in_client(fake_client)
     with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
         self.assertEqual(
             network_plugin.get_vm_ip(
                 fake_client, fake_ctx, fake_client._vdc_gateway
             ),
             '1.1.1.1'
         )
     # no networks
     fake_client._vapp.get_vms_network_info = mock.MagicMock(
         return_value=[]
     )
     with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
         with self.assertRaises(cfy_exc.NonRecoverableError):
             network_plugin.get_vm_ip(
                 fake_client, fake_ctx, fake_client._vdc_gateway
             )
     # no vapp
     fake_client.get_vapp = mock.MagicMock(return_value=None)
     with mock.patch('vcloud_plugin_common.ctx', fake_ctx):
         with self.assertRaises(cfy_exc.NonRecoverableError):
             network_plugin.get_vm_ip(
                 fake_client, fake_ctx, fake_client._vdc_gateway
             )
Пример #2
0
def prepare_server_operation(vca_client, operation):
    """
        generate nat rules by current list of rules in node
    """
    try:
        gateway = get_gateway(
            vca_client, ctx.target.node.properties['nat']['edge_gateway'])
        public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
        private_ip = get_vm_ip(vca_client, ctx, gateway)
        has_snat = False
        for rule in ctx.target.node.properties['rules']:
            rule_type = rule['type']
            if has_snat and _is_snat(rule_type):
                ctx.logger.info("Rules list must contains only one SNAT rule.")
                continue
            protocol = rule.get('protocol', "any")
            original_port = rule.get('original_port', "any")
            translated_port = rule.get('translated_port', "any")
            nat_network_operation(
                vca_client, gateway, operation,
                rule_type, public_ip,
                private_ip, original_port, translated_port, protocol)
            if _is_snat(rule_type):
                has_snat = True
    except KeyError as e:
        raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
    return _save_configuration(gateway, vca_client, operation, public_ip)
Пример #3
0
def prepare_server_operation(vca_client, operation):
    """
        generate nat rules by current list of rules in node
    """
    try:
        gateway = get_gateway(
            vca_client, ctx.target.node.properties['nat']['edge_gateway'])
        public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
        private_ip = get_vm_ip(vca_client, ctx, gateway)
        has_snat = False
        for rule in ctx.target.node.properties['rules']:
            rule_type = rule['type']
            if has_snat and _is_snat(rule_type):
                ctx.logger.info("Rules list must contains only one SNAT rule.")
                continue
            protocol = rule.get('protocol', "any")
            original_port = rule.get('original_port', "any")
            translated_port = rule.get('translated_port', "any")
            nat_network_operation(vca_client, gateway, operation, rule_type,
                                  public_ip, private_ip, original_port,
                                  translated_port, protocol)
            if _is_snat(rule_type):
                has_snat = True
    except KeyError as e:
        raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
    return _save_configuration(gateway, vca_client, operation, public_ip)
Пример #4
0
def _rule_operation(operation, vca_client):
    """
        create/delete firewall rules in gateway for current node
    """
    gateway = get_gateway(
        vca_client, _get_gateway_name(ctx.target.node.properties))
    if gateway.is_busy():
        return False
    for rule in ctx.target.node.properties['rules']:
        description = rule.get('description', "Rule added by pyvcloud").strip()
        source_ip = rule.get("source", "external")
        if not _is_literal_ip(source_ip):
            check_ip(source_ip)
        elif _is_host_ip(source_ip):
            source_ip = get_vm_ip(vca_client, ctx, gateway)
        source_port = str(rule.get("source_port", "any"))
        dest_ip = rule.get("destination", "external")
        if not _is_literal_ip(dest_ip):
            check_ip(dest_ip)
        elif _is_host_ip(dest_ip):
            dest_ip = get_vm_ip(vca_client, ctx, gateway)
        dest_port = str(rule.get('destination_port', 'any'))
        protocol = rule.get('protocol', 'any').capitalize()
        action = rule.get("action", "allow")
        log = rule.get('log_traffic', False)

        if operation == CREATE_RULE:
            gateway.add_fw_rule(
                True, description, action, protocol, dest_port, dest_ip,
                source_port, source_ip, log)
            ctx.logger.info(
                "Firewall rule has been created: {0}".format(description))
        elif operation == DELETE_RULE:
            gateway.delete_fw_rule(protocol, dest_port, dest_ip,
                                   source_port, source_ip)
            ctx.logger.info(
                "Firewall rule has been deleted: {0}".format(description))

    return save_gateway_configuration(gateway, vca_client)
Пример #5
0
def _floatingip_operation(operation, vca_client, ctx):
    """
        create/release floating ip by nat rules for this ip with
        relation to internal ip for current node,
        save selected public_ip in runtime properties
    """
    service_type = get_vcloud_config().get('service_type')
    gateway = get_gateway(
        vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
    internal_ip = get_vm_ip(vca_client, ctx, gateway)

    nat_operation = None
    public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
                 or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
    if operation == CREATE:
        CheckAssignedInternalIp(internal_ip, gateway)
        if public_ip:
            CheckAssignedExternalIp(public_ip, gateway)
        else:
            public_ip = get_public_ip(vca_client, gateway, service_type, ctx)

        nat_operation = _add_nat_rule
    elif operation == DELETE:
        if not public_ip:
            ctx.logger.info("Can't get external IP".format(public_ip))
            return
        nat_operation = _del_nat_rule
    else:
        raise cfy_exc.NonRecoverableError(
            "Unknown operation {0}".format(operation)
        )

    external_ip = check_ip(public_ip)

    nat_operation(gateway, "SNAT", internal_ip, external_ip)
    nat_operation(gateway, "DNAT", external_ip, internal_ip)
    if not save_gateway_configuration(gateway, vca_client):
        return ctx.operation.retry(message='Waiting for gateway.',
                                   retry_after=10)

    if operation == CREATE:
        ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
    else:
        if is_ondemand(service_type):
            if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
                del_ondemand_public_ip(
                    vca_client,
                    gateway,
                    ctx.target.instance.runtime_properties[PUBLIC_IP],
                    ctx)
        del ctx.target.instance.runtime_properties[PUBLIC_IP]
def _rule_operation(operation, vca_client):
    """
        create/delete firewall rules in gateway for current node
    """
    gateway = get_gateway(vca_client,
                          _get_gateway_name(ctx.target.node.properties))
    if gateway.is_busy():
        return False
    for rule in ctx.target.node.properties['rules']:
        description = rule.get('description', "Rule added by pyvcloud").strip()
        source_ip = rule.get("source", "external")
        if not _is_literal_ip(source_ip):
            check_ip(source_ip)
        elif _is_host_ip(source_ip):
            source_ip = get_vm_ip(vca_client, ctx, gateway)
        source_port = str(rule.get("source_port", "any"))
        dest_ip = rule.get("destination", "external")
        if not _is_literal_ip(dest_ip):
            check_ip(dest_ip)
        elif _is_host_ip(dest_ip):
            dest_ip = get_vm_ip(vca_client, ctx, gateway)
        dest_port = str(rule.get('destination_port', 'any'))
        protocol = rule.get('protocol', 'any').capitalize()
        action = rule.get("action", "allow")
        log = rule.get('log_traffic', False)

        if operation == CREATE_RULE:
            gateway.add_fw_rule(True, description, action, protocol, dest_port,
                                dest_ip, source_port, source_ip, log)
            ctx.logger.info(
                "Firewall rule has been created: {0}".format(description))
        elif operation == DELETE_RULE:
            gateway.delete_fw_rule(protocol, dest_port, dest_ip, source_port,
                                   source_ip)
            ctx.logger.info(
                "Firewall rule has been deleted: {0}".format(description))

    return save_gateway_configuration(gateway, vca_client)
def _floatingip_operation(operation, vca_client, ctx):
    """
        create/release floating ip by nat rules for this ip with
        relation to internal ip for current node,
        save selected public_ip in runtime properties
    """
    service_type = get_vcloud_config().get('service_type')
    gateway = get_gateway(
        vca_client, ctx.target.node.properties['floatingip']['edge_gateway'])
    if gateway.is_busy():
        return False
    internal_ip = get_vm_ip(vca_client, ctx, gateway)

    nat_operation = None
    public_ip = (ctx.target.instance.runtime_properties.get(PUBLIC_IP)
                 or ctx.target.node.properties['floatingip'].get(PUBLIC_IP))
    if operation == CREATE:
        CheckAssignedInternalIp(internal_ip, gateway)
        if public_ip:
            CheckAssignedExternalIp(public_ip, gateway)
        else:
            public_ip = get_public_ip(vca_client, gateway, service_type, ctx)

        nat_operation = _add_nat_rule
    elif operation == DELETE:
        if not public_ip:
            ctx.logger.info("Can't get external IP".format(public_ip))
            return
        nat_operation = _del_nat_rule
    else:
        raise cfy_exc.NonRecoverableError(
            "Unknown operation {0}".format(operation))

    external_ip = check_ip(public_ip)

    nat_operation(gateway, "SNAT", internal_ip, external_ip)
    nat_operation(gateway, "DNAT", external_ip, internal_ip)
    success = save_gateway_configuration(gateway, vca_client)
    if not success:
        return False
    if operation == CREATE:
        ctx.target.instance.runtime_properties[PUBLIC_IP] = external_ip
    else:
        if is_ondemand(service_type):
            if not ctx.target.node.properties['floatingip'].get(PUBLIC_IP):
                del_ondemand_public_ip(
                    vca_client, gateway,
                    ctx.target.instance.runtime_properties[PUBLIC_IP], ctx)
        del ctx.target.instance.runtime_properties[PUBLIC_IP]
    return True
def _rule_operation(operation, vca_client):
    gateway = get_gateway(
        vca_client, _get_gateway_name(ctx.target.node.properties))
    for rule in ctx.target.node.properties['rules']:
        description = rule.get('description', "Rule added by pyvcloud").strip()
        source_ip = rule.get("source", "external").capitalize()
        if source_ip not in ADDRESS_LITERALS:
            check_ip(source_ip)
        elif source_ip == ADDRESS_LITERALS[-1]:
            source_ip = get_vm_ip(vca_client, ctx, gateway)
        source_port = str(rule.get("source_port", "any")).capitalize()
        dest_ip = rule.get("destination", "external").capitalize()
        if dest_ip not in ADDRESS_LITERALS:
            check_ip(dest_ip)
        elif dest_ip == ADDRESS_LITERALS[-1]:
            dest_ip = get_vm_ip(vca_client, ctx, gateway)
        dest_port = str(rule.get('destination_port', 'any')).capitalize()
        protocol = rule.get('protocol', 'any').capitalize()
        action = rule.get("action", "allow")
        log = rule.get('log_traffic', False)

        if operation == CREATE_RULE:
            gateway.add_fw_rule(
                True, description, action, protocol, dest_port, dest_ip,
                source_port, source_ip, log)
            ctx.logger.info(
                "Firewall rule has been created: {0}".format(description))
        elif operation == DELETE_RULE:
            gateway.delete_fw_rule(protocol, dest_port, dest_ip.lower(),
                                   source_port, source_ip.lower())
            ctx.logger.info(
                "Firewall rule has been deleted: {0}".format(description))

    if not save_gateway_configuration(gateway, vca_client):
        return ctx.operation.retry(message='Waiting for gateway.',
                                   retry_after=10)
Пример #9
0
def prepare_server_operation(vca_client, operation):
    try:
        gateway = get_gateway(vca_client, ctx.target.node.properties['nat']['edge_gateway'])
        public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
        private_ip = get_vm_ip(vca_client, ctx, gateway)
        for rule in ctx.target.node.properties['rules']:
            rule_type = rule['type']
            protocol = rule.get('protocol', "any")
            original_port = rule.get('original_port', "any")
            translated_port = rule.get('translated_port', "any")
            nat_network_operation(vca_client, gateway, operation, rule_type, public_ip,
                                  private_ip, original_port, translated_port,
                                  protocol)
    except KeyError as e:
        raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
    _save_configuration(gateway, vca_client, operation, public_ip)
Пример #10
0
def prepare_server_operation(vca_client, operation):
    """
        generate nat rules by current list of rules in node
    """
    try:
        gateway = get_gateway(
            vca_client, ctx.target.node.properties['nat']['edge_gateway'])
        public_ip = _obtain_public_ip(vca_client, ctx, gateway, operation)
        private_ip = get_vm_ip(vca_client, ctx, gateway)
        for rule in ctx.target.node.properties['rules']:
            rule_type = rule['type']
            protocol = rule.get('protocol', "any")
            original_port = rule.get('original_port', "any")
            translated_port = rule.get('translated_port', "any")
            nat_network_operation(vca_client, gateway, operation, rule_type,
                                  public_ip, private_ip, original_port,
                                  translated_port, protocol)
    except KeyError as e:
        raise cfy_exc.NonRecoverableError("Parameter not found: {0}".format(e))
    _save_configuration(gateway, vca_client, operation, public_ip)