neutron-lib/neutron_lib/api/validators/dns.py

#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.

import re

from oslo_config import cfg

from neutron_lib._i18n import _
from neutron_lib.api import validators
from neutron_lib import constants
from neutron_lib.db import constants as db_constants


def _validate_dns_format(data, max_len=db_constants.FQDN_FIELD_SIZE):
    # NOTE: An individual name regex instead of an entire FQDN was used
    # because its easier to make correct. The logic should validate that the
    # dns_name matches RFC 1123 (section 2.1) and RFC 952.
    if not data:
        return
    try:
        # A trailing period is allowed to indicate that a name is fully
        # qualified per RFC 1034 (page 7).
        trimmed = data[:-1] if data.endswith('.') else data
        if len(trimmed) > max_len:
            raise TypeError(
                _("'%(trimmed)s' exceeds the %(maxlen)s character FQDN "
                  "limit") % {'trimmed': trimmed, 'maxlen': max_len})
        labels = trimmed.split('.')
        for label in labels:
            if not label:
                raise TypeError(_("Encountered an empty component"))
            if label.endswith('-') or label.startswith('-'):
                raise TypeError(
                    _("Name '%s' must not start or end with a hyphen") % label)
            if not re.match(constants.DNS_LABEL_REGEX, label):
                raise TypeError(
                    _("Name '%s' must be 1-63 characters long, each of "
                      "which can only be alphanumeric or a hyphen") % label)
        # RFC 1123 hints that a TLD can't be all numeric. last is a TLD if
        # it's an FQDN.
        if len(labels) > 1 and re.match("^[0-9]+$", labels[-1]):
            raise TypeError(
                _("TLD '%s' must not be all numeric") % labels[-1])
    except TypeError as e:
        msg = _("'%(data)s' not a valid PQDN or FQDN. Reason: %(reason)s") % {
            'data': data, 'reason': e}
        return msg


def _validate_dns_name_with_dns_domain(request_dns_name, dns_domain):
    # If a PQDN was passed, make sure the FQDN that will be generated is of
    # legal size
    higher_labels = dns_domain
    if dns_domain:
        higher_labels = '.%s' % dns_domain
    higher_labels_len = len(higher_labels)
    dns_name_len = len(request_dns_name)
    if not request_dns_name.endswith('.'):
        if dns_name_len + higher_labels_len > db_constants.FQDN_FIELD_SIZE:
            msg = _("The dns_name passed is a PQDN and its size is "
                    "'%(dns_name_len)s'. The dns_domain option in "
                    "neutron.conf is set to %(dns_domain)s, with a "
                    "length of '%(higher_labels_len)s'. When the two are "
                    "concatenated to form a FQDN (with a '.' at the end), "
                    "the resulting length exceeds the maximum size "
                    "of '%(fqdn_max_len)s'"
                    ) % {'dns_name_len': dns_name_len,
                         'dns_domain': cfg.CONF.dns_domain,
                         'higher_labels_len': higher_labels_len,
                         'fqdn_max_len': db_constants.FQDN_FIELD_SIZE}
            return msg
        return

    # A FQDN was passed
    if (dns_name_len <= higher_labels_len or not
            request_dns_name.endswith(higher_labels)):
        msg = _("The dns_name passed is a FQDN. Its higher level labels "
                "must be equal to the dns_domain option in neutron.conf, "
                "that has been set to '%(dns_domain)s'. It must also "
                "include one or more valid DNS labels to the left "
                "of '%(dns_domain)s'") % {'dns_domain':
                                          cfg.CONF.dns_domain}
        return msg


def _get_dns_domain_config():
    if not cfg.CONF.dns_domain:
        return ''
    if cfg.CONF.dns_domain.endswith('.'):
        return cfg.CONF.dns_domain
    return '%s.' % cfg.CONF.dns_domain


def _get_request_dns_name(dns_name):
    dns_domain = _get_dns_domain_config()
    if (dns_domain and dns_domain != constants.DNS_DOMAIN_DEFAULT):
        # If CONF.dns_domain is the default value 'openstacklocal',
        # neutron don't let the user to assign dns_name to ports
        return dns_name
    return ''


def validate_dns_name(data, max_len=db_constants.FQDN_FIELD_SIZE):
    """Validate DNS name.

    This method validates dns name and also needs to have dns_domain in config
    because this may call a method which uses the config.

    :param data: The data to validate.
    :param max_len: An optional cap on the length of the string.
    :returns: None if data is valid, otherwise a human readable message
        indicating why validation failed.
    """
    msg = _validate_dns_format(data, max_len)
    if msg:
        return msg

    request_dns_name = _get_request_dns_name(data)
    if request_dns_name:
        dns_domain = _get_dns_domain_config()
        msg = _validate_dns_name_with_dns_domain(request_dns_name, dns_domain)
        if msg:
            return msg


def validate_fip_dns_name(data, max_len=db_constants.FQDN_FIELD_SIZE):
    """Validate DNS name for floating IP.

    :param data: The data to validate.
    :param max_len: An optional cap on the length of the string.
    :returns: None if data is valid, otherwise a human readable message
        indicating why validation failed.
    """
    msg = validators.validate_string(data)
    if msg:
        return msg
    if not data:
        return
    if data.endswith('.'):
        msg = _("'%s' is a FQDN. It should be a relative domain name") % data
        return msg
    msg = _validate_dns_format(data, max_len)
    if msg:
        return msg
    length = len(data)
    if length > max_len - 3:
        msg = _("'%(data)s' contains %(length)s characters. Adding a "
                "domain name will cause it to exceed the maximum length "
                "of a FQDN of '%(max_len)s'") % {"data": data,
                                                 "length": length,
                                                 "max_len": max_len}
        return msg


def validate_dns_domain(data, max_len=db_constants.FQDN_FIELD_SIZE):
    """Validate DNS domain.

    :param data: The data to validate.
    :param max_len: An optional cap on the length of the string.
    :returns: None if data is valid, otherwise a human readable message
        indicating why validation failed.
    """
    msg = validators.validate_string(data)
    if msg:
        return msg
    if not data:
        return
    if not data.endswith('.'):
        msg = _("'%s' is not a FQDN") % data
        return msg
    msg = _validate_dns_format(data, max_len)
    if msg:
        return msg
    length = len(data)
    if length > max_len - 2:
        msg = _("'%(data)s' contains %(length)s characters. Adding a "
                "sub-domain will cause it to exceed the maximum length of a "
                "FQDN of '%(max_len)s'") % {"data": data,
                                            "length": length,
                                            "max_len": max_len}
        return msg