1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import re
from oslo_config import cfg
from neutron_lib._i18n import _
from neutron_lib.api import validators
from neutron_lib import constants
from neutron_lib.db import constants as db_constants
def _validate_dns_format(data, max_len=db_constants.FQDN_FIELD_SIZE):
# NOTE: An individual name regex instead of an entire FQDN was used
# because its easier to make correct. The logic should validate that the
# dns_name matches RFC 1123 (section 2.1) and RFC 952.
if not data:
return
try:
# A trailing period is allowed to indicate that a name is fully
# qualified per RFC 1034 (page 7).
trimmed = data[:-1] if data.endswith('.') else data
if len(trimmed) > max_len:
raise TypeError(
_("'%(trimmed)s' exceeds the %(maxlen)s character FQDN "
"limit") % {'trimmed': trimmed, 'maxlen': max_len})
labels = trimmed.split('.')
for label in labels:
if not label:
raise TypeError(_("Encountered an empty component"))
if label.endswith('-') or label.startswith('-'):
raise TypeError(
_("Name '%s' must not start or end with a hyphen") % label)
if not re.match(constants.DNS_LABEL_REGEX, label):
raise TypeError(
_("Name '%s' must be 1-63 characters long, each of "
"which can only be alphanumeric or a hyphen") % label)
# RFC 1123 hints that a TLD can't be all numeric. last is a TLD if
# it's an FQDN.
if len(labels) > 1 and re.match("^[0-9]+$", labels[-1]):
raise TypeError(
_("TLD '%s' must not be all numeric") % labels[-1])
except TypeError as e:
msg = _("'%(data)s' not a valid PQDN or FQDN. Reason: %(reason)s") % {
'data': data, 'reason': e}
return msg
def _validate_dns_name_with_dns_domain(request_dns_name, dns_domain):
# If a PQDN was passed, make sure the FQDN that will be generated is of
# legal size
higher_labels = dns_domain
if dns_domain:
higher_labels = '.%s' % dns_domain
higher_labels_len = len(higher_labels)
dns_name_len = len(request_dns_name)
if not request_dns_name.endswith('.'):
if dns_name_len + higher_labels_len > db_constants.FQDN_FIELD_SIZE:
msg = _("The dns_name passed is a PQDN and its size is "
"'%(dns_name_len)s'. The dns_domain option in "
"neutron.conf is set to %(dns_domain)s, with a "
"length of '%(higher_labels_len)s'. When the two are "
"concatenated to form a FQDN (with a '.' at the end), "
"the resulting length exceeds the maximum size "
"of '%(fqdn_max_len)s'"
) % {'dns_name_len': dns_name_len,
'dns_domain': cfg.CONF.dns_domain,
'higher_labels_len': higher_labels_len,
'fqdn_max_len': db_constants.FQDN_FIELD_SIZE}
return msg
return
# A FQDN was passed
if (dns_name_len <= higher_labels_len or not
request_dns_name.endswith(higher_labels)):
msg = _("The dns_name passed is a FQDN. Its higher level labels "
"must be equal to the dns_domain option in neutron.conf, "
"that has been set to '%(dns_domain)s'. It must also "
"include one or more valid DNS labels to the left "
"of '%(dns_domain)s'") % {'dns_domain':
cfg.CONF.dns_domain}
return msg
def _get_dns_domain_config():
if not cfg.CONF.dns_domain:
return ''
if cfg.CONF.dns_domain.endswith('.'):
return cfg.CONF.dns_domain
return '%s.' % cfg.CONF.dns_domain
def _get_request_dns_name(dns_name):
dns_domain = _get_dns_domain_config()
if (dns_domain and dns_domain != constants.DNS_DOMAIN_DEFAULT):
# If CONF.dns_domain is the default value 'openstacklocal',
# neutron don't let the user to assign dns_name to ports
return dns_name
return ''
def validate_dns_name(data, max_len=db_constants.FQDN_FIELD_SIZE):
"""Validate DNS name.
This method validates dns name and also needs to have dns_domain in config
because this may call a method which uses the config.
:param data: The data to validate.
:param max_len: An optional cap on the length of the string.
:returns: None if data is valid, otherwise a human readable message
indicating why validation failed.
"""
msg = _validate_dns_format(data, max_len)
if msg:
return msg
request_dns_name = _get_request_dns_name(data)
if request_dns_name:
dns_domain = _get_dns_domain_config()
msg = _validate_dns_name_with_dns_domain(request_dns_name, dns_domain)
if msg:
return msg
def validate_fip_dns_name(data, max_len=db_constants.FQDN_FIELD_SIZE):
"""Validate DNS name for floating IP.
:param data: The data to validate.
:param max_len: An optional cap on the length of the string.
:returns: None if data is valid, otherwise a human readable message
indicating why validation failed.
"""
msg = validators.validate_string(data)
if msg:
return msg
if not data:
return
if data.endswith('.'):
msg = _("'%s' is a FQDN. It should be a relative domain name") % data
return msg
msg = _validate_dns_format(data, max_len)
if msg:
return msg
length = len(data)
if length > max_len - 3:
msg = _("'%(data)s' contains %(length)s characters. Adding a "
"domain name will cause it to exceed the maximum length "
"of a FQDN of '%(max_len)s'") % {"data": data,
"length": length,
"max_len": max_len}
return msg
def validate_dns_domain(data, max_len=db_constants.FQDN_FIELD_SIZE):
"""Validate DNS domain.
:param data: The data to validate.
:param max_len: An optional cap on the length of the string.
:returns: None if data is valid, otherwise a human readable message
indicating why validation failed.
"""
msg = validators.validate_string(data)
if msg:
return msg
if not data:
return
if not data.endswith('.'):
msg = _("'%s' is not a FQDN") % data
return msg
msg = _validate_dns_format(data, max_len)
if msg:
return msg
length = len(data)
if length > max_len - 2:
msg = _("'%(data)s' contains %(length)s characters. Adding a "
"sub-domain will cause it to exceed the maximum length of a "
"FQDN of '%(max_len)s'") % {"data": data,
"length": length,
"max_len": max_len}
return msg
|
