async def policy_delete(self,
policy_name,
query_parameters,
id_instance=None):
""" Insert User Policy in table or return exception in case of validation error or other errors """
# Check if table name is provided under label of policy_name
if str(policy_name) not in [
'CES_POLICIES', 'CES_POLICY_IDENTITY', 'HOST_POLICIES',
'HOST_POLICY_IDENTITY', 'FIREWALL', 'ID'
]:
error = "Table Type not supported = {}".format(policy_name)
raise API_ERROR(1001, error)
parameters = ''
if id_instance:
if type(id_instance) is list or type(id_instance) is tuple:
parameters = "where id in {}".format(tuple(id_instance))
elif type(id_instance) is str or type(id_instance) is int:
parameters = "where id = {}".format(int(id_instance))
else:
error = "ID = {} or Query Parameters = {} not support.".format(
policy_name, query_parameters)
raise API_ERROR(1001, error)
elif query_parameters:
parameters = ' where'
for key in query_parameters:
parameters += " {}='{}' and".format(key, query_parameters[key])
parameters = parameters[:-4]
query = self._host_policy_delete(table_mapping[policy_name],
parameters)
print(query)
data = await self.db_host.execute(query)
return data
def _firewall_policy_validator_filter(kwargs):
'''
# Validate input policy for function Firewall. Put quotation marks at the ends to validate the policies to
insert in table. Also set Null value for empty fiels
:param kwargs: Dictionary of all the values received from user
:return: Either raise an error in case of validation failure or returns a dictionary
'''
if 'fqdn' not in kwargs or not kwargs['fqdn']:
raise API_ERROR(1005, 'FQDN missing in query')
kwargs['fqdn'] = Validator._adding_quotes_(kwargs['fqdn'])
if 'types' not in kwargs or not kwargs['types']:
raise API_ERROR(1005, 'Type missing in query')
kwargs['types'] = Validator._type_validation(kwargs['types'].upper())
if kwargs['types'] == "'FIREWALL'":
kwargs = Validator._firewall_firewall_policy_validator(kwargs)
elif kwargs['types'] == "'GROUP'":
kwargs = Validator._firewall_group_policy_validator(kwargs)
elif kwargs['types'] == "'SFQDN'":
kwargs = Validator._firewall_sfqdn_policy_validator(kwargs)
elif kwargs['types'] == "'CARRIERGRADE'":
kwargs = Validator._firewall_carriergrade_policy_validator(kwargs)
elif kwargs['types'] == "'CIRCULARPOOL'":
kwargs = Validator._firewall_circularpool_policy_validator(kwargs)
return kwargs
def _ces_policy_identity_validator(kwargs):
'''
# Validate input policy for function ces policy identity. Put quotation marks at the ends to validate the policies to
insert in table. Also set Null value for empty fiels
:param kwargs: Dictionary of all the values received from user
:return: Either raise an error in case of validation failure or returns a dictionary
'''
if 'host_ces_id' not in kwargs or not kwargs['host_ces_id']:
raise API_ERROR(1005, 'CES ID missing in query')
if 'protocol' not in kwargs or not kwargs['protocol']:
raise API_ERROR(1005, 'Protocol missing in query')
kwargs['host_ces_id'] = Validator._adding_quotes_(
kwargs['host_ces_id'])
kwargs['protocol'] = Validator._adding_quotes_(kwargs['protocol'])
return kwargs
async def firewall_policy_user_get(self,
id_type,
id_value,
policy_name=None,
format=False):
'''
Return specific user policy or all of them
:param id_type: FQDN or MSISDN or other id types
:param id_value: [email protected] or +358441414141
:param policy_name: All or FIREWAL,CARRIERGRADE,CIRCULARPOOL,ID,GROUP or SFQDN
:return:
'''
# Get uuid for the host as key to other tables and to check if the user exists with the credentials
# retrieves = uuid,fqdn,msisdn,ipv4
host_ids = await self._host_get_user_ids(id_type, id_value)
if policy_name and str(policy_name) not in [
'ID', 'GROUP', 'CARRIERGRADE', 'CIRCULARPOOL', 'SFQDN',
'FIREWALL'
]:
error = "Policy Name not supported = {}".format(policy_name)
raise API_ERROR(1001, error)
kwargs = locals()
# Calling function to create SQL query to retrieve Policies. Then executing that query in SQL-Client and formatting returned policies
query = self._firewall_policy_sql_query_get(kwargs)
print(query)
result = await self.db_host.fetchall(query)
if not format:
result = self.formatting_get_firewall_policies(result, host_ids)
return result
async def delete_policies(self, request):
'''
Sample URL = http://127.0.0.1/API/firewall_policy/{table_name}/{id}
OR
Sample URL = http://127.0.0.1/API/firewall_policy/{table_name}?parameters=value
Delete policies from database (HOST_POLICIES) by ID or by query parameters
:param request: Table_Name is the table from which policy needs to be deleted
ID is the id in database for any instance of policy which needs to be deleted
Query Parameter can include any column (of database table) based filtering and can filter the
data based on the parameters provided. All parameters are directly provided to SQL statement
:return: Null (200 OK) or Error if occured
'''
table_name = request.match_info.get('table_name')
id_instance = request.match_info.get('id')
query_parameters = self.fetch_parameters(request)
logger.info('\n\n------13-----------------------------------------\nInput Parameters: \n Policy_Table_name = {}\n ID = {}\n Query Parameters = {}'.format(table_name, id_instance, query_parameters))
try:
if id_instance:
if not id_instance.isdigit() and all(item.isdigit() == True for item in id_instance.split(',')) != True:
raise API_ERROR(1005,'Only Accepted parameter for ID is integer or comma separated integers. ID received = {}'.format(id_instance))
id_instance = id_instance if ',' not in id_instance else id_instance.split(',')
data = await self.api_db.policy_delete(table_name.upper(), query_parameters, id_instance)
resp = await self.response_creater(request, 200, 'OK', data, True)
except Exception as e:
http_code, error_reason = self.exception_handler(e)
resp = await self.response_creater(request, http_code, None, error_reason, False)
await resp.drain()
return resp
async def update_bootstrap_policies(self, request):
'''
Sample URL = http://127.0.0.1/API/bootstrap_policies/3"
Data = Data = {'name':'IPTABLES', 'type':'PACKET_MARKING', 'subtype':'requires', 'data':"{'table': 'mangle', 'chain': 'PREROUTING', 'create': false, 'flush': true}"}
Update policies in bootstrap table
:param request: ID (Compulsory) is the id of a policy instance in database table that needs to be updated
Payload contains the data that needs to be inserted. Only accepted format is dict
:return: Null (200 OK) or Error if occured
'''
id_instance = request.match_info.get('id')
data_received = await request.read()
data_received = json.loads(data_received.decode("utf-8"))
logger.info('\n\n------12-----------------------------------------\nInput Parameters: \n Data Received = {}\n ID = {}'.format(data_received, id_instance))
try:
if not id_instance.isdigit() or type(data_received) is not dict:
raise API_ERROR(1005, 'Only Accepted parameter for ID is integer. ID received = {}. and only accepted format '
'is dict. Type received = {}'.format(id_instance,type(data_received)))
data = await self.api_db.bootstrap_update(data_received, id_instance)
resp = await self.response_creater(request, 200, 'OK', data, True)
except Exception as e:
http_code, error_reason = self.exception_handler(e)
resp = await self.response_creater(request, http_code, None, error_reason, False)
await resp.drain()
return resp
async def update_firewall_policies(self, request):
'''
Sample URL = http://127.0.0.1/API/firewall_policy/{table_name}/{id}
Update single policy per request because in update, ID of policy is used to edit entry in database
:param request: Table_Name (Compulsory) is the table in which policy needs to be updated
ID (Compulsory) is the id of policy that needs to be updated
Data received is in payload and the type of data must be dict
:return: Null (200 OK) or Error if occured
'''
table_name = request.match_info.get('table_name')
id_instance = request.match_info.get('id')
data_received = await request.read()
data_received = json.loads(data_received.decode("utf-8"))
logger.info('\n\n------5------------------------------------------\nInput PUT Parameters: \n Policy_Table_name = {}\n Data Received = {}\n ID = {}'.format(table_name, data_received, id_instance))
try:
#if type(data_received) is not list or type(data_received[0]) is not dict:
# raise API_ERROR(1005, 'Only accepted data format is list of dict')
if not id_instance.isdigit() or type(data_received) is not dict:
raise API_ERROR(1005, 'Only Accepted parameter for ID is integer. ID received = {}. and only accepted format '
'is dict. Type received = {}'.format(id_instance,type(data_received)))
data = await self.api_db.host_policy_update(table_name.upper(), data_received, id_instance)
resp = await self.response_creater(request, 200, 'OK', data, True)
except Exception as e:
http_code, error_reason = self.exception_handler(e)
resp = await self.response_creater(request, http_code, None, error_reason, False)
await resp.drain()
return resp
async def delete_bootstrap_data(self, request):
'''
Sample URL = http://127.0.0.1/API/bootstrap_policies/{table_name}/{id}
Delete policies from bootstrap table in ces_bootstrap database by ID
:param request: ID is the id in database for any instance of policy which needs to be deleted
:return: Null (200 OK) or Error if occured
'''
id_instance = request.match_info.get('id')
logger.info(
'\n\n------14-----------------------------------------\nInput Parameters: \n ID = {}'
.format(id_instance))
try:
if id_instance:
if not id_instance.isdigit() and all(
item.isdigit() == True
for item in id_instance.split(',')) != True:
raise API_ERROR(
1005,
'Only Accepted parameter for ID is integer or comma separated integers. ID received = {}'
.format(id_instance))
id_instance = id_instance if ',' not in id_instance else id_instance.split(
',')
data = await self.api_db.host_bootstrap_delete(id_instance)
resp = await self.response_creater(request, 200, 'OK', data, True)
except Exception as e:
http_code, error_reason = self.exception_handler(e)
resp = await self.response_creater(request, http_code, None,
error_reason, False)
await resp.drain()
return resp
async def insert_bootstrap_policies(self, request):
'''
Sample URL = http://127.0.0.1/API/bootstrap_policies
Data = [{'name':'IPTABLES', 'type':'mREJECT', 'subtype':'requires', 'data':"{'table': 'mangle', 'chain': 'PREROUTING', 'create': false, 'flush': true}"}]
Insert policies in bootstrap table
:param request: Payload contains the data that needs to be inserted. Only accepted format is list of dict
:return: Null (200 OK) or Error if occured
'''
data_received = await request.read()
data_received = json.loads(data_received.decode("utf-8"))
logger.info(
'\n\n------11-----------------------------------------\nInput Parameters: \n Data Received = {}'
.format(data_received))
try:
if type(data_received) is not list or type(
data_received[0]) is not dict:
raise API_ERROR(1005,
'Only accepted data format is list of dict')
data = await self.api_db.bootstrap_insert(data_received)
resp = await self.response_creater(request, 200, 'OK', data, True)
except Exception as e:
http_code, error_reason = self.exception_handler(e)
resp = await self.response_creater(request, http_code, None,
error_reason, False)
await resp.drain()
return resp
async def insert_firewall_policies(self, request):
'''
Sample URL = http://127.0.0.1/API/firewall_policy/{table_name}
Insert policy or list of policies in one table per request.
:param request: Table_Name (Compulsory) is the table in which policies needs to be inserted
Data received is in payload and the type of data must be list of dict
:return: Null (200 OK) or Error if occured
'''
table_name = request.match_info.get('table_name')
data_received = await request.read()
data_received = json.loads(data_received.decode("utf-8"))
logger.info(
'\n\n------4------------------------------------------\nInput Parameters: \n Policy_Table_name = {}\n Data Received = {}'
.format(table_name, data_received))
try:
if type(data_received) is not list or type(
data_received[0]) is not dict:
raise API_ERROR(1005,
'Only accepted data format is list of dict')
data = await self.api_db.host_policy_insert(
table_name.upper(), data_received)
resp = await self.response_creater(request, 200, 'OK', data, True)
except Exception as e:
http_code, error_reason = self.exception_handler(e)
resp = await self.response_creater(request, http_code, None,
error_reason, False)
await resp.drain()
return resp
async def bootstrap_get_policies_ces(self, policy_type):
# Fetch the bootstrap policies and format them to use for CES
# Use dictionary for returning policies
result_d = {}
# Get all policies
if policy_type and policy_type.upper() not in [
'IPSET', 'IPTABLES', 'CIRCULARPOOL'
]:
raise API_ERROR(
1001,
'Incorrect Policy Type. Only accepted valued are IPSET, IPTABLES and CIRCULARPOOL. Provided = {}'
.format(policy_type))
# Get policies included in the iterable
# Obtain SQL statement for execution
if policy_type:
query = self._bootstrap_get("where name='{}'".format(policy_type))
else:
query = self._bootstrap_get()
print(query)
data = await self.db_bootstrap.fetchall(query)
processed_data = self._host_bootstrap_postprocess(data)
# Add process data to results
result_d.update(processed_data)
return result_d
def _port_validation(port):
'''
Check if port number are comma separated integers or jsut one number
:param port: port number string
:return: none or raise an exception
'''
if port:
try:
test = re.match(r'(\d+(:\d+|,\d+)*)?$', str(port))
if not test:
error = "{} is not correct format for port. Either an integer or comma separated integer is accepted".format(
port)
raise API_ERROR(1005, error)
except:
error = "{} is not correct format for port. Either an integer or comma separated integer is accepted.".format(
port)
raise API_ERROR(1005, error)
return "'" + str(port) + "'"
def _boolean_validation(data):
'''
Check if input is boolean field
:param date: input variable
:return: None or raise an exception
'''
try:
if int(data) in [1, 0]:
pass
else:
error = "{} is not BooleanValue. Only 1 or 0 are accepted values".format(
data)
raise API_ERROR(1005, error)
except:
error = "{} is not BooleanValue. Only 1 or 0 are accepted values".format(
data)
raise API_ERROR(1005, error)
return int(data)
def _number_validation(data):
'''
Check if input is number field
:param date: input variable
:return: None or raise an exception
'''
try:
if data.isdigit():
pass
else:
error = "{} is not number. Only digits are accepted in this field".format(
data)
raise API_ERROR(1005, error)
except:
error = "{} is not number. Only digits are accepted in this field".format(
data)
raise API_ERROR(1005, error)
return "'" + str(data) + "'"
async def _host_get_user_ids(self, id_type, id_value):
'''
Get all IDs of user and raise error if no user exists with provided credentials
:param id_type: Type of query. can be FQDN, IP, MSISDN or Username
:param id_value:User identity for the relevant ID-Type
:return:Raise error in case of no user existance or return user details
'''
if id_type not in ['fqdn', 'msisdn', 'ipv4', 'username']:
error = "idtype not supported {}".format(id_type)
raise API_ERROR(1001, error)
# Get ids for the user based on given id
query = "select uuid,fqdn,msisdn,ipv4 from host_ids where {} = '{}'".format(
id_type, id_value)
data = await self.db_host.fetchone(query)
if not data:
error = "No user found for id_type={} and id_value={}".format(
id_type, id_value)
raise API_ERROR(1002, error)
return data
def _cetp_policies_validator(kwargs):
'''
# Validate input policy for function Firewall. Put quotation marks at the ends to validate the policies to
insert in table. Also set Null value for empty fiels
:param kwargs: Dictionary of all the values received from user
:return: Either raise an error in case of validation failure or returns a dictionary
'''
if 'policy_element' not in kwargs or not kwargs['policy_element']:
raise API_ERROR(1005, 'Policy element missing in query')
if 'types' not in kwargs or not kwargs['types']:
raise API_ERROR(1005, 'Policy types missing in query')
if 'uuid' not in kwargs or not kwargs['uuid']:
raise API_ERROR(1005, 'UUID missing in query')
kwargs['types'] = Validator._cetp_type_validation(
kwargs['types'].lower())
kwargs['policy_element'] = Validator._dictionary_test(
kwargs['policy_element'])
kwargs['uuid'] = Validator._adding_quotes_(kwargs['uuid'])
return kwargs
def _target_validation(target):
'''
Check if target has the value of either ACCEPT or DROP
:param target: input target string
:return: None or raise an exception
'''
if target not in ['ACCEPT', 'DROP', 'REJECT']:
error = "{} is not supported in Target. Only Acceptable values are ACCEPT, DROP and REJECT".format(
target)
raise API_ERROR(1005, error)
return "'" + target + "'"
def _firewall_type_validation(fw_type):
'''
Check if type has the value of either FIREWALL_ADMIN or FIREWALL_USER
:param fw_type: input target string
:return: None or raise an exception
'''
if fw_type not in ['FIREWALL_ADMIN', 'FIREWALL_USER']:
error = "{} is not supported in type. Only Acceptable values are FIREWALL_ADMIN and FIREWALL_USER".format(
fw_type)
raise API_ERROR(1005, error)
return "'" + fw_type + "'"
def bootstrap_subtype_validator(name):
'''
Check if name has the value of either request or rules
:param name: input target string
:return: None or raise an exception
'''
if name not in ['requires', 'rules']:
error = "{} is not supported in subtype. Only Acceptable values are rules or requires".format(
name)
raise API_ERROR(1005, error)
return "'" + name + "'"
def _cetp_type_validation(name):
'''
Check if name has the value of either ID, PAYLOAD, CONTROL_PARAMS
:param name: input target string
:return: None or raise an exception
'''
if name not in ['available', 'request', 'offer']:
error = "{} is not supported in cetp type. Only Acceptable values are available, request, offer".format(
name)
raise API_ERROR(1005, error)
return "'" + name + "'"
def _bootstrap_name_validation(name):
'''
Check if name has the value of either IPTABLES, IPSET or CIRCULARPOOL
:param name: input target string
:return: None or raise an exception
'''
if name not in ['IPTABLES', 'IPSET', 'CIRCULARPOOL']:
error = "{} is not supported in type. Only Acceptable values are IPTABLES, IPSET or CIRCULARPOOL".format(
name)
raise API_ERROR(1005, error)
return "'" + name + "'"
def _direction_validation(direction):
'''
Check if direction has the value of either INGRESS or EGRESS
:param direction: input direction string
:return: None or raise an exception
'''
if direction not in ['*', 'EGRESS', 'INGRESS']:
error = "{} is not supported in direction. Only Acceptable values are EGRESS, INGRESS and *".format(
direction)
raise API_ERROR(1005, error)
return "'" + direction + "'"
def _sub_type_validation(name):
'''
Check if name has the value of either IPTABLES, IPSET or CIRCULARPOOL
:param name: input target string
:return: None or raise an exception
'''
if name not in ['FIREWALL_ADMIN', 'FIREWALL_USER']:
error = "{} is not supported in sub type. Only Acceptable values are FIREWALL_ADMIN and FIREWALL_USER".format(
name)
raise API_ERROR(1005, error)
return "'" + name + "'"
def _bootstrap_validator(kwargs):
'''
# Validate input bootstrap policy for bootstrap table. Put quotation marks at the ends to validate the policies to
insert in table. Also set Null value for empty fiels
:param kwargs: Dictionary of all the values received from user
:return: Either raise an error in case of validation failure or returns a dictionary
'''
# name, types, sub_type, data
if 'name' not in kwargs or not kwargs['name']:
raise API_ERROR(1005, 'Name missing in query')
if 'sub_type' not in kwargs or not kwargs['sub_type']:
raise API_ERROR(1005, 'Sub Type missing in query')
if 'data' not in kwargs or not kwargs['data']:
raise API_ERROR(1005, 'data missing in query')
kwargs['name'] = Validator._bootstrap_name_validation(kwargs['name'])
kwargs['sub_type'] = Validator.bootstrap_subtype_validator(
kwargs['sub_type'])
kwargs['data'] = Validator._dictionary_test(kwargs['data'])
kwargs['types'] = 'Null' if 'types' not in kwargs or not kwargs[
'types'] else Validator._adding_quotes_(kwargs['types'])
return kwargs
def _protocol_validation(protocol):
'''
Check if protocol is present in options
:param protocol: protocol string
:return: none or raise an exception
'''
if protocol not in [
'tls', 'tcp', 'udp', 'icmp', 'sctp', 'dccp', 'stp', 'dtp'
]:
error = "{} is not supported in Protocols.".format(protocol)
raise API_ERROR(1005, error)
return "'" + protocol + "'"
def _integer_validation(data):
'''
Check if input is an integer
:param date: input variable
:return: None or raise an exception
'''
try:
int(data)
except:
error = "{} is not an integer.".format(data)
raise API_ERROR(1005, error)
return "'" + str(data) + "'"
def _date_validation(date):
'''
Check if schedule date has the correct format of '%Y-%m-%d %H:%M:%S'
:param date: input schedule date
:return: None or raise an exception
'''
try:
datetime.datetime.strptime(date, '%Y-%m-%d %H:%M:%S')
except:
error = "{} is not correct. The date must be in format 'YYYY-MM-DD HH:MM:SS'".format(
date)
raise API_ERROR(1005, error)
return "'" + date + "'"
def _type_validation(name):
'''
Check if name has the value of either IPTABLES, IPSET or CIRCULARPOOL
:param name: input target string
:return: None or raise an exception
'''
if name not in [
'GROUP', 'CIRCULARPOOL', 'CARRIERGRADE', 'SFQDN', 'FIREWALL'
]:
error = "{} is not supported in type. Only Acceptable values are GROUP, CIRCULARPOOL, CARRIERGRADE, SFQDN and FIREWALL".format(
name)
raise API_ERROR(1005, error)
return "'" + name + "'"
def _firewall_sfqdn_policy_validator(kwargs):
'''
# Validate input policy for function Firewall. Put quotation marks at the ends to validate the policies to
insert in table. Also set Null value for empty fiels
:param kwargs: Dictionary of all the values received from user
:return: Either raise an error in case of validation failure or returns a dictionary
'''
kwargs['sub_type'] = "''"
if 'policy_element' not in kwargs or not kwargs['policy_element']:
raise API_ERROR(1005, 'Policy missing in query')
else:
kwargs['policy_element'] = Validator._dictionary_test(
kwargs['policy_element'])
return kwargs
def _firewall_policy_validator_old(kwargs):
'''
# Validate input policy for function Firewall. Put quotation marks at the ends to validate the policies to
insert in table. Also set Null value for empty fiels
:param kwargs: Dictionary of all the values received from user
:return: Either raise an error in case of validation failure or returns a dictionary
'''
if 'fqdn' not in kwargs or not kwargs['fqdn']:
raise API_ERROR(1005, 'FQDN missing in query')
kwargs['sport'] = 'Null' if 'sport' not in kwargs or not kwargs[
'sport'] else Validator._port_validation(kwargs['sport'])
kwargs['dport'] = 'Null' if 'dport' not in kwargs or not kwargs[
'dport'] else Validator._port_validation(kwargs['dport'])
kwargs['src'] = 'Null' if 'src' not in kwargs or not kwargs[
'src'] else Validator._ipv4_validation(kwargs['src'])
kwargs['dst'] = 'Null' if 'dst' not in kwargs or not kwargs[
'dst'] else Validator._ipv4_validation(kwargs['dst'])
kwargs['protocol'] = 'Null' if 'protocol' not in kwargs or not kwargs[
'protocol'] else Validator._integer_validation(kwargs['protocol'])
kwargs[
'cesapp_id'] = 'Null' if 'cesapp_id' not in kwargs or not kwargs[
'cesapp_id'] else Validator._integer_validation(
kwargs['cesapp_id'])
kwargs[
'schedule_start'] = 'Null' if 'schedule_start' not in kwargs or not kwargs[
'schedule_start'] else Validator._date_validation(
kwargs['schedule_start'])
kwargs[
'schedule_end'] = 'Null' if 'schedule_end' not in kwargs or not kwargs[
'schedule_end'] else Validator._date_validation(
kwargs['schedule_end'])
kwargs['raw_data'] = "'{}'" if 'raw_data' not in kwargs or not kwargs[
'raw_data'] else Validator._dictionary_test(kwargs['raw_data'])
kwargs['active'] = 1 if 'active' not in kwargs or not kwargs[
'active'] else Validator._boolean_validation(kwargs['active'])
kwargs['comment'] = "'[]'" if 'comment' not in kwargs or not kwargs[
'comment'] else Validator._dictionary_test(kwargs['comment'])
kwargs[
'type'] = "'FIREWALL_USER'" if 'type' not in kwargs or not kwargs[
'type'] else Validator._firewall_type_validation(
kwargs['type'].upper())
kwargs['direction'] = "'*'" if 'direction' not in kwargs or not kwargs[
'direction'] else Validator._direction_validation(
kwargs['direction'].upper())
kwargs['target'] = "'DROP'" if 'target' not in kwargs or not kwargs[
'target'] else Validator._target_validation(
kwargs['target'].upper())
kwargs['priority'] = 10 if 'priority' not in kwargs or not kwargs[
'priority'] else Validator._integer_validation(kwargs['priority'])
return kwargs