summaryrefslogtreecommitdiff
path: root/neutronclient/osc
diff options
context:
space:
mode:
authorCao Xuan Hoang <hoangcx@vn.fujitsu.com>2017-03-02 10:46:29 +0700
committerCao Xuan Hoang <hoangcx@vn.fujitsu.com>2018-01-15 09:44:03 +0700
commitdd044bd92e8b7ab41aba47488d437e771a2e1339 (patch)
tree617ced4a6e0e47dbc6a446d5e4425ff99af0b384 /neutronclient/osc
parent0ce9051b3853acf881e0bd4e63aa8a1b2f46688c (diff)
downloadpython-neutronclient-dd044bd92e8b7ab41aba47488d437e771a2e1339.tar.gz
Add VPNaaS commands for OSC plugin
Closes-Bug: 1669252 Change-Id: I447f5c50725fc0d9d8a1574ad5e28772f472fba9
Diffstat (limited to 'neutronclient/osc')
-rw-r--r--neutronclient/osc/v2/vpnaas/endpoint_group.py216
-rw-r--r--neutronclient/osc/v2/vpnaas/ikepolicy.py243
-rw-r--r--neutronclient/osc/v2/vpnaas/ipsec_site_connection.py372
-rw-r--r--neutronclient/osc/v2/vpnaas/ipsecpolicy.py242
-rw-r--r--neutronclient/osc/v2/vpnaas/utils.py112
-rw-r--r--neutronclient/osc/v2/vpnaas/vpnservice.py235
6 files changed, 1420 insertions, 0 deletions
diff --git a/neutronclient/osc/v2/vpnaas/endpoint_group.py b/neutronclient/osc/v2/vpnaas/endpoint_group.py
new file mode 100644
index 0000000..269da97
--- /dev/null
+++ b/neutronclient/osc/v2/vpnaas/endpoint_group.py
@@ -0,0 +1,216 @@
+# Copyright 2017 FUJITSU LIMITED
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+from osc_lib.command import command
+from osc_lib import exceptions
+from osc_lib import utils
+from oslo_log import log as logging
+
+from neutronclient._i18n import _
+from neutronclient.osc import utils as osc_utils
+
+
+LOG = logging.getLogger(__name__)
+
+_attr_map = (
+ ('id', 'ID', osc_utils.LIST_BOTH),
+ ('name', 'Name', osc_utils.LIST_BOTH),
+ ('type', 'Type', osc_utils.LIST_BOTH),
+ ('endpoints', 'Endpoints', osc_utils.LIST_BOTH),
+ ('description', 'Description', osc_utils.LIST_LONG_ONLY),
+ ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY),
+)
+
+
+def _get_common_parser(parser):
+ parser.add_argument(
+ '--description',
+ metavar='<description>',
+ help=_('Description for the endpoint group'))
+ return parser
+
+
+def _get_common_attrs(client_manager, parsed_args, is_create=True):
+ attrs = {}
+ if is_create:
+ if parsed_args.project is not None:
+ attrs['tenant_id'] = osc_utils.find_project(
+ client_manager.identity,
+ parsed_args.project,
+ parsed_args.project_domain,
+ ).id
+ if parsed_args.description:
+ attrs['description'] = parsed_args.description
+ return attrs
+
+
+class CreateEndpointGroup(command.ShowOne):
+ _description = _("Create an endpoint group")
+
+ def get_parser(self, prog_name):
+ parser = super(CreateEndpointGroup, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ 'name',
+ metavar='<name>',
+ help=_('Name for the endpoint group'))
+ parser.add_argument(
+ '--type',
+ required=True,
+ help=_('Type of endpoints in group (e.g. subnet, cidr)'))
+ parser.add_argument(
+ '--value',
+ action='append',
+ dest='endpoints',
+ required=True,
+ help=_('Endpoint(s) for the group. Must all be of the same type. '
+ '(--value) option can be repeated'))
+ osc_utils.add_project_owner_option_to_parser(parser)
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager, parsed_args)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ attrs['type'] = parsed_args.type
+ if parsed_args.type == 'subnet':
+ _subnet_ids = [client.find_resource(
+ 'subnet',
+ endpoint,
+ cmd_resource='subnet')['id']
+ for endpoint in parsed_args.endpoints]
+ attrs['endpoints'] = _subnet_ids
+ else:
+ attrs['endpoints'] = parsed_args.endpoints
+ obj = client.create_endpoint_group(
+ {'endpoint_group': attrs})['endpoint_group']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return display_columns, data
+
+
+class DeleteEndpointGroup(command.Command):
+ _description = _("Delete endpoint group(s)")
+
+ def get_parser(self, prog_name):
+ parser = super(DeleteEndpointGroup, self).get_parser(prog_name)
+ parser.add_argument(
+ 'endpoint_group',
+ metavar='<endpoint-group>',
+ nargs='+',
+ help=_('Endpoint group(s) to delete (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ result = 0
+ for endpoint in parsed_args.endpoint_group:
+ try:
+ endpoint_id = client.find_resource(
+ 'endpoint_group',
+ endpoint,
+ cmd_resource='endpoint_group')['id']
+ client.delete_endpoint_group(endpoint_id)
+ except Exception as e:
+ result += 1
+ LOG.error(_("Failed to delete endpoint group with "
+ "name or ID '%(endpoint_group)s': %(e)s"),
+ {'endpoint_group': endpoint, 'e': e})
+
+ if result > 0:
+ total = len(parsed_args.endpoint_group)
+ msg = (_("%(result)s of %(total)s endpoint group failed "
+ "to delete.") % {'result': result, 'total': total})
+ raise exceptions.CommandError(msg)
+
+
+class ListEndpointGroup(command.Lister):
+ _description = _("List endpoint groups that belong to a given project")
+
+ def get_parser(self, prog_name):
+ parser = super(ListEndpointGroup, self).get_parser(prog_name)
+ parser.add_argument(
+ '--long',
+ action='store_true',
+ default=False,
+ help=_("List additional fields in output")
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ obj = client.list_endpoint_groups()['endpoint_groups']
+ headers, columns = osc_utils.get_column_definitions(
+ _attr_map, long_listing=parsed_args.long)
+ return (headers, (utils.get_dict_properties(s, columns) for s in obj))
+
+
+class SetEndpointGroup(command.Command):
+ _description = _("Set endpoint group properties")
+
+ def get_parser(self, prog_name):
+ parser = super(SetEndpointGroup, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ '--name',
+ metavar='<name>',
+ help=_('Set a name for the endpoint group'))
+ parser.add_argument(
+ 'endpoint_group',
+ metavar='<endpoint-group>',
+ help=_('Endpoint group to set (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager,
+ parsed_args, is_create=False)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ endpoint_id = client.find_resource(
+ 'endpoint_group', parsed_args.endpoint_group,
+ cmd_resource='endpoint_group')['id']
+ try:
+ client.update_endpoint_group(endpoint_id,
+ {'endpoint_group': attrs})
+ except Exception as e:
+ msg = (_("Failed to set endpoint group "
+ "%(endpoint_group)s: %(e)s")
+ % {'endpoint_group': parsed_args.endpoint_group, 'e': e})
+ raise exceptions.CommandError(msg)
+
+
+class ShowEndpointGroup(command.ShowOne):
+ _description = _("Display endpoint group details")
+
+ def get_parser(self, prog_name):
+ parser = super(ShowEndpointGroup, self).get_parser(prog_name)
+ parser.add_argument(
+ 'endpoint_group',
+ metavar='<endpoint-group>',
+ help=_('Endpoint group to display (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ endpoint_id = client.find_resource(
+ 'endpoint_group', parsed_args.endpoint_group,
+ cmd_resource='endpoint_group')['id']
+ obj = client.show_endpoint_group(endpoint_id)['endpoint_group']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return (display_columns, data)
diff --git a/neutronclient/osc/v2/vpnaas/ikepolicy.py b/neutronclient/osc/v2/vpnaas/ikepolicy.py
new file mode 100644
index 0000000..28e6f60
--- /dev/null
+++ b/neutronclient/osc/v2/vpnaas/ikepolicy.py
@@ -0,0 +1,243 @@
+# Copyright 2017 FUJITSU LIMITED
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+from osc_lib.command import command
+from osc_lib import exceptions
+from osc_lib import utils
+from oslo_log import log as logging
+
+from neutronclient._i18n import _
+from neutronclient.common import utils as nc_utils
+from neutronclient.osc import utils as osc_utils
+from neutronclient.osc.v2.vpnaas import utils as vpn_utils
+
+
+LOG = logging.getLogger(__name__)
+
+_attr_map = (
+ ('id', 'ID', osc_utils.LIST_BOTH),
+ ('name', 'Name', osc_utils.LIST_BOTH),
+ ('auth_algorithm', 'Authentication Algorithm', osc_utils.LIST_BOTH),
+ ('encryption_algorithm', 'Encryption Algorithm', osc_utils.LIST_BOTH),
+ ('ike_version', 'IKE Version', osc_utils.LIST_BOTH),
+ ('pfs', 'Perfect Forward Secrecy (PFS)', osc_utils.LIST_BOTH),
+ ('description', 'Description', osc_utils.LIST_LONG_ONLY),
+ ('phase1_negotiation_mode', 'Phase1 Negotiation Mode',
+ osc_utils.LIST_LONG_ONLY),
+ ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY),
+ ('lifetime', 'Lifetime', osc_utils.LIST_LONG_ONLY),
+)
+
+
+def _convert_to_lowercase(string):
+ return string.lower()
+
+
+def _get_common_parser(parser):
+ parser.add_argument(
+ '--description',
+ metavar='<description>',
+ help=_('Description of the IKE policy'))
+ parser.add_argument(
+ '--auth-algorithm',
+ choices=['sha1', 'sha256', 'sha384', 'sha512'],
+ type=_convert_to_lowercase,
+ help=_('Authentication algorithm'))
+ parser.add_argument(
+ '--encryption-algorithm',
+ choices=['aes-128', '3des', 'aes-192', 'aes-256'],
+ type=_convert_to_lowercase,
+ help=_('Encryption algorithm'))
+ parser.add_argument(
+ '--phase1-negotiation-mode',
+ choices=['main'],
+ type=_convert_to_lowercase,
+ help=_('IKE Phase1 negotiation mode'))
+ parser.add_argument(
+ '--ike-version',
+ choices=['v1', 'v2'],
+ type=_convert_to_lowercase,
+ help=_('IKE version for the policy'))
+ parser.add_argument(
+ '--pfs',
+ choices=['group5', 'group2', 'group14'],
+ type=_convert_to_lowercase,
+ help=_('Perfect Forward Secrecy'))
+ parser.add_argument(
+ '--lifetime',
+ metavar="units=UNITS,value=VALUE",
+ type=nc_utils.str2dict_type(optional_keys=['units', 'value']),
+ help=vpn_utils.lifetime_help("IKE"))
+ return parser
+
+
+def _get_common_attrs(client_manager, parsed_args, is_create=True):
+ attrs = {}
+ if is_create:
+ if 'project' in parsed_args and parsed_args.project is not None:
+ attrs['tenant_id'] = osc_utils.find_project(
+ client_manager.identity,
+ parsed_args.project,
+ parsed_args.project_domain,
+ ).id
+ if parsed_args.description:
+ attrs['description'] = parsed_args.description
+ if parsed_args.auth_algorithm:
+ attrs['auth_algorithm'] = parsed_args.auth_algorithm
+ if parsed_args.encryption_algorithm:
+ attrs['encryption_algorithm'] = parsed_args.encryption_algorithm
+ if parsed_args.phase1_negotiation_mode:
+ attrs['phase1_negotiation_mode'] = parsed_args.phase1_negotiation_mode
+ if parsed_args.ike_version:
+ attrs['ike_version'] = parsed_args.ike_version
+ if parsed_args.pfs:
+ attrs['pfs'] = parsed_args.pfs
+ if parsed_args.lifetime:
+ vpn_utils.validate_lifetime_dict(parsed_args.lifetime)
+ attrs['lifetime'] = parsed_args.lifetime
+ return attrs
+
+
+class CreateIKEPolicy(command.ShowOne):
+ _description = _("Create an IKE policy")
+
+ def get_parser(self, prog_name):
+ parser = super(CreateIKEPolicy, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ 'name',
+ metavar='<name>',
+ help=_('Name of the IKE policy'))
+ osc_utils.add_project_owner_option_to_parser(parser)
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager, parsed_args)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ obj = client.create_ikepolicy({'ikepolicy': attrs})['ikepolicy']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return display_columns, data
+
+
+class DeleteIKEPolicy(command.Command):
+ _description = _("Delete IKE policy (policies)")
+
+ def get_parser(self, prog_name):
+ parser = super(DeleteIKEPolicy, self).get_parser(prog_name)
+ parser.add_argument(
+ 'ikepolicy',
+ metavar='<ike-policy>',
+ nargs='+',
+ help=_('IKE policy to delete (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ result = 0
+ for ike in parsed_args.ikepolicy:
+ try:
+ ike_id = client.find_resource(
+ 'ikepolicy', ike, cmd_resource='ikepolicy')['id']
+ client.delete_ikepolicy(ike_id)
+ except Exception as e:
+ result += 1
+ LOG.error(_("Failed to delete IKE policy with "
+ "name or ID '%(ikepolicy)s': %(e)s"),
+ {'ikepolicy': ike, 'e': e})
+
+ if result > 0:
+ total = len(parsed_args.ikepolicy)
+ msg = (_("%(result)s of %(total)s IKE policy failed "
+ "to delete.") % {'result': result, 'total': total})
+ raise exceptions.CommandError(msg)
+
+
+class ListIKEPolicy(command.Lister):
+ _description = _("List IKE policies that belong to a given project")
+
+ def get_parser(self, prog_name):
+ parser = super(ListIKEPolicy, self).get_parser(prog_name)
+ parser.add_argument(
+ '--long',
+ action='store_true',
+ help=_("List additional fields in output")
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ obj = client.list_ikepolicies()['ikepolicies']
+ headers, columns = osc_utils.get_column_definitions(
+ _attr_map, long_listing=parsed_args.long)
+ return (headers, (utils.get_dict_properties(s, columns) for s in obj))
+
+
+class SetIKEPolicy(command.Command):
+ _description = _("Set IKE policy properties")
+
+ def get_parser(self, prog_name):
+ parser = super(SetIKEPolicy, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ '--name',
+ metavar='<name>',
+ help=_('Name of the IKE policy'))
+ parser.add_argument(
+ 'ikepolicy',
+ metavar='<ike-policy>',
+ help=_('IKE policy to set (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager,
+ parsed_args, is_create=False)
+ if parsed_args.name:
+ attrs['name'] = parsed_args.name
+ ike_id = client.find_resource(
+ 'ikepolicy', parsed_args.ikepolicy,
+ cmd_resource='ikepolicy')['id']
+ try:
+ client.update_ikepolicy(ike_id, {'ikepolicy': attrs})
+ except Exception as e:
+ msg = (_("Failed to set IKE policy '%(ike)s': %(e)s")
+ % {'ike': parsed_args.ikepolicy, 'e': e})
+ raise exceptions.CommandError(msg)
+
+
+class ShowIKEPolicy(command.ShowOne):
+ _description = _("Display IKE policy details")
+
+ def get_parser(self, prog_name):
+ parser = super(ShowIKEPolicy, self).get_parser(prog_name)
+ parser.add_argument(
+ 'ikepolicy',
+ metavar='<ike-policy>',
+ help=_('IKE policy to display (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ ike_id = client.find_resource(
+ 'ikepolicy', parsed_args.ikepolicy,
+ cmd_resource='ikepolicy')['id']
+ obj = client.show_ikepolicy(ike_id)['ikepolicy']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return (display_columns, data)
diff --git a/neutronclient/osc/v2/vpnaas/ipsec_site_connection.py b/neutronclient/osc/v2/vpnaas/ipsec_site_connection.py
new file mode 100644
index 0000000..8dd98a9
--- /dev/null
+++ b/neutronclient/osc/v2/vpnaas/ipsec_site_connection.py
@@ -0,0 +1,372 @@
+# Copyright 2017 FUJITSU LIMITED
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+from osc_lib.cli import format_columns
+from osc_lib.command import command
+from osc_lib import exceptions
+from osc_lib import utils
+from oslo_log import log as logging
+
+from neutronclient._i18n import _
+from neutronclient.common import utils as nc_utils
+from neutronclient.osc import utils as osc_utils
+from neutronclient.osc.v2.vpnaas import utils as vpn_utils
+
+
+LOG = logging.getLogger(__name__)
+
+
+_formatters = {
+ 'peer_cidrs': format_columns.ListColumn
+}
+
+
+_attr_map = (
+ ('id', 'ID', osc_utils.LIST_BOTH),
+ ('name', 'Name', osc_utils.LIST_BOTH),
+ ('peer_address', 'Peer Address', osc_utils.LIST_BOTH),
+ ('auth_mode', 'Authentication Algorithm', osc_utils.LIST_BOTH),
+ ('status', 'Status', osc_utils.LIST_BOTH),
+ ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY),
+ ('peer_cidrs', 'Peer CIDRs', osc_utils.LIST_LONG_ONLY),
+ ('vpnservice_id', 'VPN Service', osc_utils.LIST_LONG_ONLY),
+ ('ipsecpolicy_id', 'IPSec Policy', osc_utils.LIST_LONG_ONLY),
+ ('ikepolicy_id', 'IKE Policy', osc_utils.LIST_LONG_ONLY),
+ ('mtu', 'MTU', osc_utils.LIST_LONG_ONLY),
+ ('initiator', 'Initiator', osc_utils.LIST_LONG_ONLY),
+ ('admin_state_up', 'State', osc_utils.LIST_LONG_ONLY),
+ ('description', 'Description', osc_utils.LIST_LONG_ONLY),
+ ('psk', 'Pre-shared Key', osc_utils.LIST_LONG_ONLY),
+ ('route_mode', 'Route Mode', osc_utils.LIST_LONG_ONLY),
+ ('local_id', 'Local ID', osc_utils.LIST_LONG_ONLY),
+ ('peer_id', 'Peer ID', osc_utils.LIST_LONG_ONLY),
+ ('local_ep_group_id', 'Local Endpoint Group ID', osc_utils.LIST_LONG_ONLY),
+ ('peer_ep_group_id', 'Peer Endpoint Group ID', osc_utils.LIST_LONG_ONLY),
+)
+
+
+def _convert_to_lowercase(string):
+ return string.lower()
+
+
+def _get_common_parser(parser, is_create=True):
+ parser.add_argument(
+ '--description',
+ metavar='<description>',
+ help=_('Description for the connection'))
+ parser.add_argument(
+ '--dpd',
+ metavar="action=ACTION,interval=INTERVAL,timeout=TIMEOUT",
+ type=nc_utils.str2dict_type(
+ optional_keys=['action', 'interval', 'timeout']),
+ help=vpn_utils.dpd_help("IPsec connection"))
+ parser.add_argument(
+ '--mtu',
+ help=_('MTU size for the connection'))
+ parser.add_argument(
+ '--initiator',
+ choices=['bi-directional', 'response-only'],
+ type=_convert_to_lowercase,
+ help=_('Initiator state'))
+ peer_group = parser.add_mutually_exclusive_group()
+ peer_group.add_argument(
+ '--peer-cidr',
+ dest='peer_cidrs',
+ help=_('Remote subnet(s) in CIDR format. '
+ 'Cannot be specified when using endpoint groups. Only '
+ 'applicable, if subnet provided for VPN service.')
+ )
+ peer_group.add_argument(
+ '--local-endpoint-group',
+ help=_('Local endpoint group (name or ID) with subnet(s) '
+ 'for IPsec connection')
+ )
+ parser.add_argument(
+ '--peer-endpoint-group',
+ help=_('Peer endpoint group (name or ID) with CIDR(s) for '
+ 'IPSec connection'))
+ admin_group = parser.add_mutually_exclusive_group()
+ admin_group.add_argument(
+ '--enable',
+ action='store_true',
+ help=_("Enable IPSec site connection")
+ )
+ admin_group.add_argument(
+ '--disable',
+ action='store_true',
+ help=_("Disable IPSec site connection")
+ )
+ parser.add_argument(
+ '--local-id',
+ help=_('An ID to be used instead of the external IP '
+ 'address for a virtual router'))
+ return parser
+
+
+def _get_common_attrs(client_manager, parsed_args, is_create=True):
+ attrs = {}
+ if is_create:
+ if 'project' in parsed_args and parsed_args.project is not None:
+ attrs['tenant_id'] = osc_utils.find_project(
+ client_manager.identity,
+ parsed_args.project,
+ parsed_args.project_domain,
+ ).id
+ if parsed_args.description:
+ attrs['description'] = str(parsed_args.description)
+ if parsed_args.mtu:
+ attrs['mtu'] = parsed_args.mtu
+ if parsed_args.enable:
+ attrs['admin_state_up'] = True
+ if parsed_args.disable:
+ attrs['admin_state_up'] = False
+ if parsed_args.initiator:
+ attrs['initiator'] = parsed_args.initiator
+ if parsed_args.dpd:
+ vpn_utils.validate_dpd_dict(parsed_args.dpd)
+ attrs['dpd'] = parsed_args.dpd
+ if parsed_args.local_endpoint_group:
+ _local_epg = client_manager.neutronclient.find_resource(
+ 'endpoint_group',
+ parsed_args.local_endpoint_group,
+ cmd_resource='endpoint_group')['id']
+ attrs['local_ep_group_id'] = _local_epg
+ if parsed_args.peer_endpoint_group:
+ _peer_epg = client_manager.neutronclient.find_resource(
+ 'endpoint_group',
+ parsed_args.peer_endpoint_group,
+ cmd_resource='endpoint_group')['id']
+ attrs['peer_ep_group_id'] = _peer_epg
+ if parsed_args.peer_cidrs:
+ attrs['peer_cidrs'] = parsed_args.peer_cidrs
+ if parsed_args.local_id:
+ attrs['local_id'] = parsed_args.local_id
+ return attrs
+
+
+class CreateIPsecSiteConnection(command.ShowOne):
+ _description = _("Create an IPsec site connection")
+
+ def get_parser(self, prog_name):
+ parser = super(CreateIPsecSiteConnection, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ '--peer-id',
+ required=True,
+ help=_('Peer router identity for authentication. Can be '
+ 'IPv4/IPv6 address, e-mail address, key id, or FQDN'))
+ parser.add_argument(
+ '--peer-address',
+ required=True,
+ help=_('Peer gateway public IPv4/IPv6 address or FQDN'))
+ parser.add_argument(
+ '--psk',
+ required=True,
+ help=_('Pre-shared key string.'))
+ parser.add_argument(
+ '--vpnservice',
+ metavar='VPNSERVICE',
+ required=True,
+ help=_('VPN service instance associated with this '
+ 'connection (name or ID)'))
+ parser.add_argument(
+ '--ikepolicy',
+ metavar='IKEPOLICY',
+ required=True,
+ help=_('IKE policy associated with this connection (name or ID)'))
+ parser.add_argument(
+ '--ipsecpolicy',
+ metavar='IPSECPOLICY',
+ required=True,
+ help=_('IPsec policy associated with this connection '
+ '(name or ID)'))
+ parser.add_argument(
+ 'name',
+ metavar='<name>',
+ help=_('Set friendly name for the connection'))
+ osc_utils.add_project_owner_option_to_parser(parser)
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager, parsed_args)
+ if parsed_args.vpnservice:
+ _vpnservice_id = client.find_resource(
+ 'vpnservice',
+ parsed_args.vpnservice,
+ cmd_resource='vpnservice')['id']
+ attrs['vpnservice_id'] = _vpnservice_id
+ if parsed_args.ikepolicy:
+ _ikepolicy_id = client.find_resource(
+ 'ikepolicy',
+ parsed_args.ikepolicy,
+ cmd_resource='ikepolicy')['id']
+ attrs['ikepolicy_id'] = _ikepolicy_id
+ if parsed_args.ipsecpolicy:
+ _ipsecpolicy_id = client.find_resource(
+ 'ipsecpolicy',
+ parsed_args.ipsecpolicy,
+ cmd_resource='ipsecpolicy')['id']
+ attrs['ipsecpolicy_id'] = _ipsecpolicy_id
+ if parsed_args.peer_id:
+ attrs['peer_id'] = parsed_args.peer_id
+ if parsed_args.peer_address:
+ attrs['peer_address'] = parsed_args.peer_address
+ if parsed_args.psk:
+ attrs['psk'] = parsed_args.psk
+ if parsed_args.name:
+ attrs['name'] = parsed_args.name
+ if (bool(parsed_args.local_endpoint_group) !=
+ bool(parsed_args.peer_endpoint_group)):
+ message = _("You must specify both local and peer endpoint "
+ "groups")
+ raise exceptions.CommandError(message)
+ if not parsed_args.peer_cidrs and not parsed_args.local_endpoint_group:
+ message = _("You must specify endpoint groups or peer CIDR(s)")
+ raise exceptions.CommandError(message)
+ obj = client.create_ipsec_site_connection(
+ {'ipsec_site_connection': attrs})['ipsec_site_connection']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns, formatters=_formatters)
+ return display_columns, data
+
+
+class DeleteIPsecSiteConnection(command.Command):
+ _description = _("Delete IPsec site connection(s)")
+
+ def get_parser(self, prog_name):
+ parser = super(DeleteIPsecSiteConnection, self).get_parser(prog_name)
+ parser.add_argument(
+ 'ipsec_site_connection',
+ metavar='<ipsec-site-connection>',
+ nargs='+',
+ help=_('IPsec site connection to delete (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ result = 0
+ for ipsec_conn in parsed_args.ipsec_site_connection:
+ try:
+ ipsec_con_id = client.find_resource(
+ 'ipsec_site_connection',
+ ipsec_conn,
+ cmd_resource='ipsec_site_connection')['id']
+ client.delete_ipsec_site_connection(ipsec_con_id)
+ except Exception as e:
+ result += 1
+ LOG.error(_("Failed to delete IPsec site connection with "
+ "name or ID '%(ipsec_site_conn)s': %(e)s"),
+ {'ipsec_site_conn': ipsec_conn, 'e': e})
+
+ if result > 0:
+ total = len(parsed_args.ipsec_site_connection)
+ msg = (_("%(result)s of %(total)s IPsec site connection failed "
+ "to delete.") % {'result': result, 'total': total})
+ raise exceptions.CommandError(msg)
+
+
+class ListIPsecSiteConnection(command.Lister):
+ _description = _("List IPsec site connections "
+ "that belong to a given project")
+
+ def get_parser(self, prog_name):
+ parser = super(ListIPsecSiteConnection, self).get_parser(prog_name)
+ parser.add_argument(
+ '--long',
+ action='store_true',
+ default=False,
+ help=_("List additional fields in output")
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ obj = client.list_ipsec_site_connections()['ipsec_site_connections']
+ headers, columns = osc_utils.get_column_definitions(
+ _attr_map, long_listing=parsed_args.long)
+ return (headers, (utils.get_dict_properties(
+ s, columns, formatters=_formatters) for s in obj))
+
+
+class SetIPsecSiteConnection(command.Command):
+ _description = _("Set IPsec site connection properties")
+
+ def get_parser(self, prog_name):
+ parser = super(SetIPsecSiteConnection, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ '--peer-id',
+ help=_('Peer router identity for authentication. Can be '
+ 'IPv4/IPv6 address, e-mail address, key id, or FQDN'))
+ parser.add_argument(
+ '--peer-address',
+ help=_('Peer gateway public IPv4/IPv6 address or FQDN'))
+ parser.add_argument(
+ '--name',
+ metavar='<name>',
+ help=_('Set friendly name for the connection'))
+ parser.add_argument(
+ 'ipsec_site_connection',
+ metavar='<ipsec-site-connection>',
+ help=_('IPsec site connection to set (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager,
+ parsed_args, is_create=False)
+ if parsed_args.peer_id:
+ attrs['peer_id'] = parsed_args.peer_id
+ if parsed_args.peer_address:
+ attrs['peer_address'] = parsed_args.peer_address
+ if parsed_args.name:
+ attrs['name'] = parsed_args.name
+ ipsec_conn_id = client.find_resource(
+ 'ipsec_site_connection', parsed_args.ipsec_site_connection,
+ cmd_resource='ipsec_site_connection')['id']
+ try:
+ client.update_ipsec_site_connection(
+ ipsec_conn_id,
+ {'ipsec_site_connection': attrs})
+ except Exception as e:
+ msg = (_("Failed to set IPsec site "
+ "connection '%(ipsec_conn)s': %(e)s")
+ % {'ipsec_conn': parsed_args.ipsec_site_connection, 'e': e})
+ raise exceptions.CommandError(msg)
+
+
+class ShowIPsecSiteConnection(command.ShowOne):
+ _description = _("Show information of a given IPsec site connection")
+
+ def get_parser(self, prog_name):
+ parser = super(ShowIPsecSiteConnection, self).get_parser(prog_name)
+ parser.add_argument(
+ 'ipsec_site_connection',
+ metavar='<ipsec-site-connection>',
+ help=_('IPsec site connection to display (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ ipsec_site_id = client.find_resource(
+ 'ipsec_site_connection', parsed_args.ipsec_site_connection,
+ cmd_resource='ipsec_site_connection')['id']
+ obj = client.show_ipsec_site_connection(
+ ipsec_site_id)['ipsec_site_connection']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns, formatters=_formatters)
+ return (display_columns, data)
diff --git a/neutronclient/osc/v2/vpnaas/ipsecpolicy.py b/neutronclient/osc/v2/vpnaas/ipsecpolicy.py
new file mode 100644
index 0000000..43599f3
--- /dev/null
+++ b/neutronclient/osc/v2/vpnaas/ipsecpolicy.py
@@ -0,0 +1,242 @@
+# Copyright 2017 FUJITSU LIMITED
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+from osc_lib.command import command
+from osc_lib import exceptions
+from osc_lib import utils
+from oslo_log import log as logging
+
+from neutronclient._i18n import _
+from neutronclient.common import utils as nc_utils
+from neutronclient.osc import utils as osc_utils
+from neutronclient.osc.v2.vpnaas import utils as vpn_utils
+
+
+LOG = logging.getLogger(__name__)
+
+_attr_map = (
+ ('id', 'ID', osc_utils.LIST_BOTH),
+ ('name', 'Name', osc_utils.LIST_BOTH),
+ ('auth_algorithm', 'Authentication Algorithm', osc_utils.LIST_BOTH),
+ ('encapsulation_mode', 'Encapsulation Mode', osc_utils.LIST_BOTH),
+ ('transform_protocol', 'Transform Protocol', osc_utils.LIST_BOTH),
+ ('encryption_algorithm', 'Encryption Algorithm', osc_utils.LIST_BOTH),
+ ('pfs', 'Perfect Forward Secrecy (PFS)', osc_utils.LIST_LONG_ONLY),
+ ('description', 'Description', osc_utils.LIST_LONG_ONLY),
+ ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY),
+ ('lifetime', 'Lifetime', osc_utils.LIST_LONG_ONLY),
+)
+
+
+def _convert_to_lowercase(string):
+ return string.lower()
+
+
+def _get_common_parser(parser):
+ parser.add_argument(
+ '--description',
+ metavar='<description>',
+ help=_('Description of the IPsec policy'))
+ parser.add_argument(
+ '--auth-algorithm',
+ choices=['sha1', 'sha256', 'sha384', 'sha512'],
+ type=_convert_to_lowercase,
+ help=_('Authentication algorithm for IPsec policy'))
+ parser.add_argument(
+ '--encapsulation-mode',
+ choices=['tunnel', 'transport'],
+ type=_convert_to_lowercase,
+ help=_('Encapsulation mode for IPsec policy'))
+ parser.add_argument(
+ '--encryption-algorithm',
+ choices=['3des', 'aes-128', 'aes-192', 'aes-256'],
+ type=_convert_to_lowercase,
+ help=_('Encryption algorithm for IPsec policy'))
+ parser.add_argument(
+ '--lifetime',
+ metavar="units=UNITS,value=VALUE",
+ type=nc_utils.str2dict_type(optional_keys=['units', 'value']),
+ help=vpn_utils.lifetime_help("IPsec"))
+ parser.add_argument(
+ '--pfs',
+ choices=['group2', 'group5', 'group14'],
+ type=_convert_to_lowercase,
+ help=_('Perfect Forward Secrecy for IPsec policy'))
+ parser.add_argument(
+ '--transform-protocol',
+ type=_convert_to_lowercase,
+ choices=['esp', 'ah', 'ah-esp'],
+ help=_('Transform protocol for IPsec policy'))
+
+
+def _get_common_attrs(client_manager, parsed_args, is_create=True):
+ attrs = {}
+ if is_create:
+ if 'project' in parsed_args and parsed_args.project is not None:
+ attrs['tenant_id'] = osc_utils.find_project(
+ client_manager.identity,
+ parsed_args.project,
+ parsed_args.project_domain,
+ ).id
+ if parsed_args.description:
+ attrs['description'] = str(parsed_args.description)
+ if parsed_args.auth_algorithm:
+ attrs['auth_algorithm'] = parsed_args.auth_algorithm
+ if parsed_args.encapsulation_mode:
+ attrs['encapsulation_mode'] = parsed_args.encapsulation_mode
+ if parsed_args.transform_protocol:
+ attrs['transform_protocol'] = parsed_args.transform_protocol
+ if parsed_args.encryption_algorithm:
+ attrs['encryption_algorithm'] = parsed_args.encryption_algorithm
+ if parsed_args.pfs:
+ attrs['pfs'] = parsed_args.pfs
+ if parsed_args.lifetime:
+ vpn_utils.validate_lifetime_dict(parsed_args.lifetime)
+ attrs['lifetime'] = parsed_args.lifetime
+ return attrs
+
+
+class CreateIPsecPolicy(command.ShowOne):
+ _description = _("Create an IPsec policy")
+
+ def get_parser(self, prog_name):
+ parser = super(CreateIPsecPolicy, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ 'name',
+ metavar='<name>',
+ help=_('Name of the IPsec policy'))
+ osc_utils.add_project_owner_option_to_parser(parser)
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager, parsed_args)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ obj = client.create_ipsecpolicy({'ipsecpolicy': attrs})['ipsecpolicy']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return display_columns, data
+
+
+class DeleteIPsecPolicy(command.Command):
+ _description = _("Delete IPsec policy(policies)")
+
+ def get_parser(self, prog_name):
+ parser = super(DeleteIPsecPolicy, self).get_parser(prog_name)
+ parser.add_argument(
+ 'ipsecpolicy',
+ metavar='<ipsec-policy>',
+ nargs='+',
+ help=_('ipsec policy to delete (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ result = 0
+ for ipsec in parsed_args.ipsecpolicy:
+ try:
+ ipsec_id = client.find_resource(
+ 'ipsecpolicy', ipsec, cmd_resource='ipsecpolicy')['id']
+ client.delete_ipsecpolicy(ipsec_id)
+ except Exception as e:
+ result += 1
+ LOG.error(_("Failed to delete IPsec policy with "
+ "name or ID '%(ipsecpolicy)s': %(e)s"),
+ {'ipsecpolicy': ipsec, 'e': e})
+
+ if result > 0:
+ total = len(parsed_args.ipsecpolicy)
+ msg = (_("%(result)s of %(total)s IPsec policy failed "
+ "to delete.") % {'result': result, 'total': total})
+ raise exceptions.CommandError(msg)
+
+
+class ListIPsecPolicy(command.Lister):
+ _description = _("List IPsec policies that belong to a given project")
+
+ def get_parser(self, prog_name):
+ parser = super(ListIPsecPolicy, self).get_parser(prog_name)
+ parser.add_argument(
+ '--long',
+ action='store_true',
+ default=False,
+ help=_("List additional fields in output")
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ obj = client.list_ipsecpolicies()['ipsecpolicies']
+ headers, columns = osc_utils.get_column_definitions(
+ _attr_map, long_listing=parsed_args.long)
+ return (headers, (utils.get_dict_properties(s, columns) for s in obj))
+
+
+class SetIPsecPolicy(command.Command):
+ _description = _("Set IPsec policy properties")
+
+ def get_parser(self, prog_name):
+ parser = super(SetIPsecPolicy, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ '--name',
+ metavar='<name>',
+ help=_('Name of the IPsec policy'))
+ parser.add_argument(
+ 'ipsecpolicy',
+ metavar='<ipsec-policy>',
+ help=_('IPsec policy to set (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager,
+ parsed_args, is_create=False)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ ipsec_id = client.find_resource(
+ 'ipsecpolicy', parsed_args.ipsecpolicy,
+ cmd_resource='ipsecpolicy')['id']
+ try:
+ client.update_ipsecpolicy(ipsec_id, {'ipsecpolicy': attrs})
+ except Exception as e:
+ msg = (_("Failed to set IPsec policy '%(ipsec)s': %(e)s")
+ % {'ipsec': parsed_args.ipsecpolicy, 'e': e})
+ raise exceptions.CommandError(msg)
+
+
+class ShowIPsecPolicy(command.ShowOne):
+ _description = _("Display IPsec policy details")
+
+ def get_parser(self, prog_name):
+ parser = super(ShowIPsecPolicy, self).get_parser(prog_name)
+ parser.add_argument(
+ 'ipsecpolicy',
+ metavar='<ipsec-policy>',
+ help=_('IPsec policy to display (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ ipsec_id = client.find_resource(
+ 'ipsecpolicy', parsed_args.ipsecpolicy,
+ cmd_resource='ipsecpolicy')['id']
+ obj = client.show_ipsecpolicy(ipsec_id)['ipsecpolicy']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return (display_columns, data)
diff --git a/neutronclient/osc/v2/vpnaas/utils.py b/neutronclient/osc/v2/vpnaas/utils.py
new file mode 100644
index 0000000..2de5cc3
--- /dev/null
+++ b/neutronclient/osc/v2/vpnaas/utils.py
@@ -0,0 +1,112 @@
+# Copyright 2017 FUJITSU LIMITED
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+
+"""VPN Utilities and helper functions."""
+
+
+from neutronclient._i18n import _
+from neutronclient.common import exceptions
+
+DPD_SUPPORTED_ACTIONS = ['hold', 'clear', 'restart',
+ 'restart-by-peer', 'disabled']
+DPD_SUPPORTED_KEYS = ['action', 'interval', 'timeout']
+
+lifetime_keys = ['units', 'value']
+lifetime_units = ['seconds']
+
+
+def validate_dpd_dict(dpd_dict):
+ for key, value in dpd_dict.items():
+ if key not in DPD_SUPPORTED_KEYS:
+ message = _(
+ "DPD Dictionary KeyError: "
+ "Reason-Invalid DPD key : "
+ "'%(key)s' not in %(supported_key)s") % {
+ 'key': key, 'supported_key': DPD_SUPPORTED_KEYS}
+ raise exceptions.CommandError(message)
+ if key == 'action' and value not in DPD_SUPPORTED_ACTIONS:
+ message = _(
+ "DPD Dictionary ValueError: "
+ "Reason-Invalid DPD action : "
+ "'%(key_value)s' not in %(supported_action)s") % {
+ 'key_value': value,
+ 'supported_action': DPD_SUPPORTED_ACTIONS}
+ raise exceptions.CommandError(message)
+ if key in ('interval', 'timeout'):
+ try:
+ if int(value) <= 0:
+ raise ValueError()
+ except ValueError:
+ message = _(
+ "DPD Dictionary ValueError: "
+ "Reason-Invalid positive integer value: "
+ "'%(key)s' = %(value)s") % {
+ 'key': key, 'value': value}
+ raise exceptions.CommandError(message)
+ else:
+ dpd_dict[key] = int(value)
+ return
+
+
+def validate_lifetime_dict(lifetime_dict):
+
+ for key, value in lifetime_dict.items():
+ if key not in lifetime_keys:
+ message = _(
+ "Lifetime Dictionary KeyError: "
+ "Reason-Invalid unit key : "
+ "'%(key)s' not in %(supported_key)s") % {
+ 'key': key, 'supported_key': lifetime_keys}
+ raise exceptions.CommandError(message)
+ if key == 'units' and value not in lifetime_units:
+ message = _(
+ "Lifetime Dictionary ValueError: "
+ "Reason-Invalid units : "
+ "'%(key_value)s' not in %(supported_units)s") % {
+ 'key_value': key, 'supported_units': lifetime_units}
+ raise exceptions.CommandError(message)
+ if key == 'value':
+ try:
+ if int(value) < 60:
+ raise ValueError()
+ except ValueError:
+ message = _(
+ "Lifetime Dictionary ValueError: "
+ "Reason-Invalid value should be at least 60:"
+ "'%(key_value)s' = %(value)s") % {
+ 'key_value': key, 'value': value}
+ raise exceptions.CommandError(message)
+ else:
+ lifetime_dict['value'] = int(value)
+ return
+
+
+def lifetime_help(policy):
+ lifetime = _("%s lifetime attributes. "
+ "'units'-seconds, default:seconds. "
+ "'value'-non negative integer, default:3600.") % policy
+ return lifetime
+
+
+def dpd_help(policy):
+ dpd = _(" %s Dead Peer Detection attributes."
+ " 'action'-hold,clear,disabled,restart,restart-by-peer."
+ " 'interval' and 'timeout' are non negative integers. "
+ " 'interval' should be less than 'timeout' value. "
+ " 'action', default:hold 'interval', default:30, "
+ " 'timeout', default:120.") % policy.capitalize()
+ return dpd
diff --git a/neutronclient/osc/v2/vpnaas/vpnservice.py b/neutronclient/osc/v2/vpnaas/vpnservice.py
new file mode 100644
index 0000000..2120a14
--- /dev/null
+++ b/neutronclient/osc/v2/vpnaas/vpnservice.py
@@ -0,0 +1,235 @@
+# Copyright 2017 FUJITSU LIMITED
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+from osc_lib.command import command
+from osc_lib import exceptions
+from osc_lib import utils
+from oslo_log import log as logging
+
+from neutronclient._i18n import _
+from neutronclient.osc import utils as osc_utils
+
+
+LOG = logging.getLogger(__name__)
+
+_attr_map = (
+ ('id', 'ID', osc_utils.LIST_BOTH),
+ ('name', 'Name', osc_utils.LIST_BOTH),
+ ('router_id', 'Router', osc_utils.LIST_BOTH),
+ ('subnet_id', 'Subnet', osc_utils.LIST_BOTH),
+ ('flavor_id', 'Flavor', osc_utils.LIST_BOTH),
+ ('admin_state_up', 'State', osc_utils.LIST_BOTH),
+ ('status', 'Status', osc_utils.LIST_BOTH),
+ ('description', 'Description', osc_utils.LIST_LONG_ONLY),
+ ('tenant_id', 'Project', osc_utils.LIST_LONG_ONLY),
+)
+
+
+def _get_common_parser(parser):
+ parser.add_argument(
+ '--description',
+ metavar='<description>',
+ help=_('Description for the VPN service'))
+ parser.add_argument(
+ '--subnet',
+ metavar='<subnet>',
+ help=_('Local private subnet (name or ID)'))
+ parser.add_argument(
+ '--flavor',
+ metavar='<flavor>',
+ help=_('Flavor for the VPN service (name or ID)'))
+ admin_group = parser.add_mutually_exclusive_group()
+ admin_group.add_argument(
+ '--enable',
+ action='store_true',
+ help=_("Enable VPN service")
+ )
+ admin_group.add_argument(
+ '--disable',
+ action='store_true',
+ help=_("Disable VPN service")
+ )
+ return parser
+
+
+def _get_common_attrs(client_manager, parsed_args, is_create=True):
+ attrs = {}
+ if is_create:
+ if 'project' in parsed_args and parsed_args.project is not None:
+ attrs['tenant_id'] = osc_utils.find_project(
+ client_manager.identity,
+ parsed_args.project,
+ parsed_args.project_domain,
+ ).id
+ if parsed_args.description:
+ attrs['description'] = str(parsed_args.description)
+ if parsed_args.subnet:
+ _subnet_id = client_manager.network.find_subnet(
+ parsed_args.subnet).id
+ attrs['subnet_id'] = _subnet_id
+ if parsed_args.flavor:
+ _flavor_id = client_manager.network.find_flavor(
+ parsed_args.flavor,
+ ignore_missing=False
+ ).id
+ attrs['flavor_id'] = _flavor_id
+ if parsed_args.enable:
+ attrs['admin_state_up'] = True
+ if parsed_args.disable:
+ attrs['admin_state_up'] = False
+ return attrs
+
+
+class CreateVPNService(command.ShowOne):
+ _description = _("Create an VPN service")
+
+ def get_parser(self, prog_name):
+ parser = super(CreateVPNService, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ 'name',
+ metavar='<name>',
+ help=_('Name for the VPN service'))
+ parser.add_argument(
+ '--router',
+ metavar='ROUTER',
+ required=True,
+ help=_('Router for the VPN service (name or ID)'))
+ osc_utils.add_project_owner_option_to_parser(parser)
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager, parsed_args)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ if parsed_args.router:
+ _router_id = self.app.client_manager.network.find_router(
+ parsed_args.router).id
+ attrs['router_id'] = _router_id
+ obj = client.create_vpnservice({'vpnservice': attrs})['vpnservice']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return display_columns, data
+
+
+class DeleteVPNService(command.Command):
+ _description = _("Delete VPN service(s)")
+
+ def get_parser(self, prog_name):
+ parser = super(DeleteVPNService, self).get_parser(prog_name)
+ parser.add_argument(
+ 'vpnservice',
+ metavar='<vpn-service>',
+ nargs='+',
+ help=_('VPN service to delete (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ result = 0
+ for vpn in parsed_args.vpnservice:
+ try:
+ vpn_id = client.find_resource(
+ 'vpnservice', vpn, cmd_resource='vpnservice')['id']
+ client.delete_vpnservice(vpn_id)
+ except Exception as e:
+ result += 1
+ LOG.error(_("Failed to delete VPN service with "
+ "name or ID '%(vpnservice)s': %(e)s"),
+ {'vpnservice': vpn, 'e': e})
+
+ if result > 0:
+ total = len(parsed_args.vpnservice)
+ msg = (_("%(result)s of %(total)s vpn service failed "
+ "to delete.") % {'result': result, 'total': total})
+ raise exceptions.CommandError(msg)
+
+
+class ListVPNService(command.Lister):
+ _description = _("List VPN services that belong to a given project")
+
+ def get_parser(self, prog_name):
+ parser = super(ListVPNService, self).get_parser(prog_name)
+ parser.add_argument(
+ '--long',
+ action='store_true',
+ default=False,
+ help=_("List additional fields in output")
+ )
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ obj = client.list_vpnservices()['vpnservices']
+ headers, columns = osc_utils.get_column_definitions(
+ _attr_map, long_listing=parsed_args.long)
+ return (headers, (utils.get_dict_properties(s, columns) for s in obj))
+
+
+class SetVPNSercice(command.Command):
+ _description = _("Set VPN service properties")
+
+ def get_parser(self, prog_name):
+ parser = super(SetVPNSercice, self).get_parser(prog_name)
+ _get_common_parser(parser)
+ parser.add_argument(
+ '--name',
+ metavar='<name>',
+ help=_('Name for the VPN service'))
+ parser.add_argument(
+ 'vpnservice',
+ metavar='<vpn-service>',
+ help=_('VPN service to modify (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ attrs = _get_common_attrs(self.app.client_manager,
+ parsed_args, is_create=False)
+ if parsed_args.name:
+ attrs['name'] = str(parsed_args.name)
+ vpn_id = client.find_resource(
+ 'vpnservice', parsed_args.vpnservice,
+ cmd_resource='vpnservice')['id']
+ try:
+ client.update_vpnservice(vpn_id, {'vpnservice': attrs})
+ except Exception as e:
+ msg = (_("Failed to set vpn service '%(vpn)s': %(e)s")
+ % {'vpn': parsed_args.vpnservice, 'e': e})
+ raise exceptions.CommandError(msg)
+
+
+class ShowVPNService(command.ShowOne):
+ _description = _("Display VPN service details")
+
+ def get_parser(self, prog_name):
+ parser = super(ShowVPNService, self).get_parser(prog_name)
+ parser.add_argument(
+ 'vpnservice',
+ metavar='<vpn-service>',
+ help=_('VPN service to display (name or ID)'))
+ return parser
+
+ def take_action(self, parsed_args):
+ client = self.app.client_manager.neutronclient
+ vpn_id = client.find_resource(
+ 'vpnservice', parsed_args.vpnservice,
+ cmd_resource='vpnservice')['id']
+ obj = client.show_vpnservice(vpn_id)['vpnservice']
+ columns, display_columns = osc_utils.get_columns(obj, _attr_map)
+ data = utils.get_dict_properties(obj, columns)
+ return (display_columns, data)