Merge branch 'firewall' into crans

2024-11-21 19:03:11 +00:00 · 2018-07-21 16:29:53 +02:00 · 2018-07-21 16:29:53 +02:00 · 48e83266b6
commit 48e83266b6
parent 66dc72d1a0 59ad8e5970
9 changed files with 115 additions and 16 deletions
--- a/api/serializers.py
+++ b/api/serializers.py
@ -746,6 +746,30 @@ class SwitchPortSerializer(serializers.ModelSerializer):
                  'interfaces_subnet', 'interfaces6_subnet', 'automatic_provision', 'rest_enabled',
                  'web_management_enabled', 'get_radius_key_value', 'get_management_cred_value')

+#Firewall
+
+class FirewallPortListSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = machines.OuverturePort
+        fields = ('begin', 'end', 'protocole', 'io')
+
+class FirewallOuverturePortListSerializer(serializers.ModelSerializer):
+    tcp_ports_in = FirewallPortListSerializer(many=True, read_only=True)
+    udp_ports_in = FirewallPortListSerializer(many=True, read_only=True)
+    tcp_ports_out = FirewallPortListSerializer(many=True, read_only=True)
+    udp_ports_out = FirewallPortListSerializer(many=True, read_only=True)
+
+    class Meta:
+        model = machines.OuverturePortList
+        fields = ('tcp_ports_in', 'udp_ports_in', 'tcp_ports_out', 'udp_ports_out')
+
+class SubnetPortsOpenSerializer(serializers.ModelSerializer):
+    ouverture_ports = FirewallOuverturePortListSerializer(read_only=True)
+
+    class Meta:
+        model = machines.IpType
+        fields = ('type', 'domaine_ip_start', 'domaine_ip_stop', 'prefix_v6', 'ouverture_ports')
+
 # DHCP


@ -878,6 +902,27 @@ class DNSZonesSerializer(serializers.ModelSerializer):
                  'mx_records', 'txt_records', 'srv_records', 'a_records',
                  'aaaa_records', 'cname_records')

+
+class DNSReverseZonesSerializer(serializers.ModelSerializer):
+    """Serialize the data about DNS Zones.
+    """
+    soa = SOARecordSerializer(source='extension.soa')
+    extension = serializers.CharField(source='extension.name', read_only=True)
+    cidrs = serializers.ListField(child=serializers.CharField(), source='ip_set_cidrs_as_str', read_only=True)
+    ns_records = NSRecordSerializer(many=True, source='extension.ns_set')
+    mx_records = MXRecordSerializer(many=True, source='extension.mx_set')
+    txt_records = TXTRecordSerializer(many=True, source='extension.txt_set')
+    ptr_records = ARecordSerializer(many=True, source='get_associated_ptr_records')
+    ptr_v6_records = AAAARecordSerializer(many=True, source='get_associated_ptr_v6_records')
+
+
+    class Meta:
+        model = machines.IpType
+        fields = ('type', 'extension', 'soa', 'ns_records', 'mx_records',
+                  'txt_records', 'ptr_records', 'ptr_v6_records', 'cidrs',
+                  'prefix_v6')
+
+
 #REMINDER


--- a/api/urls.py
+++ b/api/urls.py
@ -106,8 +106,11 @@ router.register_view(r'switchs/role', views.RoleView),
 router.register_view(r'mail/alias', views.UserMailAliasView),
 # Reminder
 router.register_view(r'reminder/get-users', views.ReminderView),
+# Firewall
+router.register_view(r'firewall/subnet-ports', views.SubnetPortsOpenView),
 # DNS
 router.register_view(r'dns/zones', views.DNSZonesView),
+router.register_view(r'dns/reverse-zones', views.DNSReverseZonesView),
 # MAILING
 router.register_view(r'mailing/standard', views.StandardMailingView),
 router.register_view(r'mailing/club', views.ClubMailingView),
--- a/api/views.py
+++ b/api/views.py
@ -552,6 +552,12 @@ class HostMacIpView(generics.ListAPIView):
    serializer_class = serializers.HostMacIpSerializer


+#Firewall
+
+class SubnetPortsOpenView(generics.ListAPIView):
+    queryset = machines.IpType.objects.all()
+    serializer_class = serializers.SubnetPortsOpenSerializer
+
 # DNS

 class DNSZonesView(generics.ListAPIView):
@ -568,6 +574,15 @@ class DNSZonesView(generics.ListAPIView):
                .all())
    serializer_class = serializers.DNSZonesSerializer

+class DNSReverseZonesView(generics.ListAPIView):
+    """Exposes the detailed information about each extension (hostnames, 
+    IPs, DNS records, etc.) in order to build the DNS zone files.
+    """
+    queryset = (machines.IpType.objects.all())
+    serializer_class = serializers.DNSReverseZonesSerializer
+
+
+

 # MAILING

--- a/machines/forms.py
+++ b/machines/forms.py
@ -219,7 +219,8 @@ class IpTypeForm(FormRevMixin, ModelForm):
        model = IpType
        fields = ['type', 'extension', 'need_infra', 'domaine_ip_start',
                  'domaine_ip_stop', 'dnssec_reverse_v4', 'prefix_v6',
-                  'dnssec_reverse_v6', 'vlan', 'ouverture_ports']
+                  'prefix_v6_length','dnssec_reverse_v6', 'vlan',
+                  'ouverture_ports']

    def __init__(self, *args, **kwargs):
        prefix = kwargs.pop('prefix', self.Meta.model.__name__)
@ -231,8 +232,8 @@ class EditIpTypeForm(IpTypeForm):
    """Edition d'un iptype. Pas d'edition du rangev4 possible, car il faudrait
    synchroniser les objets iplist"""
    class Meta(IpTypeForm.Meta):
-        fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'vlan',
-                  'dnssec_reverse_v4', 'dnssec_reverse_v6',
+        fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'prefix_v6_length',
+                  'vlan', 'dnssec_reverse_v4', 'dnssec_reverse_v6',
                  'ouverture_ports']


--- a/machines/migrations/0095_iptype_prefix_v6_length.py
+++ b/machines/migrations/0095_iptype_prefix_v6_length.py
@ -0,0 +1,21 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.10.7 on 2018-07-16 18:46
+from __future__ import unicode_literals
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('machines', '0094_role_specific_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='iptype',
+            name='prefix_v6_length',
+            field=models.IntegerField(default=64, validators=[django.core.validators.MaxValueValidator(128), django.core.validators.MinValueValidator(0)]),
+        ),
+    ]
--- a/machines/models.py
+++ b/machines/models.py
@ -39,7 +39,7 @@ from django.dispatch import receiver
 from django.forms import ValidationError
 from django.utils.functional import cached_property
 from django.utils import timezone
-from django.core.validators import MaxValueValidator
+from django.core.validators import MaxValueValidator, MinValueValidator

 from macaddress.fields import MACAddressField

@ -343,6 +343,13 @@ class IpType(RevMixin, AclMixin, models.Model):
        null=True,
        blank=True
    )
+    prefix_v6_length = models.IntegerField(
+        default=64,
+        validators=[
+            MaxValueValidator(128),
+            MinValueValidator(0)
+        ]
+        )
    dnssec_reverse_v6 = models.BooleanField(
            default=False,
            help_text="Activer DNSSEC sur le reverse DNS IPv6",
@ -405,7 +412,7 @@ class IpType(RevMixin, AclMixin, models.Model):
            return {
                'network' : str(self.prefix_v6),
                'netmask' : 'ffff:ffff:ffff:ffff::',
-                'netmask_cidr' : '64',
+                'netmask_cidr' : str(self.prefix_v6_length),
                'vlan': str(self.vlan),
                'vlan_id': self.vlan.vlan_id
            }
@ -460,6 +467,17 @@ class IpType(RevMixin, AclMixin, models.Model):
                ):
                ipv6.check_and_replace_prefix(prefix=self.prefix_v6)

+    def get_associated_ptr_records(self):
+        from re2o.utils import all_active_assigned_interfaces
+        return (all_active_assigned_interfaces()
+                .filter(type__ip_type=self)
+                .filter(ipv4__isnull=False))
+
+    def get_associated_ptr_v6_records(self):
+        from re2o.utils import all_active_interfaces
+        return (all_active_interfaces(full=True)
+                .filter(type__ip_type=self))
+
    def clean(self):
        """ Nettoyage. Vérifie :
        - Que ip_stop est après ip_start
--- a/machines/templates/machines/aff_iptype.html
+++ b/machines/templates/machines/aff_iptype.html
@ -45,7 +45,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
            <td>{{ type.extension }}</td>
            <td>{{ type.need_infra }}</td>
 	    <td>{{ type.domaine_ip_start }}-{{ type.domaine_ip_stop }}</td>
-	    <td>{{ type.prefix_v6 }}</td>
+		<td>{{ type.prefix_v6 }}/{{ type.prefix_v6_length }}</td>
 	    <td>{{ type.dnssec_reverse_v4 }}/{{ type.dnssec_reverse_v6 }}</td>
            <td>{{ type.vlan }}</td>
 	    <td>{{ type.ouverture_ports }}</td>
--- a/topologie/forms.py
+++ b/topologie/forms.py
@ -89,15 +89,7 @@ class EditPortForm(FormRevMixin, ModelForm):
        self.fields['machine_interface'].queryset = (
            Interface.objects.all().select_related('domain__extension')
        )
-        self.fields['related'].queryset = (
-            Port.objects.all()
-            .prefetch_related(Prefetch(
-                'switch__interface_set',
-                queryset=(Interface.objects
-                          .select_related('ipv4__ip_type__extension')
-                          .select_related('domain__extension'))
-            ))
-        )
+        self.fields['related'].queryset = Port.objects.all().prefetch_related('switch__machine_ptr__interface_set__domain__extension')


 class AddPortForm(FormRevMixin, ModelForm):
--- a/topologie/models.py
+++ b/topologie/models.py
@ -359,8 +359,12 @@ class Switch(AclMixin, Machine):
        """Return dict ip6:subnet for all ipv6 of the switch"""
        return dict((str(interface.ipv6().first()), interface.type.ip_type.ip6_set_full_info) for interface in self.interface_set.all())

+    @cached_property
+    def get_name(self):
+        return self.name or self.main_interface().domain.name
+
    def __str__(self):
-        return str(self.main_interface())
+        return str(self.get_name)


 class ModelSwitch(AclMixin, RevMixin, models.Model):