Example #1
0
 def _remove_from_acl(self, acl):
     """
     """
     if acl._acl_header:
         try:
             self.log.debug('Delete named ACE=%d from ACL' % self._sequence)
             self._ace_handle = acl._acl_client.deleteNamedAce_IDL(
                 acl._acl_header.name, acl._acl_handle,
                 c_int(self._sequence).value, acl._acl_header.lifetime,
                 acl._acl_header.addrFamily)
             self.log.info(
                 'Returned from deleteNamedAce_IDL idl call to remove a L3-ace from L3-acl'
             )
         except ExceptionIDL as e:
             raise OnepRemoteProcedureException(e)
         except TException as e:
             raise OnepConnectionException(e.message, e)
     else:
         try:
             self.log.debug('Deleted ACE from ACL')
             self._ace_handle = acl._acl_client.deleteAce_IDL(
                 acl._acl_handle, self._ace_handle)
             self.log.info(
                 'Returned from deleteAce_IDL idl call to remove a L3-ace from L3-acl'
             )
         except ExceptionIDL as e:
             raise OnepRemoteProcedureException(e)
         except TException as e:
             raise OnepConnectionException(e.message, e)
     self._acl = None
Example #2
0
def trace_request(element, profile, path_spec, timeout):
    """
        Trace request allows applications to gather network device information along
        a path without addressing each device directly.
    
        @param element: NetworkElement class
        @type element: {NetworkElement<onep.element.NetworkElement>}
        @param profile: mtrace.ProfileType of trace
        @type profile: {ProfileType<onep.mediatrace.mtrace.ProfileType>}
        @param path_spec: PathSpecifier class
        @type path_spec: {PathSpecifier<onep.mediatrace.mtrace.PathSpecifier>}
        @param timeout: Timeout value of trace
        @type timeout: C{int}
    
        """
    if not ProfileType._is_valid(profile):
        raise OnepIllegalArgumentException('Invalid profile type ' +
                                           str(profile))
    if not isinstance(path_spec, PathSpecifier):
        raise OnepIllegalArgumentException('Invalid path spec ' +
                                           str(path_spec))
    if timeout < 0:
        raise OnepIllegalArgumentException('Invalid timeout ' + str(timeout))
    try:
        client = PathTraceIDL.Client(element.api_protocol)
        ptreq_idl = PathTraceRequestIDL(profile, timeout, path_spec._to_idl())
        graph_idl = client.PathTrace_executeRequestIDL(
            element.session_handle._id, ptreq_idl)
        return MediatraceRoute(graph_idl)
    except ExceptionIDL as e:
        return OnepRemoteProcedureException(e)
Example #3
0
 def get_match(self):
     """ Get ACE match count.
     
             Get the count of matches for this ACE.
     
             @return: Count Match.
             @rtype: C{int}
     
             @raise OnepRemoteProcedureException: If error occurs when remote procedure call is made to network element.
             @raise OnepConnectionException: If connection to network element fails.
             """
     count = 0
     try:
         if self._acl._acl_header:
             self.log.debug('Get named ACE match count')
             count = self._acl._acl_client.getNamedAceMatch_IDL(
                 self._acl._acl_header.name, self._acl._acl_handle,
                 c_int(self._sequence).value,
                 self._acl._acl_header.lifetime,
                 self._acl._acl_header.addrFamily)
         else:
             self.log.debug('Get ACE match count')
             count = self._acl._acl_client.getAceMatch_IDL(
                 self._acl._acl_handle, self._ace_handle)
         self.log.debug('Returned ace match count %s', str(count))
     except ExceptionIDL as e:
         raise OnepRemoteProcedureException(e)
     except TException as e:
         raise OnepConnectionException(e.message, e)
     return count
Example #4
0
    def get_capabilities(self, element):
        """
                ***DEPRECATED***
                Please use caps.get_table_capabilities()
                ****************
                -----------------------------------------------------------------------------------
                Returns a list of PolicyTable classes containing all capabilities on network element
        
                @param NetworkElement class
                @type element: {NetworkElement<onep.element.NetworkElement>}
        
                @return PolicyTable classes
                @rtype: list of L{PolicyTable<onep.policyservice.caps.PolicyTable>}
        
                """
        self.log.warning(
            'PolicyCapabilities.get_capabilities classmethod is deprecated, Please use caps.get_table_capabilities'
        )
        try:
            tables = Client(element.api_protocol).Policy_getGlobalCapIDL(
                element.session_handle._id).tables
        except ExceptionIDL as e:
            raise OnepRemoteProcedureException(e)
        table_classes = []
        for table in tables:
            pt = PolicyTable(table)
            pt.actions = _translate_action_enums(table)
            pt.matches = _translate_match_enums(table)
            table_classes.append(pt)

        return table_classes
Example #5
0
def get_global_capabilities(element):
    """ 
        Return a PolicyGlobal class specific to network element
    
        @param NetworkElement class
        @type element: {NetworkElement<onep.element.NetworkElement>}
    
        @return PolicyGlobal class
        @rtype: {PolicyGlobal<onep.policyservice.caps.PolicyGlobal>}
    
        """
    try:
        global_caps = Client(element.api_protocol).Policy_getGlobalCapIDL(
            element.session_handle._id)
    except ExceptionIDL as e:
        raise OnepRemoteProcedureException(e)
    return PolicyGlobal(global_caps)
Example #6
0
    def __init__(self, type, element):
        """ 
                Class PolicyCapabilities.
                
                @param type: PolicyCapabilitiesType for type of policy
                @type type: {PolicyCapabilitiesType<onep.policyservice.caps.PolicyCapabilitiesType>}
                @param element: NetworkElement instance. 
                @type element: {NetworkElement<onep.element.NetworkElement>}
                
                @raise OnepIllegalArgumentException: If any of the constructor argument is invalid.
        
                """
        if not PolicyCapabilitiesType._is_valid(type):
            raise OnepIllegalArgumentException('invalid policy type')
        self.policy_type = type
        self.network_element = element
        self.session_id = element.session_handle._id
        self.client = Client(element.api_protocol)
        self.table = {'type': None, 'actions': [], 'matches': []}
        self.table['matches'] = self.matches = []
        self.table['actions'] = self.actions = []
        self.table_classes = []
        try:
            self.all = self.client.Policy_getGlobalCapIDL(self.session_id)
        except ExceptionIDL as e:
            raise OnepRemoteProcedureException(e)
        type_supported = False
        for tbl in self.all.tables:
            if tbl.type == type:
                self.table['type'] = type
                self.table['actions'] = self.actions = _translate_action_enums(
                    tbl)
                self.table['matches'] = self.matches = _translate_match_enums(
                    tbl)
                pt = PolicyTable(tbl)
                pt.actions = self.actions
                pt.matches = self.matches
                self.table_classes.append(pt)
                break

        if not self.table['type']:
            raise OnepNotSupportedException(
                'Policy type ' + PolicyCapabilitiesType.enumval(type))
Example #7
0
def get_table_capabilities(element):
    """
        Returns a list of PolicyTable classes with capabilities per policy type
    
        @param NetworkElement class
        @type element: {NetworkElement<onep.element.NetworkElement>}
    
        @return PolicyTable classes
        @rtype: list of L{PolicyClass<onep.policyservice.caps.PolicyTable>}
    
        """
    try:
        tables = Client(element.api_protocol).Policy_getGlobalCapIDL(
            element.session_handle._id).tables
    except ExceptionIDL as e:
        raise OnepRemoteProcedureException(e)
    table_classes = []
    for table in tables:
        pt = PolicyTable(table)
        pt.actions = _translate_action_enums(table)
        pt.matches = _translate_match_enums(table)
        table_classes.append(pt)

    return table_classes
Example #8
0
 def get_table_capabilities(self, element):
     """
             ***DEPRECATED***
             Please use caps.get_table_capabilities()
             ****************
             -----------------------------------------------------------------------------------
             Returns a list of PolicyQuery.PolicyCapabilitiesType supported on network element
     
             @param NetworkElement class
             @type element: {NetworkElement<onep.policy.element.NetworkElement>}
     
             @return PolicyCapabilitiesType enums
             @rtype: list of L{PolicyCapabilitiesType<onep.policyservice.caps.PolicyCapabilitiesType>}
     
             """
     self.log.warning(
         'PolicyCapabilities.get_table_capabilities classmethod is deprecated. Please use caps.get_table_capabilities'
     )
     try:
         tables = Client(element.api_protocol).Policy_getGlobalCapIDL(
             element.session_handle._id).tables
     except ExceptionIDL as e:
         raise OnepRemoteProcedureException(e)
     return [table.type for table in tables]
Example #9
0
 def _add_to_acl(self, acl):
     """
     """
     self._validate_prefix(self.src_prefix, 'Source')
     self._validate_prefix_len(self.src_prefix_len, 'Source',
                               HostIpCheck(self.src_prefix).is_ipv4())
     self._validate_prefix(self.dst_prefix, 'Destination')
     self._validate_prefix_len(self.dst_prefix_len, 'Destination',
                               HostIpCheck(self.dst_prefix).is_ipv4())
     src_addr_type = self._af_check(self.src_prefix)
     if src_addr_type == self._AF_INET:
         if self.src_prefix_len > 32:
             raise OnepIllegalArgumentException(
                 'Source prefix length for AF_INET source prefix > 32')
         elif self.src_prefix_len == None:
             self.src_prefix_len = 32
         src_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET
     elif src_addr_type == self._AF_INET6:
         if self.src_prefix_len > 128:
             raise OnepIllegalArgumentException(
                 'Source prefix length for AF_INET6 source prefix > 128')
         elif self.src_prefix_len == None:
             self.src_prefix_len = 128
         src_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET6
     else:
         raise OnepIllegalArgumentException('Invalid Source prefix Address')
     dst_addr_type = self._af_check(self._dst_prefix)
     if dst_addr_type == self._AF_INET:
         if self.dst_prefix_len > 32:
             raise OnepIllegalArgumentException(
                 'Destination prefix length for AF_INET destination prefix > 32'
             )
         elif self.dst_prefix_len == None:
             self.dst_prefix_len = 32
         dst_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET
     elif dst_addr_type == self._AF_INET6:
         if self.dst_prefix_len > 128:
             raise OnepIllegalArgumentException(
                 'Destination prefix length for AF_INET6 destination prefix > 128'
             )
         elif self.dst_prefix_len == None:
             self.dst_prefix_len = 128
         dst_prefix_af = OnepConstants.OnepAddressFamilyType.ONEP_AF_INET6
     else:
         raise OnepIllegalArgumentException(
             'Invalid Destination prefix Address')
     if self.dst_prefix_len == 0:
         dst_prefix_af = src_prefix_af
     if self.src_prefix_len == 0:
         src_prefix_af = dst_prefix_af
     if not src_prefix_af == dst_prefix_af:
         raise OnepIllegalArgumentException(
             'Source prefix address family and Destination prefix address family are not same.'
         )
     if self.src_prefix_len != 0 and src_prefix_af != acl._afi:
         raise OnepIllegalArgumentException(
             'L3-Ace address family  not same as L3-Acl address family')
     if self.dst_prefix_len != 0 and dst_prefix_af != acl._afi:
         raise OnepIllegalArgumentException(
             'L3-Ace address family not same as L3-Acl address family')
     if not self._acl == None:
         raise OnepIllegalArgumentException(
             'L3 Access Control Element(ACE) already added to L3 Access Control List(ACL)'
         )
     self.log.info('Basic Validation of all L3-ace parameters completed.')
     self._acl = acl
     ace_param = L3AceParam_IDL(
         c_int(self._sequence).value, self.permit, src_prefix_af,
         self.src_prefix, self.src_prefix_len, self.dst_prefix,
         self.dst_prefix_len, self.protocol, self.src_port_oper,
         c_short(self.src_port1).value,
         c_short(self._src_port2).value, self.dst_port_oper,
         c_short(self.dst_port1).value,
         c_short(self._dst_port2).value, self._tcp_flag_value,
         self._tcp_flag_mask, self._tcp_flag_match, self._dscp, self._flags,
         self._ttl, acl._app_id, acl._app_id, self._dscp_v2)
     self.log.info(
         'Successfully created L3-ace parameters through idl call L3AceParam_IDL'
     )
     if acl._acl_header:
         try:
             self.log.debug('Added named ACE to ACL')
             self._ace_handle = acl._acl_client.addNamedL3Ace_IDL(
                 acl._acl_header.name, acl._acl_handle,
                 acl._acl_header.lifetime, acl._acl_header.addrFamily,
                 ace_param)
             self.log.info(
                 'Returned from addNamedL3Ace_IDL idl call to add a L3-ace in L3-acl'
             )
         except ExceptionIDL as e:
             raise OnepRemoteProcedureException(e)
         except TException as e:
             raise OnepConnectionException(e.message, e)
     else:
         try:
             self.log.debug('Added ACE to ACL')
             self._ace_handle = acl._acl_client.addL3Ace_IDL(
                 acl._acl_handle, ace_param)
             self.log.info(
                 'Returned from addL3Ace_IDL idl call to add a L3-ace in L3-acl'
             )
         except ExceptionIDL as e:
             raise OnepRemoteProcedureException(e)
         except TException as e:
             raise OnepConnectionException(e.message, e)