search

nuagenetworks / vspk-python

A Python library for managing Nuage through its API
http://www.nuagenetworks.net
BSD 3-Clause "New" or "Revised" License
17 stars 19 forks source link

Domain's "encryption" property does not get inherited out of the box #16

Closed hellt closed 6 years ago

hellt commented 7 years ago

If one is instantiating domain out of a domain template which has encryption enabled and not specifying ecnryption property, this property does not get inherited properly from a parent template.

Consider an example where a domain template exists with encryption set to enabled

# get existing Org
org = vspk.NUEnterprise(id="aac88190-f6b2-41ac-aaf5-1de10f58a267")
org.fetch()

# get existing domain template
dom_templ = vspk.NUDomainTemplate(id="18852e55-7c03-4a07-bae6-9e444708439b")
dom_templ.fetch()
print('Domain Template obj "{}" has encryption "{}"'
      .format(dom_templ.name, dom_templ.encryption))

# first case is when domain obj is created without specifying
# the not mandatory encryption property
dom_instance_params = {
    'name': 'domain',
    'templateID': dom_templ.id
}
dom_instance = vspk.NUDomain(data=dom_instance_params)
org.create_child(dom_instance)
print('Domain instance "{}" has encryption "{}"'
      .format(dom_instance.name, dom_instance.encryption))

# second case sets the same property to disabled
dom2_instance_params = {
    'name': 'domain2',
    'templateID': dom_templ.id,
    'encryption': 'DISABLED'
}
dom2_instance = vspk.NUDomain(data=dom2_instance_params)
org.create_child(dom2_instance)
print('Domain instance "{}" has encryption "{}"'
      .format(dom2_instance.name, dom2_instance.encryption))

output

$ python nuage-cats/playground/test/test.py
Domain Template obj "enc_enabled_dom_template" has encryption "ENABLED"
Domain instance "domain" has encryption "DISABLED"
Domain instance "domain2" has encryption "ENABLED"

The case here shows that if a domain instance does not specify the encryption property to the one of the allowed values (ENABLED | DISABLED) this information got lost completely.

From my POV it should be treated by the server side as implicitly set to some value to be able to inherit encryption state from the template, or marked as "required".

pdellaert commented 7 years ago

@hellt , any chance you can do me the favor of including the bambou debug output of the above script? It would be interesting to see the actual API calls (i want to verify it is indeed a backend issue as i expect or not).

hellt commented 7 years ago

Sure, I omitted unrelated requests, if you want to see the full interaction process I uploaded it to this gist here.

Domain Template obj "enc_enabled_dom_template" has encryption "ENABLED"
# ====POST====>
INFO:bambou:> POST https://10.167.60.51:8443/nuage/api/v5_0/enterprises/aac88190-f6b2-41ac-aaf5-1de10f58a267/domains
DEBUG:bambou:> headers: {'X-Nuage-Organization': 'csp', 'Content-Type': 'application/json', 'Authorization': 'XREST Y3Nwcm9vdDo3YmE2MmVlMy0wODRmLTRiOTEtODEzOC04MzJmOGQxOTI3MDM='}
DEBUG:bambou:> data:
  {
    "backHaulVNID": null,
    "associatedBGPProfileID": null,
    "secondaryDHCPServerAddress": null,
    "backHaulRouteDistinguisher": null,
    "externalID": null,
    "stretched": null,
    "backHaulSubnetIPAddress": null,
    "parentID": null,
    "owner": null,
    "DPI": null,
    "maintenanceMode": "DISABLED",
    "underlayEnabled": null,
    "FIPUnderlay": null,
    "tunnelType": "DC_DEFAULT",
    "labelID": null,
    "encryption": null,
    "localAS": null,
    "dhcpServerAddresses": null,
    "customerID": null,
    "associatedPATMapperID": null,
    "serviceID": null,
    "exportRouteTarget": null,
    "associatedSharedPATMapperID": null,
    "domainVLANID": null,
    "DHCPServerAddress": null,
    "domainID": null,
    "description": null,
    "uplinkPreference": null,
    "importRouteTarget": null,
    "policyChangeStatus": null,
    "entityScope": null,
    "associatedMulticastChannelMapID": null,
    "parentType": null,
    "lastUpdatedBy": null,
    "permittedAction": null,
    "templateID": "18852e55-7c03-4a07-bae6-9e444708439b",
    "creationDate": null,
    "ID": null,
    "backHaulSubnetMask": null,
    "PATEnabled": "INHERITED",
    "backHaulRouteTarget": null,
    "routeTarget": null,
    "name": "domain",
    "routeDistinguisher": null,
    "globalRoutingEnabled": null,
    "leakingEnabled": null,
    "ECMPCount": null,
    "advertiseCriteria": null,
    "multicast": null,
    "lastUpdatedDate": null,
    "DHCPBehavior": "CONSUME",
    "BGPEnabled": null
}

# <=====POST=====
DEBUG:urllib3.connectionpool:https://10.167.60.51:8443 "POST /nuage/api/v5_0/enterprises/aac88190-f6b2-41ac-aaf5-1de10f58a267/domains HTTP/1.1" 201 1477
INFO:bambou:< POST https://10.167.60.51:8443/nuage/api/v5_0/enterprises/aac88190-f6b2-41ac-aaf5-1de10f58a267/domains  [201]

DEBUG:bambou:< headers: {'Content-Length': '1477', 'Access-Control-Expose-Headers': 'X-Nuage-Organization, X-Nuage-ProxyUser, X-Nuage-OrderBy, X-Nuage-FilterType, X-Nuage-Filter, X-Nuage-Page, X-Nuage-PageSize, X-Nuage-Count, X-Nuage-Custom, X-Nuage-ClientType', 'Set-Cookie': 'rememberMe=deleteMe; Path=/nuage; Max-Age=0; Expires=Thu, 05-Oct-2017 06:31:27 GMT', 'Server': 'Apache-Coyote/1.1', 'X-Nuage-Request-ID': '7ef8fe8c-e3ed-4e57-8c8f-5892fab2d6a3', 'Date': 'Fri, 06 Oct 2017 06:31:27 GMT', 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json'}
DEBUG:bambou:< data:
[
    {
        "backHaulVNID": 16245889,
        "associatedBGPProfileID": null,
        "secondaryDHCPServerAddress": null,
        "externalID": null,
        "stretched": false,
        "backHaulRouteDistinguisher": "65534:35939",
        "parentID": "aac88190-f6b2-41ac-aaf5-1de10f58a267",
        "owner": "8a6f0e20-a4db-4878-ad84-9cc61756cd5e",
        "children": null,
        "DPI": "DISABLED",
        "maintenanceMode": "DISABLED",
        "underlayEnabled": "DISABLED",
        "policyChangeStatus": null,
        "tunnelType": "VXLAN",
        "labelID": 62668,
        "encryption": "DISABLED",
        "localAS": 65000,
        "dhcpServerAddresses": null,
        "customerID": 10006,
        "uplinkPreference": "PRIMARY_SECONDARY",
        "enterpriseID": "aac88190-f6b2-41ac-aaf5-1de10f58a267",
        "multicast": "DISABLED",
        "exportRouteTarget": "65534:21358",
        "routeTarget": "65534:21358",
        "domainVLANID": 0,
        "DHCPServerAddress": null,
        "domainID": 748792,
        "description": null,
        "associatedPATMapperID": null,
        "importRouteTarget": "65534:21358",
        "FIPUnderlay": false,
        "entityScope": "ENTERPRISE",
        "advertiseCriteria": null,
        "parentType": "enterprise",
        "lastUpdatedBy": "8a6f0e20-a4db-4878-ad84-9cc61756cd5e",
        "permittedAction": null,
        "templateID": "18852e55-7c03-4a07-bae6-9e444708439b",
        "associatedMulticastChannelMapID": null,
        "creationDate": 1507271487000,
        "ID": "d97285b1-1dcc-4be8-808c-1185ee827a1d",
        "PATEnabled": "INHERITED",
        "backHaulRouteTarget": "65534:44415",
        "associatedSharedPATMapperID": null,
        "name": "domain",
        "routeDistinguisher": "65534:3508",
        "globalRoutingEnabled": false,
        "leakingEnabled": false,
        "ECMPCount": 1,
        "serviceID": 1030573950,
        "lastUpdatedDate": 1507271487000,
        "DHCPBehavior": "CONSUME",
        "BGPEnabled": true
    }
]
Domain instance "domain" has encryption "DISABLED"

###### SECOND CASE, DOMAIN WITH ENCR SET TO DISABLED
# ===POST===>
INFO:bambou:> POST https://10.167.60.51:8443/nuage/api/v5_0/enterprises/aac88190-f6b2-41ac-aaf5-1de10f58a267/domains
DEBUG:bambou:> headers: {'X-Nuage-Organization': 'csp', 'Content-Type': 'application/json', 'Authorization': 'XREST Y3Nwcm9vdDo3YmE2MmVlMy0wODRmLTRiOTEtODEzOC04MzJmOGQxOTI3MDM='}
DEBUG:bambou:> data:
  {
    "backHaulVNID": null,
    "associatedBGPProfileID": null,
    "secondaryDHCPServerAddress": null,
    "backHaulRouteDistinguisher": null,
    "externalID": null,
    "stretched": null,
    "backHaulSubnetIPAddress": null,
    "parentID": null,
    "owner": null,
    "DPI": null,
    "maintenanceMode": "DISABLED",
    "underlayEnabled": null,
    "FIPUnderlay": null,
    "tunnelType": "DC_DEFAULT",
    "labelID": null,
    "encryption": "DISABLED",
    "localAS": null,
    "dhcpServerAddresses": null,
    "customerID": null,
    "associatedPATMapperID": null,
    "serviceID": null,
    "exportRouteTarget": null,
    "associatedSharedPATMapperID": null,
    "domainVLANID": null,
    "DHCPServerAddress": null,
    "domainID": null,
    "description": null,
    "uplinkPreference": null,
    "importRouteTarget": null,
    "policyChangeStatus": null,
    "entityScope": null,
    "associatedMulticastChannelMapID": null,
    "parentType": null,
    "lastUpdatedBy": null,
    "permittedAction": null,
    "templateID": "18852e55-7c03-4a07-bae6-9e444708439b",
    "creationDate": null,
    "ID": null,
    "backHaulSubnetMask": null,
    "PATEnabled": "INHERITED",
    "backHaulRouteTarget": null,
    "routeTarget": null,
    "name": "domain2",
    "routeDistinguisher": null,
    "globalRoutingEnabled": null,
    "leakingEnabled": null,
    "ECMPCount": null,
    "advertiseCriteria": null,
    "multicast": null,
    "lastUpdatedDate": null,
    "DHCPBehavior": "CONSUME",
    "BGPEnabled": null
}

# <====POST====
DEBUG:urllib3.connectionpool:https://10.167.60.51:8443 "POST /nuage/api/v5_0/enterprises/aac88190-f6b2-41ac-aaf5-1de10f58a267/domains HTTP/1.1" 201 1478
INFO:bambou:< POST https://10.167.60.51:8443/nuage/api/v5_0/enterprises/aac88190-f6b2-41ac-aaf5-1de10f58a267/domains  [201]

DEBUG:bambou:< headers: {'Content-Length': '1478', 'Access-Control-Expose-Headers': 'X-Nuage-Organization, X-Nuage-ProxyUser, X-Nuage-OrderBy, X-Nuage-FilterType, X-Nuage-Filter, X-Nuage-Page, X-Nuage-PageSize, X-Nuage-Count, X-Nuage-Custom, X-Nuage-ClientType', 'Set-Cookie': 'rememberMe=deleteMe; Path=/nuage; Max-Age=0; Expires=Thu, 05-Oct-2017 06:31:27 GMT', 'Server': 'Apache-Coyote/1.1', 'X-Nuage-Request-ID': '6daa25de-4e4f-4ba5-8792-62ff7027c8f5', 'Date': 'Fri, 06 Oct 2017 06:31:28 GMT', 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json'}
DEBUG:bambou:< data:
[
    {
        "backHaulVNID": 12215323,
        "associatedBGPProfileID": null,
        "secondaryDHCPServerAddress": null,
        "externalID": null,
        "stretched": false,
        "backHaulRouteDistinguisher": "65534:33201",
        "parentID": "aac88190-f6b2-41ac-aaf5-1de10f58a267",
        "owner": "8a6f0e20-a4db-4878-ad84-9cc61756cd5e",
        "children": null,
        "DPI": "DISABLED",
        "maintenanceMode": "DISABLED",
        "underlayEnabled": "DISABLED",
        "policyChangeStatus": null,
        "tunnelType": "VXLAN",
        "labelID": 31261,
        "encryption": "ENABLED",
        "localAS": 65000,
        "dhcpServerAddresses": null,
        "customerID": 10006,
        "uplinkPreference": "PRIMARY_SECONDARY",
        "enterpriseID": "aac88190-f6b2-41ac-aaf5-1de10f58a267",
        "multicast": "DISABLED",
        "exportRouteTarget": "65534:50474",
        "routeTarget": "65534:50474",
        "domainVLANID": 0,
        "DHCPServerAddress": null,
        "domainID": 963251,
        "description": null,
        "associatedPATMapperID": null,
        "importRouteTarget": "65534:50474",
        "FIPUnderlay": false,
        "entityScope": "ENTERPRISE",
        "advertiseCriteria": null,
        "parentType": "enterprise",
        "lastUpdatedBy": "8a6f0e20-a4db-4878-ad84-9cc61756cd5e",
        "permittedAction": null,
        "templateID": "18852e55-7c03-4a07-bae6-9e444708439b",
        "associatedMulticastChannelMapID": null,
        "creationDate": 1507271488000,
        "ID": "e68149a0-b935-469b-bc68-984a501821db",
        "PATEnabled": "INHERITED",
        "backHaulRouteTarget": "65534:58274",
        "associatedSharedPATMapperID": null,
        "name": "domain2",
        "routeDistinguisher": "65534:39759",
        "globalRoutingEnabled": false,
        "leakingEnabled": false,
        "ECMPCount": 1,
        "serviceID": 1842022571,
        "lastUpdatedDate": 1507271488000,
        "DHCPBehavior": "CONSUME",
        "BGPEnabled": true
    }
]
Domain instance "domain2" has encryption "ENABLED"
hellt commented 7 years ago

any news on that one?

pdellaert commented 6 years ago

It's been escalated into a R&D issue

hellt commented 6 years ago

Hi @pdellaert don't you know the ETA of the fix?

rwahba commented 6 years ago

@pdellaert is there any update on this issue, it still present in 5.2.3

pdellaert commented 6 years ago

@rwahba , @hellt , this is solved in 5.3.2