smart_proxy_dhcp_bluecat 0.1.0

data/README.md

@@ -0,0 +1,47 @@
+# SmartProxyDhcpBlueCat
+
+This plugin adds a new DHCP provider for managing records with BlueCat Address Manager.
+The Provider manages dhcp reservations and A&PTR records.
+
+## Installation
+
+See [How_to_Install_a_Smart-Proxy_Plugin](http://projects.theforeman.org/projects/foreman/wiki/How_to_Install_a_Smart-Proxy_Plugin)
+for how to install Smart Proxy plugins
+
+This plugin is compatible with Smart Proxy 1.16 or higher.
+
+When installing using "gem", make sure to install the bundle file:
+
+    echo "gem 'smart_proxy_dhcp_bluecat', :git => 'https://github.com/theforeman/smart_proxy_dhcp_bluecat'" > /usr/share/foreman-proxy/bundler.d/dhcp_bluecat.rb
+
+## Configuration
+
+To enable this DHCP provider, edit `/etc/foreman-proxy/settings.d/dhcp.yml` and set:
+
+    :use_provider: dhcp_bluecat
+    :subnets: subnets you want to use (optional)
+
+Configuration options for this plugin are in `/etc/foreman-proxy/settings.d/dhcp_bluecat.yml` and include:
+
+    :scheme: connection mode to the Bluecat address manager
+    :verify: validate ssl connection
+    :host: FQDN or IP of the Bluecat address manager
+    :parent_block: parent_block Id that holds your subnets
+    :view_name: Bluecat DNS view name
+    :config_id: Bluecat configuration id
+    :config_name: Bluecat configuration name
+    :server_id: id of your dhcp server
+    :username: API Username
+    :password: API Password
+
+## Limitations
+    IPv6 Records are currently not implemented
+    Adresses with expired DHCP Leases are not handed out as free IPs by Bluecat
+
+## Contributing
+
+Fork and send a Pull Request. Thanks!
+
+## Copyright
+
+Copyright (c) 2018 Sixt GmbH & Co. Autovermietung KG

data/bundler.d/dhcp_bluecat.rb

@@ -0,0 +1 @@
+gem 'smart_proxy_dhcp_bluecat'

data/config/dhcp_bluecat.yml.example

@@ -0,0 +1,35 @@
+---
+#
+# Configuration file for 'dhcp_bluecat' dhcp provider
+#
+
+#connection mode to the address manager
+#https or http
+:scheme: "https"
+
+# validate ssl connection
+# true or false
+:verify: true
+
+#fqdn or ip of your bluecat address manager
+:host: "192.168.0.2"
+
+# id of the parent_block that holds the subnets that you want to use
+:parent_block: 00000
+
+# name of your dns view
+:view_name: "internal"
+
+# id of your Bluecat configuration
+:config_id: 000000
+
+# Name of your Bluecat configuration
+:config_name: "default"
+
+# id of the server that holds your dhcp
+:server_id: 000000
+
+
+# credentials of your api user
+:username: "username"
+:password: "password"

data/lib/lib/smart_proxy_dhcp_bluecat.rb

@@ -0,0 +1,11 @@
+module Proxy
+  module DHCP
+    module BlueCat; end
+  end
+end
+
+require 'smart_proxy_dhcp_bluecat/plugin_configuration'
+require 'smart_proxy_dhcp_bluecat/module_loader'
+require 'smart_proxy_dhcp_bluecat/settings_validator'
+require 'smart_proxy_dhcp_bluecat/dhcp_bluecat_version'
+require 'smart_proxy_dhcp_bluecat/dhcp_bluecat_plugin'

data/lib/lib/smart_proxy_dhcp_bluecat/bluecat_api.rb

@@ -0,0 +1,345 @@
+require 'httparty'
+require 'ipaddress'
+require 'json'
+
+class BlueCat::Client
+  include ::Proxy::Log
+
+  @@token = ''
+
+  attr_reader :scheme, :verify, :host, :parent_block, :view_name, :config_name, :config_id, :server_id, :username, :password
+
+  def initialize(scheme, verify, host, parent_block, view_name, config_name, config_id, server_id, username, password)
+    @scheme = scheme
+    @verify = verify
+    @host = host
+    @parent_block = parent_block
+    @view_name = view_name
+    @config_name = config_name
+    @config_id = config_id
+    @server_id = server_id
+    @username = username
+    @password = password
+  end
+
+  def rest_login
+    # login to bam, parse the session token
+    logger.debug('BAM Login ' + @scheme + ' ' + @host + ' ')
+    response = HTTParty.get(format('%s://%s/Services/REST/v1/login?username=%s&password=%s', @scheme, @host, @username, @password),
+                            headers: { 'Content-Type' => 'text/plain' },
+                            verify => @verify)
+    if response.code != 200
+      logger.error('BAM Login Failed. HTTP' + response.code.to_s + ' ' + response.body.to_s)
+    end
+    body = response.body.to_s
+    token = body.match(/BAMAuthToken:\s+(\S+)/).captures
+
+    logger.debug('BAM Login Body ' + response.body)
+    logger.debug('BAM Login Token ' + token[0].to_s)
+    @@token = token[0].to_s
+  end
+
+  def rest_logout
+    # logout from bam,
+    logger.debug('BAM Logout ')
+    response = HTTParty.get(format('%s://%s/Services/REST/v1/logout', @scheme, @host),
+                            headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                            verify: @verify)
+    if response.code != 200
+      logger.error('BAM Logout Failed. HTTP' + response.code.to_s + ' ' + response.body.to_s)
+    end
+  end
+
+  def rest_get(endpoint, querystring)
+    # wrapper function to for rest get requests
+    logger.debug('BAM GET ' + endpoint + '?' + querystring)
+
+    response = HTTParty.get(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                              headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                              verify: @verify)
+    # Session propably expired, refresh it and do the request again
+    if response.code == 401
+      rest_login
+      response = HTTParty.get(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                                headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                                verify: @verify)
+    end
+
+    if response.code != 200
+      logger.error('BAM GET Failed. HTTP' + response.code.to_s + ' ' + response.body.to_s)
+      return nil
+    end
+
+    response.body
+  end
+
+  def rest_post(endpoint, querystring)
+    # wrapper function to for rest post requests
+    logger.debug('BAM POST ' + endpoint + '?' + querystring)
+    response = HTTParty.post(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                              headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                              verify: @verify
+                            )
+    # Session propably expired, refresh it and do the request again
+    if response.code == 401
+      rest_login
+      response = HTTParty.post(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                               headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                               verify: @verify)
+    end
+    if response.code != 200
+      logger.error('BAM POST Failed. HTTP' + response.code.to_s + ' ' + response.body.to_s)
+      return nil
+    else
+      return response.body
+    end
+  end
+
+  def rest_put(endpoint, querystring)
+    # wrapper function to for rest put requests
+    logger.debug('BAM PUT ' + endpoint + '?' + querystring)
+    response = HTTParty.put(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                            headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                            verify: @verify)
+    # Session propably expired, refresh it and do the request again
+    if response.code == 401
+      rest_login
+      response = HTTParty.put(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                              headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                              verify: @verify)
+    end
+    if response.code != 200
+      logger.error('BAM PUT Failed. HTTP' + response.code.to_s + ' ' + response.body.to_s)
+      return nil
+    else
+      return response.body
+    end
+  end
+
+  def rest_delete(endpoint, querystring)
+    # wrapper function to for rest delete requests
+    logger.debug('BAM DELETE ' + endpoint + '?' + querystring)
+    response = HTTParty.delete(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                               headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                               verify: @verify)
+
+    # Session propably expired, refresh it and do the request again
+    if response.code == 401
+      rest_login
+      response = HTTParty.delete(format('%s://%s/Services/REST/v1/%s?%s', @scheme, @host, endpoint, querystring),
+                                 headers: { 'Authorization' => 'BAMAuthToken: ' + @@token, 'Content-Type' => 'application/json' },
+                                 verify: @verify)
+    end
+    if response.code != 200
+      logger.error('BAM DELETE Failed. HTTP' + response.code.to_s + ' ' + response.body.to_s)
+      return nil
+    else
+      return response.body
+    end
+  end
+
+  def get_addressid_by_ip(ip)
+    # helper function to get the object id of a ip by an ip address
+    json = rest_get('getIP4Address', 'containerId=' + @config_id.to_s + '&address=' + ip)
+    result = JSON.parse(json)
+    return nil if result.empty?
+    result['id'].to_s
+  end
+
+  def get_networkid_by_ip(ip)
+    # helper function to get the object id of a subnet by an ip address
+    logger.debug('BAM get_networkid_by_ip ' + ip)
+    querystring = 'containerId=' + @config_id.to_s + '&type=IP4Network' + '&address=' + ip.to_s
+    json = rest_get('getIPRangedByIP', querystring)
+    result = JSON.parse(json)
+    return nil if result.empty?
+    result['id'].to_s
+  end
+
+  def get_network_by_ip(ip)
+    # helper function to get the whole subnet informarions by an ip address
+    logger.debug('BAM get_network_by_ip ' + ip)
+    querystring = 'containerId=' + @config_id.to_s + '&type=IP4Network' + '&address=' + ip.to_s
+    json = rest_get('getIPRangedByIP', querystring)
+    result = JSON.parse(json)
+    properties = parse_properties(result['properties'])
+    properties['CIDR'].to_s
+  end
+
+  def parse_properties(properties)
+    # helper function to parse the properties scheme of bluecat into a hash
+    # => properies: a string that contains properties for the object in attribute=value format, with each separated by a | (pipe) character.
+    # For example, a host record object may have a properties field such as ttl=123|comments=my comment|.
+    properties = properties.split('|')
+    h = {}
+    properties.each do |property|
+      h[property.split('=').first.to_s] = property.split('=').last.to_s
+    end
+    h
+  end
+
+  # public
+  def add_host(options)
+    # wrapper function to add the dhcp reservation and dns records
+
+    # add the ip and hostname and mac as static
+    rest_post('addDeviceInstance', 'configName=' + @config_name +
+                                   '&ipAddressMode=PASS_VALUE' \
+                                   '&ipEntity=' + options['ip'] +
+                                   '&viewName=' + @view_name +
+                                   '&zoneName=' + options['hostname'].split('.', 2).last +
+                                   '&deviceName=' + options['hostname'] +
+                                   '&recordName=' + options['hostname'] +
+                                   '&macAddressMode=PASS_VALUE' \
+                                   '&macEntity=' + options['mac'] +
+                                   '&options=AllowDuplicateHosts=true%7C')
+
+    address_id = get_addressid_by_ip(options['ip'])
+
+    # update the state of the ip from static to dhcp reserved
+    rest_put('changeStateIP4Address', 'addressId=' + address_id +
+                                      '&targetState=MAKE_DHCP_RESERVED' \
+                                      '&macAddress=' + options['mac'])
+    # deploy the config
+    rest_post('deployServerConfig', 'serverId=' + @server_id.to_s + '&properties=services=DHCP')
+    # lets wait a little bit for the complete dhcp deploy
+    sleep 3
+    rest_post('deployServerConfig', 'serverId=' + @server_id.to_s + '&properties=services=DNS')
+    nil
+  end
+
+  # public
+  def remove_host(ip)
+    # wrapper function to remove a dhcp reservation and dns records
+    # deploy the config, without a clean config the removal fails sometimes
+    rest_post('deployServerConfig', 'serverId=' + @server_id.to_s + '&properties=services=DHCP,DNS')
+    # remove the ip and depending records
+    rest_delete('deleteDeviceInstance', 'configName=' + @config_name + '&identifier=' + ip)
+    # deploy the config again
+    rest_post('deployServerConfig', 'serverId=' + @server_id.to_s + '&properties=services=DHCP,DNS')
+  end
+
+  # public
+  def get_next_ip(netadress, start_ip, _end_ip)
+    # fetches the next free address in a subnet
+    networkid = get_networkid_by_ip(netadress)
+
+    start_ip = IPAddress.parse(netadress).first if start_ip.to_s.empty?
+
+    properties = 'offset=' + start_ip.to_s + '%7CexcludeDHCPRange=false'
+    result = rest_get('getNextIP4Address', 'parentId=' + networkid.to_s + '&properties=' + properties)
+    return if result.empty?
+    result.tr('"', '')
+  end
+
+  # public
+  def get_subnets
+    # fetches all subnets under the parent_block
+    json = rest_get('getEntities', 'parentId=' + @parent_block.to_s + '&type=IP4Network&start=0&count=10000')
+    results = JSON.parse(json)
+    subnets = []
+    subnets = results.map do |result|
+      properties = parse_properties(result['properties'])
+      net = IPAddress.parse(properties['CIDR'])
+      opts = { routers: [properties['gateway']] }
+      ::Proxy::DHCP::Subnet.new(net.address, net.netmask, opts)
+    end
+    subnets.compact
+  end
+
+  # public
+  def find_mysubnet(subnet_address)
+    # fetches a subnet by its network address
+    net = IPAddress.parse(get_network_by_ip(subnet_address))
+    subnet = ::Proxy::DHCP::Subnet.new(net.address, net.netmask)
+    subnet
+  end
+
+  # public
+  def get_hosts(network_address)
+    # fetches all dhcp reservations in a subnet
+    netid = get_networkid_by_ip(network_address)
+    net =  IPAddress.parse(get_network_by_ip(network_address))
+    subnet = ::Proxy::DHCP::Subnet.new(net.address, net.netmask)
+
+    json = rest_get('getNetworkLinkedProperties', 'networkId=' + netid.to_s)
+    results = JSON.parse(json)
+
+    hosts = []
+    results.each do |result|
+      properties = parse_properties(result['properties'])
+
+      # Static Addresses and Gateway are not needed here
+      # if properties.length() >= 4
+      #  if properties["state"] == "Gateway" or properties["state"] == "Static"
+      #    address = properties[0].split("=").last()
+      #    macAddress = "00:00:00:00:00:00"
+      #    hosttag = properties[3].split("=").last().split(":")
+      #    name = hosttag[1] + "." + hosttag[3]
+      #    opts = {:hostname => name}
+      #    hosts.push(Proxy::DHCP::Reservation.new(name, address, macAddress, subnet, opts))
+      #  end
+      # end
+      next unless properties.length >= 5
+      next unless properties['state'] == 'DHCP Reserved'
+      hosttag = properties['host'].split(':')
+      name = hosttag[1] + '.' + hosttag[3]
+      opts = { hostname: name }
+      hosts.push(Proxy::DHCP::Reservation.new(name, properties['address'], properties['macAddress'].tr('-', ':'), subnet, opts))
+    end
+    hosts.compact
+  end
+
+  # public
+  def get_hosts_by_ip(ip)
+    # fetches a host by its ip
+    hosts = []
+    net =  IPAddress.parse(get_network_by_ip(ip))
+    subnet = ::Proxy::DHCP::Subnet.new(net.address, net.netmask)
+    ipid = get_addressid_by_ip(ip)
+    return nil if ipid.to_s == '0'
+    json = rest_get('getLinkedEntities', 'entityId=' + ipid + '&type=HostRecord&start=0&count=2')
+    results = JSON.parse(json)
+
+    if results.empty?
+      # no host record on ip, fetch mac only
+      json2 = rest_get('getIP4Address', 'containerId=' + @config_id.to_s + '&address=' + ip)
+      result2 = JSON.parse(json2)
+      properties2 = parse_properties(result2['properties'])
+      mac_address = properties2['macAddress'].tr('-', ':')
+      hosts.push(Proxy::DHCP::Reservation.new("", ip, mac_address, subnet, {}))
+    else
+      # host record on ip, return more infos
+      results.each do |result|
+        properties = parse_properties(result['properties'])
+        opts = { hostname: properties['absoluteName'] }
+
+        next unless properties['reverseRecord'].to_s == 'true'.to_s
+        json2 = rest_get('getEntityById', 'id=' + ipid)
+        result2 = JSON.parse(json2)
+        properties2 = parse_properties(result2['properties'])
+        mac_address = properties2['macAddress'].tr('-', ':')
+        unless mac_address.empty?
+          hosts.push(Proxy::DHCP::Reservation.new(properties['absoluteName'], ip, mac_address, subnet, opts))
+        end
+      end
+    end
+    hosts.compact
+  end
+
+  # public
+  def get_host_by_mac(mac)
+    # fetches all dhcp reservations by a mac
+    json = rest_get('getMACAddress', 'configurationId=' + @config_id.to_s + '&macAddress=' + mac.to_s)
+    result = JSON.parse(json)
+    macid = result['id'].to_s
+    return if macid == '0'
+    json2 = rest_get('getLinkedEntities', 'entityId=' + macid + '&type=IP4Address&start=0&count=1')
+    result2 = JSON.parse(json2)
+    return if result2.empty?
+    properties = parse_properties(result2[0]['properties'])
+    host = get_hosts_by_ip(properties['address'])
+    return if host.nil?
+    host[0]
+  end
+end

data/lib/lib/smart_proxy_dhcp_bluecat/dhcp_bluecat_main.rb

@@ -0,0 +1,109 @@
+require 'dhcp_common/server'
+
+module Proxy::DHCP::BlueCat
+  class Provider < ::Proxy::DHCP::Server
+    include Proxy::Log
+    include Proxy::Util
+
+    attr_reader :connection
+    def initialize(connection, managed_subnets)
+      @connection = connection
+      @managed_subnets = managed_subnets
+      super('bluecat', managed_subnets, nil)
+    end
+
+    def subnets
+      logger.debug('START subnets')
+      subnets = @connection.get_subnets
+      logger.debug('END subnets')
+      logger.debug('Returned: ' + subnets.class.to_s + ': ' + subnets.to_s)
+      subnets
+    end
+
+    def all_hosts(network_address)
+      logger.debug('START all_hosts with network_address: ' + network_address.to_s)
+      hosts = @connection.get_hosts(network_address)
+      logger.debug('END all_hosts with network_address: ' + network_address.to_s)
+      logger.debug('Returned: ' + hosts.class.to_s + ': ' + hosts.to_s)
+      hosts
+    end
+
+    def all_leases(network_address)
+      logger.debug('START all_leases with network_address: ' + network_address.to_s)
+      hosts = @connection.get_hosts(network_address)
+      logger.debug('END all_leases with network_address: ' + network_address.to_s)
+      logger.debug('Returned: ' + hosts.class.to_s + ': ' + hosts.to_s)
+      hosts
+    end
+
+    def unused_ip(subnet, mac_address, from_ip_address, to_ip_address)
+      logger.debug('START unused_ip with subnet: ' + subnet.to_s + ' mac_address: ' + mac_address.to_s + ' from_ip_address: ' + from_ip_address.to_s + ' to_ip_address: ' + to_ip_address.to_s)
+      ip = @connection.get_next_ip(subnet, from_ip_address, to_ip_address)
+      logger.debug('END unused_ip with subnet: ' + subnet.to_s + ' mac_address: ' + mac_address.to_s + ' from_ip_address: ' + from_ip_address.to_s + ' to_ip_address: ' + to_ip_address.to_s)
+      logger.debug('Returned: ' + ip.class.to_s + ': ' + ip.to_s)
+      ip
+    end
+
+    def find_record(subnet_address, address)
+      logger.debug('START find_record with subnet_address: ' + subnet_address.to_s + ' address: ' + address.to_s)
+      records = if IPAddress.valid?(address)
+                  find_records_by_ip(subnet_address, address)
+                else
+                  find_record_by_mac(subnet_address, address)
+                end
+      logger.debug('END find_record with subnet_address: ' + subnet_address.to_s + ' address: ' + address.to_s)
+      logger.debug('Returned: ' + records.class.to_s + ': ' + records.to_s)
+      return [] if records.nil?
+      records
+    end
+
+    def find_records_by_ip(subnet_address, ip)
+      logger.debug('START find_records_by_ip with subnet_address: ' + subnet_address.to_s + ' ip: ' + ip.to_s)
+      records = @connection.get_hosts_by_ip(ip)
+      logger.debug('END find_records_by_ip with subnet_address: ' + subnet_address.to_s + ' ip: ' + ip.to_s)
+      logger.debug('Returned: ' + records.class.to_s + ': ' + records.to_s)
+      return [] if records.nil?
+      records
+    end
+
+    def find_record_by_mac(subnet_address, mac_address)
+      logger.debug('START find_record_by_mac with subnet_address: ' + subnet_address.to_s + ' mac_address: ' + mac_address.to_s)
+      record = @connection.get_host_by_mac(mac_address)
+      logger.debug('END find_record_by_mac with subnet_address: ' + subnet_address.to_s + ' mac_address: ' + mac_address.to_s)
+      logger.debug('Returned: ' + record.class.to_s + ': ' + record.to_s)
+      record
+    end
+
+    def find_subnet(subnet_address)
+      logger.debug('START find_subnet with subnet_address: ' + subnet_address.to_s)
+      net = @connection.find_mysubnet(subnet_address)
+      logger.debug('END find_subnet with subnet_address: ' + subnet_address.to_s)
+      logger.debug('Returned: ' + net.class.to_s + ': ' + net.to_s)
+      net
+    end
+
+    def get_subnet(subnet_address)
+      logger.debug('START get_subnet with subnet_address: ' + subnet_address.to_s)
+      net = @connection.find_mysubnet(subnet_address)
+      logger.debug('END get_subnet with subnet_address: ' + subnet_address.to_s)
+      logger.debug('Returned: ' + net.class.to_s + ': ' + net.to_s)
+      net
+    end
+
+    def add_record(options)
+      logger.debug('START add_record with options: ' + options.to_s)
+      @connection.add_host(options)
+      logger.debug('END add_record with options: ' + options.to_s)
+    end
+
+    def del_record(record)
+      logger.debug('START del_record with record: ' + record.to_s)
+      if record.empty?
+        logger.debug('record empty, nothing to do')
+      else
+        @connection.remove_host(record.ip)
+      end
+      logger.debug('END del_record with record: ' + record.to_s)
+    end
+  end
+end