From ff133e81b7af245cb3b935832a807486143e626b Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Sun, 12 Apr 2020 22:55:22 +0200
Subject: [PATCH] [vpn] update to show reservations, create wireguard config

---
 .../doc/README-how-to-create-a-product.md     |  9 -----
 .../uncloud/doc/README-products.md            | 34 +++++++++++++++++++
 uncloud_django_based/uncloud/requirements.txt |  4 +++
 uncloud_django_based/uncloud/uncloud/urls.py  | 10 ++++--
 .../uncloud/uncloud_net/models.py             | 25 ++++++++++----
 .../uncloud/uncloud_net/serializers.py        |  7 +++-
 .../uncloud/uncloud_net/views.py              |  5 +++
 7 files changed, 75 insertions(+), 19 deletions(-)
 delete mode 100644 uncloud_django_based/uncloud/doc/README-how-to-create-a-product.md
 create mode 100644 uncloud_django_based/uncloud/doc/README-products.md

diff --git a/uncloud_django_based/uncloud/doc/README-how-to-create-a-product.md b/uncloud_django_based/uncloud/doc/README-how-to-create-a-product.md
deleted file mode 100644
index 6ddd1fa..0000000
--- a/uncloud_django_based/uncloud/doc/README-how-to-create-a-product.md
+++ /dev/null
@@ -1,9 +0,0 @@
-## Introduction
-
-This document describes how to create a product and use it.
-
-A product (like a VMSnapshotproduct) creates an order when ordered.
-The "order" is used to combine products together.
-
-Sub-products or related products link to the same order.
-Each product has one (?) orderrecord
diff --git a/uncloud_django_based/uncloud/doc/README-products.md b/uncloud_django_based/uncloud/doc/README-products.md
new file mode 100644
index 0000000..1b1190d
--- /dev/null
+++ b/uncloud_django_based/uncloud/doc/README-products.md
@@ -0,0 +1,34 @@
+## Introduction
+
+This document describes how to create, modify or
+delete a product and use it.
+
+A product (like a VMSnapshotproduct) creates an order when ordered.
+The "order" is used to combine products together.
+
+Sub-products or related products link to the same order.
+Each product has one (?) orderrecord
+
+
+## How to delete a product (logic 1)
+
+If a user want so delete (=cancel) a product, the following steps
+should be taken:
+
+* the associated order is set to cancelled
+* the product itself is deleted
+
+[above steps to be reviewed]
+
+## How to delete a product (rest api)
+
+http -a nicoschottelius:$(pass
+ungleich.ch/nico.schottelius@ungleich.ch)
+http://localhost:8000/net/vpn/43c83088-f4d6-49b9-86c7-40251ac07ada/
+
+-> does not delete the reservation.
+
+
+### Deleting a VPN
+
+When the product is deleted, the network must be marked as free.
diff --git a/uncloud_django_based/uncloud/requirements.txt b/uncloud_django_based/uncloud/requirements.txt
index c77db20..90c9882 100644
--- a/uncloud_django_based/uncloud/requirements.txt
+++ b/uncloud_django_based/uncloud/requirements.txt
@@ -14,3 +14,7 @@ django-extensions
 
 # PDF creating
 django-hardcopy
+
+# schema support
+pyyaml
+uritemplate
diff --git a/uncloud_django_based/uncloud/uncloud/urls.py b/uncloud_django_based/uncloud/uncloud/urls.py
index 07c538d..e65bb4e 100644
--- a/uncloud_django_based/uncloud/uncloud/urls.py
+++ b/uncloud_django_based/uncloud/uncloud/urls.py
@@ -19,8 +19,8 @@ from django.urls import path, include
 from django.conf import settings
 from django.conf.urls.static import static
 
-
 from rest_framework import routers
+from rest_framework.schemas import get_schema_view
 
 from opennebula   import views as oneviews
 from uncloud_auth import views as authviews
@@ -47,6 +47,7 @@ router.register(r'service/matrix', serviceviews.MatrixServiceProductViewSet, bas
 
 # Net
 router.register(r'net/vpn', netviews.VPNNetworkViewSet, basename='vpnnet')
+router.register(r'net/vpnreservation', netviews.VPNNetworkReservationViewSet, basename='vpnnetreservation')
 
 
 # Pay
@@ -75,5 +76,10 @@ urlpatterns = [
     # web/ = stuff to view in the browser
 
     path('web/pdf/', payviews.MyPDFView.as_view(), name='pdf'),
-    path('api-auth/', include('rest_framework.urls', namespace='rest_framework')) # for login to REST API
+    path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), # for login to REST API
+    path('openapi', get_schema_view(
+        title="uncloud",
+        description="uncloud API",
+        version="1.0.0"
+    ), name='openapi-schema'),
 ]
diff --git a/uncloud_django_based/uncloud/uncloud_net/models.py b/uncloud_django_based/uncloud/uncloud_net/models.py
index 940606b..26a6eb8 100644
--- a/uncloud_django_based/uncloud/uncloud_net/models.py
+++ b/uncloud_django_based/uncloud/uncloud_net/models.py
@@ -114,15 +114,20 @@ PrivateKey = {privatekey}
 
         peers = []
 
-        for vpnnetwork in self.vpnnetworkreservation_set:
-            public_key = vpnnetwork.wireguard_public_key
-            peer_network = "{}/{}".format(vpnnetwork.address, self.subnetwork_size)
+        for reservation in self.vpnnetworkreservation_set.filter(status='used'):
+            public_key = reservation.vpnnetwork_set.first().wireguard_public_key
+            peer_network = "{}/{}".format(reservation.address, self.subnetwork_size)
+            owner = reservation.vpnnetwork_set.first().owner
 
             peers.append("""
+# Owner: {owner}
 [Peer]
 PublicKey = {public_key}
 AllowedIPs = {peer_network}
-""")
+""".format(
+    owner=owner,
+    public_key=public_key,
+    peer_network=peer_network))
 
         wireguard_config.extend(peers)
 
@@ -140,9 +145,6 @@ AllowedIPs = {peer_network}
         pass
 
 
-
-
-
 class VPNNetworkReservation(UncloudModel):
     """
      This class tracks the used VPN networks. It will be deleted, when the product is cancelled.
@@ -170,3 +172,12 @@ class VPNNetwork(Product):
                                editable=False)
 
     wireguard_public_key = models.CharField(max_length=48)
+
+    def delete(self, *args, **kwargs):
+        self.network.status = 'free'
+        self.network.save()
+        super().save(*args, **kwargs)
+        print("deleted {}".format(self))
+
+# managing deletion
+# - record free network (?)
diff --git a/uncloud_django_based/uncloud/uncloud_net/serializers.py b/uncloud_django_based/uncloud/uncloud_net/serializers.py
index e1c4d79..dc4866e 100644
--- a/uncloud_django_based/uncloud/uncloud_net/serializers.py
+++ b/uncloud_django_based/uncloud/uncloud_net/serializers.py
@@ -11,6 +11,12 @@ class VPNPoolSerializer(serializers.ModelSerializer):
         model = VPNPool
         fields = '__all__'
 
+class VPNNetworkReservationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = VPNNetworkReservation
+        fields = '__all__'
+
+
 class VPNNetworkSerializer(serializers.ModelSerializer):
     class Meta:
         model = VPNNetwork
@@ -29,7 +35,6 @@ class VPNNetworkSerializer(serializers.ModelSerializer):
         i.e. contains \n or similar!
         We might even need to be more strict to not break wireguard...
         """
-        print(value)
 
         try:
             base64.standard_b64decode(value)
diff --git a/uncloud_django_based/uncloud/uncloud_net/views.py b/uncloud_django_based/uncloud/uncloud_net/views.py
index a3f5284..1f7cf4a 100644
--- a/uncloud_django_based/uncloud/uncloud_net/views.py
+++ b/uncloud_django_based/uncloud/uncloud_net/views.py
@@ -13,6 +13,11 @@ class VPNPoolViewSet(viewsets.ModelViewSet):
     permission_classes = [permissions.IsAdminUser]
     queryset = VPNPool.objects.all()
 
+class VPNNetworkReservationViewSet(viewsets.ModelViewSet):
+    serializer_class = VPNNetworkReservationSerializer
+    permission_classes = [permissions.IsAdminUser]
+    queryset = VPNNetworkReservation.objects.all()
+
 
 class VPNNetworkViewSet(viewsets.ModelViewSet):
     serializer_class = VPNNetworkSerializer