diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-06 10:16:51 +0100 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2021-01-06 10:16:51 +0100 |
| commit | 9eac79348242b5dc33f4cccdd86beda2a4ed4746 (patch) | |
| tree | 95eaed3ba80ce4e39c3843f5c39cafe27479861b | |
| parent | 2dcbdffc28b9eeaab68eb7c90eb8813899bd9546 (diff) | |
| download | rules-sandbox-9eac79348242b5dc33f4cccdd86beda2a4ed4746.tar.gz rules-sandbox-9eac79348242b5dc33f4cccdd86beda2a4ed4746.tar.bz2 rules-sandbox-9eac79348242b5dc33f4cccdd86beda2a4ed4746.tar.xz rules-sandbox-9eac79348242b5dc33f4cccdd86beda2a4ed4746.zip | |
Implementing VPN connections.
| -rw-r--r-- | out/phase-1.yaml | 120 | ||||
| -rw-r--r-- | out/vpn0.yaml | 120 | ||||
| -rw-r--r-- | src/main/java/io/trygvis/rules/engine/Main.java | 11 | ||||
| -rw-r--r-- | src/main/java/io/trygvis/rules/network/Ipv4Address.java | 24 | ||||
| -rw-r--r-- | src/main/resources/io/trygvis/rules/acme/vpn.drl | 52 |
5 files changed, 228 insertions, 99 deletions
diff --git a/out/phase-1.yaml b/out/phase-1.yaml index c9974d0..c0d093a 100644 --- a/out/phase-1.yaml +++ b/out/phase-1.yaml @@ -130,6 +130,90 @@ data: netToNetIp: null networkIp: null --- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-1" + role: "link" + ip: + value: "192.168.10.4" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-1" + role: "network" + ip: + value: "10.55.55.4" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-2" + role: "link" + ip: + value: "192.168.10.3" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-2" + role: "network" + ip: + value: "10.55.55.3" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-3" + role: "link" + ip: + value: "192.168.10.2" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-3" + role: "network" + ip: + value: "10.55.55.2" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-1" + role: "link" + ip: + value: "192.168.10.1" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-1" + role: "network" + ip: + value: "10.55.55.1" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-2" + role: "link" + ip: + value: "192.168.10.0" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-2" + role: "network" + ip: + value: "10.55.55.0" +--- +type: "io.trygvis.rules.acme.WgIpPool" +data: + net: "vpn0" + role: "link" + cidr: + value: "192.168.10.0/29" +--- +type: "io.trygvis.rules.acme.WgIpPool" +data: + net: "vpn0" + role: "network" + cidr: + value: "10.55.55.0/24" +--- type: "io.trygvis.rules.acme.WgNet" data: name: "vpn0" @@ -347,42 +431,6 @@ data: name: "ws-2" fqdn: null --- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.7" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.6" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.5" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.4" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.3" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.2" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.1" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.0" ---- -type: "io.trygvis.rules.network.Ipv4Cidr" -data: - value: "192.168.10.0/29" ---- type: "io.trygvis.rules.terraform.ScalewayMachine" data: machine: diff --git a/out/vpn0.yaml b/out/vpn0.yaml index bf5aee6..fb8c684 100644 --- a/out/vpn0.yaml +++ b/out/vpn0.yaml @@ -99,6 +99,90 @@ data: netToNetIp: null networkIp: null --- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-1" + role: "link" + ip: + value: "192.168.10.4" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-1" + role: "network" + ip: + value: "10.55.55.4" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-2" + role: "link" + ip: + value: "192.168.10.3" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-2" + role: "network" + ip: + value: "10.55.55.3" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-3" + role: "link" + ip: + value: "192.168.10.2" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "acme-3" + role: "network" + ip: + value: "10.55.55.2" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-1" + role: "link" + ip: + value: "192.168.10.1" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-1" + role: "network" + ip: + value: "10.55.55.1" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-2" + role: "link" + ip: + value: "192.168.10.0" +--- +type: "io.trygvis.rules.acme.WgIpAllocation" +data: + host: "ws-2" + role: "network" + ip: + value: "10.55.55.0" +--- +type: "io.trygvis.rules.acme.WgIpPool" +data: + net: "vpn0" + role: "link" + cidr: + value: "192.168.10.0/29" +--- +type: "io.trygvis.rules.acme.WgIpPool" +data: + net: "vpn0" + role: "network" + cidr: + value: "10.55.55.0/24" +--- type: "io.trygvis.rules.acme.WgNet" data: name: "vpn0" @@ -170,39 +254,3 @@ type: "io.trygvis.rules.machine.Machine" data: name: "ws-2" fqdn: null ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.7" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.6" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.5" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.4" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.3" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.2" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.1" ---- -type: "io.trygvis.rules.network.Ipv4Address" -data: - value: "192.168.10.0" ---- -type: "io.trygvis.rules.network.Ipv4Cidr" -data: - value: "192.168.10.0/29" diff --git a/src/main/java/io/trygvis/rules/engine/Main.java b/src/main/java/io/trygvis/rules/engine/Main.java index 6f04a98..7c96be6 100644 --- a/src/main/java/io/trygvis/rules/engine/Main.java +++ b/src/main/java/io/trygvis/rules/engine/Main.java @@ -41,11 +41,12 @@ public class Main { io.dump("phase-1", session.getFactHandles()); io.dump("vpn0", session.getFactHandles(), (Object o) -> - o.getClass().getName().contains("Wg") || - o instanceof Machine || - o instanceof DnsEntry || - o instanceof Ipv4Cidr || - o instanceof Ipv4Address); + o.getClass().getName().contains("Wg") + || o instanceof Machine + || o instanceof DnsEntry + || o instanceof Ipv4Cidr + || o instanceof Ipv4Address + ); session.dispose(); } diff --git a/src/main/java/io/trygvis/rules/network/Ipv4Address.java b/src/main/java/io/trygvis/rules/network/Ipv4Address.java index 071bca9..7ca9ca5 100644 --- a/src/main/java/io/trygvis/rules/network/Ipv4Address.java +++ b/src/main/java/io/trygvis/rules/network/Ipv4Address.java @@ -6,9 +6,10 @@ import com.fasterxml.jackson.databind.SerializerProvider; import com.fasterxml.jackson.databind.annotation.JsonSerialize; import java.io.IOException; +import java.util.Objects; @JsonSerialize(using = Ipv4Address.Serializer.class) -public class Ipv4Address { +public class Ipv4Address implements Comparable<Ipv4Address> { public final int address; public Ipv4Address(int address) { @@ -16,6 +17,27 @@ public class Ipv4Address { } @Override + public boolean equals(Object o) { + if (this == o) return true; + + if (o instanceof Ipv4Address other) { + return address == other.address; + } + + return false; + } + + @Override + public int hashCode() { + return Objects.hash(address); + } + + @Override + public int compareTo(Ipv4Address o) { + return address - o.address; + } + + @Override public String toString() { return "%d.%d.%d.%d".formatted( address >> 24 & 0xff, diff --git a/src/main/resources/io/trygvis/rules/acme/vpn.drl b/src/main/resources/io/trygvis/rules/acme/vpn.drl index 456cbae..88c44f1 100644 --- a/src/main/resources/io/trygvis/rules/acme/vpn.drl +++ b/src/main/resources/io/trygvis/rules/acme/vpn.drl @@ -16,18 +16,23 @@ declare WgNet networkCidr : String end +declare WgIpPool + net : String + role : String + cidr : Ipv4Cidr +end + +declare WgIpPool + net : String + cidr : Ipv4Cidr +end + rule "Create link network" when $net : WgNet() not(Ipv4Cidr(network == IpCalc.cidr($net.linkCidr).network)) then - insert(IpCalc.cidr($net.linkCidr)) -end - -rule "Create link network addresses" when - $cidr : Ipv4Cidr() - $addresses : Ipv4Address() from $cidr.addresses -then - insert($addresses) + insert(new WgIpPool($net.name, "link", IpCalc.cidr($net.linkCidr))) + insert(new WgIpPool($net.name, "network", IpCalc.cidr($net.networkCidr))) end declare WgHost @@ -85,16 +90,21 @@ then insert(new WgConnection($h.name, $other.name)) end -//declare AllocatedIp -// owner : Object -// ip : Ipv4Address -//end -// -//rule "Assign IP" -//when -// $host : WgHost() -// $ip : Ipv4Address() -//then -// var allocation = new AllocatedIp($host, $ip); -// insert(allocation) -//end +declare WgIpAllocation + host : String + role : String + ip : Ipv4Address +end + +rule "Assign IP" +when + $net : WgNet() + $host : WgHost(net == $net.name) + $pool : WgIpPool(net == $net.name) + not(WgIpAllocation(host == $host.name, role == $pool.role)) + $ip : Ipv4Address() from $pool.cidr.addresses() + not(WgIpAllocation(ip == $ip)) +then + System.out.printf("IP: net=%s, pool.role=%s, host=%s, ip=%s%n", $net.name, $pool.role, $host.name, $ip); + insert(new WgIpAllocation($host.name, $pool.role, $ip)) +end |