vcloud-network-configurator 0.1.0

data/lib/component/nat.rb

@@ -0,0 +1,73 @@
+require 'rubygems'
+require 'nokogiri'
+
+module Component
+  class NAT
+    attr_reader :rules
+
+    def initialize
+      @rules = []
+      @count = 65537
+    end
+
+    def dnat(options)
+      rule(options.merge(:type => 'DNAT'))
+    end
+
+    def snat(options)
+      rule(options.merge(:type => 'SNAT'))
+    end
+
+    def rule(options)
+      @count += 1;
+      defaults = { :enabled => true, :protocol => 'tcp', :id=>@count}
+      options = defaults.merge(options)
+      rules << options
+    end
+
+    def self.instance
+      @nat ||= NAT.new
+    end
+
+    def self.generate_xml interfaces
+      Nokogiri::XML::Builder.new(:encoding => 'UTF-8') do |xml|
+        xml.EdgeGatewayServiceConfiguration('xmlns' => "http://www.vmware.com/vcloud/v1.5", 'xmlns:xsi' => "http://www.w3.org/2001/XMLSchema-instance", 'xsi:schemaLocation' => "http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd") {
+          xml.NatService {
+            xml.IsEnabled "true"
+
+            NAT.instance.rules.each do |rule|
+              xml.NatRule {
+                xml.RuleType rule[:type]
+                xml.IsEnabled rule[:enabled]
+                xml.Id rule[:id]
+                xml.GatewayNatRule {
+                  xml.Interface('type' => "application/vnd.vmware.admin.network+xml", 'name' => rule[:interface], 'href' => interfaces[rule[:interface]])
+                  xml.OriginalIp rule[:original][:ip]
+
+                  if rule[:original][:port]
+                    xml.OriginalPort rule[:original][:port]
+                  end
+
+                  xml.TranslatedIp rule[:translated][:ip]
+
+                  if rule[:translated][:port]
+                    xml.TranslatedPort rule[:translated][:port]
+                  end
+
+                  if rule[:type] == "DNAT"
+                    xml.Protocol rule[:protocol]
+                  end
+
+                }
+              }
+            end
+          }
+        }
+      end
+    end
+  end
+end
+
+def nat (&block)
+  Component::NAT.instance.instance_eval(&block)
+end

data/lib/vcloud_network_configurator.rb

@@ -0,0 +1,64 @@
+require 'optparse'
+require 'component/firewall'
+require 'component/load_balancer'
+require 'component/nat'
+require 'vcloud_network_configurator/edge_gateway'
+
+class VcloudNetworkConfigurator
+  def initialize args
+    @args = args
+    @options = {}
+  end
+
+  def execute
+    parse @args
+    EdgeGateway.new(@options).apply_configuration
+  end
+
+  private
+  def parse args
+    optparser = OptionParser.new do |o|
+      o.banner = "Usage: vcloud_configure_edge_gateway [options] API_URL"
+      o.summary_width = 40
+
+      o.on("-u", "--username=U", String, "Vcloud Username") do |v|
+        @options[:username] = v
+      end
+
+      o.on("-p", "--password=P", String, "Vcloud Password") do |v|
+        @options[:password] = v
+      end
+
+      o.on("-e", "--env=E", String, "Environment: name by which you would refer your environment as (also used for tree structure)") do |v|
+        @options[:environment] = v
+      end
+
+      o.on("-U", "--organization-edgegateway-uuid=U",
+           "UID: This is required to configure edgegateway services. For more info refer to docs/find_organisation_edgegateway_uuid") do |v|
+        @options[:org_edgegateway_uuid] = v
+      end
+
+      o.on("-c", "--component=c", ["lb", "firewall", "nat"], "Environment: lb|firewall|nat") do |v|
+        @options[:component] = v
+      end
+
+      o.on("-o", "--organization=o", "Organization: optional. Will default to environment") do |v|
+        @options[:organization] = v
+      end
+
+      o.on("-d", "--rule-directory=d", "Rules Directory: From where to read the NAT/Firewal/LB rules") do |v|
+        @options[:rules_directory] = v
+      end
+    end
+
+    optparser.parse!(@args)
+    if !args.empty?
+      @options[:api_url] = args[0]
+    else
+      raise Exception.new("No API_URL provided. See help for more details")
+    end
+
+    @options[:organization] ||= @options[:environment]
+  end
+
+end

data/lib/vcloud_network_configurator/configure_task.rb

@@ -0,0 +1,22 @@
+require 'nokogiri'
+
+class ConfigureTask
+  def initialize configure_xml
+    @configure_xml =  Nokogiri::XML(configure_xml)
+    @configure_xml.remove_namespaces!
+  end
+
+  def url
+    @configure_xml.xpath("//Task/@href").to_s
+  end
+
+  def complete?
+    @configure_xml.xpath("//Task/@status").to_s == "success"
+  end
+
+  def error?
+    puts @configure_xml.xpath("//Task/Error/@majorErrorCode")
+
+    !@configure_xml.xpath("//Task/Error/@majorErrorCode").empty?
+  end
+end

data/lib/vcloud_network_configurator/edge_gateway.rb

@@ -0,0 +1,51 @@
+require 'vcloud_network_configurator/vcloud_auth_request'
+require 'vcloud_network_configurator/vcloud_configure_request'
+require 'vcloud_network_configurator/vcloud_check_for_configure_task_request'
+require 'vcloud_network_configurator/configure_task'
+
+class EdgeGateway
+  def initialize options
+    @options = options
+    @vcloud_settings = VcloudSettings.new( { url: @options[:api_url], edge_gateway_uuid: @options[:org_edgegateway_uuid] } )
+  end
+
+  def apply_configuration
+    auth_header = authorize_request
+    configure_request = VcloudConfigureRequest.new(@vcloud_settings, auth_header, @options[:environment], @options[:component], @options[:rules_directory])
+    configure_request.submit
+
+    if configure_request.success?
+      check_for_success auth_header, ConfigureTask.new(configure_request.response_body)
+      return true
+    else
+      puts "Failed to configure the edge gateway"
+      return false
+    end
+  end
+
+  private
+  def authorize_request
+    auth_request = VcloudAuthRequest.new(@vcloud_settings, "#{@options[:username]}@#{@options[:organization]}", @options[:password])
+    auth_request.submit
+    abort("Could not authenticate user") unless auth_request.authenticated?
+
+    auth_request.auth_response["x-vcloud-authorization"]
+  end
+
+  def check_for_success auth_header, configure_task
+    begin
+      puts "\n\n\nSleeping for 10 seconds before the next check for success \n\n\n"
+      sleep(10) unless ENV['GEM_ENV'] == "test"
+      response = VcloudCheckForConfigureTaskRequest.new(auth_header, configure_task.url).submit
+
+      configure_task = ConfigureTask.new(response.body)
+
+      if configure_task.error?
+        abort("Failed to configure the edge gateway")
+      end
+
+    end while not configure_task.complete?
+
+    puts "\n\n\nSuccessfully configured the edge gateway"
+  end
+end

data/lib/vcloud_network_configurator/vcloud_auth_request.rb

@@ -0,0 +1,39 @@
+require "net/http"
+require "vcloud_network_configurator/vcloud_settings"
+
+class VcloudAuthRequest
+
+  def initialize vcloud_settings, username, password
+    @user_name = username
+    @password = password
+    @vcloud_settings = vcloud_settings
+    @response = nil
+  end
+
+  def submit
+    puts "Submitting auth request at #{@vcloud_settings.sessions_url}\n"
+    url = URI(@vcloud_settings.sessions_url)
+    request = Net::HTTP::Post.new url.request_uri
+    request['Accept'] = VcloudSettings.request_headers['Accept']
+    request.basic_auth @user_name, @password
+    session = Net::HTTP.new(url.host, url.port)
+    session.use_ssl = true
+
+    response = session.start do |http|
+      http.request request
+    end
+
+    puts "HTTP #{response.code}"
+    puts response
+    @response = response
+  end
+
+  def authenticated?
+    auth_response.code == "200"
+  end
+
+  def auth_response
+    @response
+  end
+
+end

data/lib/vcloud_network_configurator/vcloud_check_for_configure_task_request.rb

@@ -0,0 +1,26 @@
+require "net/http"
+
+class VcloudCheckForConfigureTaskRequest
+
+  def initialize auth_header, task_url
+    @auth_header = auth_header
+    @task_url = task_url
+  end
+
+  def submit
+    url = URI(@task_url)
+    request = Net::HTTP::Get.new url.request_uri
+    request['Accept'] = 'application/*+xml;version=5.1'
+    request['x-vcloud-authorization'] = @auth_header
+
+    puts "Submitting request at #{@task_url}"
+
+    session = Net::HTTP.new(url.host, url.port)
+    session.use_ssl = true
+    response = session.start do |http|
+      http.request request
+    end
+    puts response
+    return response
+  end
+end

data/lib/vcloud_network_configurator/vcloud_configure_request.rb

@@ -0,0 +1,51 @@
+require "net/http"
+require 'yaml'
+
+class VcloudConfigureRequest
+  def initialize vcloud_settings, auth_header, environment, component, rules_directory
+    @auth_header = auth_header
+    @config_url =  vcloud_settings.edge_gateway_config_url
+    @environment = environment
+    @component = component
+    @response = nil
+    @interfaces = YAML::load_file("#{rules_directory}/#{@environment}/interfaces.yaml")['interfaces']
+
+    require "#{rules_directory}/common_#{component}.rb"
+    require "#{rules_directory}/#{@environment}/#{component}"
+  end
+
+  def components
+    { "firewall" => "Firewall", "nat" => "NAT", "lb" => "LoadBalancer" }
+  end
+
+  def submit
+    url = URI(@config_url)
+    request = Net::HTTP::Post.new url.request_uri
+    request['Accept'] = VcloudSettings.request_headers['Accept']
+    request['Content-Type'] = VcloudSettings.request_headers['Content-Type']
+    request['x-vcloud-authorization'] = @auth_header
+
+    request.body = Kernel.const_get("Component").const_get(components[@component]).generate_xml(@interfaces).to_xml
+
+    puts "Reading configuration from #{@config_file}"
+    puts "Submitting request at #{@config_url}\n"
+
+    session = Net::HTTP.new(url.host, url.port)
+    session.use_ssl = true
+    response = session.start do |http|
+      http.request request
+    end
+
+    puts "HTTP #{response.code}"
+    puts response
+    @response = response
+  end
+
+  def success?
+    @response.code == "202"
+  end
+
+  def response_body
+    @response.body
+  end
+end

data/lib/vcloud_network_configurator/vcloud_settings.rb

@@ -0,0 +1,22 @@
+class VcloudSettings
+
+  def initialize options = {}
+    @api_url = options[:url]
+    @edge_gateway_uuid = options[:edge_gateway_uuid]
+  end
+
+  def sessions_url
+    @api_url + "/sessions"
+  end
+
+  def edge_gateway_config_url
+    @api_url + "/admin/edgeGateway/" + @edge_gateway_uuid + "/action/configureServices"
+  end
+
+  def self.request_headers
+    {
+      'Accept' => 'application/*+xml;version=5.1',
+      'Content-Type' => 'application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml'
+    }
+  end
+end

data/lib/vcloud_network_configurator/version.rb

@@ -0,0 +1 @@
+VERSION = '0.1.0'

data/spec/component/firewall.xml

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EdgeGatewayServiceConfiguration xmlns="http://www.vmware.com/vcloud/v1.5"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd">
+  <FirewallService>
+    <IsEnabled>true</IsEnabled>
+    <DefaultAction>drop</DefaultAction>
+    <LogDefaultAction>false</LogDefaultAction>
+    <FirewallRule>
+      <Id>1</Id>
+      <IsEnabled>true</IsEnabled>
+      <MatchOnTranslate>false</MatchOnTranslate>
+      <Description>Oubound Traffic</Description>
+      <Policy>allow</Policy>
+      <Protocols>
+        <Tcp>true</Tcp>
+        <Udp>true</Udp>
+      </Protocols>
+      <Port>-1</Port>
+      <DestinationPortRange>Any</DestinationPortRange>
+      <DestinationIp>external</DestinationIp>
+      <SourcePort>-1</SourcePort>
+      <SourcePortRange>Any</SourcePortRange>
+      <SourceIp>Any</SourceIp>
+      <EnableLogging>false</EnableLogging>
+    </FirewallRule>
+    <FirewallRule>
+      <Id>2</Id>
+      <IsEnabled>true</IsEnabled>
+      <MatchOnTranslate>false</MatchOnTranslate>
+      <Description>ssh access to jumpbox1</Description>
+      <Policy>allow</Policy>
+      <Protocols>
+        <Tcp>true</Tcp>
+      </Protocols>
+      <Port>22</Port>
+      <DestinationPortRange>22</DestinationPortRange>
+      <DestinationIp>200.11.99.70</DestinationIp>
+      <SourcePort>-1</SourcePort>
+      <SourcePortRange>Any</SourcePortRange>
+      <SourceIp>Any</SourceIp>
+      <EnableLogging>false</EnableLogging>
+    </FirewallRule>
+  </FirewallService>
+</EdgeGatewayServiceConfiguration>

data/spec/component/firewall_spec.rb

@@ -0,0 +1,115 @@
+require 'spec_helper'
+require 'nokogiri'
+require 'equivalent-xml'
+require 'component/firewall'
+
+module Component
+  describe "firewall" do
+    before :each do
+      @interfaces = {
+        "TestData" => "https://vendor-api-url.net/admin/network/1000"
+      }
+    end
+
+    it "should be able to generate XML that matches what we created directly through the control panel" do
+      Firewall.reset
+      firewall do
+        rule "Oubound Traffic", :protocols => [:tcp, :udp] do
+          source      :ip => "Any",           :port => "Any"
+          destination :ip => "external",      :port => "Any"
+        end
+
+        rule "ssh access to jumpbox1", :protocols => [:tcp] do
+          source      :ip => "Any",           :port => "Any"
+          destination :ip => "200.11.99.70", :port => 22
+        end
+      end
+
+      Nokogiri::XML(Firewall.generate_xml(@interfaces).doc.root.to_s).should be_equivalent_to Nokogiri::XML(File.open("spec/component/firewall.xml"))
+    end
+
+    it "should default the protocol to tcp" do
+      Firewall.reset
+      firewall do
+        rule "tcp only" do
+          source      :ip => "Any", :port => "Any"
+          destination :ip => "Any", :port => "Any"
+        end
+      end
+
+      expected = Nokogiri::XML::Builder.new(:encoding => 'UTF-8') do |xml|
+        xml.EdgeGatewayServiceConfiguration('xmlns' => "http://www.vmware.com/vcloud/v1.5", 'xmlns:xsi' => "http://www.w3.org/2001/XMLSchema-instance", 'xsi:schemaLocation' => "http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd") {
+          xml.FirewallService {
+            xml.IsEnabled "true"
+            xml.DefaultAction "drop"
+            xml.LogDefaultAction "false"
+
+            xml.FirewallRule {
+              xml.Id "1"
+              xml.IsEnabled "true"
+              xml.MatchOnTranslate "false"
+              xml.Description "tcp only"
+              xml.Policy "allow"
+
+              xml.Protocols {
+                xml.Tcp "true"
+              }
+
+              xml.Port "-1"
+              xml.DestinationPortRange "Any"
+              xml.DestinationIp "Any"
+              xml.SourcePort "-1"
+              xml.SourcePortRange "Any"
+              xml.SourceIp "Any"
+              xml.EnableLogging "false"
+            }
+          }
+        }
+      end
+
+      Nokogiri::XML(Firewall.generate_xml(@interfaces).doc.root.to_s).should be_equivalent_to(expected.doc.root.to_s)
+    end
+
+    it "should default the source to Any" do
+      Firewall.reset
+      firewall do
+        rule "source port any" do
+          source      :ip => "Any"
+          destination :ip => "Any", :port => "Any"
+        end
+      end
+
+      expected = Nokogiri::XML::Builder.new(:encoding => 'UTF-8') do |xml|
+        xml.EdgeGatewayServiceConfiguration('xmlns' => "http://www.vmware.com/vcloud/v1.5", 'xmlns:xsi' => "http://www.w3.org/2001/XMLSchema-instance", 'xsi:schemaLocation' => "http://www.vmware.com/vcloud/v1.5 http://vendor-api-url.net/v1.5/schema/master.xsd") {
+          xml.FirewallService {
+            xml.IsEnabled "true"
+            xml.DefaultAction "drop"
+            xml.LogDefaultAction "false"
+
+            xml.FirewallRule {
+              xml.Id "1"
+              xml.IsEnabled "true"
+              xml.MatchOnTranslate "false"
+              xml.Description "source port any"
+              xml.Policy "allow"
+
+              xml.Protocols {
+                xml.Tcp "true"
+              }
+
+              xml.Port "-1"
+              xml.DestinationPortRange "Any"
+              xml.DestinationIp "Any"
+              xml.SourcePort "-1"
+              xml.SourcePortRange "Any"
+              xml.SourceIp "Any"
+              xml.EnableLogging "false"
+            }
+          }
+        }
+      end
+
+      Nokogiri::XML(Firewall.generate_xml(@interfaces).doc.root.to_s).should be_equivalent_to(expected.doc.root.to_s)
+    end
+  end
+end