def download(self, filename=None, as_type='zip'): """ Download the IPList. List format can be either zip, text or json. For large lists, it is recommended to use zip encoding. Filename is required for zip downloads. :param str filename: Name of file to save to (required for zip) :param str as_type: type of format to download in: txt,json,zip (default: zip) :raises: IOError if problem writing to destination filename :return: None """ headers=None if as_type in ['zip', 'txt', 'json']: if as_type == 'zip': if filename is None: raise MissingRequiredInput('Filename must be specified when ' 'downloading IPList as a zip file.') filename = '{}'.format(filename) elif as_type == 'txt': headers={'accept':'text/plain'} elif as_type == 'json': headers = {'accept': 'application/json'} prepared_request(href=self._link('ip_address_list'), filename=filename, headers=headers).read()
def upload(self, filename=None, json=None, as_type='zip'): """ Upload an IPList to the SMC. The contents of the upload are not incremental to what is in the existing IPList. So if the intent is to add new entries, you should first retrieve the existing and append to the content, then upload. The only upload type that can be done without loading a file as the source is as_type='json'. :param str filename: required for zip/txt uploads :param str json: required for json uploads :param str as_type: type of format to upload in: txt|json|zip (default) :raises: IOError: if filename specified cannot be loaded :raises: :py:class:`smc.api.exceptions.CreateElementFailed` :return: None """ headers={'content-type': 'multipart/form-data'} params=None files=None if filename: files = {'ip_addresses': open(filename, 'rb')} if as_type == 'json': headers={'accept':'application/json', 'content-type':'application/json'} elif as_type == 'txt': params={'format':'txt'} prepared_request(CreateElementFailed, href=self._link('ip_address_list'), headers=headers, files=files, json=json, params=params).create()
def send_diagnostic(self, diagnostic): """ Enable or disable specific diagnostics on the node. Diagnostics enable additional debugging into the audit files. This is a dynamic setting that does not require a policy push once a setting is enabled or disabled. Enable specific debug settings and apply to node:: for node in engine.nodes: debug=[] for diag in node.diagnostic(): if diag.name == 'Protocol Agent': diag.enable() debug.append(diag) elif diag.name == 'Packet filter': diag.enable() debug.append(diag) node.send_diagnostic(debug) :param list diagnostic: :py:class:`smc.core.node.Diagnostic` object :return: None :raises: :py:class:`smc.api.exceptions.NodeCommandFailed` """ debug = [] for setting in diagnostic: debug.append(vars(setting)) prepared_request(NodeCommandFailed, href=self._link('send_diagnostic'), json={ 'diagnostics': debug }).create()
def add_contact_address(self, contact_address, *args): """ Add a contact address to this physical interface. Adding contact address to interface 0:: engine = Engine('testfw') for interface in engine.interface.all(): if interface.name == 'Interface 0': addr = ContactAddress.create('13.13.13.13', location='MyLocation') interface.add_contact_address(addr) :param contact_address: :py:class:`smc.elements.other.ContactAddress` :raises: :py:class:`smc.api.exceptions.EngineCommandFailed` :return: None """ href = self._link('contact_addresses') existing = self._get_resource(href) if existing: existing.get('contact_addresses').append( contact_address['contact_addresses'][0]) else: existing = contact_address prepared_request(EngineCommandFailed, href=href, json=existing, etag=self._engine.etag).update()
def force_unlock(self): """ Forcibly unlock a locked policy :return: :py:class:`smc.api.web.SMCResult` """ prepared_request(PolicyCommandFailed, href=self._link('force_unlock')).create()
def add_entry(self, subnet, min_prefix_length, max_prefix_length, action): """ Add an entry to an PrefixList :param str subnet: network address in cidr format :param int min_prefix_length: minimum mask bits :param int max_prefix_length: maximum mask bits :param str action: permit|deny :raises: :py:class: `smc.api.exceptions.ElementNotFound`: invalid element reference :raises: :py:class: 'smc.api.exceptions.ModificationFailed`: invalid entry :return: None """ json = {'{}_entry'.format(self.typeof): { 'action': action, 'min_prefix_length': min_prefix_length, 'max_prefix_length': max_prefix_length, 'subnet': subnet}} acl = search.element_by_href_as_smcresult(self.href) acl.json.get('entries').append(json) prepared_request(ModificationFailed, href=self.href, json=acl.json, etag=acl.etag).update()
def enable_disable(self): """ Toggle enable and disable of administrator account :raises: :py:class: `smc.api.exceptions.ModificationFailed` :return: None """ prepared_request(ModificationFailed, href=self._link('enable_disable')).update()
def run(self): try: prepared_request(ActionCommandFailed, href=self.result, filename=self.filename).read() except IOError as io: raise TaskRunFailed( "Export task failed with message: {}".format(io))
def blacklist_flush(self): """ Flush entire blacklist for engine :raises: :py:class:`smc.api.exceptions.EngineCommandFailed` :return: None """ prepared_request(EngineCommandFailed, href=self._link('flush_blacklist')).delete()
def close(self): """ Close the policy :return: None :raises: :py:class:`smc.api.exceptions.PolicyCommandFailed` """ prepared_request(PolicyCommandFailed, href=self._link('close')).create()
def save(self): """ Save the policy after editing :return: None :raises: :py:class:`smc.api.exceptions.PolicyCommandFailed` """ prepared_request(PolicyCommandFailed, href=self._link('save')).create()
def open(self): """ Open the policy for editing :return: None :raises: :py:class:`smc.api.exceptions.PolicyCommandFailed` """ prepared_request(PolicyCommandFailed, href=self._link('open')).create()
def change_password(self, password): """ Change user password :param str password: new password :return: :py:class:`smc.api.web.SMCResult` """ prepared_request(ModificationFailed, href=self._link('change_password'), params={'password': password}).update()
def empty_trash_bin(self): """ Empty system level trash bin :raises: :py:class:`smc.api.exceptions.ActionCommandFailed` :return: None """ prepared_request(ActionCommandFailed, href=self._link('empty_trash_bin')).delete()
def abort(self): """ Abort existing task :raises: :py:class:`smc.api.exceptions.ActionCommandFailed` :return: None """ prepared_request(ActionCommandFailed, href=find_link_by_name('abort', self.link)).delete()
def decorated(self, *args, **kwargs): method(self, *args, **kwargs) if not self.href: #has no location return self._data else: if hasattr(self, '_update'): #exit decorator return prepared_request(EngineCommandFailed, href=self.href, json=self._data).create()
def add_vlan_to_inline_interface(self, interface_id, vlan_id, vlan_id2=None, logical_interface_ref=None, zone_ref_intf1=None, zone_ref_intf2=None): """ Add a VLAN to inline interface. Interface is created if it doesn't already exist. :param str interface_id: interfaces for inline pair, '1-2', '5-6' :param int vlan_id: vlan identifier for interface 1 :param int vlan_id2: vlan identifier for interface 2 (if none, vlan_id used) :param str logical_interface_ref: logical interface reference to use :param str zone_ref_intf1: zone for inline interface 1 :param str zone_ref_intf2: zone for inline interface 2 :raises: :py:class:`smc.api.exceptions.EngineCommandFailed` :return: None See :py:class:`smc.core.sub_interfaces.InlineInterface` for more information """ first_intf = interface_id.split('-')[0] vlan = PhysicalVlanInterface.create(first_intf, vlan_id, zone_ref=zone_ref_intf1) inline_intf = InlineInterface.create(interface_id, logical_interface_ref, zone_ref=zone_ref_intf2) copied_intf = deepcopy(inline_intf()) vlan.get('interfaces').append( _add_vlan_to_inline(inline_intf(), vlan_id, vlan_id2)) if self.href: try: intf_ref = self.get( first_intf ) #Use only the first (leftmost id to get base intf) except EngineCommandFailed: pass else: self._data.update(intf_ref.data) self._data['vlanInterfaces'].append(vlan) self._update = True prepared_request(EngineCommandFailed, href=intf_ref.href, json=self._data, etag=intf_ref.etag).update() return self._data.update(interfaces=[copied_intf], vlanInterfaces=[vlan], interface_id=first_intf)
def unbind_license(self): """ Unbind a bound license on this node. :return: None :raises: :py:class:`smc.api.exceptions.LicenseError` """ try: prepared_request(LicenseError, href=self._link('unbind')).create() except ResourceNotFound: pass
def save(self): """ Save policy that was modified This is only used in SMC API v6.0 and below. :return: None """ try: prepared_request(PolicyCommandFailed, href=self._link('save')).create() except ResourceNotFound: pass
def change_engine_password(self, password): """ Change Engine password for engines on allowed list. :param str password: password for engine level :raises: :py:class: `smc.api.exceptions.ModificationFailed` :return: None """ prepared_request(ModificationFailed, href=self._link('change_engine_password'), params={'password': password}).update()
def save(self): """ After making changes to a rule element, you must call save to apply the changes. :raises: :py:class:`smc.api.exceptions.PolicyCommandFailed` :return: None """ prepared_request(PolicyCommandFailed, href=self.href, json=self.data, etag=self.etag).update()
def fetch_license(self): """ Fetch the node level license :return: None :raises: :py:class:`smc.api.exceptions.LicenseError` """ try: prepared_request(LicenseError, href=self._link('fetch')).create() except ResourceNotFound: pass
def cancel_unbind_license(self): """ Cancel unbind for license :return: None :raises: :py:class:`smc.api.exceptions.LicenseError` """ try: prepared_request(LicenseError, href=self._link('cancel_unbind')).create() except ResourceNotFound: pass
def reboot(self, comment=None): """ Send reboot command to this node. :param str comment: comment to audit :return: None :raises: :py:class:`smc.api.exceptions.NodeCommandFailed` """ params = {'comment': comment} prepared_request(NodeCommandFailed, href=self._link('reboot'), params=params).update()
def go_offline(self, comment=None): """ Executes a Go-Offline operation on the specified node :param str comment: optional comment to audit :return: None :raises: :py:class:`smc.api.exceptions.NodeCommandFailed` """ params = {'comment': comment} prepared_request(NodeCommandFailed, href=self._link('go_offline'), params=params).update()
def lock_online(self, comment=None): """ Executes a Lock-Online operation on the specified node :param str comment: comment for audit :return: None :raises: :py:class:`smc.api.exceptions.NodeCommandFailed` """ params = {'comment': comment} prepared_request(NodeCommandFailed, href=self._link('lock_online'), params=params).update()
def add_node_interface(self, interface_id, address, network_value, zone_ref=None, nodeid=1, is_mgmt=False, **kwargs): """ Add a node interface to engine. Node interfaces are used on all engine types except single fw engines. For inline and IPS engines, this interface type represents a layer 3 routed interface. :param int interface_id: interface identifier :param str address: ip address :param str network_value: network cidr :param str zone_ref: zone reference :param int nodeid: node identifier, used for cluster nodes :param boolean is_mgmt: enable management :raises: :py:class:`smc.api.exceptions.EngineCommandFailed` :return: None See :py:class:`smc.core.sub_interfaces.NodeInterface` for more information """ intf = NodeInterface.create(interface_id, address, network_value, nodeid=nodeid, **kwargs) if is_mgmt: intf.outgoing = True intf.primary_mgt = True if self.href: try: intf_ref = self.get( interface_id) #Does interface already exist? except EngineCommandFailed: pass else: self._data.update(intf_ref.data) self._data['interfaces'].append(intf()) self._update = True prepared_request(EngineCommandFailed, href=intf_ref.href, json=self._data, etag=intf_ref.etag).update() return self._data.update(interface_id=interface_id, interfaces=[intf()], zone_ref=zone_ref)
def generate_certificate(self, certificate_request): """ Generate an internal gateway certificate used for VPN on this engine. Certificate request should be an instance of VPNCertificate. :param: :py:class:`~smc.vpn.elements.VPNCertificate` certificate_request: certificate request created :return: None :raises: :py:class:`smc.api.exceptions.CertificateError` """ prepared_request(CertificateError, href=self._link('generate_certificate'), json=vars(certificate_request)).create()
def go_standby(self, comment=None): """ Executes a Go-Standby operation on the specified node. To get the status of the current node/s, run :func:`status` :param str comment: optional comment to audit :return: None :raises: :py:class:`smc.api.exceptions.NodeCommandFailed` """ params = {'comment': comment} prepared_request(NodeCommandFailed, href=self._link('go_standby'), params=params).update()
def add_ipaddress_to_vlan_interface(self, interface_id, address, network_value, vlan_id, nodeid=1, **kwargs): """ When an existing VLAN exists but has no IP address assigned, use this to add an ip address to the VLAN. This assumes that the engine context exists as the interface specified This is only supported on layer 3 interfaces. :param str interface_id: interface to modify :param str address: ip address for vlan :param str network_value: network for address (i.e. 255.255.255.0) :param int vlan_id: id of vlan :raises: :py:class:`smc.api.exceptions.EngineCommandFailed` for invalid interface :return: :py:class:`smc.api.web.SMCResult` """ if not self.href: raise EngineCommandFailed( 'Adding a vlan to existing interface requires ' 'an engine reference.') if self._engine.type == 'single_fw': intf = SingleNodeInterface.create(interface_id, address, network_value, nodeid, nicid='{}.{}'.format( interface_id, vlan_id)) else: intf = NodeInterface.create(interface_id, address, network_value, nodeid, nicid='{}.{}'.format( interface_id, vlan_id)) p = self.get(interface_id) for vlan in p.sub_interfaces(): if isinstance(vlan, PhysicalVlanInterface): if vlan.interface_id == '{}.{}'.format(interface_id, vlan_id): vlan.data['interfaces'] = [intf()] prepared_request(EngineCommandFailed, href=p.href, json=p.data, etag=p.etag).update()
def delete(self): """ Delete the entry from the engine where the entry is applied. :raises: DeleteElementFailed :return: None """ return prepared_request( DeleteElementFailed, href=self.href).delete()
def delete(self): return prepared_request( DeleteElementFailed, href=self.href).delete()