2
# Licensed under the Apache License, Version 2.0 (the "License"); you may
3
# not use this file except in compliance with the License. You may obtain
4
# a copy of the License at
6
# http://www.apache.org/licenses/LICENSE-2.0
8
# Unless required by applicable law or agreed to in writing, software
9
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
10
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
11
# License for the specific language governing permissions and limitations
14
from heat.common.i18n import _
15
from heat.engine import attributes
16
from heat.engine import constraints
17
from heat.engine import properties
18
from heat.engine.resources.neutron import neutron
19
from heat.engine import support
22
class VPNService(neutron.NeutronResource):
24
A resource for VPN service in Neutron.
28
NAME, DESCRIPTION, ADMIN_STATE_UP,
29
SUBNET_ID, SUBNET, ROUTER_ID, ROUTER
31
'name', 'description', 'admin_state_up',
32
'subnet_id', 'subnet', 'router_id', 'router'
36
ADMIN_STATE_UP_ATTR, DESCRIPTION_ATTR, NAME_ATTR, ROUTER_ID_ATTR,
37
STATUS, SUBNET_ID_ATTR, TENANT_ID, SHOW,
39
'admin_state_up', 'description', 'name', 'router_id',
40
'status', 'subnet_id', 'tenant_id', 'show',
44
NAME: properties.Schema(
45
properties.Schema.STRING,
46
_('Name for the vpn service.'),
49
DESCRIPTION: properties.Schema(
50
properties.Schema.STRING,
51
_('Description for the vpn service.'),
54
ADMIN_STATE_UP: properties.Schema(
55
properties.Schema.BOOLEAN,
56
_('Administrative state for the vpn service.'),
60
SUBNET_ID: properties.Schema(
61
properties.Schema.STRING,
62
support_status=support.SupportStatus(
64
_('Use property %s.') % SUBNET),
67
SUBNET: properties.Schema(
68
properties.Schema.STRING,
69
_('Subnet in which the vpn service will be created.'),
71
support_status=support.SupportStatus(version='2014.2')
73
ROUTER_ID: properties.Schema(
74
properties.Schema.STRING,
75
_('Unique identifier for the router to which the vpn service '
77
support_status=support.SupportStatus(
79
_('Use property %s') % ROUTER),
81
ROUTER: properties.Schema(
82
properties.Schema.STRING,
83
_('The router to which the vpn service will be inserted.'),
88
ADMIN_STATE_UP_ATTR: attributes.Schema(
89
_('The administrative state of the vpn service.')
91
DESCRIPTION_ATTR: attributes.Schema(
92
_('The description of the vpn service.')
94
NAME_ATTR: attributes.Schema(
95
_('The name of the vpn service.')
97
ROUTER_ID_ATTR: attributes.Schema(
98
_('The unique identifier of the router to which the vpn service '
101
STATUS: attributes.Schema(
102
_('The status of the vpn service.')
104
SUBNET_ID_ATTR: attributes.Schema(
105
_('The unique identifier of the subnet in which the vpn service '
108
TENANT_ID: attributes.Schema(
109
_('The unique identifier of the tenant owning the vpn service.')
111
SHOW: attributes.Schema(
116
def _show_resource(self):
117
return self.neutron().show_vpnservice(self.resource_id)['vpnservice']
120
super(VPNService, self).validate()
121
self._validate_depr_property_required(
122
self.properties, self.SUBNET, self.SUBNET_ID)
123
self._validate_depr_property_required(
124
self.properties, self.ROUTER, self.ROUTER_ID)
126
def handle_create(self):
127
props = self.prepare_properties(
129
self.physical_resource_name())
130
self.client_plugin().resolve_subnet(props, self.SUBNET, 'subnet_id')
131
self.client_plugin().resolve_router(props, self.ROUTER, 'router_id')
132
vpnservice = self.neutron().create_vpnservice({'vpnservice': props})[
134
self.resource_id_set(vpnservice['id'])
136
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
138
self.neutron().update_vpnservice(self.resource_id,
139
{'vpnservice': prop_diff})
141
def handle_delete(self):
142
client = self.neutron()
144
client.delete_vpnservice(self.resource_id)
145
except Exception as ex:
146
self.client_plugin().ignore_not_found(ex)
151
class IPsecSiteConnection(neutron.NeutronResource):
153
A resource for IPsec site connection in Neutron.
157
NAME, DESCRIPTION, PEER_ADDRESS, PEER_ID, PEER_CIDRS, MTU,
158
DPD, PSK, INITIATOR, ADMIN_STATE_UP, IKEPOLICY_ID,
159
IPSECPOLICY_ID, VPNSERVICE_ID,
161
'name', 'description', 'peer_address', 'peer_id', 'peer_cidrs', 'mtu',
162
'dpd', 'psk', 'initiator', 'admin_state_up', 'ikepolicy_id',
163
'ipsecpolicy_id', 'vpnservice_id',
167
DPD_ACTIONS, DPD_INTERVAL, DPD_TIMEOUT,
169
'actions', 'interval', 'timeout',
173
ADMIN_STATE_UP_ATTR, AUTH_MODE, DESCRIPTION_ATTR, DPD_ATTR,
174
IKEPOLICY_ID_ATTR, INITIATOR_ATTR, IPSECPOLICY_ID_ATTR, MTU_ATTR,
175
NAME_ATTR, PEER_ADDRESS_ATTR, PEER_CIDRS_ATTR, PEER_ID_ATTR, PSK_ATTR,
176
ROUTE_MODE, STATUS, TENANT_ID, VPNSERVICE_ID_ATTR,
178
'admin_state_up', 'auth_mode', 'description', 'dpd',
179
'ikepolicy_id', 'initiator', 'ipsecpolicy_id', 'mtu',
180
'name', 'peer_address', 'peer_cidrs', 'peer_id', 'psk',
181
'route_mode', 'status', 'tenant_id', 'vpnservice_id',
184
properties_schema = {
185
NAME: properties.Schema(
186
properties.Schema.STRING,
187
_('Name for the ipsec site connection.'),
190
DESCRIPTION: properties.Schema(
191
properties.Schema.STRING,
192
_('Description for the ipsec site connection.'),
195
PEER_ADDRESS: properties.Schema(
196
properties.Schema.STRING,
197
_('Remote branch router public IPv4 address or IPv6 address or '
201
PEER_ID: properties.Schema(
202
properties.Schema.STRING,
203
_('Remote branch router identity.'),
206
PEER_CIDRS: properties.Schema(
207
properties.Schema.LIST,
208
_('Remote subnet(s) in CIDR format.'),
211
MTU: properties.Schema(
212
properties.Schema.INTEGER,
213
_('Maximum transmission unit size (in bytes) for the ipsec site '
217
DPD: properties.Schema(
218
properties.Schema.MAP,
219
_('Dead Peer Detection protocol configuration for the ipsec site '
222
DPD_ACTIONS: properties.Schema(
223
properties.Schema.STRING,
224
_('Controls DPD protocol mode.'),
227
constraints.AllowedValues(['clear', 'disabled',
232
DPD_INTERVAL: properties.Schema(
233
properties.Schema.INTEGER,
234
_('Number of seconds for the DPD delay.'),
237
DPD_TIMEOUT: properties.Schema(
238
properties.Schema.INTEGER,
239
_('Number of seconds for the DPD timeout.'),
244
PSK: properties.Schema(
245
properties.Schema.STRING,
246
_('Pre-shared key string for the ipsec site connection.'),
249
INITIATOR: properties.Schema(
250
properties.Schema.STRING,
251
_('Initiator state in lowercase for the ipsec site connection.'),
252
default='bi-directional',
254
constraints.AllowedValues(['bi-directional', 'response-only']),
257
ADMIN_STATE_UP: properties.Schema(
258
properties.Schema.BOOLEAN,
259
_('Administrative state for the ipsec site connection.'),
263
IKEPOLICY_ID: properties.Schema(
264
properties.Schema.STRING,
265
_('Unique identifier for the ike policy associated with the '
266
'ipsec site connection.'),
269
IPSECPOLICY_ID: properties.Schema(
270
properties.Schema.STRING,
271
_('Unique identifier for the ipsec policy associated with the '
272
'ipsec site connection.'),
275
VPNSERVICE_ID: properties.Schema(
276
properties.Schema.STRING,
277
_('Unique identifier for the vpn service associated with the '
278
'ipsec site connection.'),
283
attributes_schema = {
284
ADMIN_STATE_UP_ATTR: attributes.Schema(
285
_('The administrative state of the ipsec site connection.')
287
AUTH_MODE: attributes.Schema(
288
_('The authentication mode of the ipsec site connection.')
290
DESCRIPTION_ATTR: attributes.Schema(
291
_('The description of the ipsec site connection.')
293
DPD_ATTR: attributes.Schema(
294
_('The dead peer detection protocol configuration of the ipsec '
297
IKEPOLICY_ID_ATTR: attributes.Schema(
298
_('The unique identifier of ike policy associated with the ipsec '
301
INITIATOR_ATTR: attributes.Schema(
302
_('The initiator of the ipsec site connection.')
304
IPSECPOLICY_ID_ATTR: attributes.Schema(
305
_('The unique identifier of ipsec policy associated with the '
306
'ipsec site connection.')
308
MTU_ATTR: attributes.Schema(
309
_('The maximum transmission unit size (in bytes) of the ipsec '
312
NAME_ATTR: attributes.Schema(
313
_('The name of the ipsec site connection.')
315
PEER_ADDRESS_ATTR: attributes.Schema(
316
_('The remote branch router public IPv4 address or IPv6 address '
319
PEER_CIDRS_ATTR: attributes.Schema(
320
_('The remote subnet(s) in CIDR format of the ipsec site '
323
PEER_ID_ATTR: attributes.Schema(
324
_('The remote branch router identity of the ipsec site '
327
PSK_ATTR: attributes.Schema(
328
_('The pre-shared key string of the ipsec site connection.')
330
ROUTE_MODE: attributes.Schema(
331
_('The route mode of the ipsec site connection.')
333
STATUS: attributes.Schema(
334
_('The status of the ipsec site connection.')
336
TENANT_ID: attributes.Schema(
337
_('The unique identifier of the tenant owning the ipsec site '
340
VPNSERVICE_ID_ATTR: attributes.Schema(
341
_('The unique identifier of vpn service associated with the ipsec '
346
def _show_resource(self):
347
return self.neutron().show_ipsec_site_connection(self.resource_id)[
348
'ipsec_site_connection']
350
def handle_create(self):
351
props = self.prepare_properties(
353
self.physical_resource_name())
354
ipsec_site_connection = self.neutron().create_ipsec_site_connection(
355
{'ipsec_site_connection': props})['ipsec_site_connection']
356
self.resource_id_set(ipsec_site_connection['id'])
358
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
360
self.neutron().update_ipsec_site_connection(
361
self.resource_id, {'ipsec_site_connection': prop_diff})
363
def handle_delete(self):
364
client = self.neutron()
366
client.delete_ipsec_site_connection(self.resource_id)
367
except Exception as ex:
368
self.client_plugin().ignore_not_found(ex)
373
class IKEPolicy(neutron.NeutronResource):
375
A resource for IKE policy in Neutron.
379
NAME, DESCRIPTION, AUTH_ALGORITHM, ENCRYPTION_ALGORITHM,
380
PHASE1_NEGOTIATION_MODE, LIFETIME, PFS, IKE_VERSION,
382
'name', 'description', 'auth_algorithm', 'encryption_algorithm',
383
'phase1_negotiation_mode', 'lifetime', 'pfs', 'ike_version',
387
LIFETIME_UNITS, LIFETIME_VALUE,
393
AUTH_ALGORITHM_ATTR, DESCRIPTION_ATTR, ENCRYPTION_ALGORITHM_ATTR,
394
IKE_VERSION_ATTR, LIFETIME_ATTR, NAME_ATTR, PFS_ATTR,
395
PHASE1_NEGOTIATION_MODE_ATTR, TENANT_ID,
397
'auth_algorithm', 'description', 'encryption_algorithm',
398
'ike_version', 'lifetime', 'name', 'pfs',
399
'phase1_negotiation_mode', 'tenant_id',
402
properties_schema = {
403
NAME: properties.Schema(
404
properties.Schema.STRING,
405
_('Name for the ike policy.'),
408
DESCRIPTION: properties.Schema(
409
properties.Schema.STRING,
410
_('Description for the ike policy.'),
413
AUTH_ALGORITHM: properties.Schema(
414
properties.Schema.STRING,
415
_('Authentication hash algorithm for the ike policy.'),
418
constraints.AllowedValues(['sha1']),
421
ENCRYPTION_ALGORITHM: properties.Schema(
422
properties.Schema.STRING,
423
_('Encryption algorithm for the ike policy.'),
426
constraints.AllowedValues(['3des', 'aes-128', 'aes-192',
430
PHASE1_NEGOTIATION_MODE: properties.Schema(
431
properties.Schema.STRING,
432
_('Negotiation mode for the ike policy.'),
435
constraints.AllowedValues(['main']),
438
LIFETIME: properties.Schema(
439
properties.Schema.MAP,
440
_('Safety assessment lifetime configuration for the ike policy.'),
442
LIFETIME_UNITS: properties.Schema(
443
properties.Schema.STRING,
444
_('Safety assessment lifetime units.'),
447
constraints.AllowedValues(['seconds', 'kilobytes']),
450
LIFETIME_VALUE: properties.Schema(
451
properties.Schema.INTEGER,
452
_('Safety assessment lifetime value in specified '
458
PFS: properties.Schema(
459
properties.Schema.STRING,
460
_('Perfect forward secrecy in lowercase for the ike policy.'),
463
constraints.AllowedValues(['group2', 'group5', 'group14']),
466
IKE_VERSION: properties.Schema(
467
properties.Schema.STRING,
468
_('Version for the ike policy.'),
471
constraints.AllowedValues(['v1', 'v2']),
476
attributes_schema = {
477
AUTH_ALGORITHM_ATTR: attributes.Schema(
478
_('The authentication hash algorithm used by the ike policy.')
480
DESCRIPTION_ATTR: attributes.Schema(
481
_('The description of the ike policy.')
483
ENCRYPTION_ALGORITHM_ATTR: attributes.Schema(
484
_('The encryption algorithm used by the ike policy.')
486
IKE_VERSION_ATTR: attributes.Schema(
487
_('The version of the ike policy.')
489
LIFETIME_ATTR: attributes.Schema(
490
_('The safety assessment lifetime configuration for the ike '
493
NAME_ATTR: attributes.Schema(
494
_('The name of the ike policy.')
496
PFS_ATTR: attributes.Schema(
497
_('The perfect forward secrecy of the ike policy.')
499
PHASE1_NEGOTIATION_MODE_ATTR: attributes.Schema(
500
_('The negotiation mode of the ike policy.')
502
TENANT_ID: attributes.Schema(
503
_('The unique identifier of the tenant owning the ike policy.')
507
def _show_resource(self):
508
return self.neutron().show_ikepolicy(self.resource_id)['ikepolicy']
510
def handle_create(self):
511
props = self.prepare_properties(
513
self.physical_resource_name())
514
ikepolicy = self.neutron().create_ikepolicy({'ikepolicy': props})[
516
self.resource_id_set(ikepolicy['id'])
518
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
520
self.neutron().update_ikepolicy(self.resource_id,
521
{'ikepolicy': prop_diff})
523
def handle_delete(self):
524
client = self.neutron()
526
client.delete_ikepolicy(self.resource_id)
527
except Exception as ex:
528
self.client_plugin().ignore_not_found(ex)
533
class IPsecPolicy(neutron.NeutronResource):
535
A resource for IPsec policy in Neutron.
539
NAME, DESCRIPTION, TRANSFORM_PROTOCOL, ENCAPSULATION_MODE,
540
AUTH_ALGORITHM, ENCRYPTION_ALGORITHM, LIFETIME, PFS,
542
'name', 'description', 'transform_protocol', 'encapsulation_mode',
543
'auth_algorithm', 'encryption_algorithm', 'lifetime', 'pfs',
547
LIFETIME_UNITS, LIFETIME_VALUE,
553
AUTH_ALGORITHM_ATTR, DESCRIPTION_ATTR, ENCAPSULATION_MODE_ATTR,
554
ENCRYPTION_ALGORITHM_ATTR, LIFETIME_ATTR, NAME_ATTR, PFS_ATTR,
555
TENANT_ID, TRANSFORM_PROTOCOL_ATTR,
557
'auth_algorithm', 'description', 'encapsulation_mode',
558
'encryption_algorithm', 'lifetime', 'name', 'pfs',
559
'tenant_id', 'transform_protocol',
562
properties_schema = {
563
NAME: properties.Schema(
564
properties.Schema.STRING,
565
_('Name for the ipsec policy.'),
568
DESCRIPTION: properties.Schema(
569
properties.Schema.STRING,
570
_('Description for the ipsec policy.'),
573
TRANSFORM_PROTOCOL: properties.Schema(
574
properties.Schema.STRING,
575
_('Transform protocol for the ipsec policy.'),
578
constraints.AllowedValues(['esp', 'ah', 'ah-esp']),
581
ENCAPSULATION_MODE: properties.Schema(
582
properties.Schema.STRING,
583
_('Encapsulation mode for the ipsec policy.'),
586
constraints.AllowedValues(['tunnel', 'transport']),
589
AUTH_ALGORITHM: properties.Schema(
590
properties.Schema.STRING,
591
_('Authentication hash algorithm for the ipsec policy.'),
594
constraints.AllowedValues(['sha1']),
597
ENCRYPTION_ALGORITHM: properties.Schema(
598
properties.Schema.STRING,
599
_('Encryption algorithm for the ipsec policy.'),
602
constraints.AllowedValues(['3des', 'aes-128', 'aes-192',
606
LIFETIME: properties.Schema(
607
properties.Schema.MAP,
608
_('Safety assessment lifetime configuration for the ipsec '
611
LIFETIME_UNITS: properties.Schema(
612
properties.Schema.STRING,
613
_('Safety assessment lifetime units.'),
616
constraints.AllowedValues(['seconds',
620
LIFETIME_VALUE: properties.Schema(
621
properties.Schema.INTEGER,
622
_('Safety assessment lifetime value in specified '
628
PFS: properties.Schema(
629
properties.Schema.STRING,
630
_('Perfect forward secrecy for the ipsec policy.'),
633
constraints.AllowedValues(['group2', 'group5', 'group14']),
638
attributes_schema = {
639
AUTH_ALGORITHM_ATTR: attributes.Schema(
640
_('The authentication hash algorithm of the ipsec policy.')
642
DESCRIPTION_ATTR: attributes.Schema(
643
_('The description of the ipsec policy.')
645
ENCAPSULATION_MODE_ATTR: attributes.Schema(
646
_('The encapsulation mode of the ipsec policy.')
648
ENCRYPTION_ALGORITHM_ATTR: attributes.Schema(
649
_('The encryption algorithm of the ipsec policy.')
651
LIFETIME_ATTR: attributes.Schema(
652
_('The safety assessment lifetime configuration of the ipsec '
655
NAME_ATTR: attributes.Schema(
656
_('The name of the ipsec policy.')
658
PFS_ATTR: attributes.Schema(
659
_('The perfect forward secrecy of the ipsec policy.')
661
TENANT_ID: attributes.Schema(
662
_('The unique identifier of the tenant owning the ipsec policy.')
664
TRANSFORM_PROTOCOL_ATTR: attributes.Schema(
665
_('The transform protocol of the ipsec policy.')
669
def _show_resource(self):
670
return self.neutron().show_ipsecpolicy(self.resource_id)['ipsecpolicy']
672
def handle_create(self):
673
props = self.prepare_properties(
675
self.physical_resource_name())
676
ipsecpolicy = self.neutron().create_ipsecpolicy(
677
{'ipsecpolicy': props})['ipsecpolicy']
678
self.resource_id_set(ipsecpolicy['id'])
680
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
682
self.neutron().update_ipsecpolicy(self.resource_id,
683
{'ipsecpolicy': prop_diff})
685
def handle_delete(self):
686
client = self.neutron()
688
client.delete_ipsecpolicy(self.resource_id)
689
except Exception as ex:
690
self.client_plugin().ignore_not_found(ex)
695
def resource_mapping():
697
'OS::Neutron::VPNService': VPNService,
698
'OS::Neutron::IPsecSiteConnection': IPsecSiteConnection,
699
'OS::Neutron::IKEPolicy': IKEPolicy,
700
'OS::Neutron::IPsecPolicy': IPsecPolicy,