def __init__(self, **kwargs):
logging.debug("Starting up the network controller.")
super(NetworkController, self).__init__(**kwargs)
self.manager = UserManager()
self._conn = self._get_connection()
self.netsize = kwargs.get('netsize', FLAGS.network_size)
if not KEEPER['vlans']:
KEEPER['vlans'] = {
'start': FLAGS.vlan_start,
'end': FLAGS.vlan_end
}
vlan_dict = kwargs.get('vlans', KEEPER['vlans'])
self.vlan_pool = VlanPool.from_dict(vlan_dict)
self.private_pool = kwargs.get(
'private_pool',
NetworkPool(netsize=self.netsize,
startvlan=KEEPER['vlans']['start'],
network=FLAGS.private_range))
self.private_nets = kwargs.get('private_nets', {})
if not KEEPER['private']:
KEEPER['private'] = {'networks': []}
for net in KEEPER['private']['networks']:
if self.manager.get_user(net['user_id']):
self.get_users_network(net['user_id'])
if not KEEPER['public']:
KEEPER['public'] = kwargs.get('public', {
'vlan': FLAGS.public_vlan,
'network': FLAGS.public_range
})
self.public_net = PublicNetwork.from_dict(KEEPER['public'],
conn=self._conn)
def __init__(self, **kwargs):
self.start = kwargs.get('start', FLAGS.vlan_start)
self.end = kwargs.get('end', FLAGS.vlan_end)
self.vlans = kwargs.get('vlans', {})
self.vlanpool = {}
self.manager = UserManager()
for user_id, vlan in self.vlans.iteritems():
self.vlanpool[vlan] = user_id
def setUp(self):
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
self.users = UserManager()
super(AccessTestCase, self).setUp()
# Make a test project
# Make a test user
self.users.create_user('test1', 'access', 'secret')
class AccessTestCase(test.BaseTestCase):
def setUp(self):
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
self.users = UserManager()
super(AccessTestCase, self).setUp()
# Make a test project
# Make a test user
self.users.create_user('test1', 'access', 'secret')
# Make the test user a member of the project
def tearDown(self):
# Delete the test user
# Delete the test project
self.users.delete_user('test1')
pass
def test_001_basic_user_access(self):
user = self.users.get_user('test1')
# instance-foo, should be using object and not owner_id
instance_id = "i-12345678"
self.assertTrue(
user.is_authorized(instance_id, action="describe_instances"))
def test_002_sysadmin_access(self):
user = self.users.get_user('test1')
bucket = "foo/bar/image"
self.assertFalse(user.is_authorized(bucket, action="register"))
self.users.add_role(user, "sysadmin")
class AccessTestCase(test.BaseTestCase):
def setUp(self):
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
self.users = UserManager()
super(AccessTestCase, self).setUp()
# Make a test project
# Make a test user
self.users.create_user("test1", "access", "secret")
# Make the test user a member of the project
def tearDown(self):
# Delete the test user
# Delete the test project
self.users.delete_user("test1")
pass
def test_001_basic_user_access(self):
user = self.users.get_user("test1")
# instance-foo, should be using object and not owner_id
instance_id = "i-12345678"
self.assertTrue(user.is_authorized(instance_id, action="describe_instances"))
def test_002_sysadmin_access(self):
user = self.users.get_user("test1")
bucket = "foo/bar/image"
self.assertFalse(user.is_authorized(bucket, action="register"))
self.users.add_role(user, "sysadmin")
def __init__(self, **kwargs):
self.start = kwargs.get('start', FLAGS.vlan_start)
self.end = kwargs.get('end', FLAGS.vlan_end)
self.vlans = kwargs.get('vlans', {})
self.vlanpool = {}
self.manager = UserManager()
for user_id, vlan in self.vlans.iteritems():
self.vlanpool[vlan] = user_id
def setUp(self):
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
self.users = UserManager()
super(AccessTestCase, self).setUp()
# Make a test project
# Make a test user
self.users.create_user("test1", "access", "secret")
def tearDown(self):
um = UserManager.instance()
# Delete the test project
um.delete_project('testproj')
# Delete the test user
um.delete_user('testadmin')
um.delete_user('testpmsys')
um.delete_user('testnet')
um.delete_user('testsys')
super(AccessTestCase, self).tearDown()
def setUp(self):
super(AccessTestCase, self).setUp()
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
um = UserManager.instance()
# Make test users
try:
self.testadmin = um.create_user('testadmin')
except Exception, err:
logging.error(str(err))
class VlanPool(object):
def __init__(self, **kwargs):
self.start = kwargs.get('start', FLAGS.vlan_start)
self.end = kwargs.get('end', FLAGS.vlan_end)
self.vlans = kwargs.get('vlans', {})
self.vlanpool = {}
self.manager = UserManager()
for user_id, vlan in self.vlans.iteritems():
self.vlanpool[vlan] = user_id
def to_dict(self):
return {'vlans': self.vlans,
'start': self.start,
'end': self.end}
def __str__(self):
return anyjson.serialize(self.to_dict())
def __unicode__(self):
return anyjson.serialize(self.to_dict())
@classmethod
def from_dict(cls, args, conn=None):
for arg in args.keys():
value = args[arg]
del args[arg]
args[str(arg)] = value
self = cls(conn=conn, **args)
return self
@classmethod
def from_json(cls, json_string, conn=None):
parsed = anyjson.deserialize(json_string)
return cls.from_dict(parsed, conn=conn)
def next(self, user_id):
def assign_vlan(user_id, vlan):
self.vlans[user_id] = vlan
self.vlanpool[vlan] = user_id
return self.vlans[user_id]
for old_user_id, vlan in self.vlans.iteritems():
if not self.manager.get_user(old_user_id):
KEEPER["%s-default" % old_user_id] = {}
del KEEPER["%s-default" % old_user_id]
return assign_vlan(user_id, vlan)
vlans = self.vlanpool.keys()
vlans.append(self.start)
nextvlan = max(vlans) + 1
if nextvlan == self.end:
raise AddressNotAllocated("Out of VLANs")
return assign_vlan(user_id, nextvlan)
class VlanPool(object):
def __init__(self, **kwargs):
self.start = kwargs.get('start', FLAGS.vlan_start)
self.end = kwargs.get('end', FLAGS.vlan_end)
self.vlans = kwargs.get('vlans', {})
self.vlanpool = {}
self.manager = UserManager()
for user_id, vlan in self.vlans.iteritems():
self.vlanpool[vlan] = user_id
def to_dict(self):
return {'vlans': self.vlans, 'start': self.start, 'end': self.end}
def __str__(self):
return anyjson.serialize(self.to_dict())
def __unicode__(self):
return anyjson.serialize(self.to_dict())
@classmethod
def from_dict(cls, args, conn=None):
for arg in args.keys():
value = args[arg]
del args[arg]
args[str(arg)] = value
self = cls(conn=conn, **args)
return self
@classmethod
def from_json(cls, json_string, conn=None):
parsed = anyjson.deserialize(json_string)
return cls.from_dict(parsed, conn=conn)
def next(self, user_id):
def assign_vlan(user_id, vlan):
self.vlans[user_id] = vlan
self.vlanpool[vlan] = user_id
return self.vlans[user_id]
for old_user_id, vlan in self.vlans.iteritems():
if not self.manager.get_user(old_user_id):
KEEPER["%s-default" % old_user_id] = {}
del KEEPER["%s-default" % old_user_id]
return assign_vlan(user_id, vlan)
vlans = self.vlanpool.keys()
vlans.append(self.start)
nextvlan = max(vlans) + 1
if nextvlan == self.end:
raise AddressNotAllocated("Out of VLANs")
return assign_vlan(user_id, nextvlan)
def __init__(self, **kwargs):
logging.debug("Starting up the network controller.")
super(NetworkController, self).__init__(**kwargs)
self.manager = UserManager()
self._conn = self._get_connection()
self.netsize = kwargs.get('netsize', FLAGS.network_size)
if not KEEPER['vlans']:
KEEPER['vlans'] = {'start' : FLAGS.vlan_start, 'end' : FLAGS.vlan_end}
vlan_dict = kwargs.get('vlans', KEEPER['vlans'])
self.vlan_pool = VlanPool.from_dict(vlan_dict)
self.private_pool = kwargs.get('private_pool', NetworkPool(netsize=self.netsize, startvlan=KEEPER['vlans']['start'], network=FLAGS.private_range))
self.private_nets = kwargs.get('private_nets', {})
if not KEEPER['private']:
KEEPER['private'] = {'networks' :[]}
for net in KEEPER['private']['networks']:
if self.manager.get_user(net['user_id']):
self.get_users_network(net['user_id'])
if not KEEPER['public']:
KEEPER['public'] = kwargs.get('public', {'vlan': FLAGS.public_vlan, 'network' : FLAGS.public_range })
self.public_net = PublicNetwork.from_dict(KEEPER['public'], conn=self._conn)
class NetworkController(GenericNode):
""" The network controller is in charge of network connections """
def __init__(self, **kwargs):
logging.debug("Starting up the network controller.")
super(NetworkController, self).__init__(**kwargs)
self.manager = UserManager()
self._conn = self._get_connection()
self.netsize = kwargs.get('netsize', FLAGS.network_size)
if not KEEPER['vlans']:
KEEPER['vlans'] = {
'start': FLAGS.vlan_start,
'end': FLAGS.vlan_end
}
vlan_dict = kwargs.get('vlans', KEEPER['vlans'])
self.vlan_pool = VlanPool.from_dict(vlan_dict)
self.private_pool = kwargs.get(
'private_pool',
NetworkPool(netsize=self.netsize,
startvlan=KEEPER['vlans']['start'],
network=FLAGS.private_range))
self.private_nets = kwargs.get('private_nets', {})
if not KEEPER['private']:
KEEPER['private'] = {'networks': []}
for net in KEEPER['private']['networks']:
if self.manager.get_user(net['user_id']):
self.get_users_network(net['user_id'])
if not KEEPER['public']:
KEEPER['public'] = kwargs.get('public', {
'vlan': FLAGS.public_vlan,
'network': FLAGS.public_range
})
self.public_net = PublicNetwork.from_dict(KEEPER['public'],
conn=self._conn)
def reset(self):
KEEPER['public'] = {
'vlan': FLAGS.public_vlan,
'network': FLAGS.public_range
}
KEEPER['private'] = {}
KEEPER['vlans'] = {}
# TODO : Get rid of old interfaces, bridges, and IPTables rules.
def get_network_from_name(self, network_name):
net_dict = KEEPER[network_name]
if net_dict:
#network_str = self.private_pool.next() # TODO, block allocations
return PrivateNetwork.from_dict(net_dict)
return None
def get_public_ip_for_instance(self, instance_id):
# FIXME: this should be a lookup - iteration won't scale
for address_record in self.describe_addresses(type=PublicNetwork):
if address_record.get(u'instance_id', 'free') == instance_id:
return address_record[u'address']
def get_users_network(self, user_id):
user = self.manager.get_user(user_id)
if not user:
raise Exception("User %s doesn't exist, uhoh." % user_id)
#if not self.private_nets.has_key(user_id):
usernet = self.get_network_from_name("%s-default" % user_id)
if not usernet:
vlan = self.vlan_pool.next(user_id)
network_str = self.private_pool.get_from_vlan(vlan)
# logging.debug("Constructing network %s and %s for %s" % (network_str, vlan, user_id))
usernet = PrivateNetwork(external_vpn_ip=user.vpn_ip,
external_vpn_port=user.vpn_port,
network=network_str,
vlan=self.vlan_pool.vlans[user_id],
conn=self._conn)
KEEPER["%s-default" % user_id] = usernet.to_dict()
self.private_nets[user_id] = usernet
return self.private_nets[user_id]
def get_cloudpipe_address(self, user_id, mac=None):
net = self.get_users_network(user_id)
ip = net.get_vpn_ip(user_id, mac)
self._save()
return (ip, net.name)
def allocate_address(self, user_id, mac=None, type=PrivateNetwork):
ip = None
net_name = None
if type == PrivateNetwork:
net = self.get_users_network(user_id)
ip = net.allocate_ip(user_id, mac)
net_name = net.name
else:
ip = self.public_net.allocate_ip(user_id, mac)
net_name = self.public_net.name
self._save()
return (ip, net_name)
def deallocate_address(self, address):
if address in self.public_net.network:
rv = self.public_net.deallocate_ip(address)
self._save()
return rv
for user_id in self.private_nets.keys():
if not self.manager.get_user(user_id):
continue
if address in self.get_users_network(user_id).network:
rv = self.get_users_network(user_id).deallocate_ip(address)
self._save()
return rv
raise AddressNotAllocated()
def describe_addresses(self, type=PrivateNetwork):
if type == PrivateNetwork:
addresses = []
for user_id in self.private_nets.keys():
addresses.extend(
self.get_users_network(user_id).list_addresses())
return addresses
return self.public_net.list_addresses()
def associate_address(self, address, private_ip, instance_id):
rv = self.public_net.associate_address(address, private_ip,
instance_id)
self._save()
return rv
def disassociate_address(self, address):
rv = self.public_net.disassociate_address(address)
self._save()
return rv
def _save(self):
logging.debug("saving data")
obj = {}
obj['networks'] = []
for user_id in self.private_nets.keys():
if not self.manager.get_user(user_id):
continue
network = self.private_nets[user_id]
#logging.debug("found private net")
vlan = self.vlan_pool.vlans[user_id]
obj['networks'].append({
'user_id': user_id,
'network': str(network),
'vlan': vlan
})
KEEPER["%s-default" %
user_id] = self.private_nets[user_id].to_dict()
# logging.debug("done private net loop")
KEEPER['private'] = obj
KEEPER['public'] = self.public_net.to_dict()
KEEPER['vlans'] = self.vlan_pool.to_dict()
def express(self, address=None):
return
def report_state(self):
pass
def setUp(self):
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
self.users = UserManager()
super(UserTestCase, self).setUp()
class UserTestCase(test.BaseTestCase):
def setUp(self):
FLAGS.fake_libvirt = True
FLAGS.fake_storage = True
self.users = UserManager()
super(UserTestCase, self).setUp()
def test_001_can_create_user(self):
self.users.create_user('test1', 'access', 'secret')
def test_002_can_get_user(self):
user = self.users.get_user('test1')
def test_003_can_retreive_properties(self):
user = self.users.get_user('test1')
self.assertEqual('test1', user.id)
self.assertEqual('access', user.access)
self.assertEqual('secret', user.secret)
def test_004_signature_is_valid(self):
#self.assertTrue(self.users.authenticate( **boto.generate_url ... ? ? ? ))
pass
#raise NotImplementedError
def test_005_can_get_credentials(self):
return
credentials = self.users.get_user('test1').get_credentials()
self.assertEqual(credentials,
'export EC2_ACCESS_KEY="access"\n' +
'export EC2_SECRET_KEY="secret"\n' +
'export EC2_URL="http://127.0.0.1:8773/services/Cloud"\n' +
'export S3_URL="http://127.0.0.1:3333/"\n' +
'export EC2_USER_ID="test1"\n')
def test_006_test_key_storage(self):
user = self.users.get_user('test1')
user.create_key_pair('public', 'key', 'fingerprint')
key = user.get_key_pair('public')
self.assertEqual('key', key.public_key)
self.assertEqual('fingerprint', key.fingerprint)
def test_007_test_key_generation(self):
user = self.users.get_user('test1')
private_key, fingerprint = user.generate_key_pair('public2')
key = RSA.load_key_string(private_key, callback=lambda: None)
bio = BIO.MemoryBuffer()
public_key = user.get_key_pair('public2').public_key
key.save_pub_key_bio(bio)
converted = crypto.ssl_pub_to_ssh_pub(bio.read())
# assert key fields are equal
self.assertEqual(public_key.split(" ")[1].strip(),
converted.split(" ")[1].strip())
def test_008_can_list_key_pairs(self):
keys = self.users.get_user('test1').get_key_pairs()
self.assertTrue(filter(lambda k: k.name == 'public', keys))
self.assertTrue(filter(lambda k: k.name == 'public2', keys))
def test_009_can_delete_key_pair(self):
self.users.get_user('test1').delete_key_pair('public')
keys = self.users.get_user('test1').get_key_pairs()
self.assertFalse(filter(lambda k: k.name == 'public', keys))
def test_010_can_list_users(self):
users = self.users.get_users()
self.assertTrue(filter(lambda u: u.id == 'test1', users))
def test_011_can_generate_x509(self):
# MUST HAVE RUN CLOUD SETUP BY NOW
self.cloud = cloud.CloudController()
self.cloud.setup()
private_key, signed_cert_string = self.users.get_user('test1').generate_x509_cert()
logging.debug(signed_cert_string)
# Need to verify that it's signed by the right intermediate CA
full_chain = crypto.fetch_ca(username='******', chain=True)
int_cert = crypto.fetch_ca(username='******', chain=False)
cloud_cert = crypto.fetch_ca()
logging.debug("CA chain:\n\n =====\n%s\n\n=====" % full_chain)
signed_cert = X509.load_cert_string(signed_cert_string)
chain_cert = X509.load_cert_string(full_chain)
int_cert = X509.load_cert_string(int_cert)
cloud_cert = X509.load_cert_string(cloud_cert)
self.assertTrue(signed_cert.verify(chain_cert.get_pubkey()))
self.assertTrue(signed_cert.verify(int_cert.get_pubkey()))
self.assertFalse(signed_cert.verify(cloud_cert.get_pubkey()))
def test_012_can_delete_user(self):
self.users.delete_user('test1')
users = self.users.get_users()
if users != None:
self.assertFalse(filter(lambda u: u.id == 'test1', users))
class NetworkController(GenericNode):
""" The network controller is in charge of network connections """
def __init__(self, **kwargs):
logging.debug("Starting up the network controller.")
super(NetworkController, self).__init__(**kwargs)
self.manager = UserManager()
self._conn = self._get_connection()
self.netsize = kwargs.get('netsize', FLAGS.network_size)
if not KEEPER['vlans']:
KEEPER['vlans'] = {'start' : FLAGS.vlan_start, 'end' : FLAGS.vlan_end}
vlan_dict = kwargs.get('vlans', KEEPER['vlans'])
self.vlan_pool = VlanPool.from_dict(vlan_dict)
self.private_pool = kwargs.get('private_pool', NetworkPool(netsize=self.netsize, startvlan=KEEPER['vlans']['start'], network=FLAGS.private_range))
self.private_nets = kwargs.get('private_nets', {})
if not KEEPER['private']:
KEEPER['private'] = {'networks' :[]}
for net in KEEPER['private']['networks']:
if self.manager.get_user(net['user_id']):
self.get_users_network(net['user_id'])
if not KEEPER['public']:
KEEPER['public'] = kwargs.get('public', {'vlan': FLAGS.public_vlan, 'network' : FLAGS.public_range })
self.public_net = PublicNetwork.from_dict(KEEPER['public'], conn=self._conn)
def reset(self):
KEEPER['public'] = {'vlan': FLAGS.public_vlan, 'network': FLAGS.public_range }
KEEPER['private'] = {}
KEEPER['vlans'] = {}
# TODO : Get rid of old interfaces, bridges, and IPTables rules.
def get_network_from_name(self, network_name):
net_dict = KEEPER[network_name]
if net_dict:
#network_str = self.private_pool.next() # TODO, block allocations
return PrivateNetwork.from_dict(net_dict)
return None
def get_public_ip_for_instance(self, instance_id):
# FIXME: this should be a lookup - iteration won't scale
for address_record in self.describe_addresses(type=PublicNetwork):
if address_record.get(u'instance_id', 'free') == instance_id:
return address_record[u'address']
def get_users_network(self, user_id):
user = self.manager.get_user(user_id)
if not user:
raise Exception("User %s doesn't exist, uhoh." % user_id)
#if not self.private_nets.has_key(user_id):
usernet = self.get_network_from_name("%s-default" % user_id)
if not usernet:
vlan = self.vlan_pool.next(user_id)
network_str = self.private_pool.get_from_vlan(vlan)
# logging.debug("Constructing network %s and %s for %s" % (network_str, vlan, user_id))
usernet = PrivateNetwork(
external_vpn_ip = user.vpn_ip,
external_vpn_port = user.vpn_port,
network = network_str,
vlan = self.vlan_pool.vlans[user_id],
conn = self._conn)
KEEPER["%s-default" % user_id] = usernet.to_dict()
self.private_nets[user_id] = usernet
return self.private_nets[user_id]
def get_cloudpipe_address(self, user_id, mac=None):
net = self.get_users_network(user_id)
ip = net.get_vpn_ip(user_id, mac)
self._save()
return (ip, net.name)
def allocate_address(self, user_id, mac=None, type=PrivateNetwork):
ip = None
net_name = None
if type == PrivateNetwork:
net = self.get_users_network(user_id)
ip = net.allocate_ip(user_id, mac)
net_name = net.name
else:
ip = self.public_net.allocate_ip(user_id, mac)
net_name = self.public_net.name
self._save()
return (ip, net_name)
def deallocate_address(self, address):
if address in self.public_net.network:
rv = self.public_net.deallocate_ip(address)
self._save()
return rv
for user_id in self.private_nets.keys():
if not self.manager.get_user(user_id):
continue
if address in self.get_users_network(user_id).network:
rv = self.get_users_network(user_id).deallocate_ip(address)
self._save()
return rv
raise AddressNotAllocated()
def describe_addresses(self, type=PrivateNetwork):
if type == PrivateNetwork:
addresses = []
for user_id in self.private_nets.keys():
addresses.extend(self.get_users_network(user_id).list_addresses())
return addresses
return self.public_net.list_addresses()
def associate_address(self, address, private_ip, instance_id):
rv = self.public_net.associate_address(address, private_ip, instance_id)
self._save()
return rv
def disassociate_address(self, address):
rv = self.public_net.disassociate_address(address)
self._save()
return rv
def _save(self):
logging.debug("saving data")
obj = {}
obj['networks'] = []
for user_id in self.private_nets.keys():
if not self.manager.get_user(user_id):
continue
network = self.private_nets[user_id]
#logging.debug("found private net")
vlan = self.vlan_pool.vlans[user_id]
obj['networks'].append({'user_id': user_id,
'network': str(network),
'vlan': vlan })
KEEPER["%s-default" % user_id] = self.private_nets[user_id].to_dict()
# logging.debug("done private net loop")
KEEPER['private'] = obj
KEEPER['public'] = self.public_net.to_dict()
KEEPER['vlans'] = self.vlan_pool.to_dict()
def express(self,address=None):
return
def report_state(self):
pass