wnm 0.0.9__py3-none-any.whl → 0.0.11__py3-none-any.whl

wnm/firewall/__init__.py

@@ -0,0 +1,13 @@
+"""
+Firewall management abstraction for WNM.
+
+Provides a pluggable interface for firewall operations across different
+firewall implementations (ufw, firewalld, iptables, or no-op).
+"""
+
+from wnm.firewall.base import FirewallManager
+from wnm.firewall.factory import get_firewall_manager
+from wnm.firewall.null_firewall import NullFirewall
+from wnm.firewall.ufw_manager import UFWManager
+
+__all__ = ["FirewallManager", "get_firewall_manager", "NullFirewall", "UFWManager"]

wnm/firewall/base.py

@@ -0,0 +1,71 @@
+"""
+Abstract base class for firewall managers.
+
+Firewall managers handle opening/closing ports for node communication
+across different firewall implementations.
+"""
+
+from abc import ABC, abstractmethod
+
+
+class FirewallManager(ABC):
+    """
+    Abstract interface for firewall management.
+
+    Each implementation handles a specific firewall backend:
+    - UFWManager: Ubuntu's Uncomplicated Firewall (ufw)
+    - FirewalldManager: Firewalld (RHEL/Fedora/CentOS)
+    - IptablesManager: Direct iptables manipulation
+    - NullFirewall: No-op implementation (firewall disabled)
+    """
+
+    @abstractmethod
+    def enable_port(
+        self, port: int, protocol: str = "udp", comment: str = None
+    ) -> bool:
+        """
+        Open a firewall port for incoming traffic.
+
+        Args:
+            port: Port number to open
+            protocol: Protocol type (udp/tcp)
+            comment: Optional comment/description for the rule
+
+        Returns:
+            True if port was opened successfully, False otherwise
+        """
+        pass
+
+    @abstractmethod
+    def disable_port(self, port: int, protocol: str = "udp") -> bool:
+        """
+        Close a firewall port, blocking incoming traffic.
+
+        Args:
+            port: Port number to close
+            protocol: Protocol type (udp/tcp)
+
+        Returns:
+            True if port was closed successfully, False otherwise
+        """
+        pass
+
+    @abstractmethod
+    def is_enabled(self) -> bool:
+        """
+        Check if the firewall is enabled and active.
+
+        Returns:
+            True if firewall is active, False otherwise
+        """
+        pass
+
+    @abstractmethod
+    def is_available(self) -> bool:
+        """
+        Check if this firewall implementation is available on the system.
+
+        Returns:
+            True if firewall tools are installed, False otherwise
+        """
+        pass

wnm/firewall/factory.py

@@ -0,0 +1,95 @@
+"""
+Factory for creating firewall manager instances.
+
+Provides auto-detection of available firewall implementations
+and a factory function for creating the appropriate manager.
+"""
+
+import logging
+import os
+
+from wnm.firewall.base import FirewallManager
+from wnm.firewall.null_firewall import NullFirewall
+from wnm.firewall.ufw_manager import UFWManager
+
+
+def get_default_firewall_type() -> str:
+    """
+    Auto-detect the best firewall manager for this system.
+
+    Checks for available firewall tools in priority order:
+    1. UFW (Ubuntu/Debian)
+    2. Firewalld (RHEL/Fedora) - not yet implemented
+    3. Iptables (Linux fallback) - not yet implemented
+    4. NullFirewall (disabled/unavailable)
+
+    Returns:
+        Firewall type name: "ufw", "firewalld", "iptables", or "null"
+    """
+    # Check if firewall is disabled via environment variable
+    if os.environ.get("WNM_FIREWALL_DISABLED", "").lower() in ("1", "true", "yes"):
+        logging.info("Firewall disabled via WNM_FIREWALL_DISABLED environment variable")
+        return "null"
+
+    # Try UFW first (most common on Ubuntu/Debian)
+    ufw = UFWManager()
+    if ufw.is_available():
+        logging.debug("Auto-detected UFW firewall")
+        return "ufw"
+
+    # TODO: Add firewalld detection
+    # firewalld = FirewalldManager()
+    # if firewalld.is_available():
+    #     logging.debug("Auto-detected firewalld")
+    #     return "firewalld"
+
+    # TODO: Add iptables detection
+    # iptables = IptablesManager()
+    # if iptables.is_available():
+    #     logging.debug("Auto-detected iptables")
+    #     return "iptables"
+
+    # Default to null firewall if nothing available
+    logging.warning("No firewall implementation available, using NullFirewall")
+    return "null"
+
+
+def get_firewall_manager(firewall_type: str = None) -> FirewallManager:
+    """
+    Create a firewall manager instance.
+
+    Args:
+        firewall_type: Type of firewall ("ufw", "firewalld", "iptables", "null")
+                      If None, auto-detects best available option
+
+    Returns:
+        FirewallManager instance
+
+    Raises:
+        ValueError: If firewall_type is not recognized
+    """
+    if firewall_type is None:
+        firewall_type = get_default_firewall_type()
+
+    firewall_type = firewall_type.lower()
+
+    managers = {
+        "ufw": UFWManager,
+        "null": NullFirewall,
+        "disabled": NullFirewall,  # Alias for null
+        # TODO: Add when implemented
+        # "firewalld": FirewalldManager,
+        # "iptables": IptablesManager,
+    }
+
+    if firewall_type not in managers:
+        raise ValueError(
+            f"Unknown firewall type: {firewall_type}. "
+            f"Available: {', '.join(managers.keys())}"
+        )
+
+    manager_class = managers[firewall_type]
+    manager = manager_class()
+
+    logging.debug(f"Created firewall manager: {firewall_type}")
+    return manager

wnm/firewall/null_firewall.py

@@ -0,0 +1,71 @@
+"""
+Null firewall manager implementation.
+
+A no-op firewall manager for systems where firewall management is
+disabled, not needed, or handled externally (e.g., Docker networking).
+"""
+
+import logging
+
+from wnm.firewall.base import FirewallManager
+
+
+class NullFirewall(FirewallManager):
+    """
+    No-op firewall manager that performs no actual firewall operations.
+
+    This is used when:
+    - Firewall management is disabled in configuration
+    - Running in Docker where port mapping handles exposure
+    - Firewall is managed externally
+    - Development/testing environments without firewall
+    """
+
+    def enable_port(
+        self, port: int, protocol: str = "udp", comment: str = None
+    ) -> bool:
+        """
+        No-op port enable operation.
+
+        Args:
+            port: Port number (ignored)
+            protocol: Protocol type (ignored)
+            comment: Comment (ignored)
+
+        Returns:
+            Always True
+        """
+        logging.debug(f"NullFirewall: Skipping enable for port {port}/{protocol}")
+        return True
+
+    def disable_port(self, port: int, protocol: str = "udp") -> bool:
+        """
+        No-op port disable operation.
+
+        Args:
+            port: Port number (ignored)
+            protocol: Protocol type (ignored)
+
+        Returns:
+            Always True
+        """
+        logging.debug(f"NullFirewall: Skipping disable for port {port}/{protocol}")
+        return True
+
+    def is_enabled(self) -> bool:
+        """
+        Check if firewall is enabled.
+
+        Returns:
+            Always False (null firewall is never "enabled")
+        """
+        return False
+
+    def is_available(self) -> bool:
+        """
+        Check if firewall is available.
+
+        Returns:
+            Always True (null firewall is always "available")
+        """
+        return True

wnm/firewall/ufw_manager.py

@@ -0,0 +1,118 @@
+"""
+UFW (Uncomplicated Firewall) manager implementation.
+
+Manages firewall ports using Ubuntu's ufw command-line tool.
+Requires sudo privileges for port operations.
+"""
+
+import logging
+import shutil
+import subprocess
+
+from wnm.firewall.base import FirewallManager
+
+
+class UFWManager(FirewallManager):
+    """
+    Firewall manager for Ubuntu's Uncomplicated Firewall (ufw).
+
+    Uses 'sudo ufw' commands to manage port rules.
+    """
+
+    def enable_port(
+        self, port: int, protocol: str = "udp", comment: str = None
+    ) -> bool:
+        """
+        Open a firewall port using ufw.
+
+        Args:
+            port: Port number to open
+            protocol: Protocol type (udp/tcp)
+            comment: Optional comment for the rule
+
+        Returns:
+            True if port was opened successfully
+        """
+        if not self.is_available():
+            logging.warning("UFW is not available on this system")
+            return False
+
+        logging.info(f"Opening firewall port {port}/{protocol}")
+
+        try:
+            cmd = ["sudo", "ufw", "allow", f"{port}/{protocol}"]
+            if comment:
+                cmd.extend(["comment", comment])
+
+            subprocess.run(
+                cmd,
+                check=True,
+                capture_output=True,
+                text=True,
+            )
+            return True
+
+        except (subprocess.CalledProcessError, Exception) as err:
+            logging.error(f"Failed to open firewall port: {err}")
+            return False
+
+    def disable_port(self, port: int, protocol: str = "udp") -> bool:
+        """
+        Close a firewall port using ufw.
+
+        Args:
+            port: Port number to close
+            protocol: Protocol type (udp/tcp)
+
+        Returns:
+            True if port was closed successfully
+        """
+        if not self.is_available():
+            logging.warning("UFW is not available on this system")
+            return False
+
+        logging.info(f"Closing firewall port {port}/{protocol}")
+
+        try:
+            subprocess.run(
+                ["sudo", "ufw", "delete", "allow", f"{port}/{protocol}"],
+                check=True,
+                capture_output=True,
+                text=True,
+            )
+            return True
+
+        except (subprocess.CalledProcessError, Exception) as err:
+            logging.error(f"Failed to close firewall port: {err}")
+            return False
+
+    def is_enabled(self) -> bool:
+        """
+        Check if UFW is active.
+
+        Returns:
+            True if ufw is active, False otherwise
+        """
+        if not self.is_available():
+            return False
+
+        try:
+            result = subprocess.run(
+                ["sudo", "ufw", "status"],
+                check=True,
+                capture_output=True,
+                text=True,
+            )
+            return "Status: active" in result.stdout
+
+        except subprocess.CalledProcessError:
+            return False
+
+    def is_available(self) -> bool:
+        """
+        Check if ufw is installed on the system.
+
+        Returns:
+            True if ufw command is available
+        """
+        return shutil.which("ufw") is not None

wnm/migration.py

@@ -0,0 +1,42 @@
+"""
+Migration and node discovery utilities.
+
+This module handles surveying existing nodes from process managers for
+database initialization and migration from anm (Autonomi Node Manager).
+
+These functions are only used during initialization, not regular operation.
+The database is the source of truth for node management.
+"""
+
+import logging
+
+from wnm.process_managers.factory import get_default_manager_type, get_process_manager
+
+
+def survey_machine(machine_config, manager_type: str = None) -> list:
+    """
+    Survey all nodes managed by the process manager.
+
+    This is used during database initialization/rebuild to discover
+    existing nodes. The specific process manager handles its own path
+    logic internally.
+
+    Args:
+        machine_config: Machine configuration object
+        manager_type: Type of process manager ("systemd", "launchctl", etc.)
+                     If None, auto-detects from platform
+
+    Returns:
+        List of node dictionaries ready for database insertion
+    """
+    if manager_type is None:
+        # Auto-detect manager type from platform
+        manager_type = get_default_manager_type()
+
+    logging.info(f"Surveying machine with {manager_type} manager")
+
+    # Get the appropriate process manager
+    manager = get_process_manager(manager_type)
+
+    # Use the manager's survey_nodes() method
+    return manager.survey_nodes(machine_config)