1
# vim: tabstop=4 shiftwidth=4 softtabstop=4
4
# Licensed under the Apache License, Version 2.0 (the "License"); you may
5
# not use this file except in compliance with the License. You may obtain
6
# a copy of the License at
8
# http://www.apache.org/licenses/LICENSE-2.0
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13
# License for the specific language governing permissions and limitations
16
from heat.engine import clients
17
from heat.engine.resources.neutron import neutron
18
from heat.engine import scheduler
20
if clients.neutronclient is not None:
21
from neutronclient.common.exceptions import NeutronClientException
23
from heat.openstack.common import log as logging
25
logger = logging.getLogger(__name__)
28
class VPNService(neutron.NeutronResource):
30
A resource for VPN service in Neutron.
33
properties_schema = {'name': {'Type': 'String'},
34
'description': {'Type': 'String'},
35
'admin_state_up': {'Type': 'Boolean',
37
'subnet_id': {'Type': 'String',
39
'router_id': {'Type': 'String',
43
'admin_state_up': 'the administrative state of the vpn service',
44
'description': 'description of the vpn service',
45
'id': 'unique identifier for the vpn service',
46
'name': 'name for the vpn service',
47
'router_id': 'unique identifier for router used to create the vpn'
49
'status': 'the status of the vpn service',
50
'subnet_id': 'unique identifier for subnet used to create the vpn'
52
'tenant_id': 'tenant owning the vpn service'
55
update_allowed_keys = ('Properties',)
57
update_allowed_properties = ('name', 'description', 'admin_state_up',)
59
def _show_resource(self):
60
return self.neutron().show_vpnservice(self.resource_id)['vpnservice']
62
def handle_create(self):
63
props = self.prepare_properties(
65
self.physical_resource_name())
66
vpnservice = self.neutron().create_vpnservice({'vpnservice': props})[
68
self.resource_id_set(vpnservice['id'])
70
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
72
self.neutron().update_vpnservice(self.resource_id,
73
{'vpnservice': prop_diff})
75
def handle_delete(self):
76
client = self.neutron()
78
client.delete_vpnservice(self.resource_id)
79
except NeutronClientException as ex:
80
if ex.status_code != 404:
83
return scheduler.TaskRunner(self._confirm_delete)()
86
class IPsecSiteConnection(neutron.NeutronResource):
88
A resource for IPsec site connection in Neutron.
92
'actions': {'Type': 'String',
93
'AllowedValues': ['clear',
99
'interval': {'Type': 'Integer',
101
'timeout': {'Type': 'Integer',
105
properties_schema = {'name': {'Type': 'String'},
106
'description': {'Type': 'String'},
107
'peer_address': {'Type': 'String',
109
'peer_id': {'Type': 'String',
111
'peer_cidrs': {'Type': 'List',
113
'mtu': {'Type': 'Integer',
115
'dpd': {'Type': 'Map', 'Schema': dpd_schema},
116
'psk': {'Type': 'String',
118
'initiator': {'Type': 'String',
119
'AllowedValues': ['bi-directional',
121
'Default': 'bi-directional'},
122
'admin_state_up': {'Type': 'Boolean',
124
'ikepolicy_id': {'Type': 'String',
126
'ipsecpolicy_id': {'Type': 'String',
128
'vpnservice_id': {'Type': 'String',
131
attributes_schema = {
132
'admin_state_up': 'the administrative state of the ipsec site'
134
'auth_mode': 'authentication mode used by the ipsec site connection',
135
'description': 'description of the ipsec site connection',
136
'dpd': 'configuration of dead peer detection protocol',
137
'id': 'unique identifier for the ipsec site connection',
138
'ikepolicy_id': 'unique identifier for ike policy used to create the'
139
' ipsec site connection',
140
'initiator': 'initiator of the ipsec site connection',
141
'ipsecpolicy_id': 'unique identifier for ipsec policy used to create'
142
' the ipsec site connection',
143
'mtu': 'maximum transmission unit to address fragmentation',
144
'name': 'name for the ipsec site connection',
145
'peer_address': 'peer vpn gateway public address or FQDN',
146
'peer_cidrs': 'peer private cidrs',
147
'peer_id': 'peer identifier (name, string or FQDN)',
148
'psk': 'pre-shared-key used to create the ipsec site connection',
149
'route_mode': 'route mode used to create the ipsec site connection',
150
'status': 'the status of the ipsec site connection',
151
'tenant_id': 'tenant owning the ipsec site connection',
152
'vpnservice_id': 'unique identifier for vpn service used to create the'
153
' ipsec site connection'
156
update_allowed_keys = ('Properties',)
158
update_allowed_properties = ('name', 'description', 'admin_state_up',)
160
def _show_resource(self):
161
return self.neutron().show_ipsec_site_connection(self.resource_id)[
162
'ipsec_site_connection']
164
def handle_create(self):
165
props = self.prepare_properties(
167
self.physical_resource_name())
168
ipsec_site_connection = self.neutron().create_ipsec_site_connection(
169
{'ipsec_site_connection': props})['ipsec_site_connection']
170
self.resource_id_set(ipsec_site_connection['id'])
172
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
174
self.neutron().update_ipsec_site_connection(
175
self.resource_id, {'ipsec_site_connection': prop_diff})
177
def handle_delete(self):
178
client = self.neutron()
180
client.delete_ipsec_site_connection(self.resource_id)
181
except NeutronClientException as ex:
182
if ex.status_code != 404:
185
return scheduler.TaskRunner(self._confirm_delete)()
188
class IKEPolicy(neutron.NeutronResource):
190
A resource for IKE policy in Neutron.
194
'units': {'Type': 'String', 'AllowedValues': ['seconds', 'kilobytes'],
195
'Default': 'seconds'},
196
'value': {'Type': 'Integer', 'Default': 3600},
199
properties_schema = {'name': {'Type': 'String'},
200
'description': {'Type': 'String'},
201
'auth_algorithm': {'Type': 'String',
202
'AllowedValues': ['sha1'],
204
'encryption_algorithm': {'Type': 'String',
205
'AllowedValues': ['3des',
209
'Default': 'aes-128'},
210
'phase1_negotiation_mode': {'Type': 'String',
211
'AllowedValues': ['main'],
213
'lifetime': {'Type': 'Map',
214
'Schema': lifetime_schema},
215
'pfs': {'Type': 'String',
216
'AllowedValues': ['group2', 'group5',
218
'Default': 'group5'},
219
'ike_version': {'Type': 'String',
220
'AllowedValues': ['v1', 'v2'],
223
attributes_schema = {
224
'auth_algorithm': 'authentication hash algorithm used by the ike'
226
'description': 'description of the ike policy',
227
'encryption_algorithm': 'encryption algorithm used by the ike policy',
228
'id': 'unique identifier for the ike policy',
229
'ike_version': 'version of the ike policy',
230
'lifetime': 'configuration of safety assessment lifetime for the ike'
232
'name': 'name for the ike policy',
233
'pfs': 'perfect forward secrecy for the ike policy',
234
'phase1_negotiation_mode': 'negotiation mode for the ike policy',
235
'tenant_id': 'tenant owning the ike policy',
238
update_allowed_keys = ('Properties',)
240
update_allowed_properties = ('name', 'description',)
242
def _show_resource(self):
243
return self.neutron().show_ikepolicy(self.resource_id)['ikepolicy']
245
def handle_create(self):
246
props = self.prepare_properties(
248
self.physical_resource_name())
249
ikepolicy = self.neutron().create_ikepolicy({'ikepolicy': props})[
251
self.resource_id_set(ikepolicy['id'])
253
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
255
self.neutron().update_ikepolicy(self.resource_id,
256
{'ikepolicy': prop_diff})
258
def handle_delete(self):
259
client = self.neutron()
261
client.delete_ikepolicy(self.resource_id)
262
except NeutronClientException as ex:
263
if ex.status_code != 404:
266
return scheduler.TaskRunner(self._confirm_delete)()
269
class IPsecPolicy(neutron.NeutronResource):
271
A resource for IPsec policy in Neutron.
275
'units': {'Type': 'String', 'AllowedValues': ['seconds', 'kilobytes'],
276
'Default': 'seconds'},
277
'value': {'Type': 'Integer', 'Default': 3600},
280
properties_schema = {'name': {'Type': 'String'},
281
'description': {'Type': 'String'},
282
'transform_protocol': {'Type': 'String',
283
'AllowedValues': ['esp', 'ah',
286
'encapsulation_mode': {'Type': 'String',
287
'AllowedValues': ['tunnel',
289
'Default': 'tunnel'},
290
'auth_algorithm': {'Type': 'String',
291
'AllowedValues': ['sha1'],
293
'encryption_algorithm': {'Type': 'String',
294
'AllowedValues': ['3des',
298
'Default': 'aes-128'},
299
'lifetime': {'Type': 'Map',
300
'Schema': lifetime_schema},
301
'pfs': {'Type': 'String',
302
'AllowedValues': ['group2', 'group5',
304
'Default': 'group5'}}
306
attributes_schema = {
307
'auth_algorithm': 'authentication hash algorithm used by the ipsec'
309
'description': 'description of the ipsec policy',
310
'encapsulation_mode': 'encapsulation mode for the ipsec policy',
311
'encryption_algorithm': 'encryption algorithm for the ipsec policy',
312
'id': 'unique identifier for this ipsec policy',
313
'lifetime': 'configuration of safety assessment lifetime for the ipsec'
315
'name': 'name for the ipsec policy',
316
'pfs': 'perfect forward secrecy for the ipsec policy',
317
'tenant_id': 'tenant owning the ipsec policy',
318
'transform_protocol': 'transform protocol for the ipsec policy'
321
update_allowed_keys = ('Properties',)
323
update_allowed_properties = ('name', 'description',)
325
def _show_resource(self):
326
return self.neutron().show_ipsecpolicy(self.resource_id)['ipsecpolicy']
328
def handle_create(self):
329
props = self.prepare_properties(
331
self.physical_resource_name())
332
ipsecpolicy = self.neutron().create_ipsecpolicy(
333
{'ipsecpolicy': props})['ipsecpolicy']
334
self.resource_id_set(ipsecpolicy['id'])
336
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
338
self.neutron().update_ipsecpolicy(self.resource_id,
339
{'ipsecpolicy': prop_diff})
341
def handle_delete(self):
342
client = self.neutron()
344
client.delete_ipsecpolicy(self.resource_id)
345
except NeutronClientException as ex:
346
if ex.status_code != 404:
349
return scheduler.TaskRunner(self._confirm_delete)()
352
def resource_mapping():
353
if clients.neutronclient is None:
357
'OS::Neutron::VPNService': VPNService,
358
'OS::Neutron::IPsecSiteConnection': IPsecSiteConnection,
359
'OS::Neutron::IKEPolicy': IKEPolicy,
360
'OS::Neutron::IPsecPolicy': IPsecPolicy,