Gitiles
Code Review Sign In
gerrit.lfbroadband.org / xos / 3f6adcd7b42148f45c81b7ea7a5be6ef3f3074a4 / . / xos / services / vpn / models.py
blob: 65e04e73936ca2698500c245f672a6465eb03309 [file] [log] [blame]
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]1from core.models import Service, TenantWithContainer
2from django.db import transaction
3
4VPN_KIND = "vpn"
5
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]6
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]7class VPNService(Service):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]8 """Defines the Service for creating VPN servers."""
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]9 KIND = VPN_KIND
10
11 class Meta:
12 proxy = True
13 # The name used to find this service, all directories are named this
14 app_label = "vpn"
15 verbose_name = "VPN Service"
16
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]17
Jeremy Mowery7ced7382015-12-04 23:58:38 -0700[diff] [blame]18class VPNTenant(TenantWithContainer):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]19 """Defines the Tenant for creating VPN servers."""
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]20
21 class Meta:
22 proxy = True
23 verbose_name = "VPN Tenant"
24
25 KIND = VPN_KIND
26
27 sync_attributes = ("nat_ip", "nat_mac",)
28
Jeremy Mowery3f6adcd2016-02-21 15:36:32 -0700[diff] [blame^]29 default_attributes = {'vpn_subnet': None,
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]30 'server_network': None,
31 'clients_can_see_each_other': True,
Jeremy Mowerye02d4b62016-01-10 15:21:52 -0700[diff] [blame]32 'is_persistent': True,
Jeremy Mowery1eab4fa2016-02-02 17:17:20 -0700[diff] [blame]33 'script': None,
Jeremy Mowery3f6adcd2016-02-21 15:36:32 -0700[diff] [blame^]34 'ca_crt': None}
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]35
36 def __init__(self, *args, **kwargs):
37 vpn_services = VPNService.get_service_objects().all()
38 if vpn_services:
39 self._meta.get_field(
40 "provider_service").default = vpn_services[0].id
41 super(VPNTenant, self).__init__(*args, **kwargs)
42
43 def save(self, *args, **kwargs):
44 super(VPNTenant, self).save(*args, **kwargs)
45 model_policy_vpn_tenant(self.pk)
46
47 def delete(self, *args, **kwargs):
48 self.cleanup_container()
49 super(VPNTenant, self).delete(*args, **kwargs)
50
51 @property
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]52 def addresses(self):
Jeremy Mowery5055c7b2016-01-08 17:25:33 -0700[diff] [blame]53 """Mapping[str, str]: The ip, mac address, and subnet of the NAT network of this Tenant."""
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]54 if (not self.id) or (not self.instance):
55 return {}
56
57 addresses = {}
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]58 for ns in self.instance.ports.all():
59 if "nat" in ns.network.name.lower():
Jeremy Mowery5055c7b2016-01-08 17:25:33 -0700[diff] [blame]60 addresses["ip"] = ns.ip
61 addresses["mac"] = ns.mac
Jeremy Mowery5055c7b2016-01-08 17:25:33 -0700[diff] [blame]62 break
63
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]64 return addresses
65
66 # This getter is necessary because nat_ip is a sync_attribute
67 @property
68 def nat_ip(self):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]69 """str: The IP of this Tenant on the NAT network."""
Jeremy Mowery5055c7b2016-01-08 17:25:33 -0700[diff] [blame]70 return self.addresses.get("ip", None)
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]71
72 # This getter is necessary because nat_mac is a sync_attribute
73 @property
74 def nat_mac(self):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]75 """str: The MAC address of this Tenant on the NAT network."""
Jeremy Mowery5055c7b2016-01-08 17:25:33 -0700[diff] [blame]76 return self.addresses.get("mac", None)
Jeremy Mowerya9b673b2016-01-07 21:25:50 -0700[diff] [blame]77
78 @property
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]79 def server_network(self):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]80 """str: The IP address of the server on the VPN."""
Jeremy Mowerybd2ed3a2016-01-05 16:52:43 -0700[diff] [blame]81 return self.get_attribute(
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]82 'server_network',
83 self.default_attributes['server_network'])
Jeremy Mowerybd2ed3a2016-01-05 16:52:43 -0700[diff] [blame]84
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]85 @server_network.setter
86 def server_network(self, value):
87 self.set_attribute("server_network", value)
Jeremy Mowerybd2ed3a2016-01-05 16:52:43 -0700[diff] [blame]88
89 @property
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]90 def vpn_subnet(self):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]91 """str: The IP address of the client on the VPN."""
Jeremy Mowerybd2ed3a2016-01-05 16:52:43 -0700[diff] [blame]92 return self.get_attribute(
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]93 'vpn_subnet',
94 self.default_attributes['vpn_subnet'])
Jeremy Mowerybd2ed3a2016-01-05 16:52:43 -0700[diff] [blame]95
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]96 @vpn_subnet.setter
97 def vpn_subnet(self, value):
98 self.set_attribute("vpn_subnet", value)
Jeremy Mowerybd2ed3a2016-01-05 16:52:43 -0700[diff] [blame]99
100 @property
Jeremy Mowery4a23e7d2016-01-06 15:16:33 -0700[diff] [blame]101 def is_persistent(self):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]102 """bool: True if the VPN connection is persistence, false otherwise."""
Jeremy Mowery4a23e7d2016-01-06 15:16:33 -0700[diff] [blame]103 return self.get_attribute(
104 "is_persistent",
105 self.default_attributes['is_persistent'])
106
107 @is_persistent.setter
108 def is_persistent(self, value):
109 self.set_attribute("is_persistent", value)
110
111 @property
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]112 def clients_can_see_each_other(self):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]113 """bool: True if the client can see the subnet of the server, false otherwise."""
Jeremy Mowery4a23e7d2016-01-06 15:16:33 -0700[diff] [blame]114 return self.get_attribute(
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]115 "clients_can_see_each_other",
116 self.default_attributes['clients_can_see_each_other'])
Jeremy Mowery4a23e7d2016-01-06 15:16:33 -0700[diff] [blame]117
Jeremy Moweryfd081292016-02-07 17:07:55 -0700[diff] [blame]118 @clients_can_see_each_other.setter
119 def clients_can_see_each_other(self, value):
120 self.set_attribute("clients_can_see_each_other", value)
Jeremy Mowery4a23e7d2016-01-06 15:16:33 -0700[diff] [blame]121
Jeremy Mowerye02d4b62016-01-10 15:21:52 -0700[diff] [blame]122 @property
Jeremy Mowery28223392016-01-25 20:51:11 -0700[diff] [blame]123 def script(self):
124 """string: The file name of the client script"""
Jeremy Mowery34aef752016-01-26 17:58:16 -0700[diff] [blame]125 return self.get_attribute("script", self.default_attributes['script'])
Jeremy Mowerye02d4b62016-01-10 15:21:52 -0700[diff] [blame]126
Jeremy Mowery28223392016-01-25 20:51:11 -0700[diff] [blame]127 @script.setter
128 def script(self, value):
129 self.set_attribute("script", value)
Jeremy Mowerye02d4b62016-01-10 15:21:52 -0700[diff] [blame]130
Jeremy Mowery1eab4fa2016-02-02 17:17:20 -0700[diff] [blame]131 @property
Jeremy Mowery3b1caba2016-02-02 23:53:50 -0700[diff] [blame]132 def ca_crt(self):
Jeremy Mowery1eab4fa2016-02-02 17:17:20 -0700[diff] [blame]133 """str: the string for the ca certificate"""
Jeremy Mowery3b1caba2016-02-02 23:53:50 -0700[diff] [blame]134 return self.get_attribute("ca_crt", self.default_attributes['ca_crt'])
Jeremy Mowery1eab4fa2016-02-02 17:17:20 -0700[diff] [blame]135
Jeremy Mowery3b1caba2016-02-02 23:53:50 -0700[diff] [blame]136 @ca_crt.setter
137 def ca_crt(self, value):
138 self.set_attribute("ca_crt", value)
139
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]140
141def model_policy_vpn_tenant(pk):
Jeremy Mowery82760822016-01-08 16:36:22 -0700[diff] [blame]142 """Manages the contain for the VPN Tenant."""
Jeremy Mowery8b664f72015-12-04 11:52:16 -0700[diff] [blame]143 # This section of code is atomic to prevent race conditions
144 with transaction.atomic():
145 # We find all of the tenants that are waiting to update
146 tenant = VPNTenant.objects.select_for_update().filter(pk=pk)
147 if not tenant:
148 return
149 # Since this code is atomic it is safe to always use the first tenant
150 tenant = tenant[0]
151 tenant.manage_container()