add: security group definition builder endpoints, fix: zonebasedfw ed…

…it request

ENDPOINTS.md

@@ -35,9 +35,16 @@ GET /template/policy/definition/data||[**ConfigurationPolicyDataDefinitionBuilde
 GET /template/policy/definition/data/{id}||[**ConfigurationPolicyDataDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L112)||[**DataPolicyGetResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L79)|
 POST /template/policy/definition/data/preview||[**ConfigurationPolicyDataDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L116)|[**DataPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L75)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)|
 GET /template/policy/definition/data/preview/{id}||[**ConfigurationPolicyDataDefinitionBuilder.preview_policy_definition_by_id**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L120)||[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)|
+POST /template/policy/definition/securitygroup||[**ConfigurationPolicySecurityGroupDefinitionBuilder.create_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L107)|[**SecurityGroupCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L94)|[**PolicyDefinitionId**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L279)|
+DELETE /template/policy/definition/securitygroup/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.delete_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L111)||None|
+PUT /template/policy/definition/securitygroup/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L119)|[**SecurityGroupEditPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L98)|[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)|
+GET /template/policy/definition/securitygroup||[**ConfigurationPolicySecurityGroupDefinitionBuilder.get_definitions**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L123)||DataSequence[[**SecurityGroupInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L102)]|
+GET /template/policy/definition/securitygroup/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L127)||[**SecurityGroupInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L102)|
+POST /template/policy/definition/securitygroup/preview||[**ConfigurationPolicySecurityGroupDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L131)|[**SecurityGroupCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L94)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)|
+GET /template/policy/definition/securitygroup/preview/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.preview_policy_definition_by_id**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L135)||[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)|
 POST /template/policy/definition/zonebasedfw||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.create_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L105)|[**ZoneBasedFWPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L88)|[**PolicyDefinitionId**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L279)|
 DELETE /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.delete_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L109)||None|
-PUT /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L117)||[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)|
+PUT /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L117)|[**ZoneBasedFWPolicyEditPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L96)|[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)|
 GET /template/policy/definition/zonebasedfw||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.get_definitions**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L121)||DataSequence[[**ZoneBasedFWPolicyInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L100)]|
 GET /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L125)||[**ZoneBasedFWPolicyGetResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L92)|
 POST /template/policy/definition/zonebasedfw/preview||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L129)|[**ZoneBasedFWPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L88)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)|

vmngclient/endpoints/configuration/policy/definition_builder/security_group.py

@@ -0,0 +1,141 @@
+# mypy: disable-error-code="empty-body"
+from enum import Enum
+from ipaddress import IPv4Network, IPv6Network
+from typing import Optional, Union
+
+from pydantic import BaseModel, Extra, Field, root_validator
+
+from vmngclient.endpoints import APIEndpoints, delete, get, post, put
+from vmngclient.model.policy.policy_definition import (
+    PolicyDefinitionEditResponse,
+    PolicyDefinitionHeader,
+    PolicyDefinitionId,
+    PolicyDefinitionInfo,
+    PolicyDefinitionPreview,
+)
+from vmngclient.typed_list import DataSequence
+
+
+class SequenceIPType(str, Enum):
+    IPV4 = "ipv4"
+    IPV6 = "ipv6"
+
+
+class ListReference(BaseModel):
+    ref: str
+
+
+class VariableName(BaseModel):
+    vip_variable_name: str = Field(alias="vipVariableName")
+
+
+class SecurityGroupIPv4Definition(BaseModel):
+    data_prefix: Union[IPv4Network, VariableName, None] = Field(None, alias="dataPrefix")
+    data_prefix_list: Optional[ListReference] = Field(None, alias="dataPrefixList")
+    fqdn: Optional[str] = None
+    fqdn_list: Optional[ListReference] = Field(None, alias="fqdnList")
+    geo_location: Optional[str] = Field(None, alias="geoLocation")
+    geo_location_list: Optional[ListReference] = Field(None, alias="geoLocationList")
+    port: Optional[str] = None
+    port_list: Optional[ListReference] = Field(None, alias="portList")
+
+    class Config:
+        extra = Extra.forbid
+        allow_population_by_field_name = True
+
+    @root_validator(pre=True)
+    def check_exclusive_fields(cls, values):
+        if values.get("dataPrefix") is not None and values.get("dataPrefixList") is not None:
+            raise ValueError("dataPrefix and dataPrefixList cannot be set at the same time")
+        if values.get("fqdn") is not None and values.get("fqdnList") is not None:
+            raise ValueError("fqdn and fqdnList cannot be set at the same time")
+        if values.get("geoLocation") is not None and values.get("geoLocationList") is not None:
+            raise ValueError("geoLocation and geoLocationList cannot be set at the same time")
+        if values.get("port") is not None and values.get("portList") is not None:
+            raise ValueError("port and portList cannot be set at the same time")
+        return values
+
+
+class SecurityGroupIPv6Definition(BaseModel):
+    data_ipv6_prefix: Union[IPv6Network, VariableName, None] = Field(None, alias="dataIPV6Prefix")
+    data_ipv6_prefix_list: Optional[ListReference] = Field(None, alias="dataIPV6PrefixList")
+
+    class Config:
+        extra = Extra.forbid
+        allow_population_by_field_name = True
+
+    @root_validator(pre=True)
+    def check_exclusive_fields(cls, values):
+        if values.get("dataIPV6Prefix") is not None and values.get("dataIPV6PrefixList") is not None:
+            raise ValueError("dataPrefix and dataPrefixList cannot be set at the same time")
+        return values
+
+
+class SecurityGroup(PolicyDefinitionHeader):
+    type: str = Field(default="securityGroup", const=True)
+    mode: str = Field(default="unified", const=True)
+
+
+class SecurityGroupDefinition(SecurityGroup):
+    sequence_ip_type: SequenceIPType = Field(alias="sequenceIpType")
+    definition: Union[SecurityGroupIPv4Definition, SecurityGroupIPv6Definition]
+
+    @root_validator(pre=True)
+    def validate_by_sequence_ip_type(cls, values):
+        ip_type = values.get("sequenceIpType")
+        definition = values.get("definition")
+        if (ip_type == SequenceIPType.IPV4 and isinstance(definition, SecurityGroupIPv6Definition)) or (
+            ip_type == SequenceIPType.IPV6 and isinstance(definition, SecurityGroupIPv4Definition)
+        ):
+            raise ValueError(f"Incompatible definition for {ip_type} sequence")
+        return values
+
+
+class SecurityGroupCreationPayload(SecurityGroupDefinition):
+    pass
+
+
+class SecurityGroupEditPayload(SecurityGroupCreationPayload, PolicyDefinitionId):
+    pass
+
+
+class SecurityGroupInfo(SecurityGroupDefinition, PolicyDefinitionId, PolicyDefinitionInfo):
+    pass
+
+
+class ConfigurationPolicySecurityGroupDefinitionBuilder(APIEndpoints):
+    @post("/template/policy/definition/securitygroup")
+    def create_policy_definition(self, payload: SecurityGroupCreationPayload) -> PolicyDefinitionId:
+        ...
+
+    @delete("/template/policy/definition/securitygroup/{id}")
+    def delete_policy_definition(self, id: str) -> None:
+        ...
+
+    def edit_multiple_policy_definition(self):
+        # PUT /template/policy/definition/securitygroup/multiple/{id}
+        ...
+
+    @put("/template/policy/definition/securitygroup/{id}")
+    def edit_policy_definition(self, id: str, payload: SecurityGroupEditPayload) -> PolicyDefinitionEditResponse:
+        ...
+
+    @get("/template/policy/definition/securitygroup", "data")
+    def get_definitions(self) -> DataSequence[SecurityGroupInfo]:
+        ...
+
+    @get("/template/policy/definition/securitygroup/{id}")
+    def get_policy_definition(self, id: str) -> SecurityGroupInfo:
+        ...
+
+    @post("/template/policy/definition/securitygroup/preview")
+    def preview_policy_definition(self, payload: SecurityGroupCreationPayload) -> PolicyDefinitionPreview:
+        ...
+
+    @get("/template/policy/definition/securitygroup/preview/{id}")
+    def preview_policy_definition_by_id(self, id: str) -> PolicyDefinitionPreview:
+        ...
+
+    def save_policy_definition_in_bulk(self):
+        # PUT /template/policy/definition/securitygroup/bulk
+        ...

vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py

@@ -115,7 +115,7 @@ def edit_multiple_policy_definition(self):
         ...
 
     @put("/template/policy/definition/zonebasedfw/{id}")
-    def edit_policy_definition(self, id: str) -> PolicyDefinitionEditResponse:
+    def edit_policy_definition(self, id: str, payload: ZoneBasedFWPolicyEditPayload) -> PolicyDefinitionEditResponse:
         ...
 
     @get("/template/policy/definition/zonebasedfw", "data")

vmngclient/endpoints/endpoints_container.py

@@ -7,6 +7,9 @@
 from vmngclient.endpoints.client import Client
 from vmngclient.endpoints.cluster_management import ClusterManagement
 from vmngclient.endpoints.configuration.policy.definition_builder.data import ConfigurationPolicyDataDefinitionBuilder
+from vmngclient.endpoints.configuration.policy.definition_builder.security_group import (
+    ConfigurationPolicySecurityGroupDefinitionBuilder,
+)
 from vmngclient.endpoints.configuration.policy.definition_builder.zone_based_firewall import (
     ConfigurationPolicyZoneBasedFirewallDefinitionBuilder,
 )
@@ -79,6 +82,7 @@ class ConfigurationPolicyDefinitionBuilderContainer:
     def __init__(self, session: vManageSession):
         self.data = ConfigurationPolicyDataDefinitionBuilder(session)
         self.zone_based_firewall = ConfigurationPolicyZoneBasedFirewallDefinitionBuilder(session)
+        self.security_group = ConfigurationPolicySecurityGroupDefinitionBuilder(session)
 
 
 class ConfigurationPolicyContainer:

vmngclient/model/profileparcel/traffic_policy.py

@@ -1,6 +1,6 @@
 # mypy: disable-error-code="valid-type"
 # generated by datamodel-codegen:
-#   filename:  app-traffic-policy.json
+#   filename:  apidocs/schema/profileparcel/sdwan/application-priority/traffic-policy/post/request_schema.json
 #   timestamp: 2023-09-07T08:34:35+00:00
 
 from __future__ import annotations