fog-hyperv 0.0.9 → 0.1.0

data/lib/fog/hyperv/compute/models/network_adapter.rb

@@ -0,0 +1,362 @@
+# frozen_string_literal: true
+
+class Fog::Hyperv::Compute
+  # rubocop:disable Metrics/ClassLength
+
+  class NetworkAdapter < Fog::Hyperv::Model
+    # rubocop:disable Layout/HashAlignment
+
+    # Network adapter statuses
+    # @note Defined by Microsoft.HyperV.PowerShell.VMNetworkAdapterOperationalStatus
+    NIC_STATUS_ENUM_VALUES = {
+      Unknown:             0,
+      Other:               1,
+      Ok:                  2,
+      Degraded:            3,
+      Stressed:            4,
+      PredictiveFailure:   5,
+      Error:               6,
+      NonRecoverableError: 7,
+      Starting:            8,
+      Stopping:            9,
+      Stopped:             10,
+      InService:           11,
+      NoContact:           12,
+      LostCommunication:   13,
+      Aborted:             14,
+      Dormant:             15,
+      SupportingEntity:    16,
+      Completed:           17,
+      PowerMode:           18,
+      ProtocolVersion:     32_775
+    }.freeze
+    # rubocop:enable Layout/HashAlignment
+
+    NIC_FALLBACK_MAC = '000000000000'
+
+    # @!attribute [r] id
+    #   @return [String] the GUID of this network adapter
+    identity :id
+
+    # @!attribute [r] computer_name
+    #   @return [String] the name of the computer running the VM that this network adapter is attached to
+    attribute :computer_name
+    # @!attribute [r] vm_id
+    #   @return [String,nil] the GUID of the VM this network adapter is attached to
+    attribute :vm_id
+    # @!attribute [r] is_management_os
+    #   @return [Boolean] if the network adapter is attached to the management OS
+    attribute :is_management_os, type: :boolean
+
+    # attribute :acl_list
+    # @!attribute [r] connected
+    #   @return [Boolean] if the network adapter is connected to the network
+    #   @see connect
+    #   @see disconnect
+    attribute :connected, type: :boolean
+
+    # @!attribute dynamic_mac_address_enabled
+    #   @return [Boolean] if the network adapter is assigned a dynamic MAC address
+    attribute :dynamic_mac_address_enabled, type: :boolean, default: true
+    # @!attribute [r] ip_addresses
+    #   @return [Array<String>] the IP addresses currently assigned to the network adapter
+    attribute :ip_addresses
+    # attribute :is_deleted
+    # @!attribute [r] is_external_adapter
+    #   @return [Boolean] if the network adapter is external to the VM
+    attribute :is_external_adapter, type: :boolean
+    # @!attribute [r] is_legacy
+    #   @return [Boolean] if the network adapter is using legacy option ROM
+    attribute :is_legacy, type: :boolean
+    # @!attribute mac_address
+    #   @return [String] the MAC address of the network adapter
+    #   @note Can only be changed if dynamic_mac_address_enabled is false
+    attribute :mac_address
+    # @!attribute name
+    #   @return [String] the name of the network adapter
+    attribute :name
+    # @!attribute mac_address_spoofing
+    #   @return [:On, :Off] if the NIC should be allowed to send packets with different MAC address
+    attribute :mac_address_spoofing, type: :hypervenum, values: Fog::Hyperv::ON_OFF_STATE_ENUM_VALUES
+    # @!attribute dhcp_guard
+    #   @return [:On, :Off] if the NIC should drop DHCP messages from unauthorized VMs
+    attribute :dhcp_guard, type: :hypervenum, values: Fog::Hyperv::ON_OFF_STATE_ENUM_VALUES
+    # @!attribute router_guard
+    #   @return [:On, :Off] if the NIC should drop RA/Redirection messages from unauthorized VMs
+    attribute :router_guard, type: :hypervenum, values: Fog::Hyperv::ON_OFF_STATE_ENUM_VALUES
+    # @!attribute allow_teaming
+    #   @return [:On, :Off] if the NIC should be allowed to be teamed with other NICs on the same switch
+    attribute :allow_teaming, type: :hypervenum, values: Fog::Hyperv::ON_OFF_STATE_ENUM_VALUES
+    # @!attribute [r] status
+    #   @return [Symbol] the status of the network adapter
+    #   @see NIC_STATUS_ENUM_VALUES
+    attribute :status, type: :hypervenumarray, values: NIC_STATUS_ENUM_VALUES
+    # @!attribute switch_id
+    #   @return [String] the ID of the switch the adapter is connected to
+    #   @see connect
+    #   @see disconnect
+    attribute :switch_id
+    # @!attribute switch_name
+    #   @return [String] the name of the switch the adapter is connected to
+    #   @see connect
+    #   @see disconnect
+    attribute :switch_name
+
+    has_one :vlan_setting, :vlan_setting
+
+    # @!attribute [r] vlan_setting
+    # @return [NetworkAdapterVlan] the VLAN that the network adapter is connected to
+    def vlan_setting
+      return associations[:vlan_setting] if associations[:vlan_setting]
+
+      require_relative 'network_adapter_vlan'
+      attrs = { parent_adapter: self, service: @service, vm: @vm }
+
+      if persisted?
+        requires :id
+        requires :vm_id unless is_management_os
+
+        associations[:vlan_setting] = Fog::Hyperv::Compute::NetworkAdapterVlan.new(
+          **service.get_vm_network_adapter_vlan(
+            computer_name:,
+            management_os: is_management_os,
+            vm_id:,
+            id:,
+
+            _return_fields: Fog::Hyperv::Compute::NetworkAdapterVlan.attributes
+          ),
+          **attrs
+        )
+      else
+        associations[:vlan_setting] = Fog::Hyperv::Compute::NetworkAdapterVlan.new(attrs)
+      end
+    end
+
+    # Connect the network adapter to a given switch
+    # @param switch [Switch,String] a switch - or the ID/name of one - to connect to
+    def connect(switch, **options)
+      requires :id
+
+      if switch.is_a? Fog::Hyperv::Compute::Switch
+        new_switch_id = switch.id
+        new_switch_name = switch.name
+      else
+        new_switch_id = switch if switch.is_a?(String) && switch =~ Fog::Hyperv::GUID
+        new_switch_name = switch unless new_switch_id
+      end
+      options[:management_os] = true if is_management_os
+
+      service.connect_vm_network_adapter(
+        computer_name:,
+        vm_id:,
+        id:,
+
+        switch_id: new_switch_id,
+        switch_name: new_switch_name,
+
+        **options
+      )
+
+      old.switch_id = attributes[:switch_id] = new_switch_id
+      old.switch_name = attributes[:switch_name] = new_switch_name
+      true
+    end
+
+    # Disconnect the network adapter from any connected switch
+    def disconnect(**options)
+      requires :id
+
+      options[:management_os] = true if is_management_os
+      service.disconnect_vm_network_adapter(
+        computer_name:,
+        vm_id:,
+        id:,
+
+        **options
+      )
+
+      old.switch_id = attributes[:switch_id] = nil
+      old.switch_name = attributes[:switch_name] = nil
+      true
+    end
+
+    # @!attribute switch
+    # @return [Switch,nil] the switch the network adapter is connected to
+    # @see connect
+    # @see disconnect
+    def switch
+      service.switches.get(switch_id:, switch_name:, computer_name:) if switch_name.any? || switch_id.any?
+    end
+
+    def switch=(new_switch)
+      if new_switch.nil?
+        attributes[:switch_id] = nil
+        attributes[:switch_name] = nil
+
+        return
+      end
+
+      raise 'Not a switch' unless new_switch.is_a? Fog::Hyperv::Compute::Switch
+
+      attributes[:switch_id] = new_switch.id
+      attributes[:switch_name] = new_switch.name
+    end
+
+    def create
+      selector = {}
+      if is_management_os
+        selector[:management_os] = true
+      else
+        requires :vm_id
+
+        selector[:vm_id] = vm_id
+      end
+
+      args = { name:, switch_name: }
+      args[:is_legacy] = true if is_legacy
+      if !dynamic_mac_address_enabled && mac_address != NIC_FALLBACK_MAC
+        args[:static_mac_address] = mac_address
+      else
+        args[:dynamic_mac_address] = true
+      end
+      data = service.add_vm_network_adapter(
+        **selector,
+        computer_name:,
+
+        **args,
+
+        _return_fields: self.class.attributes
+      )
+      post_save_changes = {
+        mac_address_spoofing: mac_address_spoofing,
+        dhcp_guard: dhcp_guard,
+        router_guard: router_guard,
+        allow_teaming: allow_teaming
+      }.compact
+
+      merge_attributes(data)
+      vlan_setting.save if associations[:vlan_setting]
+      return self unless post_save_changes.any?
+
+      attributes.merge!(post_save_changes)
+      update if dirty?
+
+      self
+    end
+
+    def update
+      requires :id
+      requires :vm_id unless is_management_os
+
+      data = {}
+      if changed?(:name)
+        service.rename_vm_network_adapter(
+          computer_name: old.computer_name,
+          id: old.id,
+          vm_id: old.vm_id,
+          management_os: old.is_management_os,
+
+          new_name: name
+        )
+        data[:name] = name
+      end
+
+      changes = build_changelist
+      if changes.any?
+        data.merge!(
+          service.set_vm_network_adapter(
+            computer_name: old.computer_name,
+            id: old.id,
+            vm_id: old.vm_id,
+            management_os: old.is_management_os,
+
+            **changes,
+
+            _always_include: changes.keys,
+            _return_fields: self.class.attributes
+          )
+        )
+      end
+
+      if changed?(:switch_name) || changed?(:switch_id)
+        save_switch
+        data[:switch_name] = switch_name
+        data[:switch_id] = switch_id
+      end
+      vlan_setting.save if associations[:vlan_setting] && vlan_setting.dirty?
+
+      merge_attributes(data)
+    end
+
+    def destroy
+      requires :id
+      requires :vm_id unless is_management_os
+
+      service.remove_vm_network_adapter(
+        computer_name:,
+        vm_id:,
+        id:,
+        management_os: is_management_os
+      )
+      true
+    end
+
+    def reload
+      requires :id
+      requires :vm_id unless is_management_os
+
+      data = service.get_vm_network_adapter(
+        computer_name:,
+        vm_id:,
+        id:,
+        management_os: is_management_os,
+
+        _return_fields: self.class.attributes
+      )
+      return unless data
+
+      merge_attributes(data)
+    end
+
+    protected
+
+    def merge_attributes(new_attributes = {})
+      new_attributes[:ip_addresses] = [] if new_attributes[:ip_addresses] == ''
+      new_attributes[:mac_address] = NIC_FALLBACK_MAC if new_attributes[:mac_address].nil? || new_attributes[:mac_address] == ''
+
+      super
+    end
+
+    private
+
+    def build_changelist
+      changes = {
+        mac_address_spoofing: changed!(:mac_address_spoofing),
+        dhcp_guard: changed!(:dhcp_guard),
+        router_guard: changed!(:router_guard),
+        allow_teaming: changed!(:allow_teaming)
+      }.compact
+      unless is_management_os
+        if dynamic_mac_address_enabled
+          changes[:dynamic_mac_address] = changed!(:dynamic_mac_address_enabled)
+        elsif mac_address && mac_address != NIC_FALLBACK_MAC
+          changes[:static_mac_address] = changed!(:mac_address)
+          changes[:static_mac_address] ||= changed?(:dynamic_mac_address_enabled) ? mac_address : nil
+        end
+      end
+      changes.compact
+    end
+
+    def save_switch
+      selector = { computer_name:, vm_id:, id: }.compact
+      selector[:management_os] = true if is_management_os
+
+      if switch_name || switch_id
+        service.connect_vm_network_adapter(**selector, switch_name:, switch_id:)
+      else
+        service.disconnect_vm_network_adapter(**selector)
+      end
+    end
+  end
+  # rubocop:enable Metrics/ClassLength
+end

data/lib/fog/hyperv/compute/models/network_adapter_vlan.rb

@@ -0,0 +1,172 @@
+# frozen_string_literal: true
+
+class Fog::Hyperv::Compute
+  class NetworkAdapterVlan < Fog::Hyperv::Model
+    # VLAN mode
+    # @note Defined by Microsoft.HyperV.PowerShell.VMNetworkAdapterVlanMode
+    VLAN_OPERATION_MODE = %i[
+      Untagged Access Trunk Private
+    ].freeze
+
+    # Extended mode for Private VLANs
+    # @note Defined by Microsoft.HyperV.PowerShell.VMNetworkAdapterPrivateVlanMode
+    PRIVATE_VLAN_MODE = %i[
+      Unknown Isolated Community Promiscuous
+    ].freeze
+
+    # @!attribute operation_mode
+    #   @return [:Untagged, :Access, :Trunk, :Private] the active VLAN mode
+    attribute :operation_mode, type: :hypervenum, default: :Untagged, values: VLAN_OPERATION_MODE
+    # @!attribute private_vlan_mode
+    #   @return [:Isolated, :Community, :Promiscuous] the type of private VLAN mode to use
+    attribute :private_vlan_mode, type: :hypervenum, default: :Isolated, values: PRIVATE_VLAN_MODE
+    # @!attribute access_vlan_id
+    #   @return [Integer] the VLAN ID to use for operation_mode +:Access+
+    attribute :access_vlan_id, type: :integer
+    # @!attribute allowed_vlan_id_list
+    #   @return [Array<Integer>] the list of allowed VLAN IDs to use for operation_mode +:Trunk+
+    attribute :allowed_vlan_id_list
+    # @!attribute native_vlan_id
+    #   @return [Integer] the native VLAN ID to use for operation_mode +:Trunk+
+    attribute :native_vlan_id, type: :integer
+    # @!attribute primary_vlan_id
+    #   @return [Integer] the primary VLAN ID to use for operation_mode +:Private+
+    attribute :primary_vlan_id, type: :integer
+    # @!attribute secondary_vlan_id
+    #   @return [Integer] the secondary VLAN ID to use for private_vlan_mode +:Isolated+ or +:Community+
+    attribute :secondary_vlan_id, type: :integer
+    # @!attribute secondary_vlan_id_list
+    #   @return [Array<Integer>] the list of secondary VLAN IDs to use for private_vlan_mode +:Promiscuous+
+    attribute :secondary_vlan_id_list
+
+    # @!attribute parent_adapter
+    #   @return [NetworkAdapter] the network adapter this VLAN configuration applies to
+    has_one :parent_adapter, :network_adapters
+
+    alias identity :parent_adapter
+
+    def update
+      requires :parent_adapter
+
+      changes = build_changelist
+      return self unless changes.any?
+
+      merge_attributes(
+        service.set_vm_network_adapter_vlan(
+          computer_name: parent_adapter.computer_name,
+          vm_id: parent_adapter.vm_id,
+          id: parent_adapter.id,
+
+          **changes,
+
+          _always_include: changes.keys,
+          _return_fields: self.class.attributes
+        ) || {} # Unmodified object returns nothing
+      )
+    end
+
+    def reload
+      requires :parent_adapter
+
+      data = service.get_vm_network_adapter_vlan(
+        computer_name: parent_adapter.computer_name,
+        vm_id: parent_adapter.vm_id,
+        id: parent_adapter.id,
+
+        _return_fields: self.class.attributes
+      )
+      return unless data
+
+      merge_attributes(data)
+    end
+
+    def self.render_vlan_list(list)
+      ret = []
+      list = list.map(&:to_i).reject(&:zero?).sort.uniq
+
+      render_tuple = proc do |from, to|
+        next from if from == to
+
+        "#{from}-#{to}"
+      end
+
+      rangeend = rangestart = list.first
+      list.each do |vlan|
+        if vlan > rangeend + 1
+          ret << render_tuple.call(rangestart, rangeend)
+          rangestart = rangeend = vlan
+        else
+          rangeend = vlan
+        end
+      end
+      ret << render_tuple.call(rangestart, rangeend)
+
+      ret.join ','
+    end
+
+    private
+
+    def merge_attributes(new_attributes = {})
+      new_attributes[:allowed_vlan_id_list] = [] \
+        if new_attributes[:allowed_vlan_id_list].nil? || new_attributes[:allowed_vlan_id_list] == ''
+      new_attributes[:secondary_vlan_id_list] = [] \
+        if new_attributes[:secondary_vlan_id_list].nil? || new_attributes[:secondary_vlan_id_list] == ''
+
+      super
+    end
+
+    # VLAN changes require providing the full new configuration on any update, so build that list when necessary
+    def build_changelist
+      changes = {}
+      case operation_mode
+      when :Untagged
+        return changes unless changed?(:operation_mode)
+
+        changes[:untagged] = true
+      when :Access
+        requires :access_vlan_id
+        return changes unless changed?(:operation_mode, :access_vlan_id)
+
+        changes[:access] = true
+        changes[:access_vlan_id] = access_vlan_id
+      when :Trunk
+        requires :allowed_vlan_id_list, :native_vlan_id
+        return changes unless changed?(:operation_mode, :allowed_vlan_id_list, :native_vlan_id)
+
+        changes[:trunk] = true
+        changes[:allowed_vlan_id_list] = render_vlan_list(allowed_vlan_id_list)
+        changes[:native_vlan_id] = native_vlan_id
+      when :Private
+        requires :private_vlan_mode, :primary_vlan_id
+        case private_vlan_mode
+        when :Isolated
+          requires :secondary_vlan_id
+          return changes unless changed?(:operation_mode, :private_vlan_mode, :primary_vlan_id, :secondary_vlan_id)
+
+          changes[:isolated] = true
+          changes[:primary_vlan_id] = primary_vlan_id
+          changes[:secondary_vlan_id] = secondary_vlan_id
+        when :Community
+          requires :secondary_vlan_id
+          return changes unless changed?(:operation_mode, :private_vlan_mode, :primary_vlan_id, :secondary_vlan_id)
+
+          changes[:community] = true
+          changes[:primary_vlan_id] = primary_vlan_id
+          changes[:secondary_vlan_id] = secondary_vlan_id
+        when :Promiscuous
+          requires :secondary_vlan_id_list
+          return changes unless changed?(:operation_mode, :private_vlan_mode, :primary_vlan_id, :secondary_vlan_id_list)
+
+          changes[:promiscuous] = true
+          changes[:primary_vlan_id] = primary_vlan_id
+          changes[:secondary_vlan_id_list] = render_vlan_list(secondary_vlan_id_list)
+        end
+      end
+      changes
+    end
+
+    def render_vlan_list(list)
+      self.class.render_vlan_list list
+    end
+  end
+end

data/lib/fog/hyperv/compute/models/network_adapters.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+class Fog::Hyperv::Compute
+  class NetworkAdapters < Fog::Hyperv::Collection
+    model Fog::Hyperv::Compute::NetworkAdapter
+
+    get_method :get_vm_network_adapter
+
+    attribute :computer_name
+    attribute :vm_id
+
+    def get(identifier, **filters)
+      id = identifier if identifier =~ /\Amicrosoft:#{Fog::Hyperv::GUID}\\#{Fog::Hyperv::GUID}\z/i
+      name = identifier unless id
+
+      id = nil if id&.empty?
+      name = nil if name&.empty?
+
+      raise ArgumentError, 'Must provide a name or combined GUID' if id.nil? && name.nil?
+
+      super(name:, _by_id: id, **filters)
+    end
+
+    protected
+
+    def search_attributes
+      super.merge(
+        _return_fields: model.attributes - %i[vlan_setting]
+      )
+    end
+  end
+end

data/lib/fog/hyperv/compute/models/security.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+class Fog::Hyperv::Compute
+  # Security settings for a generation 2 (UEFI) VM
+  #
+  # @see https://learn.microsoft.com/en-us/windows/win32/hyperv_v2/msvm-securitysettingdata WMI definitions
+  class Security < Fog::Hyperv::Model
+    # @!attribute tpm_enabled
+    #   @return [Boolean] if a vTPM is enabled for the VM
+    attribute :tpm_enabled, type: :boolean
+    # @!attribute [r] ksd_enabled
+    #   @return [Boolean] if a key storage device is enabled for the VM
+    attribute :ksd_enabled, type: :boolean
+    # @!attribute [r] shielded
+    #   @return [Boolean] if the VM is shielded
+    attribute :shielded, type: :boolean
+    # @!attribute encrypt_state_and_vm_migration_traffic
+    #   @return [Boolean] if VM state and migration traffic should be encrypted
+    attribute :encrypt_state_and_vm_migration_traffic, type: :boolean
+    # @!attribute virtualization_based_security_opt_out
+    #   @return [Boolean] if virtualization-based securty should be opted out of for the VM
+    attribute :virtualization_based_security_opt_out, type: :boolean
+    # @!attribute [r] bind_to_host_tpm
+    #   @return [Boolean] if the VM is bound to the host TPM
+    attribute :bind_to_host_tpm, type: :boolean
+
+    # @!attribute [r] vm
+    #   @return [Server] the VM this security configuration is attached to
+    has_one :vm, :servers
+
+    alias identity :hash
+
+    # @!attribute [r] key_protector
+    # @return [String, null] the key protector encryption key
+    # @see change_key_protector
+    def key_protector
+      requires :vm
+
+      @key_protector ||= service.get_vm_key_protector(
+        computer_name: vm.computer_name,
+        vm_id: vm.id
+      )[:value]
+    end
+
+    # Change the key protector for a VM
+    # @param protector [:new, :local, :last, String] the key protector to set.
+    #   +:new+/+:local+ will generate a new host-local encryption key,
+    #   +:last+ will restore the last successfully used encryption key
+    # @return [String] the binary key protector that was set
+    # @note a VM key protector can not be removed once set, only changed
+    def change_key_protector(protector)
+      requires :vm
+
+      protector = case protector
+                  when :new, :local
+                    { new_local_key_protector: true }
+                  when :last
+                    { restore_last_known_good_key_protector: true }
+                  else
+                    { key_protector: protector }
+                  end
+
+      service.set_vm_key_protector(
+        computer_name: vm.computer_name,
+        vm_id: vm.id,
+
+        **protector
+      )
+      @key_protector = nil
+      true
+    end
+
+    def update
+      requires :vm
+
+      if tpm_enabled != old.tpm_enabled
+        meth = tpm_enabled ? :enable_vm_tpm : :disable_vm_tpm
+        service.public_send(meth, vm_id: vm.id)
+      end
+
+      changes = {
+        encrypt_state_and_vm_migration_traffic: changed!(:encrypt_state_and_vm_migration_traffic),
+        virtualization_based_security_opt_out: changed!(:virtualization_based_security_opt_out)
+      }.compact
+      return self unless changes.any?
+
+      merge_attributes(
+        service.set_vm_security(
+          computer_name: old.vm.computer_name,
+          vm_id: old.vm.id,
+
+          **changes,
+
+          _return_fields: self.class.attributes
+        )
+      )
+    end
+
+    def reload
+      requires :vm
+
+      data = service.get_vm_security(
+        computer_name: vm.computer_name,
+        vm_id: vm.id,
+
+        _return_fields: self.class.attributes
+      )
+      return unless data
+
+      merge_attributes(data)
+    end
+
+    private
+
+    def merge_attributes(attributes = {})
+      attributes[:vm] ||= @vm
+
+      super
+    end
+  end
+end