139 lines
4.4 KiB
Python
139 lines
4.4 KiB
Python
#!/usr/bin/env python
|
|
# Copyright 2016 Mirantis, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import logging
|
|
import urwid
|
|
|
|
from fuelmenu.common import dialog
|
|
from fuelmenu.common import modulehelper as helper
|
|
from fuelmenu.common import network
|
|
from fuelmenu.common import puppet
|
|
from fuelmenu.common import urwidwrapper as widget
|
|
from fuelmenu.common import utils
|
|
from fuelmenu import consts
|
|
|
|
log = logging.getLogger('fuelmenu.security')
|
|
|
|
SSH_NETWORK = 'ADMIN_NETWORK/ssh_network'
|
|
|
|
|
|
class Security(urwid.WidgetWrap):
|
|
def __init__(self, parent):
|
|
self.name = "Security Setup"
|
|
self.visible = True
|
|
self.parent = parent
|
|
self.screen = None
|
|
|
|
# UI text
|
|
self.header_content = ["Security settings", ""]
|
|
self.fields = [SSH_NETWORK]
|
|
|
|
self.defaults = {
|
|
SSH_NETWORK: {
|
|
"label": "Restrict SSH access on network ",
|
|
"tooltip": "Enter network address in CIDR format",
|
|
"value": ""
|
|
}
|
|
}
|
|
self.load()
|
|
self.screen = None
|
|
|
|
def check(self, args):
|
|
self.parent.footer.set_text("Checking data...")
|
|
self.parent.refreshScreen()
|
|
|
|
responses = dict()
|
|
for index, fieldname in enumerate(self.fields):
|
|
if fieldname != helper.BLANK_KEY:
|
|
responses[fieldname] = self.edits[index].get_edit_text()
|
|
|
|
ssh_network = responses[SSH_NETWORK]
|
|
errors = []
|
|
|
|
if len(ssh_network) == 0:
|
|
self.parent.footer.set_text("Address is empty, "
|
|
"will be changed to 0.0.0.0/0")
|
|
log.warning("Empty address, changed to 0.0.0.0/0")
|
|
responses[SSH_NETWORK] = "0.0.0.0/0"
|
|
|
|
msg = "If you continue without the address, you may able to"\
|
|
+ " access the Fuel through SSH from any network. The"\
|
|
+ " address will be changed to 0.0.0.0/0. This can lead"\
|
|
+ " to the security issues."
|
|
|
|
dialog.display_dialog(
|
|
self, widget.TextLabel(msg), "Empty Address Warning")
|
|
|
|
else:
|
|
if not network.getCidrSize(ssh_network):
|
|
errors.append("Incorrect network address format: {0}."
|
|
.format(ssh_network))
|
|
|
|
if len(errors) > 0:
|
|
log.error("Errors: %s %s", len(errors), errors)
|
|
helper.ModuleHelper.display_failed_check_dialog(self, errors)
|
|
return False
|
|
|
|
self.parent.footer.set_text("No errors found.")
|
|
return responses
|
|
|
|
def apply(self, args):
|
|
responses = self.check(args)
|
|
if responses is False:
|
|
log.error("Check failed. Not applying")
|
|
return False
|
|
|
|
if utils.is_post_deployment():
|
|
self.parent.apply_tasks.add(self.apply_to_master)
|
|
|
|
self.save(responses)
|
|
return True
|
|
|
|
def apply_to_master(self):
|
|
"""Apply changes to the Fuel master"""
|
|
|
|
msg = "Apply settings to Fuel master."
|
|
log.info(msg)
|
|
self.parent.footer.set_text(msg)
|
|
self.parent.refreshScreen()
|
|
|
|
result, msg = puppet.puppetApplyManifest(consts.PUPPET_FUEL_MASTER)
|
|
|
|
self.parent.footer.set_text(msg)
|
|
return result
|
|
|
|
def save(self, responses):
|
|
newsettings = helper.ModuleHelper.make_settings_from_responses(
|
|
responses)
|
|
self.parent.settings.merge(newsettings)
|
|
|
|
def load(self):
|
|
admin_network = network.get_iface_info(self.parent.managediface)
|
|
self.defaults[SSH_NETWORK]['value'] = network.getCidr(
|
|
admin_network["addr"],
|
|
admin_network["netmask"])
|
|
|
|
helper.ModuleHelper.load_to_defaults(
|
|
self.parent.settings,
|
|
self.defaults,
|
|
)
|
|
|
|
def refresh(self):
|
|
pass
|
|
|
|
def screenUI(self):
|
|
return helper.ModuleHelper.screenUI(self, self.header_content,
|
|
self.fields, self.defaults)
|