ukcloud-vpn 0.0.6

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c3502c84be2bf3e2d7f051af0dfb09485c554621
+  data.tar.gz: 3c5bc2c4c497296e05684c92436736bc302d0d56
+SHA512:
+  metadata.gz: 8095033a2b267c862dd4bb7e0184b325f5805e2c4e352ca1dc309c96619b361eb4ca93cd377788d6185c9a12708ac633f6ae4a9dbbbd86833d1c7bb189eae798
+  data.tar.gz: 50787b78bdf41c4349b3a7d724efaadf847f5399e9c21cfb819d90072fb4310e14dbcd70830238d3a6929ad9a1805adae4447c5ffe35f1b27e4b79c6462ff3e5

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,2 @@
+--format documentation
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.0.0
+before_install: gem install bundler -v 1.10.6

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in ukcloud-vpn.gemspec
+gemspec

data/README.md

@@ -0,0 +1,149 @@
+#UKCloud IPSec VPN Configuration Tool
+
+This command line tool allows UKCloud customers using vShield Edge firewalls to configure IPSec tunnels using a configuration file written in "YAML"
+For more information on YAML and it's syntax see: https://en.wikipedia.org/wiki/YAML
+
+
+
+## Installation
+
+First ensure Ruby is installed on your machine. 
+
+To check you can run:
+
+```batchfile
+>ruby -v
+ruby 2.0.0p247 (2013-06-27) [i386-mingw32]
+```
+
+The tool was built using Ruby 2.0.0p247 but other versions may work. 
+
+And then install the gem using:
+```batchfile
+>gem install ukcloud-vpn
+```
+
+## Usage
+
+Once installed the tool can be run by executing the following:
+
+```batchfile
+>ukcloud-vpn apply <path to yaml file>
+```
+
+For example:
+
+```batchfile
+>ukcloud-vpn apply c:\tmp\firewalls.yml
+```
+
+Or for Linux:
+
+```batchfile
+$ ukcloud-vpn apply /tmp/firewalls.yml
+```
+
+
+## Configuration File
+
+The configuration file uses YAML as a format and defines one or more vShield Edge Firewalls to be configured. 
+The file has the following syntax:
+
+```yaml
+Firewalls:
+  - Name: Firewall_1
+    Service:
+      IsEnabled: true
+    Creds:
+      User: xxx.xxxx.xxx
+      Password: xxxxxxxxxxxx
+      Org: x-x-xx-xxxx
+      Url: api.vcd.portal.ukcloudcloud.com
+      Edge: nftxxxxxx-x
+    GatewayIpsecVpnService:
+      IsEnabled: true
+      Tunnel:
+      - Name: west-to-east
+        IpsecVpnLocalPeerId:
+        IpsecVpnLocalPeerName:
+        PeerIpAddress: 111.111.111.111
+        PeerId: 111.111.111.111
+        LocalIpAddress: 222.222.222.222
+        LocalId: 222.222.222.222
+        LocalSubnet:
+        - Name: DMZ
+          Gateway: 10.0.1.1
+          Netmask: 255.255.255.0
+        PeerSubnet:
+        - Name: DMZ
+          Gateway: 10.0.10.1
+          Netmask: 255.255.255.0
+        SharedSecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+        EncryptionProtocol: AES256
+        Mtu: 1400
+        IsEnabled: true
+  - Name: Firewall_2
+    Creds:
+      User: xxx.xxxx.xxx
+      Password: xxxxxxxxxxxx
+      Org: x-x-xx-xxxx
+      Url: api.vcd.portal.ukcloudcloud.com
+      Edge: nftxxxxxx-x    
+    GatewayIpsecVpnService:
+      IsEnabled: true
+      Tunnel:
+      - Name: east-to-west
+        IpsecVpnLocalPeerId:
+        IpsecVpnLocalPeerName:
+        PeerIpAddress: 222.222.222.222
+        PeerId: 222.222.222.222
+        LocalIpAddress: 111.111.111.111
+        LocalId: 111.111.111.111
+        PeerSubnet:
+        - Name: DMZ
+          Gateway: 10.0.1.1
+          Netmask: 255.255.255.0
+        LocalSubnet:
+        - Name: DMZ
+          Gateway: 10.0.10.1
+          Netmask: 255.255.255.0
+        SharedSecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+        EncryptionProtocol: AES256
+        Mtu: 1400
+        IsEnabled: true
+```
+
+
+Note that a hyphen ( - ) in YAML represents an array item (an item which can appear one or more times). 
+Hopefully it is clear from the example file above the the file supports:
+ * One or more vShield firewalls per file
+ * One or more tunnels per vShield firewall
+ * One or more local subnet per tunnel
+ * One or more peer subnet per tunnel
+
+
+**PeerIpAddress** & **PeerId** should be set to the public IP address of the remote vShield Firewall  
+**LocalIpAddress** & **LocalId** should be set to the public IP address of the local vShield Firewall
+
+
+The file can be created in any text editor (notepad etc) and is usually saved with a ".yml" file extension although this is not required by the tool.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/ukcloud-cloud-services/ukcloud-vpn.
+Please ensure that the tests run successfully before creating a PR and consider increasing the coverage if adding new features.
+
+The project has unit tests using Rspec which can be run using:
+
+```batchfile
+>bundle exec rspec
+```
+
+The CLI tests are written using Cucumber & Aruba and can be run using:
+
+```batchfile
+>bundle exec cucumber
+```
+
+Note: Cucumber tests do not appear to work on Windows
+

data/Rakefile

@@ -0,0 +1,13 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+require 'cucumber'
+require 'cucumber/rake/task'
+
+RSpec::Core::RakeTask.new(:spec)
+Cucumber::Rake::Task.new(:features) do |t|
+  t.cucumber_opts = "features --format pretty"
+end
+
+task :default => :spec
+task :test => :spec
+task :test => :features

data/bin/ukcloud-vpn

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby 
+$LOAD_PATH.unshift File.join(File.dirname(__FILE__), *%w[.. lib])
+require 'cli'
+UKCloud::Vcloud::Ipsec::Cli.start(ARGV)

data/lib/cli.rb

@@ -0,0 +1,28 @@
+require 'thor'
+require 'main'
+require 'version'
+
+module UKCloud
+  module Vcloud
+    module Ipsec
+      class Cli < Thor
+	desc "version", "Print ukcloud-vpn version" 
+
+
+        def version
+          puts UKCloud::Vcloud::Ipsec::VERSION
+        end
+
+
+        desc "apply <location>", "Begin configuration of IPSec tunnels"
+        def apply(path)
+          begin
+            UKCloud::Vcloud::Ipsec::Main.new(path)
+          rescue Exception => e
+            puts e.message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/configuration.rb

@@ -0,0 +1,51 @@
+require 'yaml'
+
+module UKCloud
+  module Vcloud
+    module Ipsec
+      class Configuration
+        attr_accessor :file_location, :full_config, :firewalls
+        def initialize(file_location = "#{Dir.pwd}/firewalls.yml")
+          @file_location = file_location
+          raise("Configuration File Not Found At #{file_location}") unless File.exists?(file_location)
+          
+          @full_config = load_yaml
+          @firewalls = parse_config
+        end
+        
+        def load_yaml
+          file = File.open(@file_location)
+          conf = YAML.load(file)
+          file.close
+          
+          symbolize(conf) unless conf == false
+        end
+        
+        def parse_config
+          raise("No firewalls In Config File: #{@file_location}") unless @full_config.is_a?(Hash) && @full_config[:Firewalls]
+          raise("No firewalls In Config File: #{@file_location}") unless @full_config[:Firewalls].is_a?(Array) && @full_config[:Firewalls].length > 0
+          #To Do: Add Config Schema?  
+          @full_config[:Firewalls]
+          
+          
+        end
+        
+        private
+
+        def symbolize(obj)
+          return obj.reduce({}) do |memo, (k, v)|
+            memo.tap { |m| m[k.to_sym] = symbolize(v) }
+          end if obj.is_a? Hash
+    
+          return obj.reduce([]) do |memo, v| 
+            memo << symbolize(v); memo
+          end if obj.is_a? Array
+  
+          obj
+        end
+       
+        
+      end
+    end
+  end
+end

data/lib/main.rb

@@ -0,0 +1,83 @@
+require 'fog'
+require 'configuration'
+
+
+module UKCloud
+  module Vcloud
+    module Ipsec
+      class Main
+        attr_accessor :config
+        def initialize(config_file)
+          @config = UKCloud::Vcloud::Ipsec::Configuration.new(config_file)
+          configure_firewalls(@config.firewalls)
+        
+        end
+        
+        def configure_firewalls(firewalls)
+          firewalls.each do |firewall| 
+            configure_firewall(firewall)
+          end
+        end
+        
+        def configure_firewall(firewall)
+          creds = firewall[:Creds]
+          connection = vcloud_login(creds)
+          edge_id = get_edge_href(creds[:Edge],connection).split('/').last
+          
+          puts "Configuring VPN Service For Firewall: #{creds[:Edge]}"
+          task = connection.post_configure_edge_gateway_services(edge_id,firewall).body
+          monitor_task(task[:href].split('/').last,connection)
+          puts "Finished Configuring VPN Service For Firewall: #{creds[:Edge]}"
+          
+          #TO DO: SUPPORT MERGING CONFIG WITH EXISTING
+          #current_config = get_current_config(edge_href,connection)
+          #new_config = merge_configs(current_config, new_config)
+          
+        end
+        
+        def vcloud_login(creds)
+          puts "Connecting to vCloud Director API"
+          connection = Fog::Compute::VcloudDirector.new(
+            :vcloud_director_username => "#{creds[:User]}@#{creds[:Org]}",
+            :vcloud_director_password => creds[:Password],
+            :vcloud_director_host => creds[:Url],
+            :vcloud_director_show_progress => true, # task progress bar on/off
+            :connection_options => {
+              :omit_default_port => true
+              }
+            )
+          puts "Connected to vCloud Director API"
+            
+          connection
+        end
+        
+        def get_edge_href(edge_name, connection)
+          puts "Getting vShield Edge HREF From Query"
+          results = connection.get_execute_query(type="edgeGateway", :filter => "name==#{edge_name}").body
+          
+          raise "Edge #{edge_name} Not Found!" unless results[:total] == "1"
+          raise "Edge Name #{edge_name} Not Unique!" if results[:total].to_i > 1
+          puts "Finished Getting vShield Edge HREF From Query"
+          result = results[:EdgeGatewayRecord][:href]
+        end
+        
+        def get_current_config(edge_href,connection)
+          configuration = connection.get_edge_gateway(edge_href.split('/').last).body
+          
+          vpn_service =  configuration[:Configuration][:EdgeGatewayServiceConfiguration][:GatewayIpsecVpnService]
+        end
+        
+        def monitor_task(task_id,connection)
+          task = connection.get_task(task_id).body
+          while(task[:status] == "running") do
+            puts "  Task: #{task[:operation]} Still Running"
+            task = connection.get_task(task_id).body
+            sleep(3)
+          end
+          
+          puts "  Task: #{task[:operation]} Completed With Status: #{task[:status]}"
+        end
+      end
+    end
+  end
+end

data/lib/version.rb

@@ -0,0 +1,7 @@
+module UKCloud
+  module Vcloud
+    module Ipsec
+      VERSION = "0.0.6"
+    end
+  end
+end

data/ukcloud-vpn.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ukcloud-vpn"
+  spec.version       = UKCloud::Vcloud::Ipsec::VERSION
+  spec.authors       = ["Tim Lawrence"]
+  spec.email         = ["tlawrence@ukcloudcloud.com"]
+
+  spec.summary       = %q{Configure vCloud Director IPSec VPNs}
+  spec.homepage      = "https://github.com/ukcloud-cloud-services"
+
+  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
+  # delete this section to allow pushing this gem to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = "https://rubygems.org"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "bin"
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "aruba"
+  
+  spec.add_runtime_dependency 'fog', '>=1.26.0'
+  spec.add_runtime_dependency 'thor'
+end

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: ukcloud-vpn
+version: !ruby/object:Gem::Version
+  version: 0.0.6
+platform: ruby
+authors:
+- Tim Lawrence
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-09-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fog
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.26.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.26.0
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- tlawrence@ukcloudcloud.com
+executables:
+- ukcloud-vpn
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/ukcloud-vpn
+- lib/cli.rb
+- lib/configuration.rb
+- lib/main.rb
+- lib/version.rb
+- ukcloud-vpn.gemspec
+homepage: https://github.com/ukcloud-cloud-services
+licenses: []
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: Configure vCloud Director IPSec VPNs
+test_files: []