firewall.py 2.86 KB
Newer Older
1 2 3 4
#!/bin/bash /usr/scripts/python.sh
# -*- coding: utf-8 -*-
#
# Service in charge of firewall for trigger.
5 6
# Contains multiple subservices for each special
# part of firewall.
7
#
8
# Author  : Pierre-Elliott Bécue <becue@crans.org>
9
# Licence : GPLv3
10
# Date    : 15/06/2014
11 12 13 14 15
"""
Firewall service module. is uses the firewall library as it's, it
is not designed to replace it, just to call specific functions from
it to regenerate what needs to.
"""
16 17

import lc_ldap.shortcuts
18
import gestion.config.trigger as trigger_config
19
from gestion.trigger.services.service import BasicService
20
import cranslib.clogger as clogger
21
import gestion.trigger.firewall4.firewall4 as firewall4
22

23
logger = clogger.CLogger("trigger", "firewall", "debug", trigger_config.debug)
24

25
class Firewall(BasicService):
26 27 28 29 30 31
    """Firewall service that handles any modification in the firewall.

    """

    # Class lookup table to define which changes call which function.
    changes_trigger = {
32 33
        lc_ldap.attributs.macAddress.ldap_name: ('send_mac_ip',),
        lc_ldap.attributs.ipHostNumber.ldap_name: ('send_mac_ip',),
34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65
    }

    @classmethod
    def send_mac_ip(cls, body, diff):
        """Computes mac_ip data to send from body and diff

        """
        macs = tuple([body[i].get(lc_ldap.attributs.macAddress.ldap_name, [''])[0] for i in xrange(1, 3)])
        ips = tuple([body[i].get(lc_ldap.attributs.ipHostNumber.ldap_name, [''])[0] for i in xrange(1, 3)])

        # Mise à jour du parefeu mac_ip
        if not macs[0]:
            # Création d'une nouvelle machine.
            fw = {'add': [(macs[1], ips[1])]}
        elif not macs[1]:
            # Destruction d'une machine.
            fw = {'delete': [(macs[0], ips[0])]}
        else:
            # Mise à jour.
            fw = {'update': [(macs[0], ips[0], macs[1], ips[1])]}
        return ("firewall", ("mac_ip", fw))

    @classmethod
    def regen(cls, body=()):
        """Regens the specific service

        """
        if len(body) != 2:
            logger.warning("Received body %r, this format is incorrect, discarding.", body)
            return
        (service, data) = body
        logger.info("Calling service %s for data %r", service, data)
66
        getattr(cls, service)(data)
67

68 69 70 71 72 73 74 75 76 77 78 79 80 81
    @classmethod
    def mac_ip(cls, body):
        host_fw = firewall4.firewall()
        if body and isinstance(body, dict):
            for (mac, ip) in body.get("add", []):
                logger.info("Adding mac_ip %s,%s", mac, ip)
                host_fw.mac_ip_append(mac, ip)
            for (mac, ip) in body.get("delete", []):
                logger.info("Removing mac_ip %s,%s", mac, ip)
                host_fw.mac_ip_remove(mac, ip)
            for (rmac, rip, mac, ip) in body.get("update", []):
                logger.info("Updating mac_ip %s,%s with %s,%s", rmac, rip, mac, ip)
                host_fw.mac_ip_remove(rmac, rip)
                host_fw.mac_ip_append(mac, ip)