checktheroads-hyperglass/hyperglass/models/data/bgp_route.py

"""Device-Agnostic Parsed Response Data Model."""

# Standard Library
import re
from typing import List, Literal
from ipaddress import ip_network

# Third Party
from pydantic import StrictInt, StrictStr, StrictBool, validator

# Project
from hyperglass.state import use_state
from hyperglass.external.rpki import rpki_state

# Local
from ..main import HyperglassModel

WinningWeight = Literal["low", "high"]


class BGPRoute(HyperglassModel):
    """Post-parsed BGP route."""

    prefix: StrictStr
    active: StrictBool
    age: StrictInt
    weight: StrictInt
    med: StrictInt
    local_preference: StrictInt
    as_path: List[StrictInt]
    communities: List[StrictStr]
    next_hop: StrictStr
    source_as: StrictInt
    source_rid: StrictStr
    peer_rid: StrictStr
    rpki_state: StrictInt

    @validator("communities")
    def validate_communities(cls, value):
        """Filter returned communities against configured policy.

        Actions:
            permit: only permit matches
            deny: only deny matches
        """

        (structured := use_state("params").structured)

        def _permit(comm):
            """Only allow matching patterns."""
            valid = False
            for pattern in structured.communities.items:
                if re.match(pattern, comm):
                    valid = True
                    break
            return valid

        def _deny(comm):
            """Allow any except matching patterns."""
            valid = True
            for pattern in structured.communities.items:
                if re.match(pattern, comm):
                    valid = False
                    break
            return valid

        func_map = {"permit": _permit, "deny": _deny}
        func = func_map[structured.communities.mode]

        return [c for c in value if func(c)]

    @validator("rpki_state")
    def validate_rpki_state(cls, value, values):
        """If external RPKI validation is enabled, get validation state."""

        (structured := use_state("params").structured)

        if structured.rpki.mode == "router":
            # If router validation is enabled, return the value as-is.
            return value

        elif structured.rpki.mode == "external":
            # If external validation is enabled, validate the prefix
            # & asn with Cloudflare's RPKI API.
            as_path = values["as_path"]

            if len(as_path) == 0:
                # If the AS_PATH length is 0, i.e. for an internal route,
                # return RPKI Unknown state.
                return 3
            else:
                # Get last ASN in path
                asn = as_path[-1]

        try:
            net = ip_network(values["prefix"])
        except ValueError:
            return 3

        # Only do external RPKI lookups for global prefixes.
        if net.is_global:
            return rpki_state(prefix=values["prefix"], asn=asn)
        else:
            return value


class BGPRouteTable(HyperglassModel):
    """Post-parsed BGP route table."""

    vrf: StrictStr
    count: StrictInt = 0
    routes: List[BGPRoute]
    winning_weight: WinningWeight

    def __init__(self, **kwargs):
        """Sort routes by prefix after validation."""
        super().__init__(**kwargs)
        self.routes = sorted(self.routes, key=lambda r: r.prefix)

    def __add__(self: "BGPRouteTable", other: "BGPRouteTable") -> "BGPRouteTable":
        """Merge another BGP table instance with this instance."""
        if isinstance(other, BGPRouteTable):
            self.routes = sorted([*self.routes, *other.routes], key=lambda r: r.prefix)
            self.count = len(self.routes)
        return self
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00			`"""Device-Agnostic Parsed Response Data Model."""`

			`# Standard Library`
add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00			`import re`
Update standard structured data models 2021-09-13 02:35:52 -07:00			`from typing import List, Literal`
don't do external RPKI lookups for non-global prefixes 2021-02-25 23:40:19 -07:00			`from ipaddress import ip_network`
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
			`# Third Party`
Update standard structured data models 2021-09-13 02:35:52 -07:00			`from pydantic import StrictInt, StrictStr, StrictBool, validator`
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
			`# Project`
Complete global state implementation 2021-09-15 18:25:37 -07:00			`from hyperglass.state import use_state`
add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00			`from hyperglass.external.rpki import rpki_state`
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
clean up data models [skip ci] 2020-12-13 01:48:20 -07:00			`# Local`
			`from ..main import HyperglassModel`

Update standard structured data models 2021-09-13 02:35:52 -07:00			`WinningWeight = Literal["low", "high"]`
fix model type annotations to make flake8 happy 2020-07-13 02:18:26 -07:00
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
Update standard structured data models 2021-09-13 02:35:52 -07:00			`class BGPRoute(HyperglassModel):`
			`"""Post-parsed BGP route."""`
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
add structured output support 2020-05-29 17:47:53 -07:00			`prefix: StrictStr`
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00			`active: StrictBool`
			`age: StrictInt`
			`weight: StrictInt`
			`med: StrictInt`
			`local_preference: StrictInt`
			`as_path: List[StrictInt]`
			`communities: List[StrictStr]`
			`next_hop: StrictStr`
			`source_as: StrictInt`
			`source_rid: StrictStr`
			`peer_rid: StrictStr`
			`rpki_state: StrictInt`

add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00			`@validator("communities")`
			`def validate_communities(cls, value):`
			`"""Filter returned communities against configured policy.`

			`Actions:`
			`permit: only permit matches`
			`deny: only deny matches`
			`"""`
fix community parsing 2020-06-06 02:04:23 -07:00
Add separate hooks for major state objects, add tests 2021-09-16 13:46:50 -07:00			`(structured := use_state("params").structured)`
Complete global state implementation 2021-09-15 18:25:37 -07:00
fix community parsing 2020-06-06 02:04:23 -07:00			`def _permit(comm):`
			`"""Only allow matching patterns."""`
			`valid = False`
Complete global state implementation 2021-09-15 18:25:37 -07:00			`for pattern in structured.communities.items:`
fix community parsing 2020-06-06 02:04:23 -07:00			`if re.match(pattern, comm):`
			`valid = True`
			`break`
			`return valid`

			`def _deny(comm):`
			`"""Allow any except matching patterns."""`
			`valid = True`
Complete global state implementation 2021-09-15 18:25:37 -07:00			`for pattern in structured.communities.items:`
fix community parsing 2020-06-06 02:04:23 -07:00			`if re.match(pattern, comm):`
			`valid = False`
			`break`
			`return valid`

			`func_map = {"permit": _permit, "deny": _deny}`
Complete global state implementation 2021-09-15 18:25:37 -07:00			`func = func_map[structured.communities.mode]`
fix community parsing 2020-06-06 02:04:23 -07:00
			`return [c for c in value if func(c)]`
add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00
			`@validator("rpki_state")`
			`def validate_rpki_state(cls, value, values):`
			`"""If external RPKI validation is enabled, get validation state."""`

Add separate hooks for major state objects, add tests 2021-09-16 13:46:50 -07:00			`(structured := use_state("params").structured)`
Complete global state implementation 2021-09-15 18:25:37 -07:00
			`if structured.rpki.mode == "router":`
add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00			`# If router validation is enabled, return the value as-is.`
			`return value`

Complete global state implementation 2021-09-15 18:25:37 -07:00			`elif structured.rpki.mode == "external":`
add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00			`# If external validation is enabled, validate the prefix`
			`# & asn with Cloudflare's RPKI API.`
			`as_path = values["as_path"]`

			`if len(as_path) == 0:`
			`# If the AS_PATH length is 0, i.e. for an internal route,`
			`# return RPKI Unknown state.`
			`return 3`
			`else:`
			`# Get last ASN in path`
			`asn = as_path[-1]`

don't do external RPKI lookups for non-global prefixes 2021-02-25 23:40:19 -07:00			`try:`
			`net = ip_network(values["prefix"])`
			`except ValueError:`
			`return 3`

			`# Only do external RPKI lookups for global prefixes.`
			`if net.is_global:`
add structured data configuration options & external RPKI validation 2020-06-06 01:25:02 -07:00			`return rpki_state(prefix=values["prefix"], asn=asn)`
			`else:`
			`return value`

start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
Update standard structured data models 2021-09-13 02:35:52 -07:00			`class BGPRouteTable(HyperglassModel):`
			`"""Post-parsed BGP route table."""`
start adding response parsing & ui elements 2020-04-24 11:41:43 -07:00
			`vrf: StrictStr`
			`count: StrictInt = 0`
Update standard structured data models 2021-09-13 02:35:52 -07:00			`routes: List[BGPRoute]`
fix model type annotations to make flake8 happy 2020-07-13 02:18:26 -07:00			`winning_weight: WinningWeight`
Update standard structured data models 2021-09-13 02:35:52 -07:00
			`def __init__(self, **kwargs):`
			`"""Sort routes by prefix after validation."""`
			`super().__init__(**kwargs)`
			`self.routes = sorted(self.routes, key=lambda r: r.prefix)`

			`def __add__(self: "BGPRouteTable", other: "BGPRouteTable") -> "BGPRouteTable":`
			`"""Merge another BGP table instance with this instance."""`
			`if isinstance(other, BGPRouteTable):`
			`self.routes = sorted([self.routes, other.routes], key=lambda r: r.prefix)`
			`self.count = len(self.routes)`
			`return self`