Merge pull request #1683 from grycap/dydns

micafer · web-flow · commit 75f556ed95cb · 2025-05-15T16:43:02.000+02:00
Dydns
diff --git a/IM/connectors/CloudConnector.py b/IM/connectors/CloudConnector.py
@@ -755,16 +755,16 @@ def manage_dns_entries(self, op, vm, auth_data, extra_args=None):
                         else:
                             raise Exception("Invalid DNS operation.")
                     except NotImplementedError as niex:
-                        # Use EC2 as back up for all providers if EC2 credentials are available
-                        # TODO: Change it to DyDNS when the full API is available
-                        if auth_data.getAuthInfo("EC2"):
-                            from IM.connectors.EC2 import EC2CloudConnector
+                        # Use DyDNS as back up for all providers if IM credentials uses token auth
+                        im_auth = auth_data.getAuthInfo("InfrastructureManager")
+                        if im_auth and im_auth[0].get("token") or (hostname.startswith("dydns:") and "@" in hostname):
+                            from IM.connectors.EGI import EGICloudConnector
                             if op == "add":
-                                success = EC2CloudConnector.add_dns_entry(self, hostname, domain, ip, auth_data)
+                                success = EGICloudConnector.add_dns_entry(self, hostname, domain, ip, auth_data)
                                 if success and entry not in vm.dns_entries:
                                     vm.dns_entries.append(entry)
                             elif op == "del":
-                                EC2CloudConnector.del_dns_entry(self, hostname, domain, ip, auth_data)
+                                EGICloudConnector.del_dns_entry(self, hostname, domain, ip, auth_data)
                                 if entry in vm.dns_entries:
                                     vm.dns_entries.remove(entry)
                             else:
diff --git a/IM/connectors/EC2.py b/IM/connectors/EC2.py
@@ -1335,23 +1335,8 @@ def _get_change_batch(action, fqdn, ip):
 
     def add_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
         try:
-            # Workaround to use EC2 as the default case.
-            if self.type == "EC2":
-                conn = self.get_connection('universal', auth_data, 'route53')
-            else:
-                auths = auth_data.getAuthInfo("EC2")
-                if not auths:
-                    raise NoAuthData(self.type)
-                else:
-                    auth = auths[0]
-                    conn = boto3.client('route53', region_name='universal',
-                                        aws_access_key_id=auth['username'],
-                                        aws_secret_access_key=auth['password'])
-
+            conn = self.get_connection('universal', auth_data, 'route53')
             zone = EC2CloudConnector._get_zone(conn, domain)
-            if not zone:
-                raise CloudConnectorException("Could not find DNS zone to update")
-            zone_id = zone['Id']
 
             if not zone:
                 self.log_info("Creating DNS zone %s" % domain)
@@ -1360,6 +1345,7 @@ def add_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
                 self.log_info("DNS zone %s exists. Do not create." % domain)
 
             if zone:
+                zone_id = zone['Id']
                 fqdn = hostname + "." + domain
                 records = conn.list_resource_record_sets(HostedZoneId=zone_id,
                                                          StartRecordName=fqdn,
@@ -1379,18 +1365,7 @@ def add_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
             return False
 
     def del_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
-        # Workaround to use EC2 as the default case.
-        if self.type == "EC2":
-            conn = self.get_connection('universal', auth_data, 'route53')
-        else:
-            auths = auth_data.getAuthInfo("EC2")
-            if not auths:
-                raise NoAuthData(self.type)
-            else:
-                auth = auths[0]
-                conn = boto3.client('route53', region_name='universal',
-                                    aws_access_key_id=auth['username'],
-                                    aws_secret_access_key=auth['password'])
+        conn = self.get_connection('universal', auth_data, 'route53')
         zone = EC2CloudConnector._get_zone(conn, domain)
         if not zone:
             self.log_info("The DNS zone %s does not exists. Do not delete records." % domain)
diff --git a/IM/connectors/EGI.py b/IM/connectors/EGI.py
@@ -0,0 +1,169 @@
+# IM - Infrastructure Manager
+# Copyright (C) 2011 - GRyCAP - Universitat Politecnica de Valencia
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+import base64
+import requests
+from .CloudConnector import CloudConnector
+
+
+class EGICloudConnector(CloudConnector):
+    """
+    Cloud connector for the EGI cloud provider, that allows to manage the DNS entries with DyDNS service
+    """
+
+    type = "EGI"
+    """str with the name of the provider."""
+    DYDNS_URL = "https://nsupdate.fedcloud.eu"
+    DEFAULT_TIMEOUT = 10
+
+    def _get_domains(self, token):
+        """
+        List the domains available in the DyDNS service
+        """
+        url = f'{self.DYDNS_URL}/nic/domains'
+        resp = requests.get(url, headers={'Authorization': f'Bearer {token}'}, timeout=self.DEFAULT_TIMEOUT)
+        if resp.status_code != 200:
+            self.log_error(f"Error getting domains: {resp.text}")
+            return None
+        output = resp.json()
+        if output.get("status") != "ok":
+            self.log_error(f"Error getting domains: {output.get('message', 'Unknown error')}")
+            return None
+        domains = []
+        for domain in output.get("private", []) + output.get("public", []):
+            if domain.get("available"):
+                domains.append(domain["name"])
+        return domains
+
+    def _get_host(self, hostname, domain, token):
+        """
+        Look for a host registered in the DyDNS service
+        """
+        if hostname == "*":
+            parts = domain.split(".")
+            domain = ".".join(parts[1:])
+            hostname = parts[0]
+        url = f'{self.DYDNS_URL}/nic/hosts?domain={domain}'
+        resp = requests.get(url, headers={'Authorization': f'Bearer {token}'}, timeout=self.DEFAULT_TIMEOUT)
+        if resp.status_code != 200:
+            self.log_error(f"Error getting host {hostname}.{domain}: {resp.text}")
+            return None
+
+        output = resp.json()
+        if output.get("status") != "ok":
+            self.log_error(f"Error getting host {hostname}.{domain}: {output.get('message', 'Unknown error')}")
+            return None
+
+        for host in output.get("hosts", []):
+            if host.get("name") == hostname:
+                return host
+
+        return None
+
+    def add_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
+        """
+        Add a DNS entry to the DNS server
+        """
+        im_auth = auth_data.getAuthInfo("InfrastructureManager")
+        try:
+            secret = None
+            if im_auth and im_auth[0].get("token"):
+                self.log_debug(f"Registering DNS entry {hostname}.{domain} with DyDNS oauth token")
+                token = im_auth[0].get("token")
+                # Check if the host already exists
+                host = self._get_host(hostname, domain, token)
+                if host:
+                    self.log_debug(f"DNS entry {hostname}.{domain} already exists")
+                    if ip in [host.get("ipv4"), host.get("ipv6")]:
+                        print(f"DNS entry {hostname}.{domain} already has the IP {ip}")
+                        return True
+                else:
+                    commennt = 'IM created DNS entry'
+                    if hostname == "*":
+                        url = f'{self.DYDNS_URL}/nic/register?fqdn={domain}&comment={commennt}&wildcard=true'
+                    else:
+                        url = f'{self.DYDNS_URL}/nic/register?fqdn={hostname}.{domain}&comment={commennt}'
+                    resp = requests.get(url, headers={'Authorization': f'Bearer {token}'}, timeout=self.DEFAULT_TIMEOUT)
+                    if resp.status_code != 200:
+                        self.log_error(f"Error registering DNS entry {hostname}.{domain}: {resp.text}")
+                        return False
+
+                    resp_json = resp.json()
+                    if resp_json.get("status") != "ok":
+                        self.log_error(f"Error registering DNS entry {hostname}.{domain}:"
+                                       f" {resp_json.get('message', 'Unknown error')}")
+                        return False
+            elif hostname.startswith("dydns:") and "@" in hostname:
+                self.log_debug(f"Updating DNS entry {hostname}.{domain} with secret")
+                parts = hostname[6:].split("@")
+                secret = parts[0]
+                hostname = parts[1]
+                domain = domain[:-1]
+            else:
+                self.log_error(f"Error updating DNS entry {hostname}.{domain}: No secret nor token provided")
+                return False
+
+            if secret:
+                auth = f"{hostname}.{domain}:{secret}"
+                headers = {"Authorization": "Basic %s" % base64.b64encode(auth.encode()).decode()}
+            else:
+                headers = {'Authorization': f'Bearer {token}'}
+
+            fqdn = f'{hostname}.{domain}'
+            if hostname == "*":
+                fqdn = domain
+            url = f'{self.DYDNS_URL}/nic/update?hostname={fqdn}&myip={ip}'
+            resp = requests.get(url, headers=headers, timeout=self.DEFAULT_TIMEOUT)
+            if resp.status_code != 200:
+                self.log_error(f"Error updating DNS entry {hostname}.{domain}: {resp.text}")
+                return False
+            return True
+        except Exception as e:
+            self.log_error(f"Error registering DNS entry {hostname}.{domain}: {str(e)}")
+            return False
+
+    def del_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
+        """
+        Delete a DNS entry from the DNS server
+        """
+        im_auth = auth_data.getAuthInfo("InfrastructureManager")
+        try:
+            if im_auth and im_auth[0].get("token"):
+                self.log_debug(f"Deleting DNS entry {hostname}.{domain} with DyDNS oauth token")
+                token = im_auth[0].get("token")
+
+                host = self._get_host(hostname, domain, token)
+                if not host:
+                    self.log_debug(f"DNS entry {hostname}.{domain} does not exist. Do not need to delete.")
+                    return True
+
+                if hostname == "*":
+                    url = f'{self.DYDNS_URL}/nic/unregister?fqdn={domain}'
+                else:
+                    url = f'{self.DYDNS_URL}/nic/unregister?fqdn={hostname}.{domain}'
+                resp = requests.get(url, headers={'Authorization': f'Bearer {token}'}, timeout=self.DEFAULT_TIMEOUT)
+                if resp.status_code != 200:
+                    self.log_error(f"Error deleting DNS entry {hostname}.{domain}: {resp.text}")
+                    return False
+            else:
+                self.log_error(f"Error updating DNS entry {hostname}.{domain}: No token provided")
+                return False
+        except Exception as e:
+            self.log_error(f"Error deleting DNS entry {hostname}.{domain}: {str(e)}")
+            return False
+
+        return True
diff --git a/IM/connectors/OpenStack.py b/IM/connectors/OpenStack.py
@@ -590,38 +590,6 @@ def updateVMInfo(self, vm, auth_data):
 
         return (True, vm)
 
-    def add_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
-        # Special case for EGI DyDNS
-        # format of the hostname: dydns:secret@hostname
-        if hostname.startswith("dydns:") and "@" in hostname:
-            parts = hostname[6:].split("@")
-            auth = "%s.%s:%s" % (parts[1], domain[:-1], parts[0])
-            headers = {"Authorization": "Basic %s" % base64.b64encode(auth.encode()).decode()}
-            url = "https://nsupdate.fedcloud.eu/nic/update?hostname=%s.%s&myip=%s" % (parts[1],
-                                                                                      domain[:-1],
-                                                                                      ip)
-            try:
-                resp = requests.get(url, headers=headers, timeout=10)
-                resp.raise_for_status()
-            except Exception as ex:
-                self.error_messages += "Error creating DNS entries %s.\n" % str(ex)
-                self.log_exception("Error creating DNS entries")
-                return False
-        else:
-            # TODO: https://docs.openstack.org/designate/latest/index.html
-            raise NotImplementedError("Should have implemented this")
-        return True
-
-    def del_dns_entry(self, hostname, domain, ip, auth_data, extra_args=None):
-        # Special case for EGI DyDNS
-        # format of the hostname: dydns:secret@hostname
-        if hostname.startswith("dydns:") and "@" in hostname:
-            self.log_info("DYDNS entry. Cannot be deleted.")
-        else:
-            # TODO: https://docs.openstack.org/designate/latest/index.html
-            raise NotImplementedError("Should have implemented this")
-        return True
-
     @staticmethod
     def map_radl_ost_networks(vm, ost_nets):
         """
diff --git a/test/unit/connectors/EGI.py b/test/unit/connectors/EGI.py
@@ -0,0 +1,103 @@
+#! /usr/bin/env python
+#
+# IM - Infrastructure Manager
+# Copyright (C) 2011 - GRyCAP - Universitat Politecnica de Valencia
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import sys
+import unittest
+
+sys.path.append(".")
+sys.path.append("..")
+from IM.auth import Authentication
+from IM.connectors.EGI import EGICloudConnector
+from mock import patch, MagicMock, call
+
+
+class TestEGIConnector(unittest.TestCase):
+    """
+    Class to test the EGI connector
+    """
+
+    @patch('requests.get')
+    @patch('IM.connectors.EGI.EGICloudConnector._get_host')
+    def test_add_dns(self, mock_get_host, mock_get):
+        mock_get_host.return_value = None
+        mock_get.return_value = MagicMock(status_code=200, json=lambda: {"status": "ok",
+                                                                         "host": {"update_secret": "123"}})
+        auth_data = Authentication([{'type': 'InfrastructureManager', 'token': 'access_token'}])
+        cloud = EGICloudConnector(None, None)
+        success = EGICloudConnector.add_dns_entry(cloud, "hostname", "domain", "ip", auth_data)
+        self.assertTrue(success)
+        self.assertEqual(mock_get.call_count, 2)
+        eurl1 = f"{EGICloudConnector.DYDNS_URL}/nic/register?fqdn=hostname.domain&comment=IM created DNS entry"
+        eurl2 = f"{EGICloudConnector.DYDNS_URL}/nic/update?hostname=hostname.domain&myip=ip"
+        calls = [call(eurl1, headers={'Authorization': 'Bearer access_token'}, timeout=10),
+                 call(eurl2, headers={'Authorization': 'Bearer access_token'}, timeout=10)]
+        mock_get.assert_has_calls(calls)
+
+    @patch('requests.get')
+    @patch('IM.connectors.EGI.EGICloudConnector._get_host')
+    def test_add_dydns(self, mock_get_host, mock_get):
+        mock_get_host.return_value = None
+        mock_get.return_value = MagicMock(status_code=200, json=lambda: {"status": "ok",
+                                                                         "host": {"update_secret": "123"}})
+        cloud = EGICloudConnector(None, None)
+        auth_data = Authentication([{'type': 'InfrastructureManager', 'username': 'user', 'password': 'pass'}])
+        success = EGICloudConnector.add_dns_entry(cloud, "dydns:123@hostname", "domain.", "ip", auth_data)
+        self.assertTrue(success)
+        eurl = f"{EGICloudConnector.DYDNS_URL}/nic/update?hostname=hostname.domain&myip=ip"
+        self.assertEqual(mock_get.call_count, 1)
+        mock_get.assert_any_call(eurl, headers={'Authorization': 'Basic aG9zdG5hbWUuZG9tYWluOjEyMw=='}, timeout=10)
+
+    @patch('requests.get')
+    @patch('IM.connectors.EGI.EGICloudConnector._get_host')
+    def test_del_dns(self, mock_get_host, mock_get):
+        mock_get_host.return_value = {"name": "hostname"}
+        mock_get.return_value = MagicMock(status_code=200, json=lambda: {"status": "ok"})
+        auth_data = Authentication([{'type': 'InfrastructureManager', 'token': 'access_token'}])
+        cloud = EGICloudConnector(None, None)
+        success = EGICloudConnector.del_dns_entry(cloud, "hostname", "domain", "ip", auth_data)
+        self.assertTrue(success)
+        eurl = f"{EGICloudConnector.DYDNS_URL}/nic/unregister?fqdn=hostname.domain"
+        mock_get.assert_called_with(eurl, headers={'Authorization': 'Bearer access_token'}, timeout=10)
+
+    @patch('requests.get')
+    def test_get_host(self, mock_get):
+        mock_get.return_value = MagicMock(status_code=200, json=lambda: {"status": "ok",
+                                                                         "hosts": [{"name": "hostname"}]})
+        cloud = EGICloudConnector(None, None)
+        host = EGICloudConnector._get_host(cloud, "hostname", "domain", "access_token")
+        self.assertEqual(host["name"], "hostname")
+        self.assertEqual(mock_get.call_count, 1)
+        eurl = f"{EGICloudConnector.DYDNS_URL}/nic/hosts?domain=domain"
+        mock_get.assert_called_with(eurl, headers={'Authorization': 'Bearer access_token'}, timeout=10)
+
+    @patch('requests.get')
+    def test_get_domains(self, mock_get):
+        mock_get.return_value = MagicMock(status_code=200, json=lambda: {"status": "ok",
+                                                                         "private": [{"name": "domain1",
+                                                                                      "available": True}],
+                                                                         "public": [{"name": "domain2",
+                                                                                     "available": True}]})
+        cloud = EGICloudConnector(None, None)
+        domains = EGICloudConnector._get_domains(cloud, "access_token")
+        self.assertEqual(domains, ["domain1", "domain2"])
+        self.assertEqual(mock_get.call_count, 1)
+        eurl = f"{EGICloudConnector.DYDNS_URL}/nic/domains"
+        mock_get.assert_called_with(eurl, headers={'Authorization': 'Bearer access_token'}, timeout=10)
+
+
+if __name__ == '__main__':
+    unittest.main()
diff --git a/test/unit/connectors/OpenStack.py b/test/unit/connectors/OpenStack.py
