[vpn] update to show reservations, create wireguard config

This commit is contained in:
Nico Schottelius 2020-04-12 22:55:22 +02:00
parent 85b4d70592
commit ff133e81b7
7 changed files with 75 additions and 19 deletions

View file

@ -1,9 +0,0 @@
## Introduction
This document describes how to create a product and use it.
A product (like a VMSnapshotproduct) creates an order when ordered.
The "order" is used to combine products together.
Sub-products or related products link to the same order.
Each product has one (?) orderrecord

View file

@ -0,0 +1,34 @@
## Introduction
This document describes how to create, modify or
delete a product and use it.
A product (like a VMSnapshotproduct) creates an order when ordered.
The "order" is used to combine products together.
Sub-products or related products link to the same order.
Each product has one (?) orderrecord
## How to delete a product (logic 1)
If a user want so delete (=cancel) a product, the following steps
should be taken:
* the associated order is set to cancelled
* the product itself is deleted
[above steps to be reviewed]
## How to delete a product (rest api)
http -a nicoschottelius:$(pass
ungleich.ch/nico.schottelius@ungleich.ch)
http://localhost:8000/net/vpn/43c83088-f4d6-49b9-86c7-40251ac07ada/
-> does not delete the reservation.
### Deleting a VPN
When the product is deleted, the network must be marked as free.

View file

@ -14,3 +14,7 @@ django-extensions
# PDF creating # PDF creating
django-hardcopy django-hardcopy
# schema support
pyyaml
uritemplate

View file

@ -19,8 +19,8 @@ from django.urls import path, include
from django.conf import settings from django.conf import settings
from django.conf.urls.static import static from django.conf.urls.static import static
from rest_framework import routers from rest_framework import routers
from rest_framework.schemas import get_schema_view
from opennebula import views as oneviews from opennebula import views as oneviews
from uncloud_auth import views as authviews from uncloud_auth import views as authviews
@ -47,6 +47,7 @@ router.register(r'service/matrix', serviceviews.MatrixServiceProductViewSet, bas
# Net # Net
router.register(r'net/vpn', netviews.VPNNetworkViewSet, basename='vpnnet') router.register(r'net/vpn', netviews.VPNNetworkViewSet, basename='vpnnet')
router.register(r'net/vpnreservation', netviews.VPNNetworkReservationViewSet, basename='vpnnetreservation')
# Pay # Pay
@ -75,5 +76,10 @@ urlpatterns = [
# web/ = stuff to view in the browser # web/ = stuff to view in the browser
path('web/pdf/', payviews.MyPDFView.as_view(), name='pdf'), path('web/pdf/', payviews.MyPDFView.as_view(), name='pdf'),
path('api-auth/', include('rest_framework.urls', namespace='rest_framework')) # for login to REST API path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), # for login to REST API
path('openapi', get_schema_view(
title="uncloud",
description="uncloud API",
version="1.0.0"
), name='openapi-schema'),
] ]

View file

@ -114,15 +114,20 @@ PrivateKey = {privatekey}
peers = [] peers = []
for vpnnetwork in self.vpnnetworkreservation_set: for reservation in self.vpnnetworkreservation_set.filter(status='used'):
public_key = vpnnetwork.wireguard_public_key public_key = reservation.vpnnetwork_set.first().wireguard_public_key
peer_network = "{}/{}".format(vpnnetwork.address, self.subnetwork_size) peer_network = "{}/{}".format(reservation.address, self.subnetwork_size)
owner = reservation.vpnnetwork_set.first().owner
peers.append(""" peers.append("""
# Owner: {owner}
[Peer] [Peer]
PublicKey = {public_key} PublicKey = {public_key}
AllowedIPs = {peer_network} AllowedIPs = {peer_network}
""") """.format(
owner=owner,
public_key=public_key,
peer_network=peer_network))
wireguard_config.extend(peers) wireguard_config.extend(peers)
@ -140,9 +145,6 @@ AllowedIPs = {peer_network}
pass pass
class VPNNetworkReservation(UncloudModel): class VPNNetworkReservation(UncloudModel):
""" """
This class tracks the used VPN networks. It will be deleted, when the product is cancelled. This class tracks the used VPN networks. It will be deleted, when the product is cancelled.
@ -170,3 +172,12 @@ class VPNNetwork(Product):
editable=False) editable=False)
wireguard_public_key = models.CharField(max_length=48) wireguard_public_key = models.CharField(max_length=48)
def delete(self, *args, **kwargs):
self.network.status = 'free'
self.network.save()
super().save(*args, **kwargs)
print("deleted {}".format(self))
# managing deletion
# - record free network (?)

View file

@ -11,6 +11,12 @@ class VPNPoolSerializer(serializers.ModelSerializer):
model = VPNPool model = VPNPool
fields = '__all__' fields = '__all__'
class VPNNetworkReservationSerializer(serializers.ModelSerializer):
class Meta:
model = VPNNetworkReservation
fields = '__all__'
class VPNNetworkSerializer(serializers.ModelSerializer): class VPNNetworkSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = VPNNetwork model = VPNNetwork
@ -29,7 +35,6 @@ class VPNNetworkSerializer(serializers.ModelSerializer):
i.e. contains \n or similar! i.e. contains \n or similar!
We might even need to be more strict to not break wireguard... We might even need to be more strict to not break wireguard...
""" """
print(value)
try: try:
base64.standard_b64decode(value) base64.standard_b64decode(value)

View file

@ -13,6 +13,11 @@ class VPNPoolViewSet(viewsets.ModelViewSet):
permission_classes = [permissions.IsAdminUser] permission_classes = [permissions.IsAdminUser]
queryset = VPNPool.objects.all() queryset = VPNPool.objects.all()
class VPNNetworkReservationViewSet(viewsets.ModelViewSet):
serializer_class = VPNNetworkReservationSerializer
permission_classes = [permissions.IsAdminUser]
queryset = VPNNetworkReservation.objects.all()
class VPNNetworkViewSet(viewsets.ModelViewSet): class VPNNetworkViewSet(viewsets.ModelViewSet):
serializer_class = VPNNetworkSerializer serializer_class = VPNNetworkSerializer