opennebula 6.10.3 → 6.99.85.pre

data/lib/nsxt_rule.rb

@@ -1,188 +0,0 @@
-# -------------------------------------------------------------------------- #
-# Copyright 2002-2024, OpenNebula Project, OpenNebula Systems                #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License. You may obtain    #
-# a copy of the License at                                                   #
-#                                                                            #
-# http://www.apache.org/licenses/LICENSE-2.0                                 #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS,          #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-#--------------------------------------------------------------------------- #
-module NSXDriver
-
-    module NSXRule
-
-        # Class Logical Switch
-        module NSXTRule
-
-            def nsxt_rule_spec(rule, vm_data, nic_data)
-                # default spec
-                # Allow any-any to any port applied on the
-                # virtual machine logical port
-                rule_name = "#{rule[:id]}-#{rule[:name]}-#{vm_data[:id]}"
-                rule_name << "-#{vm_data[:deploy_id]}-#{nic_data[:id]}"
-                rule_spec = {
-                    :display_name => rule_name,
-                    :destinations_excluded => false,
-                    :sources => [],
-                    :destinations => [],
-                    :services => [],
-                    :applied_tos => [
-                        {
-                            :target_id => nic_data[:lp].id,
-                            :target_display_name => nic_data[:name],
-                            :target_type => nic_data[:lp].type,
-                            :is_valid => true
-                        }
-                    ],
-                    :ip_protocol => 'IPV4_IPV6',
-                    :logged => false,
-                    :action => 'ALLOW',
-                    :sources_excluded => false,
-                    :disabled => false,
-                    :direction => rule[:direction]
-                }
-
-                rule_protocol_template = {
-                    'TCP' => [
-                        {
-                            :service => {
-                                :l4_protocol => 'TCP',
-                                :source_ports => [],
-                                :destination_ports => [],
-                                :resource_type => 'L4PortSetNSService'
-                            }
-                        }
-                    ],
-                    'UDP' => [
-                        {
-                            :service => {
-                                :l4_protocol => 'UDP',
-                                :source_ports => [],
-                                :destination_ports => [],
-                                :resource_type => 'L4PortSetNSService'
-                            }
-                        }
-                    ],
-                    'ICMP' => [
-                        {
-                            :service => {
-                                :protocol => 'ICMPv4',
-                                :resource_type => 'ICMPTypeNSService'
-                            }
-                        }
-                    ],
-                    'ICMPv6' => [
-                        {
-                            :service => {
-                                :protocol => 'ICMPv6',
-                                :resource_type => 'ICMPTypeNSService'
-                            }
-                        }
-                    ],
-                    'IPSEC' => [
-                        {
-                            :service => {
-                                :l4_protocol => 'UDP',
-                                :source_ports => [],
-                                :destination_ports => [],
-                                :resource_type => 'L4PortSetNSService'
-                            }
-                        },
-                        {
-                            :service => {
-                                :protocol_number => 50,
-                                :resource_type => 'IPProtocolNSService'
-                            }
-                        },
-                        {
-                            :service => {
-                                :protocol_number => 51,
-                                :resource_type => 'IPProtocolNSService'
-                            }
-                        }
-                    ]
-                }
-
-                # Modify default rule spec based on rule_data extracted
-                # from vm template
-
-                ###### SOURCES / DESTINATIONS: Any | IP Address | Vnet #####
-                src_or_dst = []
-
-                # Target network: Vnet
-                if !rule[:network_id].empty?
-
-                    src_or_dst << {
-                        :target_id => rule[:network_nsxid],
-                        :target_display_name => rule[:network_name],
-                        :target_type => 'LogicalSwitch',
-                        :is_valid => true
-                    }
-
-                # Target network: Manual network (IP Address)
-                elsif !rule[:subnets].empty?
-                    rule[:subnets].each do |subnet|
-                        src_or_dst << {
-                            :target_id => subnet,
-                            :target_display_name => subnet,
-                            :target_type => 'IPAddress',
-                            :is_valid => true
-                        }
-                    end
-                end
-
-                # (OpenNebula) INBOUND  => Destination (NSX)
-                # (OpenNebula) OUTBOUND => Source (NSX)
-                unless src_or_dst.empty?
-                    rule_spec[:sources] = src_or_dst \
-                        if rule[:direction] == 'IN'
-                    rule_spec[:destinations] = src_or_dst \
-                        if rule[:direction] == 'OUT'
-                end
-
-                ##### SERVICES #####
-                services = []
-                service = rule_protocol_template[rule[:protocol]]
-
-                case rule[:protocol]
-                when 'TCP'
-                    service[0][:service][:source_ports] = rule[:ports] \
-                        if rule[:direction] == 'IN'
-                    service[0][:service][:destination_ports] = rule[:ports] \
-                        if rule[:direction] == 'OUT'
-                when 'UDP'
-                    service[0][:service][:source_ports] = rule[:ports] \
-                        if rule[:direction] == 'IN'
-                    service[0][:service][:destination_ports] = rule[:ports] \
-                        if rule[:direction] == 'OUT'
-                # when 'ICMP'
-                # when 'ICMPv6'
-                when 'IPSEC'
-                    ipsec_ports = NSXConstants::NSX_RULE_IPSEC_PORTS
-                    service[0][:service][:source_ports] = ipsec_ports \
-                        if rule[:direction] == 'IN'
-                    service[0][:service][:destination_ports] = ipsec_ports \
-                        if rule[:direction] == 'OUT'
-                end
-
-                if rule[:protocol] != 'ALL' && !service.empty?
-                    service.each do |s|
-                        services << s
-                    end
-                    rule_spec[:services] = services
-                end
-
-                rule_spec
-            end
-
-        end
-
-    end
-
-end

data/lib/nsxt_tz.rb

@@ -1,38 +0,0 @@
-# -------------------------------------------------------------------------- #
-# Copyright 2002-2024, OpenNebula Project, OpenNebula Systems                #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License. You may obtain    #
-# a copy of the License at                                                   #
-#                                                                            #
-# http://www.apache.org/licenses/LICENSE-2.0                                 #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS,          #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-#--------------------------------------------------------------------------- #
-module NSXDriver
-
-    # Class Transport Zone
-    class NSXTtz < TransportZone
-
-        # ATTRIBUTES
-        attr_reader :tz_id
-
-        # CONSTRUCTOR
-        def initialize(nsx_client)
-            super(nsx_client)
-            # Construct base URLs
-            @url_tzs_nsxt = NSXConstants::NSXT_TZS
-        end
-
-        # METHODS
-        def tzs
-            @nsx_client.get(@url_tzs_nsxt)
-        end
-
-    end
-
-end

data/lib/nsxv_client.rb

@@ -1,189 +0,0 @@
-# -------------------------------------------------------------------------- #
-# Copyright 2002-2024, OpenNebula Project, OpenNebula Systems                #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License. You may obtain    #
-# a copy of the License at                                                   #
-#                                                                            #
-# http://www.apache.org/licenses/LICENSE-2.0                                 #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS,          #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-#--------------------------------------------------------------------------- #
-module NSXDriver
-
-    ONE_LOCATION = ENV['ONE_LOCATION'] unless defined?(ONE_LOCATION)
-
-    if !ONE_LOCATION
-        RUBY_LIB_LOCATION = '/usr/lib/one/ruby' \
-            unless defined?(RUBY_LIB_LOCATION)
-        GEMS_LOCATION     = '/usr/share/one/gems' \
-            unless defined?(GEMS_LOCATION)
-    else
-        RUBY_LIB_LOCATION = ONE_LOCATION + '/lib/ruby' \
-            unless defined?(RUBY_LIB_LOCATION)
-        GEMS_LOCATION     = ONE_LOCATION + '/share/gems' \
-            unless defined?(GEMS_LOCATION)
-    end
-
-# rubocop: disable all
-# %%RUBYGEMS_SETUP_BEGIN%%
-if File.directory?(GEMS_LOCATION)
-    real_gems_path = File.realpath(GEMS_LOCATION)
-    if !defined?(Gem) || Gem.path != [real_gems_path]
-        $LOAD_PATH.reject! {|l| l =~ /vendor_ruby/ }
-
-        # Suppress warnings from Rubygems
-        # https://github.com/OpenNebula/one/issues/5379
-        begin
-            verb = $VERBOSE
-            $VERBOSE = nil
-            require 'rubygems'
-            Gem.use_paths(real_gems_path)
-        ensure
-            $VERBOSE = verb
-        end
-    end
-end
-# %%RUBYGEMS_SETUP_END%%
-# rubocop: enable all
-
-    $LOAD_PATH << RUBY_LIB_LOCATION
-
-    # Class NSXVClient
-    class NSXVClient < NSXClient
-
-        # ATTIBUTES
-        attr_accessor :nsxmgr
-        attr_accessor :nsx_user
-        attr_accessor :nsx_password
-        attr_accessor :nsx_type
-
-        # CONSTRUCTORS
-        def initialize(nsxmgr, nsx_user, nsx_password)
-            super(nsxmgr, nsx_user, nsx_password)
-            @nsx_type = NSXConstants::NSXV
-        end
-
-        # Prepare headers
-        def add_headers(aditional_headers = [])
-            headers = NSXConstants::HEADER_XML.clone
-            unless aditional_headers.empty?
-                aditional_headers.each do |header|
-                    headers[header.keys[0]] = header.values[0]
-                end
-            end
-            headers
-        end
-
-        # METHODS
-        def get(url, aditional_headers = [], valid_codes = [])
-            if valid_codes.empty?
-                valid_codes = [NSXConstants::CODE_OK,
-                               NSXConstants::CODE_NO_CONTENT]
-            end
-            uri = URI.parse(@nsxmgr + url)
-            headers = add_headers(aditional_headers)
-            request = Net::HTTP::Get.new(uri.request_uri, headers)
-            request.basic_auth(@nsx_user, @nsx_password)
-            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
-                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
-                    https.request(request)
-                end
-            response = check_response(response, valid_codes)
-            Nokogiri::XML response.body
-        end
-
-        def get_full_response(url, aditional_headers = [], valid_codes = [])
-            if valid_codes.empty?
-                valid_codes = [NSXConstants::CODE_OK,
-                               NSXConstants::CODE_NO_CONTENT]
-            end
-            uri = URI.parse(@nsxmgr + url)
-            headers = add_headers(aditional_headers)
-            request = Net::HTTP::Get.new(uri.request_uri, headers)
-            request.basic_auth(@nsx_user, @nsx_password)
-            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
-                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
-                    https.request(request)
-                end
-            check_response(response, valid_codes)
-        end
-
-        # Return: id of the created object
-        def post(url, data, aditional_headers = [], valid_codes = [])
-            if valid_codes.empty?
-                valid_codes = [NSXConstants::CODE_CREATED,
-                               NSXConstants::CODE_OK]
-            end
-            uri = URI.parse(@nsxmgr + url)
-            headers = add_headers(aditional_headers)
-            request = Net::HTTP::Post.new(uri.request_uri, headers)
-            request.body = data
-            request.basic_auth(@nsx_user, @nsx_password)
-            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
-                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
-                    https.request(request)
-                end
-            response = check_response(response, valid_codes)
-            response.body
-        end
-
-        def put(url, data, aditional_headers = [], valid_codes = [])
-            if valid_codes.empty?
-                valid_codes = [NSXConstants::CODE_CREATED,
-                               NSXConstants::CODE_OK]
-            end
-            uri = URI.parse(@nsxmgr + url)
-            headers = add_headers(aditional_headers)
-            request = Net::HTTP::Put.new(uri.request_uri, headers)
-            request.body = data
-            request.basic_auth(@nsx_user, @nsx_password)
-            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
-                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
-                    https.request(request)
-                end
-            response = check_response(response, valid_codes)
-            response.body
-        end
-
-        def delete(url, aditional_headers = [], valid_codes = [])
-            if valid_codes.empty?
-                valid_codes = [NSXConstants::CODE_OK,
-                               NSXConstants::CODE_NO_CONTENT]
-            end
-            uri = URI.parse(@nsxmgr + url)
-            headers = add_headers(aditional_headers)
-            request = Net::HTTP::Delete.new(uri.request_uri, headers)
-            request.basic_auth(@nsx_user, @nsx_password)
-            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
-                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
-                    https.request(request)
-                end
-            check_response(response, valid_codes)
-        end
-
-        def get_token(url, aditional_headers = [], valid_codes = [])
-            if valid_codes.empty?
-                valid_codes = [NSXConstants::CODE_OK]
-            end
-            uri = URI.parse(@nsxmgr + url)
-            headers = add_headers(aditional_headers)
-            request = Net::HTTP::Post.new(uri.request_uri, headers)
-            request.basic_auth(@nsx_user, @nsx_password)
-            response = Net::HTTP.start(uri.host, uri.port, :use_ssl => true,
-                :verify_mode => OpenSSL::SSL::VERIFY_NONE) do |https|
-                    https.request(request)
-                end
-            response = check_response(response, valid_codes)
-            response_xml = Nokogiri::XML response.body
-            token = response_xml.xpath('//authToken/value').text
-            { 'token' => token }.to_json
-        end
-
-    end
-
-end

data/lib/nsxv_dfw.rb

@@ -1,202 +0,0 @@
-# -------------------------------------------------------------------------- #
-# Copyright 2002-2024, OpenNebula Project, OpenNebula Systems                #
-#                                                                            #
-# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
-# not use this file except in compliance with the License. You may obtain    #
-# a copy of the License at                                                   #
-#                                                                            #
-# http://www.apache.org/licenses/LICENSE-2.0                                 #
-#                                                                            #
-# Unless required by applicable law or agreed to in writing, software        #
-# distributed under the License is distributed on an "AS IS" BASIS,          #
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
-# See the License for the specific language governing permissions and        #
-# limitations under the License.                                             #
-#--------------------------------------------------------------------------- #
-module NSXDriver
-
-    # Class Logical Switch
-    class NSXVdfw < DistributedFirewall
-
-        # ATTRIBUTES
-        attr_reader :one_section_id
-
-        # CONSTRUCTOR
-        # Creates OpenNebula section if not exists
-        def initialize(nsx_client)
-            super(nsx_client)
-            # Construct base URLs
-            @base_url = NSXConstants::NSXV_DFW_BASE
-            @url_sections = @base_url + \
-                            NSXConstants::NSXV_DFW_SECTIONS
-            @one_section_id = init_section
-        end
-
-        # Sections
-        # Get all sections
-        # Creates OpenNebula section if not exists and returns
-        # its section_id. Returns its section_id if OpenNebula
-        # section already exists
-        def init_section
-            one_section = section_by_name(NSXConstants::ONE_SECTION_NAME)
-            one_section ||= create_section(NSXConstants::ONE_SECTION_NAME)
-            return one_section.xpath('@id').text if one_section
-        end
-
-        # Get all sections
-        # Params:
-        # - None
-        # Return:
-        # - nil | [Nokogiri::XML::NodeSet] sections
-        def sections
-            result = @nsx_client.get(@base_url)
-            xp = NSXConstants::NSXV_DFW_SECTION_XPATH
-            sections = result.xpath(xp)
-            return sections unless sections.empty?
-        end
-
-        # Get section by id
-        # Params:
-        # - section_id: [String] ID of the section or @one_section_id
-        # Return:
-        # - nil | [Nokogiri::XML::NodeSet] section
-        def section_by_id(section_id = @one_section_id)
-            url = @url_sections + '/' + section_id
-            result = @nsx_client.get(url)
-            xp = NSXConstants::NSXV_DFW_SECTION_XPATH
-            section = result.xpath(xp)
-            return section unless section.empty?
-        end
-
-        # Get section etag needed to manage FW rules
-        # Params:
-        # - section_id: [String] ID of the section or @one_section_id
-        # Return:
-        # - nil | etag [String] ID of the etag header
-        def section_etag(section_id = @one_section_id)
-            url = @url_sections + '/' + section_id
-            response = @nsx_client.get_full_response(url)
-            etag = response['etag']
-            return etag.delete('\"') if etag
-        end
-
-        # Get section by name
-        # Params:
-        # - section_name: [String] Name of the section
-        # Return:
-        # - nil | [Nokogiri::XML::NodeSet] section
-        def section_by_name(section_name)
-            url = @url_sections + '?name=' + section_name
-            result = @nsx_client.get(url) rescue nil
-            return if result.nil?
-
-            xp = NSXConstants::NSXV_DFW_SECTION_XPATH
-            result.xpath(xp)
-        end
-
-        # Create new section
-        # Params:
-        # - section_name [String] Name of the section
-        # Return:
-        # - [Nokogiri::XML::NodeSet]
-        def create_section(section_name)
-            section_spec =
-                "<section name=\"#{section_name}\"\
-                stateless=\"false\" tcpStrict=\"true\" useSid=\"false\">\
-                </section>"
-
-            section = Nokogiri::XML @nsx_client
-                      .post(@url_sections, section_spec)
-            section_id = section.xpath('//section/@id').text
-            result = section_by_id(section_id)
-            raise 'Section was not created in DFW' unless result
-
-            result
-        end
-
-        # Delete section
-        # Params:
-        # - section_id: [String] ID of the section or @one_section_id
-        def delete_section(section_id = @one_section_id)
-            url = @url_sections + '/' + section_id
-            @nsx_client.delete(url)
-        end
-
-        # Rules
-        # Get all rules
-        # Params:
-        # - section_id: [String] ID of the section or @one_section_id
-        # Return:
-        # - [Nokogiri::XML::NodeSet]
-        def rules(section_id = @one_section_id)
-            url = @url_sections + '/' + section_id
-            rules = @nsx_client.get(url)
-            rules.xpath(NSXConstants::NSXV_DFW_RULE_XPATH)
-        end
-
-        # Get rule by id
-        # Return:
-        # - rule | nil
-        def rule_by_id(rule_id, section_id = @one_section_id)
-            url = @url_sections + '/' + section_id + '/rules/' + rule_id
-            valid_codes = [NSXConstants::CODE_CREATED,
-                           NSXConstants::CODE_OK,
-                           NSXConstants::CODE_BAD_REQUEST,
-                           NSXConstants::CODE_NOT_FOUND]
-            additional_headers = []
-            result = @nsx_client.get(url, additional_headers, valid_codes)
-            result.xpath(NSXConstants::NSXV_DFW_RULE_XPATH)
-        end
-
-        # Get rules by name
-        # Return:
-        # - [Nokogiri::XML::NodeSet]
-        def rules_by_name(rule_name, section_id = @one_section_id)
-            rules = Nokogiri::XML::NodeSet.new(Nokogiri::XML::Document.new)
-
-            all_rules = rules(section_id)
-            return rules unless all_rules
-
-            all_rules.xpath("//rule[name=\"#{rule_name}\"]")
-        end
-
-        # Create new rule
-        def create_rule(rule_spec, section_id = @one_section_id)
-            # etag is needed to add a new header If-Match
-            etag = section_etag(section_id)
-            raise NSXError::ObjectNotFound('etag') \
-                unless etag
-
-            aditional_headers = [{ 'If-Match' => etag }]
-            url = @url_sections + '/' + section_id + '/rules'
-            @nsx_client.post(url, rule_spec, aditional_headers)
-        end
-
-        # Update rule
-        def update_rule(rule_id, rule_spec, section_id = @one_section_id)
-            url = @url_sections + '/' + section_id + '/rules/' + rule_id
-            rule = rule_by_id(rule_id)
-            raise "Rule id #{rule_id} not found" unless rule
-
-            # etag is needed to add a new header If-Match
-            etag = section_etag(section_id)
-            raise "Cannot get etag from section: #{section_id}" unless etag
-
-            aditional_headers = [{ 'If-Match' => etag }]
-            @nsx_client.put(url, rule_spec, aditional_headers)
-        end
-
-        # Delete rule
-        def delete_rule(rule_id, section_id = @one_section_id)
-            url = @url_sections + '/' + section_id + '/rules/' + rule_id
-            # etag is needed to add a new header If-Match
-            etag = section_etag(section_id)
-            raise "Cannot get etag from section: #{section_id}" unless etag
-
-            aditional_headers = [{ 'If-Match' => etag }]
-            @nsx_client.delete(url, aditional_headers)
-        end
-
-    end
-
-end