v0.13.0-alpha3, IRRdb white lists

close #16
pierky · Oct 19, 2017 · 7d92c37 · 7d92c37
1 parent fe13a76
commit 7d92c37
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 8 deletions.
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -16,6 +16,10 @@ next release
 
   Related: `issue #12 on GitHub <https://github.com/pierky/arouteserver/issues/12>`_.
 
+- New feature: client-level white lists for IRRdb prefixes and origin ASNs.
+
+  This allows to manually enter prefixes and ASNs that must be treated as if they were included within client's AS-SETs.
+
 v0.12.3
 -------
 

diff --git a/config.d/clients.yml b/config.d/clients.yml
@@ -76,6 +76,8 @@ clients:
     #
     # - filtering.black_list_pref
     # - filtering.irrdb.as_sets
+    # - filtering.irrdb.white_list_pref
+    # - filtering.irrdb.white_list_asn
     #
     # Please refer to the general configuration file for more
     # details.
@@ -136,6 +138,20 @@ clients:
           #enforce_origin_in_as_set: True
           #enforce_prefix_in_as_set: True
 
+          # List of prefixes that are treated as if they were
+          # included within the client's AS-SET.
+          white_list_pref:
+            #- prefix:
+            #  length:
+            #  comment: ""
+
+          # List of origin ASNs that are treated as if they were
+          # included within the client's AS-SET.
+          white_list_asn:
+            #- 1
+            #- 2
+            #- 3
+
         rpki:
           #reject_invalid: True
 

diff --git a/pierky/arouteserver/config/clients.py b/pierky/arouteserver/config/clients.py
@@ -78,6 +78,10 @@ def get_client_descr(client):
                                                    mandatory=False),
                         "enforce_origin_in_as_set": ValidatorBool(mandatory=False),
                         "enforce_prefix_in_as_set": ValidatorBool(mandatory=False),
+                        "white_list_pref": ValidatorListOf(
+                            ValidatorPrefixListEntry, mandatory=False,
+                        ),
+                        "white_list_asn": ValidatorASNList(mandatory=False),
                     },
                     "rpki": {
                         "enabled": ValidatorBool(mandatory=False),

diff --git a/pierky/arouteserver/enrichers/irrdb.py b/pierky/arouteserver/enrichers/irrdb.py
@@ -170,6 +170,8 @@ class IRRDBConfigEnricher(BaseConfigEnricher):
 
     WORKER_THREAD_CLASS = None
 
+    WHITE_LIST_OBJECT_NAME_PREFIX = "WHITE_LIST_"
+
     def prepare(self):
         if self.builder.irrdb_info is not None:
             return
@@ -187,6 +189,8 @@ def use_as_set(as_set_names, used_by_client=None):
             # If a bundle for the same AS-SET names is already
             # present in the irrdb_info list, then that one will
             # be returned; otherwise, new_bundle will be.
+            #
+            # Returns: (<bundle id>, <bundle obj>)
             new_bundle = AS_SET_Bundle_Proxy(as_set_names)
 
             for as_set_bundle in irrdb_info:
@@ -195,13 +199,13 @@ def use_as_set(as_set_names, used_by_client=None):
                     # added to irrdb_info: use it.
                     if used_by_client:
                         as_set_bundle.used_by.append(used_by_client)
-                    return as_set_bundle.id
+                    return as_set_bundle.id, as_set_bundle
 
             if used_by_client:
                 new_bundle.used_by.append(used_by_client)
 
             irrdb_info.append(new_bundle)
-            return new_bundle.id
+            return new_bundle.id, new_bundle
 
         # Add to irrdb_info all the AS-SET bundles reported in the 'asns' section.
         for asn in self.builder.cfg_asns.cfg["asns"]:
@@ -211,7 +215,7 @@ def use_as_set(as_set_names, used_by_client=None):
                 continue
 
             self.builder.cfg_asns[asn]["as_set_bundle_ids"].append(
-                use_as_set(self.builder.cfg_asns[asn]["as_sets"])
+                use_as_set(self.builder.cfg_asns[asn]["as_sets"])[0]
             )
 
         # Add to irrdb_info all the AS-SET bundles reported in the 'clients' section.
@@ -238,13 +242,28 @@ def use_as_set(as_set_names, used_by_client=None):
             # In the worst case, use AS<asn>.
             client_irrdb["as_set_bundle_ids"].append(
                 use_as_set(["AS{}".format(client["asn"])],
-                           "client {}".format(client["id"]))
+                           "client {}".format(client["id"]))[0]
             )
 
+            # IRR white lists
+            for cfg_attr, obj_type in (("white_list_pref", "prefixes"),
+                                       ("white_list_asn", "asns")):
+                if client_irrdb[cfg_attr]:
+                    # If a white list of prefixes/ASNs has been set for the
+                    # client, add a fake 'white_list' AS-SET with those
+                    # prefixes/ASNs.
+                    white_list_name = self.WHITE_LIST_OBJECT_NAME_PREFIX + client["id"]
+                    white_list_bundle_id, white_list_bundle = use_as_set(
+                        [white_list_name], "client {}".format(client["id"])
+                    )
+                    white_list_bundle.save(obj_type, client_irrdb[cfg_attr])
+                    if white_list_bundle_id not in client_irrdb["as_set_bundle_ids"]:
+                        client_irrdb["as_set_bundle_ids"].append(white_list_bundle_id)
+
             if client_irrdb["as_sets"]:
                 # Client has its own specific set of AS-SETs.
                 client_irrdb["as_set_bundle_ids"].append(
-                    use_as_set(client_irrdb["as_sets"], "client {}".format(client["id"]))
+                    use_as_set(client_irrdb["as_sets"], "client {}".format(client["id"]))[0]
                 )
                 continue
 
@@ -260,7 +279,7 @@ def use_as_set(as_set_names, used_by_client=None):
                     use_as_set(
                         self.builder.cfg_asns.cfg["asns"][asn]["as_sets"],
                         "client {}".format(client["id"])
-                    )
+                    )[0]
                 )
                 continue
 
@@ -275,7 +294,7 @@ def use_as_set(as_set_names, used_by_client=None):
                                     ", ".join(as_sets_from_pdb)
                                 ))
                 client_irrdb["as_set_bundle_ids"].append(
-                    use_as_set(as_sets_from_pdb, "client {}".format(client["id"]))
+                    use_as_set(as_sets_from_pdb, "client {}".format(client["id"]))[0]
                 )
                 continue
 
@@ -309,6 +328,8 @@ def _config_thread(self, thread):
     def add_tasks(self):
         # Enqueuing tasks.
         for as_set_bundle_id, as_set_bundle in iteritems(self.builder.irrdb_info):
+            if as_set_bundle.name.startswith(self.WHITE_LIST_OBJECT_NAME_PREFIX):
+                continue
             self.tasks_q.put(as_set_bundle)
 
 class IRRDBConfigEnricher_OriginASNs(IRRDBConfigEnricher):

diff --git a/pierky/arouteserver/version.py b/pierky/arouteserver/version.py
@@ -13,5 +13,5 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-__version__ = "0.13.0-alpha2" # pragma: no cover
+__version__ = "0.13.0-alpha3" # pragma: no cover
 COPYRIGHT_YEAR = 2017 # pragma: no cover