Add a new sdn controller plugin

This plugin allows to add and delete rules. A rule will be converted
into one or more openflow rules. Once converted they are applied using
ovs-vsctl command. To be able to validate the application of openflow
rules the plugins allows to dump them.

Signed-off-by: Guillaume <[email protected]>

Author: gthvn1

Diff for: README.md

@@ -338,6 +338,97 @@ Restart a service only if it is already running.
 $ xe host-call-plugin host-uuid<uuid> plugin=service.py fn=try_restart_service args:service=<service>
 ```
 
+
+### `sdn-controller`
+
+Add, delete rules and dump openflow rules.
+
+#### Add rule
+
+Expected parameters when adding a rule are:
+- *bridge* :  The name of the bridge on XAPI side
+- *mac*: The MAC address of the VIF
+- *iprange*: A range of IPs, for example `192.168.1.0/24`
+- *direction*: can be **from**, **to** or **from/to**
+  - *to*: means the parametres **port** and **iprange** are to
+          be used as destination
+  - *from*: means they will be use as source
+  - *from/to*: we create 2 openflow rules, on per direction
+- *protocol*: IP, TCP, UDP, ICMP or ARP
+- *port*: only valid for TCP/UDP protocol
+
+```
+$ xe host-call-plugin host-uuid<uuid> plugin=sdn-controller.py \
+  fn=add-rule                   \
+  args:bridge="xenbr0"          \
+  args:mac="6e:0b:9e:72:ab:c6"  \
+  args:iprange="192.168.1.0/24" \
+  args:direction="from/to"      \
+  args:protocol="tcp"           \
+  args:port="22"
+```
+
+##### Delete rule
+
+Expected the same arguments than adding rule
+
+```
+$ xe host-call-plugin host-uuid<uuid> plugin=sdn-controller.py \
+  fn=del-rule                   \
+  args:bridge="xenbr0"          \
+  args:mac="6e:0b:9e:72:ab:c6"  \
+  args:iprange="192.168.1.0/24" \
+  args:direction="from/to"      \
+  args:protocol="tcp"           \
+  args:port="22"
+```
+
+##### Dump flows
+
+- This command will return all flows entries in the bridge passed as a parameter.
+```
+$ xe host-call-plugin host-uuid=<uuid> plugin=sdn-controller.py fn=dump-flows args:bridge=xenbr0 | jq .
+{
+  "returncode": 0,
+  "command": [
+    "ovs-ofctl",
+    "dump-flows",
+    "xenbr0"
+  ],
+  "stderr": "",
+  "stdout": "NXST_FLOW reply (xid=0x4):\n cookie=0x0, duration=248977.339s, table=0, n_packets=24591786, n_bytes=3278442075, idle_age=0, hard_age=65534, priority=0 actions=NORMAL\n"
+}
+```
+
+- This error is raised when the bridge parameter is missing:
+```
+$ xe host-call-plugin host-uuid=<uuid> plugin=sdn-controller.py fn=dump-flows | jq .
+{
+  "returncode": 1,
+  "command": [
+    "ovs-ofctl",
+    "dump-flows"
+  ],
+  "stderr": "bridge parameter is missing",
+  "stdout": ""
+}
+```
+
+- If the bridge is unknown, the following error will occur:
+```
+$ xe host-call-plugin host-uuid=<uuid> plugin=sdn-controller.py args:bridge=xenbr10 fn=dump-flows | jq .
+{
+  "returncode": 1,
+  "command": [
+    "ovs-ofctl",
+    "dump-flows",
+    "xenbr10"
+  ],
+  "stderr": "ovs-ofctl: xenbr10 is not a bridge or a socket\n",
+  "stdout": ""
+}
+```
+
 ## Tests
 
 To run the plugins' unit tests you'll need to install `pytest`, `pyfakefs` and `mock`.

Diff for: SOURCES/etc/xapi.d/plugins/sdn-controller.py

@@ -0,0 +1,115 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import ipaddress
+import json
+import re
+
+import XenAPIPlugin
+
+from xcpngutils import configure_logging, error_wrapped, run_command
+
+
+def parse_bridge(args):
+    bridge = args.get("bridge")
+    if bridge is None:
+        raise ValueError("bridge parameter is missing")
+    return bridge
+
+
+def parse_mac(args):
+    MAC_REGEX = re.compile(r"^([0-9A-Fa-f]{2}:){5}([0-9A-Fa-f]{2})$")
+    mac_addr = args.get("mac", "")
+    if not bool(MAC_REGEX.fullmatch(mac_addr)):
+        raise ValueError("mac address is invalid or missing")
+
+    return mac_addr
+
+
+def parse_iprange(args):
+    ip_range = args.get("iprange", "")
+    try:
+        ipaddress.ip_network(ip_range, strict=False)
+        return ip_range
+    except ValueError:
+        raise ValueError("ip range is missing or invalid")
+
+
+def parse_direction(args):
+    # Check that direction is set and valid
+    direction = args.get("direction", "").lower().split("/")
+    has_to = "to" in direction
+    has_from = "from" in direction
+    if not (has_to or has_from):
+        raise ValueError("valid direction is missing")
+    return has_to, has_from
+
+
+def parse_protocol(args):
+    VALID_PROTOCOLS = {"tcp", "udp", "icmp", "ip"}
+    protocol = args.get("protocol", "unset").lower()
+    if protocol not in VALID_PROTOCOLS:
+        raise ValueError("valid protocol is missing")
+    return protocol
+
+
+def parse_port(args):
+    port = args.get("port", "")
+    try:
+        int(port)
+        return port
+    except ValueError:
+        raise ValueError("port is missing or is invalid")
+
+
+@error_wrapped
+def add_rule(_session, args):
+    _LOGGER.info("Calling add_rule with args {}".format(args))
+
+    try:
+        _bridge = parse_bridge(args)
+        _mac = parse_mac(args)
+        _has_to, _has_from = parse_direction(args)
+        _protocol = parse_protocol(args)
+        _iprange = parse_iprange(args)
+        _port = parse_port(args)
+    except ValueError as e:
+        _LOGGER.error(str(e))
+        return json.dumps(
+            {
+                "returncode": 1,
+                "command": "add_rule",
+                "stderr": str(e),
+                "stdout": "",
+            }
+        )
+
+    return json.dumps(True)
+
+
+@error_wrapped
+def del_rule(_session, args):
+    _LOGGER.info("Calling del_rule with args {}".format(args))
+    return json.dumps(True)
+
+
+@error_wrapped
+def dump_flows(_session, args):
+    _LOGGER.info("Calling check with args {}".format(args))
+    ofctl_cmd = ["ovs-ofctl", "dump-flows"]
+    bridge = args.get("bridge")
+
+    ofctl_cmd.append(bridge)
+    cmd = run_command(ofctl_cmd, check=False)
+    return json.dumps(cmd)
+
+
+_LOGGER = configure_logging("sdn-controller")
+if __name__ == "__main__":
+    XenAPIPlugin.dispatch(
+        {
+            "add-rule": add_rule,
+            "del-rule": del_rule,
+            "dump-flows": dump_flows,
+        }
+    )