ifstate 2.0.0rc1__py3-none-any.whl → 2.0.0rc3__py3-none-any.whl

ifstate/ifstate.py

@@ -136,6 +136,8 @@ def main():
                        help="be more quiet, print only warnings and errors")
     parser.add_argument("-s", "--soft-schema", action="store_true",
                         help="ignore schema validation errors, expect ifstatecli to trigger internal exceptions")
+    parser.add_argument("-S", "--show-secrets", action="store_true",
+                        help="show secrets when dumping config")
     parser.add_argument("-c", "--config", type=str,
                         default="/etc/ifstate/config.yml", help="configuration YaML filename")
     subparsers = parser.add_subparsers(
@@ -191,7 +193,7 @@ def main():
         if args.action == Actions.IDENTIFY:
             print(yaml.dump(ifs.identify()))
         else:
-            print(yaml.dump(ifs.show(args.action == Actions.SHOWALL)))
+            print(yaml.dump(ifs.show(args.action == Actions.SHOWALL, args.show_secrets)))
 
         ifslog.quit()
         exit(0)

{ifstate-2.0.0rc1.dist-info → ifstate-2.0.0rc3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ifstate
-Version: 2.0.0rc1
+Version: 2.0.0rc3
 Summary: Manage host interface settings in a declarative manner
 Home-page: https://ifstate.net/
 Author: Thomas Liske
@@ -9,7 +9,7 @@ License: GPL3+
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: jsonschema
-Requires-Dist: pyroute2
+Requires-Dist: pyroute2!=0.9.3
 Requires-Dist: pyyaml
 Requires-Dist: setproctitle
 Provides-Extra: shell

{ifstate-2.0.0rc1.dist-info → ifstate-2.0.0rc3.dist-info}/RECORD

@@ -1,13 +1,13 @@
 hooks/wrapper.sh,sha256=ipCmvcadJbXTT6oUR7BIhT5uglITnHfiAdm44vydZuw,1101
 ifstate/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-ifstate/ifstate.py,sha256=OYSQ437-y8oRhnTtudZnHgzIW3kVuyCW9U4mNeA_i54,9119
+ifstate/ifstate.py,sha256=ioiM9xgVWdrpTpK_UxJdaJFlmpFM9R-2_d5pq9_Hepo,9272
 ifstate/shell.py,sha256=7_JFpi4icr9MijynDzbb0v5mxhFsng6PCC4m3uQ255A,2177
 ifstate/vrrp.py,sha256=FJ9b1eJseTtZFfknHU-xV68Qz7cPrRrc5PTcjUVj-fY,5953
-ifstate-2.0.0rc1.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-libifstate/__init__.py,sha256=riz2m6o4yfab3Ta8pbX_Rfbk658N9yDkZWkjJKOiraA,33048
-libifstate/exception.py,sha256=5i59BZdl56J_sNJbyU9n6uHuUNJEyDOO4FJ-neDn9Ds,2608
+ifstate-2.0.0rc3.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+libifstate/__init__.py,sha256=iDV2VI11gPAIDrTXKqkWbo4B9bRcokiY3Fzyu440ayg,33194
+libifstate/exception.py,sha256=jhLN46mqlyGNEz7lmc0K2d3SoZJtKzEVyPduPh22oC0,2280
 libifstate/log.py,sha256=XVoZdwdQoWsjuupFIuG6OP0OrBpXpx7oqyAaUhQ-nJk,4553
-libifstate/util.py,sha256=1CGVgaEj7L4At9FPWcDQLwSe027XSKoxFHIdkS5spSA,11354
+libifstate/util.py,sha256=raYAaRy15JQNUbU3_4GchYV_PkaCvWR_8xjt7NTzMYw,11335
 libifstate/address/__init__.py,sha256=zIGM7UWXSvoijHMD06DfS2CDtiHpiJlqDgJG7Dl1IPE,3222
 libifstate/bpf/__init__.py,sha256=NVzaunTmJU2PbIQg9eWBMKpFgLh3EnD3ujNa7Yt6rNc,7699
 libifstate/bpf/ctypes.py,sha256=kLZJHZlba09Vc-tbsJAcKpDwdoNO2IjlYVLCopawHmA,4274
@@ -21,18 +21,18 @@ libifstate/link/physical.py,sha256=ectyXVchCHqWZR8qsjAD9667wjQbGW1OUKLQheTUFys,5
 libifstate/link/tun.py,sha256=SWkscSAgIk3DWFPWHo9Cmokhj88rO1_sR7Z0Qlg2xGA,993
 libifstate/link/veth.py,sha256=Sv5WZMMsefYFz9I0BQSZyKytCQYxv0vjwAnB7FYHR1A,2283
 libifstate/neighbour/__init__.py,sha256=FJJpbJvqnxvOEii6QDMYzW5jQDEbiEy71GQOEbqaS48,2463
-libifstate/netns/__init__.py,sha256=4DWFsgkT84foKoE0ZIbCIAqezDZzOBf8Ka1OAZS_T9E,10164
+libifstate/netns/__init__.py,sha256=ptSIVld_BNXPE6f4SiIPVdYOE1sgprf5-ZhR-L_3BPE,10145
 libifstate/parser/__init__.py,sha256=byz1W0G7UewVc5FFie-ti3UZjGK3-75wHIaOeq0oySQ,88
 libifstate/parser/base.py,sha256=EV7uJYdVke3a2ghkUZ6ZeaIeVQAPVS4rFnYhebXeQm0,5932
 libifstate/parser/yaml.py,sha256=MC0kmwqt3P45z61fb_wfUqoj0iZyhFYkdPyr0UqMSZA,1415
-libifstate/routing/__init__.py,sha256=EvuS0GC5s7up92DYwSGhkohqhCQKPJpvs-alY4WAQws,25326
-libifstate/sysctl/__init__.py,sha256=EF52CdOOkVSUFR2t21A99KlG1-PjsD4qOiceQC4eI24,3074
+libifstate/routing/__init__.py,sha256=O4lbaCJvLgx-iQUa0WDgRmSPR4AKvveqPgxxb4HwYQ4,25305
+libifstate/sysctl/__init__.py,sha256=u1VJ1aPXeGCl3rwj3g0bDbz6k5k9YS5hQIsgFOBokpk,3202
 libifstate/tc/__init__.py,sha256=inPdampCOIr_4oKNB3awqMkW0Eh4fpPh9jvSba6sPVg,12092
-libifstate/wireguard/__init__.py,sha256=9v9szQdPtAQ7vx4-_adnh-82WdLtg9meeEjlV-uA-9o,6705
+libifstate/wireguard/__init__.py,sha256=dXILLIuahBCkX2ONhre28SzJrVNksbjOICs-cSGGaRg,8625
 libifstate/xdp/__init__.py,sha256=X1xhEIGng7R5d5F4KsChykT2g6H-XBRWbWABijoYDQA,7208
-schema/2/ifstate.conf.schema.json,sha256=W47erPkAJi8BhBZJF_mLdZ1v7832W67BMGOx6KHzsw0,218580
-ifstate-2.0.0rc1.dist-info/METADATA,sha256=9EggrnXIHU69cZWFHFTcyHJvwYbpzTiOJoxtV4rgJ_4,1600
-ifstate-2.0.0rc1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-ifstate-2.0.0rc1.dist-info/entry_points.txt,sha256=HF6jX7Uu_nF1Ly-J9uEPeiRapOxnM6LuHsb2y6Mt-k4,52
-ifstate-2.0.0rc1.dist-info/top_level.txt,sha256=A7peI7aKBaM69fsiSPvMbL3rzTKZZr5qDxKC-pHMGdE,19
-ifstate-2.0.0rc1.dist-info/RECORD,,
+schema/2/ifstate.conf.schema.json,sha256=ukCafLPfHCXpk44u5RMMhWIh9JoIAt2j_3idysAVHaQ,218763
+ifstate-2.0.0rc3.dist-info/METADATA,sha256=hdygdnfWvpggPIMQXwGSHPovg8Xt8VzsE-gAlPf1y-Y,1607
+ifstate-2.0.0rc3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+ifstate-2.0.0rc3.dist-info/entry_points.txt,sha256=HF6jX7Uu_nF1Ly-J9uEPeiRapOxnM6LuHsb2y6Mt-k4,52
+ifstate-2.0.0rc3.dist-info/top_level.txt,sha256=A7peI7aKBaM69fsiSPvMbL3rzTKZZr5qDxKC-pHMGdE,19
+ifstate-2.0.0rc3.dist-info/RECORD,,

libifstate/__init__.py

@@ -49,7 +49,7 @@ import json
 import errno
 import logging
 
-__version__ = "2.0.0rc1"
+__version__ = "2.0.0rc3"
 
 class IfState():
     def __init__(self):
@@ -638,7 +638,7 @@ class IfState():
         return {**root_config}
 
     def _identify_netns(self, netns):
-        ifs_links = []
+        ifs_links = {}
         for ipr_link in netns.ipr.get_links():
             name = ipr_link.get_attr('IFLA_IFNAME')
             # skip links on ignore list
@@ -653,7 +653,6 @@ class IfState():
                     continue
 
                 ifs_link = {
-                    'name': name,
                     'identify': {
                     },
                 }
@@ -663,14 +662,14 @@ class IfState():
                     if value is not None:
                         ifs_link['identify'][attr] = value
 
-                ifs_links.append(ifs_link)
+                ifs_links[name] = ifs_link
 
         if ifs_links:
             return {**{'interfaces': ifs_links}}
         else:
             return None
 
-    def show(self, showall=False):
+    def show(self, showall=False, show_secrets=False):
         if showall:
             defaults = deepcopy(Parser._default_ifstates)
         else:
@@ -680,26 +679,25 @@ class IfState():
         for ip in Parser._default_ifstates['parameters']['ignore']['ipaddr_builtin']:
             ipaddr_ignore.append(ip_network(ip))
 
-        root_config = self._show_netns(self.root_netns, showall, ipaddr_ignore)
+        root_config = self._show_netns(self.root_netns, showall, show_secrets, ipaddr_ignore)
         netns_instances = get_netns_instances()
         if len(netns_instances) > 0:
             netns_configs = {}
             for netns in netns_instances:
-                netns_configs[netns.netns] = self._show_netns(netns, showall, ipaddr_ignore)
+                netns_configs[netns.netns] = self._show_netns(netns, showall, show_secrets, ipaddr_ignore)
 
             return {**defaults, **root_config, 'namespaces': netns_configs}
 
 
         return {**defaults, **root_config}
 
-    def _show_netns(self, netns, showall, ipaddr_ignore):
-        ifs_links = []
+    def _show_netns(self, netns, showall, show_secrets, ipaddr_ignore):
+        ifs_links = {}
         for ipr_link in netns.ipr.get_links():
             name = ipr_link.get_attr('IFLA_IFNAME')
             # skip links on ignore list
             if name != 'lo' and not any(re.match(regex, name) for regex in Parser._default_ifstates['parameters']['ignore']['ifname_builtin']):
                 ifs_link = {
-                    'name': name,
                     'addresses': [],
                     'link': {
                         'state': ipr_link['state'],
@@ -772,6 +770,9 @@ class IfState():
 
                 brport.BRPort.show(netns.ipr, showall, ipr_link['index'], ifs_link)
 
+                if ifs_link['link']['kind'] == 'wireguard':
+                    wireguard.WireGuard.show(netns, showall, show_secrets, name, ifs_link)
+
                 if name == 'lo':
                     if ifs_link['addresses'] == Parser._default_lo_link['addresses']:
                         del(ifs_link['addresses'])
@@ -780,9 +781,9 @@ class IfState():
                         del(ifs_link['link'])
 
                     if len(ifs_link) > 1:
-                        ifs_links.append(ifs_link)
+                        ifs_links['lo'] = ifs_link
                 else:
-                    ifs_links.append(ifs_link)
+                    ifs_links[name] = ifs_link
 
         routing = {
             'routes': Tables(netns).show_routes(Parser._default_ifstates['parameters']['ignore']['routes_builtin']),

libifstate/exception.py

@@ -1,15 +1,7 @@
-from pyroute2.netlink.exceptions import NetlinkError
+from pyroute2 import NetlinkError
 from libifstate.util import logger
 
-# pyroute2.minimal exceptions might be broken
-#   => workaround for pyroute2 #845 #847
 netlinkerror_classes = (NetlinkError)
-try:
-    from pr2modules.netlink.exceptions import NetlinkError as Pr2mNetlinkError
-    netlinkerror_classes = (NetlinkError, Pr2mNetlinkError)
-except ModuleNotFoundError:
-    # required for pyroute2 before 0.6.0
-    pass
 
 class ExceptionCollector():
     def __init__(self, ifname):

libifstate/netns/__init__.py

@@ -5,7 +5,7 @@ import atexit
 from copy import deepcopy
 import logging
 import pyroute2
-from pyroute2.netlink.exceptions import NetlinkError
+from pyroute2 import NetlinkError
 import re
 import secrets
 import shutil

libifstate/routing/__init__.py

@@ -202,7 +202,7 @@ class RTLookup():
         self.str2id = {}
         self.id2str = {}
 
-        for basedir in ['/usr/share/iproute2', '/usr/lib/iproute2', '/etc/iproute2']:
+        for basedir in ['/usr/share/iproute2', '/etc/iproute2']:
             fn = os.path.join(basedir, name)
             try:
                 with open(fn, 'r') as fp:

libifstate/sysctl/__init__.py

@@ -6,7 +6,13 @@ import os
 
 class Sysctl():
     def __init__(self, netns):
-        self.sysctls = {}
+        self.sysctls = {
+            "all": {
+                "ipv6": {
+                    "optimistic_dad": 1
+                }
+            }
+        }
         self.globals = {}
         self.netns = netns
 

libifstate/util.py

@@ -3,7 +3,7 @@ from libifstate.log import logger, IfStateLogging
 import pyroute2
 from pyroute2 import IPRoute, IW, NetNS
 
-from pyroute2.netlink.exceptions import NetlinkError
+from pyroute2 import NetlinkError
 from pyroute2.netlink.rtnl.tcmsg import tcmsg
 from pyroute2.netlink.rtnl import RTM_DELTFILTER, RTM_NEWNSID
 from pyroute2.netlink.rtnl.nsidmsg import nsidmsg

libifstate/wireguard/__init__.py

@@ -1,12 +1,14 @@
 from libifstate.util import logger, IfStateLogging
 from libifstate.exception import netlinkerror_classes, FeatureMissingError
-from wgnlpy import WireGuard as WG
-from ipaddress import ip_network
+import wgnlpy
+import ipaddress
 import collections
 from copy import deepcopy
 import pyroute2.netns
 import socket
 
+SECRET_SETTINGS = ['private_key', 'preshared_key']
+
 class WireGuard():
     def __init__(self, netns, iface, wireguard):
         self.netns = netns
@@ -17,7 +19,7 @@ class WireGuard():
             pyroute2.netns.pushns(self.netns.netns)
 
         try:
-            self.wg = WG()
+            self.wg = wgnlpy.WireGuard()
         finally:
             if self.netns.netns is not None:
                 pyroute2.netns.popns()
@@ -28,7 +30,7 @@ class WireGuard():
             for i, peer in enumerate(self.wireguard['peers']):
                 if 'allowedips' in peer:
                     self.wireguard['peers'][i]['allowedips'] = set(
-                        [ip_network(x) for x in self.wireguard['peers'][i]['allowedips']])
+                        [ipaddress.ip_network(x) for x in self.wireguard['peers'][i]['allowedips']])
 
     def __deepcopy__(self, memo):
         '''
@@ -43,7 +45,7 @@ class WireGuard():
                     pyroute2.netns.pushns(self.netns.netns)
 
                 try:
-                    setattr(result, k, WG())
+                    setattr(result, k, wgnlpy.WireGuard())
                 finally:
                     if self.netns.netns is not None:
                         pyroute2.netns.popns()
@@ -157,3 +159,57 @@ class WireGuard():
 
             del(opts['endpoint'])
             self.wg.set_peer(self.iface, public_key=public_key, **opts)
+
+    def show(netns, show_all, show_secrets, name, config):
+        if netns.netns is not None:
+            pyroute2.netns.pushns(self.netns.netns)
+
+        try:
+            wg = wgnlpy.WireGuard()
+        finally:
+            if netns.netns is not None:
+                pyroute2.netns.popns()
+
+        state = wg.get_interface(
+            name, spill_private_key=show_secrets, spill_preshared_keys=show_secrets)
+
+        config['wireguard'] = {
+            'peers': {},
+        }
+
+        def _dump_value(value):
+            if isinstance(value, (ipaddress.IPv4Network, ipaddress.IPv6Network, wgnlpy.sockaddr_in.sockaddr_in)):
+                return str(value)
+            elif type(value) is list:
+                result = []
+                for v in value:
+                    result.append(_dump_value(v))
+                return result
+            else:
+                return value
+
+        def _dump_values(cfg, key, value):
+            if show_all:
+                if value is None:
+                    return
+            else:
+                if not value:
+                    return
+
+            if key in SECRET_SETTINGS:
+                if show_secrets:
+                    cfg[key] = str(value)
+                else:
+                    cfg[key] = f"# VALUE IS HIDDEN - USE --show-secrets TO REVEAL"
+            else:
+                cfg[key] = _dump_value(value)
+
+        for key in ['private_key', 'listen_port', 'fwmark']:
+            value = getattr(state, key)
+            _dump_values(config['wireguard'], key, value)
+
+        for peer in state.peers:
+            config['wireguard']['peers'][str(peer)] = {}
+            for key in ['preshared_key', 'endpoint', 'persistent_keepalive_interval', 'allowedips']:
+                value = getattr(state.peers[peer], key)
+                _dump_values(config['wireguard']['peers'][str(peer)], key, value)

schema/2/ifstate.conf.schema.json

@@ -989,6 +989,7 @@
                     "type": "integer"
                 },
                 "optimistic_dad": {
+                    "description": "perform Optimistic Duplicate Address Detection (RFC 4429); *This option is enabled by default in ifstate!*",
                     "type": "integer"
                 },
                 "proxy_ndp": {
@@ -1756,7 +1757,7 @@
                             "additionalProperties": false,
                             "properties": {
                                 "script": {
-                                    "description": "filename to be executed on interface configuration, the hook name will be used by default; relatives file are based on `/etc/needrestart/hooks`",
+                                    "description": "filename to be executed on interface configuration: the hook name will be used by default; relatives file are based on `/etc/needrestart/hooks`",
                                     "type": "string",
                                     "minLength": 1
                                 },
@@ -1864,7 +1865,7 @@
             }
         },
         "interfaces": {
-            "description": "list of interface settings (link settings and ip addresses)",
+            "description": "dictionary of interfaces related settings, the name of the interface needs to be specified as key",
             "type": "object",
             "additionalProperties": false,
             "patternProperties": {