def pursue(identity, candidate): """Try to detain this identity if applicable If profile says to not keep closed, we lift the detention for this identity after detaining the new interface. This also means that when detaining manually we keep all interfaces closed as this was the behavior in the old code. """ _logger.info("%s is active on interface %s", candidate.mac, candidate.interface) # Check if this reason is a part of any detention profile. If it is we # need to fetch the vlans from that profile and see if the new ip is on # one of those vlans or have to be skipped. profile = is_detained_by_profile(identity) if profile and not should_pursue(identity, profile): return try: raise_if_detainment_not_allowed(candidate.interface) except DetainmentNotAllowedError as error: _logger.error(error) return identity.autoenablestep = find_autoenable_step(identity) detain(identity, candidate) if profile and profile.keep_closed == 'n': try: open_port(identity, getpass.getuser(), 'Blocked on another interface') except GeneralException as error: _logger.error(error)
def main(): """Main controller""" init_generic_logging( logfile=nav.buildconf.localstatedir + "/log/arnold/autoenable.log", stderr=False, read_config=True, ) LOGGER.info("Starting autoenable") candidates = Identity.objects.filter( autoenable__lte=datetime.now(), status__in=['disabled', 'quarantined']) if len(candidates) <= 0: LOGGER.info("No ports ready for opening.") sys.exit(0) # For each port that is blocked, try to enable the port. for candidate in candidates: try: open_port(candidate, getpass.getuser(), eventcomment="Opened automatically by autoenable") interface = candidate.interface netbox = interface.netbox LOGGER.info("Opening %s %s:%s for %s", netbox.sysname, interface.module, interface.baseport, candidate.mac) except GeneralException as why: LOGGER.error(why) continue
def main(): """Main controller""" init_logging(nav.buildconf.localstatedir + "/log/arnold/autoenable.log") LOGGER.info("Starting autoenable") candidates = Identity.objects.filter( autoenable__lte=datetime.now(), status__in=['disabled', 'quarantined']) if len(candidates) <= 0: LOGGER.info("No ports ready for opening.") sys.exit(0) # For each port that is blocked, try to enable the port. for candidate in candidates: try: open_port(candidate, getpass.getuser(), eventcomment="Opened automatically by autoenable") interface = candidate.interface netbox = interface.netbox LOGGER.info("Opening %s %s:%s for %s" % ( netbox.sysname, interface.module, interface.baseport, candidate.mac)) except GeneralException, why: LOGGER.error(why) continue
def lift_detentions(request): """Lift all detentions given in form""" if request.method == 'POST': account = get_account(request) for detentionid in request.POST.getlist('detentions'): identity = Identity.objects.get(pk=detentionid) open_port(identity, account.login, 'Enabled from web') return redirect('arnold-detainedports')
profile = is_detained_by_profile(identity) if profile and not should_pursue(identity, profile): return try: raise_if_detainment_not_allowed(candidate.interface) except DetainmentNotAllowedError, error: LOGGER.error(error) return identity.autoenablestep = find_autoenable_step(identity) detain(identity, candidate) if profile and profile.keep_closed == 'n': try: open_port(identity, getpass.getuser(), 'Blocked on another interface') except GeneralException, error: LOGGER.error(error) def is_detained_by_profile(identity): """Check that this identity is detained with a detention profile""" try: return DetentionProfile.objects.get( justification=identity.justification) except DetentionProfile.DoesNotExist: return None def find_autoenable_step(identity): """Find and set autoenablestep"""