construqt 0.0.1

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_ipsec.rb

@@ -0,0 +1,65 @@
+
+module Construqt
+  module Flavour
+    module Mikrotik
+      class Ipsec < OpenStruct
+        def initialize(cfg)
+          super(cfg)
+        end
+
+        def set_ip_ipsec_peer(cfg)
+          default = {
+            "address" => Schema.network.required.key,
+            "secret" => Schema.string.required,
+            "local-address" => Schema.required.address,
+            "passive" => Schema.boolean.default(false),
+            "port" => Schema.int.default(500),
+            "auth-method" => Schema.identifier.default("pre-shared-key"),
+            "generate-policy" => Schema.identifier.default("no"),
+#            "policy-group" => Schema.identifier.default("default"),
+            "exchange-mode" => Schema.identifier.default("main"),
+            "send-initial-contact" => Schema.boolean.default(true),
+            "nat-traversal" => Schema.boolean.default(true),
+            "proposal-check" => Schema.identifier.default("obey"),
+            "hash-algorithm" => Schema.identifier.default("sha1"),
+            "enc-algorithm" => Schema.identifier.default("aes-256"),
+            "dh-group" => Schema.identifier.default("modp1536"),
+            "lifetime" => Schema.interval.default("1d00:00:00"),
+            "lifebytes" => Schema.int.default(0),
+            "dpd-interval" => Schema.identifier.default("2m"),
+            "dpd-maximum-failures" => Schema.int.default(5)
+          }
+          self.host.result.render_mikrotik(default, cfg, "ip", "ipsec", "peer")
+        end
+
+        def set_ip_ipsec_policy(cfg)
+          default = {
+            "sa-src-address" => Schema.address.required.key,
+            "sa-dst-address" => Schema.address.required.key,
+            "src-address" => Schema.network.required,
+            "dst-address" => Schema.network.required,
+            "src-port" => Schema.port.default("any"),
+            "dst-port" => Schema.port.default("any"),
+            "protocol" => Schema.identifier.default("all"),
+            "action" => Schema.identifier.default("encrypt"),
+            "level" => Schema.identifier.default("require"),
+            "ipsec-protocols" => Schema.identifier.default("esp"),
+            "tunnel" => Schema.boolean.default(true),
+            "proposal" => Schema.identifier.default("s2b-proposal"),
+            "priority" => Schema.int.default(0)
+          }
+          #puts "#{cfg['sa-src-address'].class.name}=>#{cfg['sa-dst-address'].class.name} #{cfg['src-address'].class.name}=>#{cfg['dst-address'].class.name} #{cfg.keys}"
+          self.host.result.render_mikrotik(default, cfg, "ip", "ipsec", "policy")
+        end
+
+        def build_config(unused, unused2)
+          set_ip_ipsec_peer("address" => IPAddress.parse("#{self.other.remote.first_ipv6.to_s}/128"),
+                            "local-address" => self.remote.first_ipv6,
+                            "secret" => Util.password(self.cfg.password))
+          set_ip_ipsec_policy("src-address" => self.my.first_ipv6, "sa-src-address" => self.remote.first_ipv6,
+                              "dst-address" => self.other.my.first_ipv6, "sa-dst-address" => self.other.remote.first_ipv6)
+        end
+      end
+    end
+  end
+end

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_result.rb

@@ -0,0 +1,182 @@
+module Construqt
+  module Flavour
+    module Mikrotik
+      class Result
+        def initialize(host)
+          @remove_pre_condition = {}
+          @host = host
+          @result = {}
+        end
+
+        def host
+          @host
+        end
+
+        def empty?(name)
+          not @result[name]
+        end
+
+        def prepare(default, cfg, enable = true)
+          if enable
+            default['disabled'] = Schema.boolean.default(false)
+          end
+
+          result = {}
+          cfg.each do |key, val|
+            unless default[key]
+              Construqt.logger.debug("skip cfg unknown key:#{key} val:#{val}")
+            else
+              result[key] = val
+            end
+          end
+
+          keys = {}
+          default.each do |key, val|
+            if val.kind_of?(Schema)
+              val.field_name = key
+              throw "type must set of #{key}" unless val.type?
+              throw "required key:#{key} not set" if val.required? and (result[key].nil? or result[key].to_s.empty?)
+              result[key] = val.get_default if !val.get_default.nil? && result[key].nil?
+              keys[key] = result[key] if val.key?
+            else
+              throw "default type has to be a schema #{val}"
+            end
+          end
+
+          OpenStruct.new(
+            :key => keys.map{|k,v| "#{k}=#{default[k].serialize(v)}"}.sort.join(" && "),
+            :result => result,
+            :add_line => result.select{ |k,v|
+              if default[k].kind_of?(Schema) && default[k].noset?
+                false
+              else
+                !(v.to_s.empty?)
+              end
+
+            }.map{|k,v| "#{k}=#{default[k].serialize(v)}"}.sort.join(" ")
+          )
+        end
+
+        def render_mikrotik_set_direct(default, cfg, *path)
+          prepared = prepare(default, cfg, false)
+          add("set #{prepared.add_line}", nil, *path)
+        end
+
+        def render_mikrotik_set_by_key(default, cfg, *path)
+          prepared = prepare(default, cfg)
+          add("set [ find #{prepared.key} ] #{prepared.add_line}", nil, *path)
+        end
+
+        def render_mikrotik(default, cfg, *path)
+          enable = !cfg['no_auto_disable'] # HACK
+          cfg.delete("no_auto_disable")
+          prepared = prepare(default, cfg, enable)
+          ret = ["{"]
+          ret << "  :local found [find "+prepared.key+"]"
+          ret << "  :if ($found = \"\") do={"
+          ret << "    :put "+"/#{path.join(' ')} add #{prepared.add_line}".inspect
+          ret << "    add #{prepared.add_line}"
+          ret << "  } else={"
+          #ret << "    :put "+"/#{path.join(' ')} set #{prepared.add_line}".inspect
+          ret << "    :local record [get $found]"
+          prepared.result.keys.sort.each do |key|
+            next if prepared.result[key].nil?
+            val = default[key].serialize(prepared.result[key])
+            next if val.to_s.empty?
+            compare_val = default[key].serialize_compare(prepared.result[key])
+            if compare_val
+              ret << "    :if (($record->#{key.inspect})!=#{compare_val}) do={"
+              ret << "       :put "+"/#{path.join(' ')} set [find #{prepared.key} ] #{key}=#{val}".inspect
+              ret << "       set $found #{key}=#{val}"
+              ret << "    }"
+            else
+              ret << "    set $found #{key}=#{val}"
+            end
+          end
+
+          ret << "  }"
+          ret << "}"
+          add(ret.join("\n"), prepared.key, *path)
+        end
+
+        def add(block, digest, *path)
+          key = File.join(*path)
+          @result[key] ||= []
+          @result[key] << OpenStruct.new(:digest => digest, :block => block, :path => path)
+          @result[key]
+        end
+
+        def add_remove_pre_condition(condition, *path)
+          @remove_pre_condition[path.join(' ')] = condition
+        end
+
+        def remove_condition(digests, key)
+          condition = @remove_pre_condition[key]
+          if condition
+            condition = "(#{condition})"
+          end
+
+          if digests.nil? || digests.compact.empty?
+            digest = nil
+          else
+            digest = "(!(#{digests.map{|i| "(#{i.digest})"}.join(" || ")}))"
+          end
+
+          term = [condition, digest].compact.join(" && ")
+          term.empty? ? "" : "remove [ find #{term} ]"
+        end
+
+        def commit
+          sorted = {}
+          @result.map do |path, blocks|
+            key = blocks.first.path.join(' ')
+            digests = blocks.select{|i| i.digest }
+
+            sorted[key] = Util.write_str([
+              "/#{key}",
+              blocks.map{|i|i.block}.join("\n"),
+              remove_condition(digests, key),
+              ""
+            ].join("\n"), File.join(@host.name, "#{path}.rsc"))
+          end
+
+          all=[
+            "system identity",
+            "system clock",
+            "system script",
+            "system scheduler",
+            "user",
+            "interface",
+            "interface bonding",
+            "interface bridge",
+            "interface bridge port",
+            "interface vlan",
+            "interface vrrp",
+            "interface gre6",
+            "ipv6 address",
+            "ipv6 route",
+            "ip address",
+            "ip dns",
+            "ip route",
+            "ip ipsec proposal",
+            "ip ipsec peer",
+            "ip ipsec policy",
+            "routing filter",
+            "routing bgp instance",
+            "routing bgp peer",
+            "tool graphing interface",
+            "ip service"
+          ].map do |path|
+              if sorted[path]
+                sorted[path]
+              else
+                Construqt.logger.warn "WARNING [#{path}] not found #{sorted.keys.join('-')}" unless sorted[path]
+                ""
+              end
+            end.join("\n")
+            Util.write_str(all, File.join(@host.name, "all.rsc"))
+        end
+      end
+    end
+  end
+end

data/lib/construqt/flavour/mikrotik/flavour_mikrotik_schema.rb

@@ -0,0 +1,355 @@
+module Construqt
+  module Flavour
+    module Mikrotik
+
+      class Schema
+        module Int
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val)
+          end
+
+          def self.serialize(schema, val)
+            return val if val.nil?
+            throw "only 0-9 are allowed [#{val}]" unless val.to_s.match(/^[0-9]+$/)
+            return val.to_i
+          end
+        end
+
+        module Boolean
+          def self.serialize_compare(schema, val)
+            throw "illegal type #{val.class.name}" unless val.kind_of?(TrueClass) || val.kind_of?(FalseClass)
+            val ? 'true' : 'false'
+          end
+
+          def self.serialize(schema, val)
+            throw "illegal type #{val.class.name}:#{schema.field_name}" unless val.kind_of?(TrueClass) || val.kind_of?(FalseClass)
+            val ? 'yes' : 'no'
+          end
+        end
+
+        module String
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val)
+          end
+
+          def self.serialize(schema, val)
+            return nil if val.nil? && schema.null?
+            return '""' if val.nil? || val.strip.empty?
+            return val.strip.to_s.inspect.gsub('$', '\\$')
+          end
+        end
+
+        module Source
+          def self.serialize_compare(schema, val)
+            nil
+          end
+
+          def self.serialize(schema, val)
+            return nil if val.nil? && schema.null?
+            return '""' if val.nil? || val.strip.empty?
+            return "{\n" + val.strip.to_s + "\n}\n"
+          end
+        end
+
+        module Interval
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val)
+          end
+
+          def self.serialize(schema, val)
+            throw "not in interval format hh:mm:ss" unless /^(\dd)*\d{1,2}:\d{2}:\d{2}$/.match(val)
+            return val
+          end
+        end
+
+        module Identifier
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val).inspect
+          end
+
+          def self.serialize(schema, val)
+            throw "only a-zA-Z0-9_- are allowed [#{val}]" unless val.match(/^[a-zA-Z0-9\-_]+$/)
+            return val.to_s
+          end
+        end
+
+        module Port
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val)
+          end
+
+          def self.serialize(schema, val)
+            val = '0' if val == 'any'
+            throw "only 0-9 are allowed [#{val}]" unless val.match(/^([Z0-9]+)$/)
+            return val.to_s
+          end
+        end
+
+        module Identifiers
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val, ';')
+          end
+
+          def self.serialize(schema, val, joiner=',')
+            '"'+val.split(',').map{|i| Identifier.serialize(schema, i) }.join(joiner).to_s+'"'
+          end
+        end
+
+        module Address
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val).inspect
+          end
+
+          def self.serialize(schema, val)
+            throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
+            #        throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
+            return Flavour::Mikrotik.compress_address(val)
+          end
+        end
+
+        module AddrPrefix
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val).inspect
+          end
+
+          def self.serialize(schema, val)
+            throw "Address:val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
+            #        throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
+            return "#{Flavour::Mikrotik.compress_address(val)}/#{val.prefix}"
+          end
+        end
+
+        module Network
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val.network).inspect
+          end
+
+          def self.serialize(schema, val)
+            throw "Network::val must be ipaddress #{val.class.name} #{val} #{schema.field_name}" unless val.kind_of?(IPAddress::IPv6) || val.kind_of?(IPAddress::IPv4)
+            #throw "only 0-9:\.\/ are allowed #{val}" unless val.match(/^[a-fA-F0-9:\.\/]+$/)
+            return "#{Flavour::Mikrotik.compress_address(val)}/#{val.prefix}"
+          end
+        end
+
+        module Addresses
+          def self.serialize_compare(schema, val)
+            self.serialize(schema, val)
+          end
+
+          def self.serialize(schema, val)
+            val.map{|i| Address.serialize(schema, i) }.join(',').to_s
+          end
+        end
+
+        def initialize
+          @required = false
+          @key = false
+          @noset = false
+          @type = nil
+          @default = nil
+          @null = false
+          @field_name = nil
+        end
+
+        def field_name=(a)
+          @field_name=a
+        end
+
+        def field_name
+          @field_name
+        end
+
+        def serialize_compare(val)
+          @type.serialize_compare(self, val)
+        end
+
+        def serialize(val)
+          @type.serialize(self, val)
+        end
+
+        def null?
+          @null
+        end
+
+        def type?
+          !@type.nil?
+        end
+
+        def null
+          @null = true
+          self
+        end
+
+        def required
+          @required = true
+          self
+        end
+
+        def required?
+          @required
+        end
+
+        def key
+          @key = true
+          self
+        end
+
+        def key?
+          @key
+        end
+
+        def noset
+          @noset = true
+          self
+        end
+
+        def noset?
+          @noset
+        end
+
+        def int
+          @type = Int
+          self
+        end
+
+        def boolean
+          @type = Boolean
+          self
+        end
+
+        def string
+          @type = String
+          self
+        end
+
+        def source
+          @type = Source
+          self
+        end
+
+        def interval
+          @type = Interval
+          self
+        end
+
+        def identifier
+          @type = Identifier
+          self
+        end
+
+        def port
+          @type = Port
+          self
+        end
+
+        def identifiers
+          @type = Identifiers
+          self
+        end
+
+        def source
+          @type = Source
+          self
+        end
+
+        def interval
+          @type = Interval
+          self
+        end
+
+        def addrprefix
+          @type = AddrPrefix
+          self
+        end
+
+        def address
+          @type = Address
+          self
+        end
+
+        def addresses
+          @type = Addresses
+          self
+        end
+
+        def network
+          @type = Network
+          self
+        end
+
+        def get_default
+          @default
+        end
+
+        def default(val)
+          @default = val
+          self
+        end
+
+        def self.default(val)
+          Schema.new.default(val)
+        end
+
+        def self.int
+          Schema.new.int
+        end
+
+        def self.boolean
+          Schema.new.boolean
+        end
+
+        def self.string
+          Schema.new.string
+        end
+
+        def self.interval
+          Schema.new.interval
+        end
+
+        def self.source
+          Schema.new.source
+        end
+
+        def self.port
+          Schema.new.port
+        end
+
+        def self.identifier
+          Schema.new.identifier
+        end
+
+        def self.identifiers
+          Schema.new.identifiers
+        end
+
+        def self.addresses
+          Schema.new.addresses
+        end
+
+        def self.addrprefix
+          Schema.new.addrprefix
+        end
+
+        def self.address
+          Schema.new.address
+        end
+
+        def self.network
+          Schema.new.network
+        end
+
+        def self.key
+          Schema.new.key
+        end
+
+        def self.noset
+          Schema.new.noset
+        end
+
+        def self.required
+          Schema.new.required
+        end
+      end
+    end
+  end
+end