Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 1 | """ |
| 2 | NETCONF connections |
| 3 | File: connections.py |
| 4 | Author: Radek Krejci <rkrejci@cesnet.cz> |
| 5 | """ |
| 6 | |
Radek Krejci | 67c922d | 2017-09-21 13:56:41 +0200 | [diff] [blame] | 7 | import json |
| 8 | import os |
| 9 | |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 10 | from liberouterapi import auth |
| 11 | from flask import request |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 12 | import yang |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 13 | import netconf2 as nc |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 14 | |
| 15 | from .inventory import INVENTORY |
| 16 | from .devices import devices_get |
| 17 | from .error import NetopeerException |
Radek Krejci | a133960 | 2017-11-02 13:52:38 +0100 | [diff] [blame] | 18 | from .data import * |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 19 | |
| 20 | sessions = {} |
| 21 | |
Radek Krejci | e20e4d8 | 2017-11-08 14:18:05 +0100 | [diff] [blame] | 22 | def hostkey_check(hostname, state, keytype, hexa, priv): |
| 23 | # TODO real check |
| 24 | return True |
| 25 | |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 26 | @auth.required() |
| 27 | def connect(): |
| 28 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 29 | user = session['user'] |
| 30 | path = os.path.join(INVENTORY, user.username) |
| 31 | |
Radek Krejci | a6c8b41 | 2017-10-17 16:59:38 +0200 | [diff] [blame] | 32 | data = request.get_json() |
| 33 | if 'id' in data: |
| 34 | # stored device |
| 35 | device = devices_get(data['id'], user.username) |
| 36 | elif 'device' in data: |
| 37 | # one-time connect, the device is specified in request |
| 38 | device = data['device'] |
| 39 | else: |
| 40 | raise NetopeerException('Invalid connection request.') |
| 41 | |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 42 | if not device: |
| 43 | raise NetopeerException('Unknown device to connect to request.') |
| 44 | |
| 45 | nc.setSearchpath(path) |
| 46 | |
| 47 | ssh = nc.SSH(device['username'], password=device['password']) |
Radek Krejci | e20e4d8 | 2017-11-08 14:18:05 +0100 | [diff] [blame] | 48 | ssh.setAuthHostkeyCheckClb(hostkey_check) |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 49 | try: |
| 50 | session = nc.Session(device['hostname'], device['port'], ssh) |
| 51 | except Exception as e: |
| 52 | return(json.dumps({'success': False, 'error-msg': str(e)})) |
| 53 | |
| 54 | if not user.username in sessions: |
| 55 | sessions[user.username] = {} |
| 56 | |
| 57 | # use key (as hostname:port:session-id) to store the created NETCONF session |
| 58 | key = session.host + ":" + str(session.port) + ":" + session.id |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 59 | sessions[user.username][key] = {} |
| 60 | sessions[user.username][key]['session'] = session |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 61 | |
| 62 | return(json.dumps({'success': True, 'session-key': key})) |
| 63 | |
| 64 | |
| 65 | @auth.required() |
| 66 | def session_get_capabilities(): |
| 67 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 68 | user = session['user'] |
| 69 | req = request.args.to_dict() |
| 70 | |
| 71 | if not 'key' in req: |
| 72 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 73 | |
| 74 | if not user.username in sessions: |
| 75 | sessions[user.username] = {} |
| 76 | |
| 77 | key = req['key'] |
| 78 | if not key in sessions[user.username]: |
| 79 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 80 | |
| 81 | cpblts = [] |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 82 | for c in sessions[user.username][key]['session'].capabilities: |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 83 | cpblts.append(c) |
| 84 | |
| 85 | return(json.dumps({'success': True, 'capabilities': cpblts})) |
| 86 | |
| 87 | @auth.required() |
Radek Krejci | 2e57856 | 2017-10-17 11:11:13 +0200 | [diff] [blame] | 88 | def session_get(): |
| 89 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 90 | user = session['user'] |
| 91 | req = request.args.to_dict() |
| 92 | |
| 93 | if not 'key' in req: |
| 94 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
Radek Krejci | a133960 | 2017-11-02 13:52:38 +0100 | [diff] [blame] | 95 | if not 'recursive' in req: |
| 96 | return(json.dumps({'success': False, 'error-msg': 'Missing recursive flag.'})) |
Radek Krejci | 2e57856 | 2017-10-17 11:11:13 +0200 | [diff] [blame] | 97 | |
| 98 | if not user.username in sessions: |
| 99 | sessions[user.username] = {} |
| 100 | |
| 101 | key = req['key'] |
| 102 | if not key in sessions[user.username]: |
| 103 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 104 | |
Radek Krejci | 2e57856 | 2017-10-17 11:11:13 +0200 | [diff] [blame] | 105 | try: |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 106 | sessions[user.username][key]['data'] = sessions[user.username][key]['session'].rpcGet() |
Radek Krejci | 2e57856 | 2017-10-17 11:11:13 +0200 | [diff] [blame] | 107 | except nc.ReplyError as e: |
| 108 | reply = {'success': False, 'error': []} |
| 109 | for err in e.args[0]: |
| 110 | reply['error'].append(json.loads(str(err))) |
| 111 | return(json.dumps(reply)) |
| 112 | |
Radek Krejci | a133960 | 2017-11-02 13:52:38 +0100 | [diff] [blame] | 113 | if not 'path' in req: |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 114 | return(dataInfoRoots(sessions[user.username][key]['data'], True if req['recursive'] == 'true' else False)) |
Radek Krejci | a133960 | 2017-11-02 13:52:38 +0100 | [diff] [blame] | 115 | else: |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 116 | return(dataInfoSubtree(sessions[user.username][key]['data'], req['path'], True if req['recursive'] == 'true' else False)) |
| 117 | |
| 118 | |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 119 | def _checkvalue(session, req, schema): |
| 120 | user = session['user']; |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 121 | |
| 122 | if not 'key' in req: |
| 123 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 124 | if not 'path' in req: |
| 125 | return(json.dumps({'success': False, 'error-msg': 'Missing path to validate value.'})) |
| 126 | if not 'value' in req: |
| 127 | return(json.dumps({'success': False, 'error-msg': 'Missing value to validate.'})) |
| 128 | |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 129 | key = req['key'] |
| 130 | if not key in sessions[user.username]: |
| 131 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 132 | |
Radek Krejci | cf719cb | 2018-02-15 16:47:32 +0100 | [diff] [blame^] | 133 | ctx = sessions[user.username][key]['session'].context; |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 134 | if schema: |
Radek Krejci | cf719cb | 2018-02-15 16:47:32 +0100 | [diff] [blame^] | 135 | search = ctx.find_path(req['path']) |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 136 | else: |
| 137 | search = sessions[user.username][key]['data'].find_path(req['path']) |
| 138 | |
| 139 | if search.number() != 1: |
| 140 | return(json.dumps({'success': False, 'error-msg': 'Invalid data path.'})) |
| 141 | |
| 142 | if schema: |
| 143 | node = search.schema()[0] |
| 144 | else: |
| 145 | node = search.data()[0] |
| 146 | |
| 147 | if node.validate_value(req['value']): |
Radek Krejci | cf719cb | 2018-02-15 16:47:32 +0100 | [diff] [blame^] | 148 | errors = yang.get_ly_errors(ctx) |
| 149 | if errors.size(): |
| 150 | return(json.dumps({'success': False, 'error-msg': errors[errors.size() - 1].errmsg()})) |
| 151 | else: |
| 152 | return(json.dumps({'success': False, 'error-msg': 'unknown error'})) |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 153 | |
| 154 | return(json.dumps({'success': True})) |
| 155 | |
| 156 | @auth.required() |
| 157 | def data_checkvalue(): |
| 158 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 159 | req = request.args.to_dict() |
| 160 | |
| 161 | return _checkvalue(session, req, False) |
| 162 | |
| 163 | |
| 164 | @auth.required() |
| 165 | def schema_checkvalue(): |
| 166 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 167 | req = request.args.to_dict() |
| 168 | |
| 169 | return _checkvalue(session, req, True) |
| 170 | |
| 171 | |
| 172 | @auth.required() |
Radek Krejci | d0ce4cf | 2018-02-09 14:44:34 +0100 | [diff] [blame] | 173 | def schema_values(): |
| 174 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 175 | user = session['user'] |
| 176 | req = request.args.to_dict() |
| 177 | |
| 178 | if not 'key' in req: |
| 179 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 180 | if not 'path' in req: |
| 181 | return(json.dumps({'success': False, 'error-msg': 'Missing path to validate value.'})) |
| 182 | |
| 183 | key = req['key'] |
| 184 | if not key in sessions[user.username]: |
| 185 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 186 | |
| 187 | search = sessions[user.username][key]['session'].context.find_path(req['path']) |
| 188 | if search.number() != 1: |
| 189 | return(json.dumps({'success': False, 'error-msg': 'Invalid data path.'})) |
| 190 | schema = search.schema()[0] |
| 191 | |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 192 | if schema.nodetype() != yang.LYS_LEAF and schema.nodetype != yang.LYS_LEAFLIST: |
Radek Krejci | d0ce4cf | 2018-02-09 14:44:34 +0100 | [diff] [blame] | 193 | result = None |
| 194 | else: |
| 195 | result = typeValues(schema.subtype().type(), []) |
| 196 | return(json.dumps({'success': True, 'data': result})) |
| 197 | |
| 198 | |
| 199 | @auth.required() |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 200 | def schema_info(): |
| 201 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 202 | user = session['user'] |
| 203 | req = request.args.to_dict() |
| 204 | |
| 205 | if not 'key' in req: |
| 206 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 207 | if not 'path' in req: |
| 208 | return(json.dumps({'success': False, 'error-msg': 'Missing path to validate value.'})) |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 209 | |
| 210 | key = req['key'] |
| 211 | if not key in sessions[user.username]: |
| 212 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 213 | |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 214 | if req['path'] == '/': |
Radek Krejci | f71867f | 2018-01-30 13:28:28 +0100 | [diff] [blame] | 215 | node = None |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 216 | else: |
| 217 | search = sessions[user.username][key]['session'].context.find_path(req['path']) |
| 218 | if search.number() != 1: |
| 219 | return(json.dumps({'success': False, 'error-msg': 'Invalid data path.'})) |
| 220 | node = search.schema()[0] |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 221 | |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 222 | result = []; |
| 223 | if 'relative' in req: |
| 224 | if req['relative'] == 'children': |
Radek Krejci | f71867f | 2018-01-30 13:28:28 +0100 | [diff] [blame] | 225 | if node: |
| 226 | instantiables = node.child_instantiables(0) |
| 227 | else: |
| 228 | # top level |
| 229 | instantiables = sessions[user.username][key]['session'].context.data_instantiables(0) |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 230 | elif req['relative'] == 'siblings': |
| 231 | if node.parent(): |
Radek Krejci | f71867f | 2018-01-30 13:28:28 +0100 | [diff] [blame] | 232 | instantiables = node.parent().child_instantiables(0) |
| 233 | else: |
| 234 | # top level |
| 235 | instantiables = sessions[user.username][key]['session'].context.data_instantiables(0) |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 236 | else: |
| 237 | return(json.dumps({'success': False, 'error-msg': 'Invalid relative parameter.'})) |
Radek Krejci | f71867f | 2018-01-30 13:28:28 +0100 | [diff] [blame] | 238 | |
| 239 | for child in instantiables: |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 240 | if child.flags() & yang.LYS_CONFIG_R: |
Radek Krejci | f71867f | 2018-01-30 13:28:28 +0100 | [diff] [blame] | 241 | # ignore status nodes |
| 242 | continue |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 243 | if child.nodetype() & (yang.LYS_RPC | yang.LYS_NOTIF | yang.LYS_ACTION): |
Radek Krejci | f71867f | 2018-01-30 13:28:28 +0100 | [diff] [blame] | 244 | # ignore RPCs, Notifications and Actions |
| 245 | continue |
| 246 | result.append(schemaInfoNode(child)) |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 247 | else: |
| 248 | result.append(schemaInfoNode(node)) |
Radek Krejci | 4d3896c | 2018-01-08 17:10:43 +0100 | [diff] [blame] | 249 | |
Radek Krejci | 6e772b2 | 2018-01-25 13:28:57 +0100 | [diff] [blame] | 250 | return(json.dumps({'success': True, 'data': result})) |
Radek Krejci | 2e57856 | 2017-10-17 11:11:13 +0200 | [diff] [blame] | 251 | |
| 252 | |
Radek Krejci | f041d65 | 2018-02-06 10:21:25 +0100 | [diff] [blame] | 253 | def _create_child(ctx, parent, child_def): |
| 254 | module = ctx.get_module(child_def['info']['module']) |
| 255 | # print('child: ' + json.dumps(child_def)) |
| 256 | if child_def['info']['type'] == 4: |
| 257 | # print('parent: ' + parent.schema().name()) |
| 258 | # print('module: ' + module.name()) |
| 259 | # print('name: ' + child_def['info']['name']) |
| 260 | # print('value: ' + child_def['value']) |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 261 | yang.Data_Node(parent, module, child_def['info']['name'], child_def['value']) |
Radek Krejci | f041d65 | 2018-02-06 10:21:25 +0100 | [diff] [blame] | 262 | else: |
| 263 | # print('parent: ' + parent.schema().name()) |
| 264 | # print('module: ' + module.name()) |
| 265 | # print('name: ' + child_def['info']['name']) |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 266 | child = yang.Data_Node(parent, module, child_def['info']['name']) |
Radek Krejci | f041d65 | 2018-02-06 10:21:25 +0100 | [diff] [blame] | 267 | if 'children' in child_def: |
| 268 | for grandchild in child_def['children']: |
| 269 | _create_child(ctx, child, grandchild) |
| 270 | |
| 271 | |
| 272 | @auth.required() |
| 273 | def session_commit(): |
| 274 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 275 | user = session['user'] |
| 276 | |
| 277 | req = request.get_json() |
| 278 | if not 'key' in req: |
| 279 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 280 | if not 'modifications' in req: |
| 281 | return(json.dumps({'success': False, 'error-msg': 'Missing modifications.'})) |
| 282 | |
| 283 | mods = req['modifications'] |
| 284 | ctx = sessions[user.username][req['key']]['session'].context |
| 285 | root = None |
| 286 | for key in mods: |
| 287 | recursion = False |
| 288 | # get correct path and value if needed |
| 289 | path = key |
| 290 | value = None |
| 291 | if mods[key]['type'] == 'change': |
| 292 | value = mods[key]['value'] |
| 293 | elif mods[key]['type'] == 'create' or mods[key]['type'] == 'replace': |
| 294 | if mods[key]['data']['info']['type'] == 4: |
| 295 | # creating/replacing leaf |
| 296 | value = mods[key]['data']['value'] |
| 297 | elif mods[key]['data']['info']['type'] == 16: |
| 298 | recursion = True |
| 299 | path = mods[key]['data']['path'] |
| 300 | elif mods[key]['data']['info']['type'] == 1: |
| 301 | recursion = True |
| 302 | |
| 303 | # create node |
| 304 | if root: |
| 305 | root.new_path(ctx, path, value, 0, 0) |
| 306 | else: |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 307 | root = yang.Data_Node(ctx, path, value, 0, 0) |
Radek Krejci | f041d65 | 2018-02-06 10:21:25 +0100 | [diff] [blame] | 308 | node = root.find_path(path).data()[0]; |
| 309 | |
| 310 | # set operation attribute and add additional data if any |
| 311 | if mods[key]['type'] == 'change': |
| 312 | node.insert_attr(None, 'ietf-netconf:operation', 'merge') |
| 313 | elif mods[key]['type'] == 'delete': |
| 314 | node.insert_attr(None, 'ietf-netconf:operation', 'delete') |
| 315 | elif mods[key]['type'] == 'create': |
| 316 | node.insert_attr(None, 'ietf-netconf:operation', 'create') |
| 317 | elif mods[key]['type'] == 'replace': |
| 318 | node.insert_attr(None, 'ietf-netconf:operation', 'replace') |
| 319 | else: |
| 320 | return(json.dumps({'success': False, 'error-msg': 'Invalid modification ' + key})) |
| 321 | |
| 322 | if recursion and 'children' in mods[key]['data']: |
| 323 | for child in mods[key]['data']['children']: |
Radek Krejci | f73403b | 2018-02-08 14:57:25 +0100 | [diff] [blame] | 324 | if 'key' in child['info'] and child['info']['key']: |
Radek Krejci | f041d65 | 2018-02-06 10:21:25 +0100 | [diff] [blame] | 325 | continue |
| 326 | _create_child(ctx, node, child) |
| 327 | |
Radek Krejci | 0f793fe | 2018-02-14 08:33:45 +0100 | [diff] [blame] | 328 | # print(root.print_mem(yang.LYD_XML, yang.LYP_FORMAT)) |
Radek Krejci | f73403b | 2018-02-08 14:57:25 +0100 | [diff] [blame] | 329 | try: |
| 330 | sessions[user.username][req['key']]['session'].rpcEditConfig(nc.DATASTORE_RUNNING, root) |
| 331 | except nc.ReplyError as e: |
| 332 | reply = {'success': False, 'error': []} |
| 333 | for err in e.args[0]: |
| 334 | reply['error'].append(json.loads(str(err))) |
| 335 | return(json.dumps(reply)) |
| 336 | |
Radek Krejci | f041d65 | 2018-02-06 10:21:25 +0100 | [diff] [blame] | 337 | return(json.dumps({'success': True})) |
| 338 | |
| 339 | |
Radek Krejci | 2e57856 | 2017-10-17 11:11:13 +0200 | [diff] [blame] | 340 | @auth.required() |
Radek Krejci | cbbb197 | 2017-09-21 13:25:19 +0200 | [diff] [blame] | 341 | def session_close(): |
| 342 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 343 | user = session['user'] |
| 344 | req = request.args.to_dict() |
| 345 | |
| 346 | if not 'key' in req: |
| 347 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 348 | |
| 349 | if not user.username in sessions: |
| 350 | sessions[user.username] = {} |
| 351 | |
| 352 | key = req['key'] |
| 353 | if not key in sessions[user.username]: |
| 354 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 355 | |
| 356 | del sessions[user.username][key] |
| 357 | return(json.dumps({'success': True})) |
| 358 | |
| 359 | @auth.required() |
| 360 | def session_alive(): |
| 361 | session = auth.lookup(request.headers.get('Authorization', None)) |
| 362 | user = session['user'] |
| 363 | req = request.args.to_dict() |
| 364 | |
| 365 | if not 'key' in req: |
| 366 | return(json.dumps({'success': False, 'error-msg': 'Missing session key.'})) |
| 367 | |
| 368 | if not user.username in sessions: |
| 369 | sessions[user.username] = {} |
| 370 | |
| 371 | key = req['key'] |
| 372 | if not key in sessions[user.username]: |
| 373 | return(json.dumps({'success': False, 'error-msg': 'Invalid session key.'})) |
| 374 | |
| 375 | return(json.dumps({'success': True})) |