From c8dcc6d57e527faef9f32c5c9f79334275bdfd41 Mon Sep 17 00:00:00 2001 From: sbasan Date: Wed, 20 Sep 2023 00:48:16 +0200 Subject: [PATCH] add: zone based firewall policy definition builder endpoints --- ENDPOINTS.md | 7 + ..._zone_based_firewall_definition_builder.py | 140 ++++++++++++++++++ vmngclient/endpoints/endpoints_container.py | 6 + 3 files changed, 153 insertions(+) create mode 100644 vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py diff --git a/ENDPOINTS.md b/ENDPOINTS.md index fb06218d1..7a12c81f6 100644 --- a/ENDPOINTS.md +++ b/ENDPOINTS.md @@ -80,6 +80,13 @@ GET /template/policy/list/vpn||[**ConfigurationPolicyVPNListBuilder.get_policy_l GET /template/policy/list/vpn/filtered||[**ConfigurationPolicyVPNListBuilder.get_policy_lists_with_info_tag**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_vpn_list_builder.py#L82)||DataSequence[[**VPNList**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_vpn_list_builder.py#L50)]| POST /template/policy/list/vpn/preview||[**ConfigurationPolicyVPNListBuilder.preview_policy_list**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_vpn_list_builder.py#L89)|[**VPNListCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_vpn_list_builder.py#L42)|[**PolicyListPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_list.py#L39)| GET /template/policy/list/vpn/preview/{id}||[**ConfigurationPolicyVPNListBuilder.preview_policy_list_by_id**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_vpn_list_builder.py#L93)||[**PolicyListPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_list.py#L39)| +POST /template/policy/definition/zonebasedfw||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.create_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L105)|[**ZoneBasedFWPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L88)|[**PolicyDefinitionId**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L279)| +DELETE /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.delete_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L110)||None| +PUT /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.edit_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L118)||[**PolicyDefinitionEditResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L325)| +GET /template/policy/definition/zonebasedfw||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.get_definitions**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L122)||DataSequence[[**ZoneBasedFWPolicyInfo**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L100)]| +GET /template/policy/definition/zonebasedfw/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.get_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L126)||[**ZoneBasedFWPolicyGetResponse**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L92)| +POST /template/policy/definition/zonebasedfw/preview||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.preview_policy_definition**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L130)|[**ZoneBasedFWPolicyCreationPayload**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L88)|[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| +GET /template/policy/definition/zonebasedfw/preview/{id}||[**ConfigurationPolicyZoneBasedFirewallDefinitionBuilder.preview_policy_definition_by_id**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py#L134)||[**PolicyDefinitionPreview**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/model/policy/policy_definition.py#L329)| GET /settings/configuration/{setting_type}||[**ConfigurationSettings.get_configuration_by_setting_type**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_settings.py#L208)||dict| GET /settings/configuration/organization||[**ConfigurationSettings.get_organizations**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_settings.py#L212)||DataSequence[[**Organization**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_settings.py#L29)]| GET /settings/configuration/device||[**ConfigurationSettings.get_devices**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_settings.py#L216)||DataSequence[[**Device**](https://github.com/CiscoDevNet/vManage-client/blob/main/vmngclient/endpoints/configuration_settings.py#L35)]| diff --git a/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py b/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py new file mode 100644 index 000000000..9700b5d1a --- /dev/null +++ b/vmngclient/endpoints/configuration_policy_zone_based_firewall_definition_builder.py @@ -0,0 +1,140 @@ +# mypy: disable-error-code="empty-body" +from typing import List, Union + +from pydantic import BaseModel, Field +from typing_extensions import Annotated + +from vmngclient.endpoints import APIEndpoints, delete, get, post, put +from vmngclient.model.policy.policy_definition import ( + AppListEntry, + DefinitionSequence, + DestinationDataPrefixListEntry, + DestinationFQDNEntry, + DestinationGeoLocationEntry, + DestinationGeoLocationListEntry, + DestinationIPEntry, + DestinationPortEntry, + DestinationPortListEntry, + Match, + PolicyDefinitionBody, + PolicyDefinitionEditResponse, + PolicyDefinitionHeader, + PolicyDefinitionId, + PolicyDefinitionInfo, + PolicyDefinitionPreview, + ProtocolEntry, + ProtocolNameListEntry, + SequenceType, + SourceDataPrefixListEntry, + SourceFQDNEntry, + SourceFQDNListEntry, + SourceGeoLocationEntry, + SourceGeoLocationListEntry, + SourceIPEntry, + SourcePortEntry, + SourcePortListEntry, +) +from vmngclient.typed_list import DataSequence + +ZoneBasedFWPolicySequenceEntry = Annotated[ + Union[ + SourceFQDNListEntry, + ProtocolEntry, + SourceIPEntry, + SourcePortEntry, + DestinationIPEntry, + DestinationPortEntry, + SourceFQDNEntry, + DestinationFQDNEntry, + SourceGeoLocationEntry, + DestinationGeoLocationEntry, + SourceDataPrefixListEntry, + DestinationDataPrefixListEntry, + SourceGeoLocationListEntry, + DestinationGeoLocationListEntry, + SourcePortListEntry, + DestinationPortListEntry, + ProtocolNameListEntry, + AppListEntry, + ], + Field(discriminator="field"), +] + + +class ZoneBasedFWPolicyMatch(Match): + entries: List[ZoneBasedFWPolicySequenceEntry] + + +class ZoneBasedFWPolicySequence(DefinitionSequence): + sequence_type: SequenceType = Field(default=SequenceType.ZONE_BASED_FW, const=True, alias="sequenceType") + match: ZoneBasedFWPolicyMatch + + +class ZoneBasedFWPolicyEntry(BaseModel): + source_zone: str = Field(default="self", alias="sourceZone") + destination_zone: str = Field(alias="destinationZone") + + +class ZoneBasedFWPolicy(PolicyDefinitionHeader): + type: str = Field(default="zoneBasedFW", const=True) + mode: str = Field(default="security", const=True) + + +class ZoneBasedFWPolicyDefinition(PolicyDefinitionBody): + sequences: List[ZoneBasedFWPolicySequence] = [] + entries: List[ZoneBasedFWPolicyEntry] + + +class ZoneBasedFWPolicyCreationPayload(ZoneBasedFWPolicy): + definition: ZoneBasedFWPolicyDefinition + + +class ZoneBasedFWPolicyGetResponse(ZoneBasedFWPolicyCreationPayload, PolicyDefinitionId): + pass + + +class ZoneBasedFWPolicyEditPayload(ZoneBasedFWPolicyCreationPayload, PolicyDefinitionId): + pass + + +class ZoneBasedFWPolicyInfo(ZoneBasedFWPolicy, PolicyDefinitionInfo): + pass + + +class ConfigurationPolicyZoneBasedFirewallDefinitionBuilder(APIEndpoints): + @post("/template/policy/definition/zonebasedfw") + def create_policy_definition(self, payload: ZoneBasedFWPolicyCreationPayload) -> PolicyDefinitionId: + # POST /template/policy/definition/zonebasedfw + ... + + @delete("/template/policy/definition/zonebasedfw/{id}") + def delete_policy_definition(self, id: str) -> None: + ... + + def edit_multiple_policy_definition(self): + # PUT /template/policy/definition/zonebasedfw/multiple/{id} + ... + + @put("/template/policy/definition/zonebasedfw/{id}") + def edit_policy_definition(self, id: str) -> PolicyDefinitionEditResponse: + ... + + @get("/template/policy/definition/zonebasedfw", "data") + def get_definitions(self) -> DataSequence[ZoneBasedFWPolicyInfo]: + ... + + @get("/template/policy/definition/zonebasedfw/{id}") + def get_policy_definition(self, id: str) -> ZoneBasedFWPolicyGetResponse: + ... + + @post("/template/policy/definition/zonebasedfw/preview") + def preview_policy_definition(self, payload: ZoneBasedFWPolicyCreationPayload) -> PolicyDefinitionPreview: + ... + + @get("/template/policy/definition/zonebasedfw/preview/{id}") + def preview_policy_definition_by_id(self, id: str) -> PolicyDefinitionPreview: + ... + + def save_policy_definition_in_bulk(self): + # PUT /template/policy/definition/zonebasedfw/bulk + ... diff --git a/vmngclient/endpoints/endpoints_container.py b/vmngclient/endpoints/endpoints_container.py index 84f71a2e1..3fd403216 100644 --- a/vmngclient/endpoints/endpoints_container.py +++ b/vmngclient/endpoints/endpoints_container.py @@ -16,6 +16,9 @@ from vmngclient.endpoints.configuration_policy_data_prefix_list_builder import ConfigurationPolicyDataPrefixListBuilder from vmngclient.endpoints.configuration_policy_site_list_builder import ConfigurationPolicySiteListBuilder from vmngclient.endpoints.configuration_policy_vpn_list_builder import ConfigurationPolicyVPNListBuilder +from vmngclient.endpoints.configuration_policy_zone_based_firewall_definition_builder import ( + ConfigurationPolicyZoneBasedFirewallDefinitionBuilder, +) from vmngclient.endpoints.configuration_settings import ConfigurationSettings from vmngclient.endpoints.configuration_vsmart_template_policy import ConfigurationVSmartTemplatePolicy from vmngclient.endpoints.monitoring_device_details import MonitoringDeviceDetails @@ -44,6 +47,9 @@ def __init__(self, session: vManageSession): self.configuration_policy_site_list_builder = ConfigurationPolicySiteListBuilder(session) self.configuration_policy_vpn_list_builder = ConfigurationPolicyVPNListBuilder(session) self.configuration_vsmart_template_policy = ConfigurationVSmartTemplatePolicy(session) + self.configuration_policy_zone_based_firewall_definition_builder = ( + ConfigurationPolicyZoneBasedFirewallDefinitionBuilder(session) + ) self.configuration_settings = ConfigurationSettings(session) self.monitoring_device_details = MonitoringDeviceDetails(session) self.monitoring_status = MonitoringStatus(session)