diff --git a/ENDPOINTS.md b/ENDPOINTS.md index 9c6d78ae6..8f83a397b 100644 --- a/ENDPOINTS.md +++ b/ENDPOINTS.md @@ -35,9 +35,16 @@ GET /template/policy/definition/data||[**ConfigurationPolicyDataDefinitionBuilde GET /template/policy/definition/data/{id}||[**ConfigurationPolicyDataDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L112)||[**DataPolicyGetResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L79)| POST /template/policy/definition/data/preview||[**ConfigurationPolicyDataDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L116)|[**DataPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L75)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| GET /template/policy/definition/data/preview/{id}||[**ConfigurationPolicyDataDefinitionBuilder.preview_policy_definition_by_id**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/data.py#L120)||[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| +POST /template/policy/definition/securitygroup||[**ConfigurationPolicySecurityGroupDefinitionBuilder.create_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L107)|[**SecurityGroupCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L94)|[**PolicyDefinitionId**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L279)| +DELETE /template/policy/definition/securitygroup/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.delete_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L111)||None| +PUT /template/policy/definition/securitygroup/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L119)|[**SecurityGroupEditPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L98)|[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)| +GET /template/policy/definition/securitygroup||[**ConfigurationPolicySecurityGroupDefinitionBuilder.get_definitions**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L123)||DataSequence[[**SecurityGroupInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L102)]| +GET /template/policy/definition/securitygroup/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L127)||[**SecurityGroupInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L102)| +POST /template/policy/definition/securitygroup/preview||[**ConfigurationPolicySecurityGroupDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L131)|[**SecurityGroupCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L94)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| +GET /template/policy/definition/securitygroup/preview/{id}||[**ConfigurationPolicySecurityGroupDefinitionBuilder.preview_policy_definition_by_id**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py#L135)||[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| POST /template/policy/definition/zonebasedfw||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.create_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L105)|[**ZoneBasedFWPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L88)|[**PolicyDefinitionId**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L279)| DELETE /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.delete_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L109)||None| -PUT /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L117)||[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)| +PUT /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L117)|[**ZoneBasedFWPolicyEditPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L96)|[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)| GET /template/policy/definition/zonebasedfw||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.get_definitions**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L121)||DataSequence[[**ZoneBasedFWPolicyInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L100)]| GET /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L125)||[**ZoneBasedFWPolicyGetResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L92)| POST /template/policy/definition/zonebasedfw/preview||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L129)|[**ZoneBasedFWPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py#L88)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| diff --git a/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py b/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py new file mode 100644 index 000000000..ebddca715 --- /dev/null +++ b/vmngclient/endpoints/configuration/policy/definition_builder/security_group.py @@ -0,0 +1,141 @@ +# mypy: disable-error-code="empty-body" +from enum import Enum +from ipaddress import IPv4Network, IPv6Network +from typing import Optional, Union + +from pydantic import BaseModel, Extra, Field, root_validator + +from vmngclient.endpoints import APIEndpoints, delete, get, post, put +from vmngclient.model.policy.policy_definition import ( + PolicyDefinitionEditResponse, + PolicyDefinitionHeader, + PolicyDefinitionId, + PolicyDefinitionInfo, + PolicyDefinitionPreview, +) +from vmngclient.typed_list import DataSequence + + +class SequenceIPType(str, Enum): + IPV4 = "ipv4" + IPV6 = "ipv6" + + +class ListReference(BaseModel): + ref: str + + +class VariableName(BaseModel): + vip_variable_name: str = Field(alias="vipVariableName") + + +class SecurityGroupIPv4Definition(BaseModel): + data_prefix: Union[IPv4Network, VariableName, None] = Field(None, alias="dataPrefix") + data_prefix_list: Optional[ListReference] = Field(None, alias="dataPrefixList") + fqdn: Optional[str] = None + fqdn_list: Optional[ListReference] = Field(None, alias="fqdnList") + geo_location: Optional[str] = Field(None, alias="geoLocation") + geo_location_list: Optional[ListReference] = Field(None, alias="geoLocationList") + port: Optional[str] = None + port_list: Optional[ListReference] = Field(None, alias="portList") + + class Config: + extra = Extra.forbid + allow_population_by_field_name = True + + @root_validator(pre=True) + def check_exclusive_fields(cls, values): + if values.get("dataPrefix") is not None and values.get("dataPrefixList") is not None: + raise ValueError("dataPrefix and dataPrefixList cannot be set at the same time") + if values.get("fqdn") is not None and values.get("fqdnList") is not None: + raise ValueError("fqdn and fqdnList cannot be set at the same time") + if values.get("geoLocation") is not None and values.get("geoLocationList") is not None: + raise ValueError("geoLocation and geoLocationList cannot be set at the same time") + if values.get("port") is not None and values.get("portList") is not None: + raise ValueError("port and portList cannot be set at the same time") + return values + + +class SecurityGroupIPv6Definition(BaseModel): + data_ipv6_prefix: Union[IPv6Network, VariableName, None] = Field(None, alias="dataIPV6Prefix") + data_ipv6_prefix_list: Optional[ListReference] = Field(None, alias="dataIPV6PrefixList") + + class Config: + extra = Extra.forbid + allow_population_by_field_name = True + + @root_validator(pre=True) + def check_exclusive_fields(cls, values): + if values.get("dataIPV6Prefix") is not None and values.get("dataIPV6PrefixList") is not None: + raise ValueError("dataPrefix and dataPrefixList cannot be set at the same time") + return values + + +class SecurityGroup(PolicyDefinitionHeader): + type: str = Field(default="securityGroup", const=True) + mode: str = Field(default="unified", const=True) + + +class SecurityGroupDefinition(SecurityGroup): + sequence_ip_type: SequenceIPType = Field(alias="sequenceIpType") + definition: Union[SecurityGroupIPv4Definition, SecurityGroupIPv6Definition] + + @root_validator(pre=True) + def validate_by_sequence_ip_type(cls, values): + ip_type = values.get("sequenceIpType") + definition = values.get("definition") + if (ip_type == SequenceIPType.IPV4 and isinstance(definition, SecurityGroupIPv6Definition)) or ( + ip_type == SequenceIPType.IPV6 and isinstance(definition, SecurityGroupIPv4Definition) + ): + raise ValueError(f"Incompatible definition for {ip_type} sequence") + return values + + +class SecurityGroupCreationPayload(SecurityGroupDefinition): + pass + + +class SecurityGroupEditPayload(SecurityGroupCreationPayload, PolicyDefinitionId): + pass + + +class SecurityGroupInfo(SecurityGroupDefinition, PolicyDefinitionId, PolicyDefinitionInfo): + pass + + +class ConfigurationPolicySecurityGroupDefinitionBuilder(APIEndpoints): + @post("/template/policy/definition/securitygroup") + def create_policy_definition(self, payload: SecurityGroupCreationPayload) -> PolicyDefinitionId: + ... + + @delete("/template/policy/definition/securitygroup/{id}") + def delete_policy_definition(self, id: str) -> None: + ... + + def edit_multiple_policy_definition(self): + # PUT /template/policy/definition/securitygroup/multiple/{id} + ... + + @put("/template/policy/definition/securitygroup/{id}") + def edit_policy_definition(self, id: str, payload: SecurityGroupEditPayload) -> PolicyDefinitionEditResponse: + ... + + @get("/template/policy/definition/securitygroup", "data") + def get_definitions(self) -> DataSequence[SecurityGroupInfo]: + ... + + @get("/template/policy/definition/securitygroup/{id}") + def get_policy_definition(self, id: str) -> SecurityGroupInfo: + ... + + @post("/template/policy/definition/securitygroup/preview") + def preview_policy_definition(self, payload: SecurityGroupCreationPayload) -> PolicyDefinitionPreview: + ... + + @get("/template/policy/definition/securitygroup/preview/{id}") + def preview_policy_definition_by_id(self, id: str) -> PolicyDefinitionPreview: + ... + + def save_policy_definition_in_bulk(self): + # PUT /template/policy/definition/securitygroup/bulk + ... diff --git a/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py b/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py index 23d5c5ce0..bbfb23a6b 100644 --- a/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py +++ b/vmngclient/endpoints/configuration/policy/definition_builder/zone_based_firewall.py @@ -115,7 +115,7 @@ def edit_multiple_policy_definition(self): ... @put("/template/policy/definition/zonebasedfw/{id}") - def edit_policy_definition(self, id: str) -> PolicyDefinitionEditResponse: + def edit_policy_definition(self, id: str, payload: ZoneBasedFWPolicyEditPayload) -> PolicyDefinitionEditResponse: ... @get("/template/policy/definition/zonebasedfw", "data") diff --git a/vmngclient/endpoints/endpoints_container.py b/vmngclient/endpoints/endpoints_container.py index 14717f400..16b2d4aee 100644 --- a/vmngclient/endpoints/endpoints_container.py +++ b/vmngclient/endpoints/endpoints_container.py @@ -7,6 +7,9 @@ from vmngclient.endpoints.client import Client from vmngclient.endpoints.cluster_management import ClusterManagement from vmngclient.endpoints.configuration.policy.definition_builder.data import ConfigurationPolicyDataDefinitionBuilder +from vmngclient.endpoints.configuration.policy.definition_builder.security_group import ( + ConfigurationPolicySecurityGroupDefinitionBuilder, +) from vmngclient.endpoints.configuration.policy.definition_builder.zone_based_firewall import ( ConfigurationPolicyZoneBasedFirewallDefinitionBuilder, ) @@ -79,6 +82,7 @@ class ConfigurationPolicyDefinitionBuilderContainer: def __init__(self, session: vManageSession): self.data = ConfigurationPolicyDataDefinitionBuilder(session) self.zone_based_firewall = ConfigurationPolicyZoneBasedFirewallDefinitionBuilder(session) + self.security_group = ConfigurationPolicySecurityGroupDefinitionBuilder(session) class ConfigurationPolicyContainer: diff --git a/vmngclient/model/profileparcel/traffic_policy.py b/vmngclient/model/profileparcel/traffic_policy.py index dbbd218b0..67e69990f 100644 --- a/vmngclient/model/profileparcel/traffic_policy.py +++ b/vmngclient/model/profileparcel/traffic_policy.py @@ -1,6 +1,6 @@ # mypy: disable-error-code="valid-type" # generated by datamodel-codegen: -# filename: app-traffic-policy.json +# filename: apidocs/schema/profileparcel/sdwan/application-priority/traffic-policy/post/request_schema.json # timestamp: 2023-09-07T08:34:35+00:00 from __future__ import annotations