def add_contact_address(self, contact_address, location='Default'):
"""
Add a contact address to this specified interface. A
contact address is an alternative address which is
typically applied when NAT is used between the NGFW
and another component (such as management server). Adding a
contact address operation is committed immediately.
:param str contact_address: IP address for this contact address.
:raises EngineCommandFailed: invalid contact address
:return: None
"""
location = location_helper(location)
if self.data:
duplicate = False
for address in self.data['contact_addresses']:
if address['location_ref'] == location:
address['address'] = contact_address
duplicate = True
break
if not duplicate:
self.data['contact_addresses'].append({
'address': contact_address,
'location_ref': location,
'dynamic': False
})
else:
self.data['contact_addresses'] = \
[{'address': contact_address,
'location_ref': location,
'dynamic': False}]
self.update()
def remove_by_location(self, location):
if len(self.data):
location = location_helper(location)
contact = self.data['multi_contact_addresses']
addresses = [
locations for locations in contact
if locations['location_ref'] != location
]
contact = addresses
self.data['multi_contact_addresses'] = addresses
self.update()
def test_add_remove_log_contact_address(self):
# Assuming only one log server
log_srv = LogServer.objects.first()
log_srv.add_contact_address(
contact_address='3.3.3.3', location='logserverlocation')
location_ref = location_helper('logserverlocation')
for contact in log_srv.contact_addresses():
if contact.location_ref == location_ref:
self.assertIn('3.3.3.3', contact.addresses)
# Now remove
log_srv.remove_contact_address('logserverlocation')
self.assertTrue(len(log_srv.contact_addresses()) == 0)
def add(self, contact_address, location):
location = location_helper(location)
updated = False
for loc in self:
if loc.location_ref == location:
if contact_address not in loc.addresses:
loc.data['addresses'].append(contact_address)
updated = True
if not updated:
self.data.setdefault('multi_contact_addresses', []).append(
dict(addresses=[contact_address], location_ref=location))
self.update()
def get(self, location_name):
"""
Get a contact address by location name
:param str location_name: name of location
:return: return contact address element or None
:rtype: ContactAddress
"""
location_ref = location_helper(location_name, search_only=True)
if location_ref:
for location in self:
if location.location_ref == location_ref:
return location
def _add_contact_address(addresses, contact_address, location):
"""
:param list addresses: existing contact addresses from call to
contact_addresses()
:param str contact_address: contact address provided for server
:param str location: location of element, created if it doesnt exist
"""
location_ref = location_helper(location)
addr = {'addresses': [contact_address],
'location_ref': location_ref}
addresses = [] if not addresses else addresses
addresses.append(addr)
return {'multi_contact_addresses': addresses}
def update_or_create(self,
location,
contact_addresses,
with_status=False,
overwrite_existing=False,
**kw):
"""
Update or create a contact address and location pair. If the
location does not exist it will be automatically created. If the
server already has a location assigned with the same name, the
contact address specified will be added if it doesn't already
exist (Management and Log Server can have multiple address for a
single location).
:param list(str) contact_addresses: list of contact addresses for
the specified location
:param str location: location to place the contact address in
:param bool overwrite_existing: if you want to replace existing
location to address mappings set this to True. Otherwise if
the location exists, only new addresses are appended
:param bool with_status: if set to True, a 3-tuple is returned with
(Element, modified, created), where the second and third tuple
items are booleans indicating the status
:raises UpdateElementFailed: failed to update element with reason
:rtype: MultiContactAddress
"""
updated, created = False, False
location_ref = location_helper(location)
if location_ref in self:
for loc in self:
if loc.location_ref == location_ref:
if overwrite_existing:
loc['addresses'][:] = contact_addresses
updated = True
else:
for ca in contact_addresses:
if ca not in loc.addresses:
loc['addresses'].append(ca)
updated = True
else:
self.data.setdefault('multi_contact_addresses', []).append(
dict(addresses=contact_addresses, location_ref=location_ref))
created = True
if updated or created:
self.update()
if with_status:
return self, updated, created
return self
def add_location(self, location_name):
"""
Create a unique Location for the AWS Firewall if the NAT address is set.
If nat_address is not set, then location will be None for the engine.
This assumes that the SMC is not located behind NAT.
:return: str of location or None
"""
if self.nat_address: #SMC behind NAT
# Add to management server
mgt = ManagementServer.objects.first()
mgt.add_contact_address(self.nat_address, location_name)
log = LogServer.objects.first()
log.add_contact_address(self.nat_address, location_name)
return location_helper(location_name)
def mock_location_helper(m, location):
"""
Mocks the real smc.elements.helpers.location_helper
:param str location: name
"""
register_request(m, '/elements?filter_context=location',
json={'result': [{'href': '{}/location/1'.format(url),
'name': location,
'type':'location'}]})
#m.get('/elements?filter_context=location',
# headers={'content-type': 'application/json'},
# json={'result': [{'href': '{}/location/1'.format(url),
# 'name': location,
# 'type':'location'}]})
return location_helper(location)
def update_or_create(self,
location,
contact_address,
with_status=False,
**kw):
"""
Update an existing contact address or create if the location does
not exist.
:param str location: name of the location, the location will be added
if it doesn't exist
:param str contact_address: contact address IP. Can be the string 'dynamic'
if this should be a dynamic contact address (i.e. on DHCP interface)
:param bool with_status: if set to True, a 3-tuple is returned with
(Element, modified, created), where the second and third tuple
items are booleans indicating the status
:raises UpdateElementFailed: failed to update element with reason
:rtype: ContactAddressNode
"""
updated, created = False, False
location_ref = location_helper(location)
if location_ref in self:
for ca in self:
if ca.location_ref == location_ref:
ca.update(
address=contact_address if "dynamic"
not in contact_address else "First DHCP Interface ip",
dynamic="true"
if "dynamic" in contact_address else "false",
)
updated = True
else:
self.data.setdefault("contact_addresses", []).append(
dict(
address=contact_address if "dynamic" not in contact_address
else "First DHCP Interface ip",
dynamic="true"
if "dynamic" in contact_address else "false",
location_ref=location_ref,
))
created = True
if updated or created:
self.update()
if with_status:
return self, updated, created
return self
def add_location(self, location_name):
"""
Create a unique Location for the AWS Firewall if the NAT address is set.
If nat_address is not set, then location will be None for the engine.
This assumes that the SMC is not located behind NAT.
:return: str of location or None
"""
if self.nat_address: #SMC behind NAT
# Add to management server
mgt = describe_mgt_server()
for server in mgt:
server.add_contact_address(self.nat_address, location_name)
log = describe_log_server()
for server in log:
server.add_contact_address(self.nat_address, location_name)
return location_helper(location_name)
def create(cls, address, location='Default', dynamic=False):
"""
Create a new contact address.
:param str address: IP Address of contact address
:param str location: Location element to associate with address
:param boolean dynamic: Is this a dynamic address
:return: dict contact address
"""
from smc.elements.helpers import location_helper
location_ref = location_helper(location)
address = [{
'address': address,
'dynamic': dynamic,
'location_ref': location_ref
}]
return {'contact_addresses': address}
def delete(self, location_name):
"""
Remove a given location by location name. This operation is
performed only if the given location is valid, and if so,
`update` is called automatically.
:param str location: location name or location ref
:raises UpdateElementFailed: failed to update element with reason
:rtype: bool
"""
updated = False
location_ref = location_helper(location_name, search_only=True)
if location_ref in self:
self._cas[:] = [loc for loc in self
if loc.location_ref != location_ref]
self.update()
updated = True
return updated
def delete(self, location_name):
"""
Remove a given location by location name. This operation is
performed only if the given location is valid, and if so,
`update` is called automatically.
:param str location: location name or location ref
:raises UpdateElementFailed: failed to update element with reason
:rtype: bool
"""
updated = False
location_ref = location_helper(location_name, search_only=True)
if location_ref in self:
self._cas[:] = [
loc for loc in self if loc.location_ref != location_ref
]
self.update()
updated = True
return updated
def create(self,
location_ref,
address,
dynamic=False,
overwrite_existing=False):
"""
Create a contact address for the given element. Address is always
a required field. If the contact address should be dynamic, then
the value of the address field should be assigned by the DHCP
interface name, i.e.::
external_endpoint.contact_addresses.create(
location=Location('foo'),
address='First DHCP Interface ip', dynamic=True)
If you set override_existing=True, any pre-existing contact addresses will
be removed, otherwise this is an append operation.
:param str,Location location_ref: href or Location element, location is created
if provided as a string and it doesn't exist
:param address: string repesenting address
:param bool dynamic: whether address is dynamic or static
:param bool overwrite_existing: whether to keep existing locations or
to overwrite default: False
:return: None
:raises: ActionCommandFailed
"""
json = [{
"location_ref": location_helper(location_ref),
"address": address,
"dynamic": dynamic
}]
if not overwrite_existing:
json.extend(addr.data for addr in self.items)
return self._subelement.make_request(
resource="contact_addresses",
method="update",
etag=self._etag,
json={"contact_addresses": json},
)
def add(self, contact_address, location):
location = location_helper(location)
if self.data:
seen = False
for address in self.data['multi_contact_addresses']:
if address['location_ref'] == location:
if contact_address not in address['addresses']:
address['addresses'].append(contact_address)
seen = True
break
if not seen:
self.data['multi_contact_addresses'].append({
'addresses': [contact_address],
'location_ref':
location
})
else:
self.data['multi_contact_addresses'] = \
[{'addresses': [contact_address],
'location_ref': location}]
self.update()
def provision_stonesoft(name, vnet=None, location=None):
"""
Create stonesoft firewall
"""
engine = Layer3Firewall.create_dynamic(
name=name,
interface_id=0,
dynamic_index=1,
default_nat=False,
location_ref=location_helper(location))
itf = engine.routing.get(0)
for network in itf:
routing_node = network.data['routing_node'][0]
routing_node['dynamic_classid'] = 'gateway'
network.update()
# License and Save Initial Configuration
node = engine.nodes[0]
node.bind_license()
return node.initial_contact(as_base64=True)
def test_add_remove_mgmt_contact_address(self):
# Add then remove a contact address
mgt = ManagementServer('Management Server')
mgt.add_contact_address(
contact_address='2.2.2.2', location='newlocation')
location_ref = location_helper('newlocation')
for contact in mgt.contact_addresses():
if contact.location_ref == location_ref:
self.assertIn('2.2.2.2', contact.addresses)
# Same location, just append new address
mgt.add_contact_address(
contact_address='3.3.3.3', location='newlocation')
# Test append to existing contact addresses but new location
mgt.add_contact_address(contact_address='4.4.4.4', location='foobar')
# Now remove
mgt.remove_contact_address('newlocation')
self.assertTrue(len(mgt.contact_addresses()) == 1)
# Check remaining - should just be contact addr with location foobar
addresses = mgt.contact_addresses()
self.assertTrue(len(addresses) == 1)
self.assertTrue(addresses[0].location == 'foobar')
def update_or_create(self, location, contact_address, with_status=False, **kw):
"""
Update an existing contact address or create if the location does
not exist.
:param str location: name of the location, the location will be added
if it doesn't exist
:param str contact_address: contact address IP. Can be the string 'dynamic'
if this should be a dynamic contact address (i.e. on DHCP interface)
:param bool with_status: if set to True, a 3-tuple is returned with
(Element, modified, created), where the second and third tuple
items are booleans indicating the status
:raises UpdateElementFailed: failed to update element with reason
:rtype: ContactAddressNode
"""
updated, created = False, False
location_ref = location_helper(location)
if location_ref in self:
for ca in self:
if ca.location_ref == location_ref:
ca.update(
address=contact_address if 'dynamic' not in contact_address\
else 'First DHCP Interface ip',
dynamic='true' if 'dynamic' in contact_address else 'false')
updated = True
else:
self.data.setdefault('contact_addresses', []).append(
dict(address=contact_address if 'dynamic' not in contact_address\
else 'First DHCP Interface ip',
dynamic='true' if 'dynamic' in contact_address else 'false',
location_ref=location_ref))
created = True
if updated or created:
self.update()
if with_status:
return self, updated, created
return self
def location(self, value):
self.data.update(location_ref=location_helper(value))
def remove_by_location(self, location):
if len(self.data):
location = location_helper(location)
data = [loc.data for loc in self if loc.location_ref != location]
self.data['multi_contact_addresses'] = data
self.update()
def test_location_helper(self):
result = location_helper('foolocation')
self.assertTrue(result.startswith('http'))
Location('foolocation').delete()
