def rest_api(self, method, url, body=None, headers=None, device_ip=None):
if method.lower() == 'get':
#first get totalnum
result = {"status": 500, "body":""}
body_store = ''
if '?' in url:
flag = '&'
else:
flag = '?'
uri = url + flag + 'pageindex=1&pagesize=1'
resp = self._rest_api(method, uri, body, headers, device_ip)
if resp['status'] >= 400:
return resp
total_num_list = ngfw_utils.parse_xml_name(json.dumps(resp), TOTALNUM_KEY_BEGIN, TOTALNUM_KEY_END)
if not total_num_list:
return resp
times = int(total_num_list[0]) / NGFW_PAGESIZE
left = int(total_num_list[0]) % NGFW_PAGESIZE
for i in range(times):
uri = url + flag + 'pageindex=%d&pagesize=%d' % (1+i, NGFW_PAGESIZE)
temp = self._rest_api(method, uri, body, headers, device_ip)
if temp['status'] >= 400:
return temp
body_store = body_store + temp['body']
if left:
uri = url + flag + 'pageindex=%d&pagesize=%d' % (1+times, NGFW_PAGESIZE)
temp = self._rest_api(method, uri, body, headers, device_ip)
if temp['status'] >= 400:
return temp
body_store = body_store + temp['body']
result['status'] = 200
result['body'] = body_store
else:
result = self._rest_api(method, url, body, headers, device_ip)
return result
def rest_api(self, method, url, body=None, headers=None, device_ip=None):
if method.lower() == 'get':
#first get totalnum
result = {"status": 500, "body": ""}
body_store = ''
if '?' in url:
flag = '&'
else:
flag = '?'
uri = url + flag + 'pageindex=1&pagesize=1'
resp = self._rest_api(method, uri, body, headers, device_ip)
if resp['status'] >= 400:
return resp
total_num_list = ngfw_utils.parse_xml_name(json.dumps(resp),
TOTALNUM_KEY_BEGIN,
TOTALNUM_KEY_END)
if not total_num_list:
return resp
times = int(total_num_list[0]) / NGFW_PAGESIZE
left = int(total_num_list[0]) % NGFW_PAGESIZE
for i in range(times):
uri = url + flag + 'pageindex=%d&pagesize=%d' % (1 + i,
NGFW_PAGESIZE)
temp = self._rest_api(method, uri, body, headers, device_ip)
if temp['status'] >= 400:
return temp
body_store = body_store + temp['body']
if left:
uri = url + flag + 'pageindex=%d&pagesize=%d' % (1 + times,
NGFW_PAGESIZE)
temp = self._rest_api(method, uri, body, headers, device_ip)
if temp['status'] >= 400:
return temp
body_store = body_store + temp['body']
result['status'] = 200
result['body'] = body_store
else:
result = self._rest_api(method, url, body, headers, device_ip)
return result
def _compare_floatingip_list(self, ri):
collect_fip = {}
floating_ips = self.get_ngfw_floating_ips(ri)
for floating_ip in floating_ips:
collect_fip.update({ngfw_utils.get_floatingip_name(floating_ip['id']):
floating_ip['id']})
nat_fip = {}
floating_ips_list = self._get_all_floating_ips_list()
nat_name_list = ngfw_utils.parse_xml_name(floating_ips_list,
NAT_NAME_KEY_BEGIN,
NAT_NAME_KEY_END)
for nat_name in nat_name_list:
prefix = ngfw_utils.get_dnat_rule_name(ri)
if nat_name.startswith(prefix):
nat_fip.update({nat_name.split('_')[-1]:nat_name})
collect_fip_keys = collect_fip.keys()
nat_name_list_keys = nat_fip.keys()
need_add = set(collect_fip_keys) - set(nat_name_list_keys)
need_del = set(nat_name_list_keys) - set(collect_fip_keys)
return (need_add, need_del, collect_fip, nat_fip)
def _get_all_nat_name(self, floating_ips_list):
global_ip_list = ngfw_utils.parse_xml_name(floating_ips_list,
NAT_NAME_KEY_BEGIN,
NAT_NAME_KEY_END)
return global_ip_list
def _get_all_global_ip(self, floating_ips_list):
global_ip_list = ngfw_utils.parse_xml_name(floating_ips_list,
GLOBAL_IP_KEY_BEGIN,
GLOBAL_IP_KEY_END)
return global_ip_list
def _get_all_inside_ip(self, floating_ips_list):
inside_ip_list = ngfw_utils.parse_xml_name(floating_ips_list,
INSIDE_IP_KEY_BEGIN,
INSIDE_IP_KEY_END)
return inside_ip_list
index = bodyinfo.find('</addr-object>')
bodyinfo = bodyinfo[index + len('</addr-object>'):]
if bodyinfo.startswith('<addr-group>'):
addr_group_info = ngfw_utils.get_value_from_xml(
'addr-group', bodyinfo)
addr_group = ngfw_utils.analysis_addr_group(addr_group_info)
address_set['addr-group'].append(addr_group)
index = bodyinfo.find('</addr-group>')
bodyinfo = bodyinfo[index + len('</addr-group>'):]
return address_set
def _get_director_for_acl(self):
try:
director_for_acl = cfg.CONF.ngfw.director_for_acl
ip_list = director_for_acl.split(',')
except:
LOG.error(_('get director ip for acl failed, invalid format'))
return None
ip = ip_list[0]
if self.plugutil.is_ip(ip):
return ip
return None
if __name__ == '__main__':
ngfwDriver = ngfwFwaasDriver()
result, test = ngfwDriver._get_security_policy_list()
rule_name_list = ngfw_utils.parse_xml_name(test, RULE_NAME_KEY_BEGIN,
RULE_NAME_KEY_END)
print rule_name_list
index = bodyinfo.find('</addr-object>')
bodyinfo = bodyinfo[index+len('</addr-object>'):]
if bodyinfo.startswith('<addr-group>'):
addr_group_info = ngfw_utils.get_value_from_xml('addr-group', bodyinfo)
addr_group = ngfw_utils.analysis_addr_group(addr_group_info)
address_set['addr-group'].append(addr_group)
index = bodyinfo.find('</addr-group>')
bodyinfo = bodyinfo[index+len('</addr-group>'):]
return address_set
def _get_director_for_acl(self):
try:
director_for_acl = cfg.CONF.ngfw.director_for_acl
ip_list = director_for_acl.split(',')
except:
LOG.error(_('get director ip for acl failed, invalid format'))
return None
ip = ip_list[0]
if self.plugutil.is_ip(ip):
return ip
return None
if __name__ == '__main__':
ngfwDriver = ngfwFwaasDriver()
result, test = ngfwDriver._get_security_policy_list()
rule_name_list = ngfw_utils.parse_xml_name(test,
RULE_NAME_KEY_BEGIN,
RULE_NAME_KEY_END)
print rule_name_list
