def _RepositoryTagsHelper(self, target=None, filter_type='', filter_name=''):
if target is None:
target = []
if filter_type == 'standard' and filter_name.isdigit():
target.extend(aclgenerator.AddRepositoryTags(
'access-list %s remark ' % filter_name, date=False, revision=False))
else:
target.extend(aclgenerator.AddRepositoryTags(
' remark ', date=False, revision=False))
return target
def __str__(self):
target_header = []
target = []
# add the p4 tags
target.extend(aclgenerator.AddRepositoryTags('! '))
for (header, filter_name, filter_list, terms,
obj_target) in self.cisco_policies:
for filter_type in filter_list:
target.extend(
self._AppendTargetByFilterType(filter_name, filter_type))
if filter_type == 'object-group':
obj_target.AddName(filter_name)
# Add the Perforce Id/Date tags, these must come after
# remove/re-create of the filter, otherwise config mode doesn't
# know where to place these remarks in the configuration.
if self.verbose:
if filter_type == 'standard' and filter_name.isdigit():
target.extend(
aclgenerator.AddRepositoryTags(
'access-list %s remark ' % filter_name,
date=False,
revision=False))
else:
target.extend(
aclgenerator.AddRepositoryTags(' remark ',
date=False,
revision=False))
# add a header comment if one exists
for comment in aclgenerator.WrapWords(
header.comment, _COMMENT_MAX_WIDTH):
for line in comment.split('\n'):
if (self._PLATFORM == 'cisco'
and filter_type == 'standard'
and filter_name.isdigit()):
target.append('access-list %s remark %s' %
(filter_name, line))
else:
target.append(' remark %s' % line)
# now add the terms
for term in terms:
term_str = str(term)
if term_str:
target.append(term_str)
if obj_target.valid:
target = [str(obj_target)] + target
# ensure that the header is always first
target = target_header + target
target += ['', 'exit', '']
return '\n'.join(target)
def __str__(self):
"""Render the output of the PF policy into config."""
target = []
pretty_platform = '%s%s' % (self._PLATFORM[0].upper(),
self._PLATFORM[1:])
# Create address table.
for name in sorted(self.address_book):
v4 = sorted([x for x in self.address_book[name] if x.version == 4])
v6 = sorted([x for x in self.address_book[name] if x.version == 6])
entries = ',\\\n'.join(str(x) for x in v4 + v6)
target.append('table <%s> {%s}' % (name, entries))
# pylint: disable=unused-variable
for (header, filter_name, filter_type, terms) in self.pf_policies:
# Add comments for this filter
target.append('# %s %s Policy' %
(pretty_platform, header.FilterName(self._PLATFORM)))
# reformat long text comments, if needed
comments = aclgenerator.WrapWords(header.comment, 70)
if comments and comments[0]:
for line in comments:
target.append('# %s' % line)
target.append('#')
# add the p4 tags
target.extend(aclgenerator.AddRepositoryTags('# '))
target.append('# ' + filter_type)
# add the terms
for term in terms:
term_str = str(term)
if term_str:
target.append(term_str)
target.append('')
return '\n'.join(target)
def __str__(self):
target = []
for (header, filter_name, terms) in self.ciscoasa_policies:
target.append('clear configure access-list %s' % filter_name)
# add the p4 tags
target.extend(
aclgenerator.AddRepositoryTags('access-list %s remark ' %
filter_name))
# add a header comment if one exists
for comment in header.comment:
for line in comment.split('\n'):
target.append('access-list %s remark %s' %
(filter_name, line))
# now add the terms
for term in terms:
target.append(str(term))
# end for header, filter_name, filter_type...
return '\n'.join(target)
def _RepositoryTagsHelper(self,
target=None,
filter_type='',
filter_name=''):
if target is None:
target = []
target.extend(
aclgenerator.AddRepositoryTags(' remark ', rid=False, wrap=True))
return target
def testAddRepositoryTags(self):
# Format print the '$' into the RCS tags in order prevent the tags from
# being interpolated here.
# Include all tags.
self.assertItemsEqual([
'%sId:%s' % ('$', '$'),
'%sDate:%s' % ('$', '$'),
'%sRevision:%s' % ('$', '$')
], aclgenerator.AddRepositoryTags())
# Remove the revision tag.
self.assertItemsEqual(
['%sId:%s' %
('$', '$'), '%sDate:%s' % ('$', '$')],
aclgenerator.AddRepositoryTags(revision=False))
# Only include the Id: tag.
self.assertItemsEqual(['%sId:%s' % ('$', '$')],
aclgenerator.AddRepositoryTags(date=False,
revision=False))
def __str__(self):
"""Render the output of the JuniperSRX policy into config."""
target = IndentList(self.INDENT)
target.append('security {')
# ADDRESSBOOK
target.extend(self._GenerateAddressBook())
# POLICIES
target.IndentAppend(1, '/*')
target.extend(aclgenerator.AddRepositoryTags(self.INDENT * 1))
target.IndentAppend(1, '*/')
target.IndentAppend(1, 'replace: policies {')
for (header, terms, filter_options) in self.srx_policies:
if self._NOVERBOSE not in filter_options[4:]:
target.IndentAppend(2, '/*')
target.extend([
self.INDENT * 2 + line for line in aclgenerator.WrapWords(
header.comment, self._MAX_HEADER_COMMENT_LENGTH)
])
target.IndentAppend(2, '*/')
# ZONE DIRECTION
if filter_options[1] == 'all' and filter_options[3] == 'all':
target.IndentAppend(2, 'global {')
else:
target.IndentAppend(
2, 'from-zone ' + filter_options[1] + ' to-zone ' +
filter_options[3] + ' {')
# GROUPS
if header.apply_groups:
target.IndentAppend(
3, JunipersrxList('apply-groups', header.apply_groups))
# GROUPS EXCEPT
if header.apply_groups_except:
target.IndentAppend(
3,
JunipersrxList('apply-groups-except',
header.apply_groups_except))
for term in terms:
str_result = str(term)
if str_result:
target.append(str_result)
target.IndentAppend(2, '}')
target.IndentAppend(1, '}')
target.append('}')
# APPLICATIONS
target.extend(self._GenerateApplications())
return '\n'.join(target)
def __str__(self):
target = []
pretty_platform = '%s%s' % (self._PLATFORM[0].upper(),
self._PLATFORM[1:])
if self._RENDER_PREFIX:
target.append(self._RENDER_PREFIX)
for (header, filter_name, filter_type, default_action,
terms) in self.iptables_policies:
# Add comments for this filter
target.append('# %s %s Policy' %
(pretty_platform, header.FilterName(self._PLATFORM)))
# reformat long text comments, if needed
comments = aclgenerator.WrapWords(header.comment, 70)
if comments and comments[0]:
for line in comments:
target.append('# %s' % line)
target.append('#')
# add the p4 tags
target.extend(aclgenerator.AddRepositoryTags('# '))
target.append('# ' + filter_type)
if filter_name in self._GOOD_FILTERS:
if default_action:
target.append(self._DEFAULTACTION_FORMAT %
(filter_name, default_action))
elif self._PLATFORM == 'speedway':
# always specify the default filter states for speedway,
# if default action policy not specified for iptables, do nothing.
target.append(self._DEFAULTACTION_FORMAT %
(filter_name, self._DEFAULT_ACTION))
else:
# Custom chains have no concept of default policy.
target.append(self._DEFAULTACTION_FORMAT_CUSTOM_CHAIN %
filter_name)
# add the terms
for term in terms:
term_str = str(term)
if term_str:
target.append(term_str)
if self._RENDER_SUFFIX:
target.append(self._RENDER_SUFFIX)
target.append('')
return '\n'.join(target)
def __str__(self):
"""Render the output of the Nsxv policy."""
target_header = []
target = []
# add the p4 tags
target.append('<!--')
target.extend(aclgenerator.AddRepositoryTags('\n'))
target.append('\n')
target.append('-->')
for (_, _, _, terms) in self.nsxv_policies:
section_name = six.ensure_str(
self._FILTER_OPTIONS_DICT['section_name'])
# check section id value
section_id = self._FILTER_OPTIONS_DICT['section_id']
if not section_id or section_id == 0:
logging.warning(
'WARNING: Section-id is 0. A new Section is created '
'for %s. If there is any existing section, it '
'will remain unreferenced and should be removed '
'manually.', section_name)
target.append('<section name="%s">' %
(section_name.strip(' \t\n\r')))
else:
target.append('<section id="%s" name="%s">' %
(section_id, section_name.strip(' \t\n\r')))
# now add the terms
for term in terms:
term_str = str(term)
if term_str:
target.append(term_str)
# ensure that the header is always first
target = target_header + target
target.append('%s' % (_XML_TABLE.get('sectionEnd')))
target.append('\n')
target_as_xml = xml.dom.minidom.parseString(''.join(target))
# TODO(robankeny) utf encoding with refactoring after migration to py3
return target_as_xml.toprettyxml(indent=' ')
def __str__(self):
config = Config()
for (header, filter_name,
filter_type, interface_specific,
repository_revision,
repository_date, repository_rid,
terms) in self.juniper_policies:
# add the header information
config.Append('firewall {')
config.Append('family %s {' % filter_type)
config.Append('/*')
# we want the acl to contain id and date tags, but p4 will expand
# the tags here when we submit the generator, so we have to trick
# p4 into not knowing these words. like taking c-a-n-d-y from a
# baby.
for line in aclgenerator.AddRepositoryTags('** ', rid=repository_rid, date=repository_date, revision=repository_revision):
config.Append(line)
config.Append('**')
for comment in header.comment:
for line in comment.split('\n'):
config.Append('** ' + line)
config.Append('*/')
config.Append('replace: filter %s {' % filter_name)
if interface_specific:
config.Append('interface-specific;')
for term in terms:
term_str = str(term)
if term_str:
config.Append(term_str, verbatim=True)
config.Append('}') # filter { ... }
config.Append('}') # family inet { ... }
config.Append('}') # firewall { ... }
return str(config) + '\n'
def __str__(self):
target = []
target.extend(aclgenerator.AddRepositoryTags('%s ' % _COMMENT_MARKER))
for filter_name, terms, _ in self.aruba_policies:
netdestinations = []
term_strings = []
for term in terms:
term_strings.append(str(term))
netdestinations.extend(term.netdestinations)
target.extend(netdestinations)
target.append('%s %s' % (self._ACL_LINE_HEADER, filter_name))
target.extend(term_strings)
target.extend(_TERMINATOR_MARKER)
if target:
target.append('')
return '\n'.join(target)
def __str__(self):
target = juniper.Config()
for (header, filter_name, filter_direction,
terms) in self.junipermsmpc_policies:
target.Append('groups {')
target.Append('replace:')
target.Append('/*')
# we want the acl to contain id and date tags, but p4 will expand
# the tags here when we submit the generator, so we have to trick
# p4 into not knowing these words. like taking c-a-n-d-y from a
# baby.
for line in aclgenerator.AddRepositoryTags('** '):
target.Append(line)
target.Append('**')
for comment in header.comment:
for line in comment.split('\n'):
target.Append('** ' + line)
target.Append('*/')
target.Append('%s {' % filter_name)
target.Append('services {')
target.Append('stateful-firewall {')
target.Append('rule %s {' % filter_name)
target.Append('match-direction %s;' % filter_direction)
for term in terms:
term_str = str(term)
if term_str:
target.Append(term_str, verbatim=True)
target.Append('}') # rule { ... }
target.Append('}') # stateful-firewall { ... }
target.Append('}') # services { ... }
for line in self._GenerateApplications(filter_name):
target.Append(line)
target.Append('}') # filter_name { ... }
target.Append('}') # groups { ... }
target.Append('apply-groups %s;' % filter_name)
return str(target) + '\n'
def __str__(self):
target = []
pretty_platform = '%s%s' % (self._PLATFORM[0].upper(),
self._PLATFORM[1:])
if self._RENDER_PREFIX:
target.append(self._RENDER_PREFIX)
for header, _, filter_type, default_action, terms in self.windows_policies:
# Add comments for this filter
target.append(': %s %s Policy' %
(pretty_platform, header.FilterName(self._PLATFORM)))
self._HandlePolicyHeader(header, target)
# reformat long text comments, if needed
comments = aclgenerator.WrapWords(header.comment, 70)
if comments and comments[0]:
for line in comments:
target.append(': %s' % line)
target.append(':')
# add the p4 tags
target.extend(aclgenerator.AddRepositoryTags(': '))
target.append(': ' + filter_type)
if default_action:
raise aclgenerator.UnsupportedTargetOptionError(
'Windows generator does not support default actions')
# add the terms
for term in terms:
term_str = str(term)
if term_str:
target.append(term_str)
self._HandleTermFooter(header, term, target)
target.append('')
return '\n'.join(target)
