-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
755575b
commit be63190
Showing
7 changed files
with
321 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,192 @@ | ||
/* | ||
* This file is part of Cockpit. | ||
* | ||
* Copyright (C) 2023 Red Hat, Inc. | ||
* | ||
* Cockpit is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU Lesser General Public License as published by | ||
* the Free Software Foundation; either version 2.1 of the License, or | ||
* (at your option) any later version. | ||
* | ||
* Cockpit is distributed in the hope that it will be useful, but | ||
* WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
* Lesser General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Lesser General Public License | ||
* along with Cockpit; If not, see <http://www.gnu.org/licenses/>. | ||
*/ | ||
|
||
import React, { useContext, useEffect, useState } from 'react'; | ||
import cockpit from 'cockpit'; | ||
import { Button } from '@patternfly/react-core/dist/esm/components/Button/index.js'; | ||
import { ClipboardCopy } from '@patternfly/react-core/dist/esm/components/ClipboardCopy/index.js'; | ||
import { EmptyState, EmptyStateBody } from '@patternfly/react-core/dist/esm/components/EmptyState/index.js'; | ||
import { FormGroup, FormFieldGroup, FormFieldGroupHeader } from '@patternfly/react-core/dist/esm/components/Form/index.js'; | ||
import { Grid } from '@patternfly/react-core/dist/esm/layouts/Grid/index.js'; | ||
import { InputGroup } from '@patternfly/react-core/dist/esm/components/InputGroup/index.js'; | ||
import { MinusIcon } from '@patternfly/react-icons'; | ||
import { TextInput } from '@patternfly/react-core/dist/esm/components/TextInput/index.js'; | ||
|
||
import { Name, NetworkModal, dialogSave } from "./dialogs-common"; | ||
import { ModelContext } from './model-context'; | ||
import { useDialogs } from 'dialogs.jsx'; | ||
|
||
import './wireguard.scss'; | ||
|
||
const _ = cockpit.gettext; | ||
|
||
export function WireGuardDialog({ settings }) { | ||
const Dialogs = useDialogs(); | ||
const idPrefix = 'network-wireguard-settings'; | ||
const model = useContext(ModelContext); | ||
|
||
const [iface, setIface] = useState(settings.connection.interface_name); | ||
const [privateKey, setPrivateKey] = useState(''); | ||
const [publicKey, setPublicKey] = useState(''); | ||
const [listenPort, setListenPort] = useState(''); | ||
const [addresses, setAddresses] = useState(''); | ||
const [dialogError, setDialogError] = useState(''); | ||
const [peers, setPeers] = useState([]); | ||
|
||
useEffect(() => { | ||
async function getPublicKey() { | ||
try { | ||
const key = await cockpit.script(`echo ${privateKey.trim()} | wg pubkey`, { err: 'message' }); | ||
setPublicKey(key.trim()); | ||
} catch (e) { | ||
setPublicKey(''); | ||
} | ||
} | ||
|
||
getPublicKey(); | ||
}, [privateKey]); | ||
|
||
function onSubmit() { | ||
function createSettingsObj() { | ||
return { | ||
connection: { | ||
id: `con-${iface}`, | ||
interface_name: iface, | ||
type: 'wireguard' | ||
}, | ||
wireguard: { | ||
private_key: privateKey.trim(), | ||
listen_port: +listenPort, | ||
peers, | ||
}, | ||
ipv4: { | ||
addresses: [[addresses.split('/')[0], addresses.split('/')[1], '0.0.0.0']], // TODO: fix gateway | ||
method: 'manual' | ||
} | ||
}; | ||
} | ||
|
||
dialogSave({ | ||
model, | ||
settings: createSettingsObj(), | ||
onClose: Dialogs.close, | ||
setDialogError | ||
}); | ||
} | ||
|
||
return ( | ||
<NetworkModal title={_("WireGuard settings")} onSubmit={onSubmit} dialogError={dialogError} idPrefix={idPrefix}> | ||
<Name idPrefix={idPrefix} iface={iface} setIface={setIface} /> | ||
<FormGroup label={_('Private key')} fieldId={idPrefix + '-private-key-input'}> | ||
<InputGroup> | ||
<TextInput id={idPrefix + '-private-key-input'} value={privateKey} onChange={(_, val) => setPrivateKey(val)} /> | ||
<Button variant='secondary' | ||
onClick={async () => { | ||
const key = await cockpit.script("wg genkey"); | ||
setPrivateKey(key.trim()); | ||
}} | ||
> | ||
Generate private key | ||
</Button> | ||
</InputGroup> | ||
</FormGroup> | ||
<FormGroup label={_('Public key')}> | ||
<ClipboardCopy isReadOnly>{publicKey}</ClipboardCopy> | ||
</FormGroup> | ||
<FormGroup label={_('Listen port')} fieldId={idPrefix + '-listen-port-input'}> | ||
<TextInput id={idPrefix + '-listen-port-input'} placeholder='Random port selected when unspecified' type='number' onChange={(_, val) => { setListenPort(val) }} /> | ||
</FormGroup> | ||
<FormGroup label={_('Addresses')} fieldId={idPrefix + '-addresses-input'}> | ||
<TextInput id={idPrefix + '-addresses-input'} onChange={(_, val) => { setAddresses(val) }} placeholder='E.g. 10.0.0.1/24' /> | ||
</FormGroup> | ||
<FormFieldGroup | ||
header={ | ||
<FormFieldGroupHeader | ||
titleText={{ text: _("Peers") }} | ||
actions={ | ||
<Button | ||
variant='secondary' | ||
onClick={() => setPeers(peers => [...peers, { publicKey: '', endpoint: '', allowedIps: '' }])} | ||
> | ||
{_("Add peer")} | ||
</Button> | ||
} | ||
/> | ||
} | ||
className='dynamic-form-group' | ||
> | ||
{(peers.length !== 0) | ||
? peers.map((peer, i) => ( | ||
<Grid key={i} hasGutter> | ||
<FormGroup className='pf-m-6-col-on-md' label={_("Public key")} fieldId={idPrefix + '-publickey-peer-' + i}> | ||
<TextInput | ||
value={peer.publicKey} | ||
onChange={(_, val) => { | ||
setPeers(peers => peers.map((peer, index) => i === index ? { ...peer, publicKey: val } : peer)); | ||
}} | ||
id={idPrefix + '-publickey-peer-' + i} | ||
/> | ||
</FormGroup> | ||
<FormGroup className='pf-m-3-col-on-md' label={_("Endpoint")} fieldId={idPrefix + '-endpoint-peer-' + i}> | ||
<TextInput | ||
value={peer.endpoint} | ||
onChange={(_, val) => { | ||
setPeers(peers => peers.map((peer, index) => i === index ? { ...peer, endpoint: val } : peer)); | ||
}} | ||
id={idPrefix + '-endpoint-peer-' + i} | ||
/> | ||
</FormGroup> | ||
<FormGroup className='pf-m-3-col-on-md' label={_("Allowed IPs")} fieldId={idPrefix + '-allowedips-peer-' + i}> | ||
<TextInput | ||
value={peer.allowedIps} | ||
onChange={(_, val) => { | ||
setPeers(peers => peers.map((peer, index) => i === index ? { ...peer, allowedIps: val } : peer)); | ||
}} | ||
id={idPrefix + '-allowedips-peer-' + i} | ||
/> | ||
</FormGroup> | ||
<FormGroup className='pf-m-1-col-on-md remove-button-group'> | ||
<Button | ||
variant='secondary' | ||
onClick={() => { | ||
setPeers(peers => peers.filter((_, index) => i !== index)); | ||
}} | ||
> | ||
<MinusIcon /> | ||
</Button> | ||
</FormGroup> | ||
</Grid> | ||
)) | ||
: <EmptyState> | ||
<EmptyStateBody>{_("No peers added.")}</EmptyStateBody> | ||
</EmptyState> | ||
} | ||
</FormFieldGroup> | ||
</NetworkModal> | ||
); | ||
} | ||
|
||
export function getGhostSettings({ newIfaceName }) { | ||
return { | ||
connection: { | ||
id: `con-${newIfaceName}`, | ||
interface_name: newIfaceName | ||
} | ||
}; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
.dynamic-form-group { | ||
.pf-v5-c-empty-state { | ||
padding: 0; | ||
} | ||
|
||
.pf-v5-c-form__field-group-body { | ||
.pf-v5-c-form__group { | ||
display: block; | ||
} | ||
|
||
.remove-button-group { | ||
// Move 'Remove' button the the end of the row | ||
grid-column: -1; | ||
// Move 'Remove' button to the bottom of the line so as to align with the other form fields | ||
display: flex; | ||
align-items: flex-end; | ||
} | ||
} | ||
|
||
// We use FormFieldGroup PF component for the nested look and for ability to add buttons to the header | ||
// However we want to save space and not add indent to the left so we need to override it | ||
.pf-v5-c-form__field-group-body { | ||
// Stretch content fully | ||
--pf-v5-c-form__field-group-body--GridColumn: 1 / -1; | ||
// Reduce padding at the top | ||
--pf-v5-c-form__field-group-body--PaddingTop: var(--pf-v5-global--spacer--xs); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
#!/usr/bin/python3 -cimport os, sys; os.execv(os.path.dirname(sys.argv[1]) + "/../common/pywrap", sys.argv) | ||
|
||
from testlib import MachineCase, test_main | ||
import configparser | ||
import io | ||
|
||
class TestVPNPlayground(MachineCase): | ||
provision = { | ||
"machine1": {"address": "192.168.100.11/24", "restrict": False}, | ||
"machine2": {"address": "192.168.100.12/24", "restrict": False}, | ||
} | ||
|
||
def testVPN(self): | ||
m1 = self.machines["machine1"] | ||
m2 = self.machines["machine2"] | ||
b = self.browser | ||
|
||
self.login_and_go("/network") | ||
|
||
# Peer 2 (server) | ||
m2.execute("systemctl stop firewalld") # TODO: Fix it | ||
m2.execute("wg genkey > private") | ||
m2_port = 51820 | ||
m2_pubkey = m2.execute("wg pubkey < private").strip() | ||
|
||
m2.execute("ip link add dev wg0 type wireguard") | ||
m2.execute("ip addr add 10.0.0.2/24 dev wg0") | ||
m2.execute("wg set wg0 private-key ./private") | ||
m2.execute(f"wg set wg0 listen-port {m2_port}") | ||
m2.execute("ip link set wg0 up") | ||
|
||
# Peer 1 (client) | ||
m1.execute("systemctl stop firewalld") # TODO: Fix it | ||
b.click("button:contains('Add WireGuard')") | ||
b.wait_visible("#network-wireguard-settings-dialog") | ||
b.click("button:contains('Generate private key')") | ||
b.wait_not_val("#network-wireguard-settings-dialog .pf-v5-c-clipboard-copy input", "") | ||
m1_pubkey = b.eval_js("document.querySelector('#network-wireguard-settings-dialog .pf-v5-c-clipboard-copy input').value") | ||
b.set_input_text("#network-wireguard-settings-listen-port-input", "51820") | ||
b.set_input_text("#network-wireguard-settings-addresses-input", "10.0.0.1/24") | ||
b.click("button:contains('Add peer')") | ||
b.set_input_text("#network-wireguard-settings-publickey-peer-0", m2_pubkey) | ||
b.set_input_text("#network-wireguard-settings-endpoint-peer-0", f"192.168.100.12:{m2_port}") | ||
b.set_input_text("#network-wireguard-settings-allowedips-peer-0", "10.0.0.2") | ||
b.click("button:contains('Save')") | ||
|
||
m2.execute(f"wg set wg0 peer {m1_pubkey} allowed-ips 10.0.0.1/32") # endpoint and port is not necessary for a peer if that peer estalishes the connectio first (i.e. the client) | ||
|
||
m1.execute("ping -c 1 10.0.0.2") | ||
|
||
# INI -> Python Dictionary | ||
def convertToDict(string_config): | ||
buf = io.StringIO(string_config) | ||
config_object = configparser.ConfigParser() | ||
config_object.read_file(buf) | ||
|
||
output_dic = dict() | ||
sections = config_object.sections() | ||
for section in sections: | ||
items = config_object.items(section) | ||
output_dic[section] = dict(items) | ||
|
||
return output_dic | ||
|
||
|
||
if __name__ == "__main__": | ||
test_main() |