def generate_cli(self, asa_cfg_list, cli): """ Override the default implementation to make the modify and delete CLI idempotent. That is issuing the CLI multiple times result in the same behavior in the running-config without the need to report error. """ SimpleType.generate_cli(self, asa_cfg_list, cli, response_parser = idempotent_response_parser)
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='object-group network %(name)s'); self.register_child(Description()) self.register_child(DMList(name='host_ip_address', child_class = HostObject, asa_key = 'network-object host')) self.register_child(DMList(name='object_name', child_class = ObjectObject, asa_key = 'network-object object')) self.register_child(DMList(name='network_ip_address', child_class = NetworkObject, asa_key = 'network-object')) self.register_child(DMList(name='object_group_name', child_class = GroupObject, asa_key = 'group-object'))
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): '''Override the default implementation for modify action: Need to issue no command to delete old one and then issue command to set the new one. ''' if self.get_action() == State.MODIFY: old_cli = self.get_old_cli() if old_cli: self.generate_cli(no_asa_cfg_stack, 'no ' + old_cli) SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def parse_multi_parameter_cli(self, cli): '''Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter ''' result = SimpleType.parse_multi_parameter_cli(self, cli) if not result: result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = ' '.join(self.asa_gen_template.split()[:3])) return result
def generate_cli(self, asa_cfg_list, cli): """ Override the default implementation to make the modify and delete CLI idempotent. That is issuing the CLI multiple times result in the same behavior in the running-config without the need to report error. """ SimpleType.generate_cli(self, asa_cfg_list, cli, response_parser=idempotent_response_parser)
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='interface TVI1'); # Phase 1 only has TVI1 self.register_child(IPv4Addr('ipv4_address')) self.register_child(DMList(name='ipv6_address_with_prefix', child_class=IPv6Addr, asa_key ='ipv6 address')) self.register_child(IPv6Enable('ipv6_enable')) self.register_child(IPv6NDDad('ipv6_nd_dad_attempts')) self.register_child(IPv6NDNsInterval('ipv6_nd_ns_interval')) self.register_child(IPv6NDReachable('ipv6_nd_reachable_time')) self.register_child(MACAddr('mac-address')) self.register_child(NameIF('nameif')) self.response_parser = cli_interaction.ignore_info_response_parser
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='interface BVI%(bvi_id)s'); self.register_child(IPv4Addr('ipv4_address')) self.register_child(DMList(name='ipv6_address_with_prefix', child_class=IPv6Addr, asa_key ='ipv6 address')) self.register_child(IPv6Enable('ipv6_enable')) self.register_child(IPv6NDDad('ipv6_nd_dad_attempts')) self.register_child(IPv6NDNsInterval('ipv6_nd_ns_interval')) self.register_child(IPv6NDReachable('ipv6_nd_reachable_time')) self.member1 = BridgeGroupMember() self.member2 = BridgeGroupMember() self.response_parser = cli_interaction.ignore_info_response_parser
def parse_multi_parameter_cli(self, cli): '''Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter ''' result = SimpleType.parse_multi_parameter_cli(self, cli) if not result: result = SimpleType.parse_multi_parameter_cli( self, cli, alternate_asa_gen_template=' '.join( self.asa_gen_template.split()[:3])) return result
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): '''Override the default implementation to take care of the special 'sub-command' class-map, which is actually a global-command. ''' if not self.has_ifc_delta_cfg(): return if self.get_action() == State.DESTROY: 'To generate the no form of the command' for child in self.children.values(): #taking care of removing class-map global command child.ifc2asa(no_asa_cfg_stack, asa_cfg_list) SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list) return _CompositeType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='interface TVI1') # Phase 1 only has TVI1 self.register_child(IPv4Addr('ipv4_address')) self.register_child( DMList(name='ipv6_address_with_prefix', child_class=IPv6Addr, asa_key='ipv6 address')) self.register_child(IPv6Enable('ipv6_enable')) self.register_child(IPv6NDDad('ipv6_nd_dad_attempts')) self.register_child(IPv6NDNsInterval('ipv6_nd_ns_interval')) self.register_child(IPv6NDReachable('ipv6_nd_reachable_time')) self.register_child(MACAddr('mac-address')) self.register_child(NameIF('nameif')) self.response_parser = cli_interaction.ignore_info_response_parser
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='interface BVI%(bvi_id)s') self.register_child(IPv4Addr('ipv4_address')) self.register_child( DMList(name='ipv6_address_with_prefix', child_class=IPv6Addr, asa_key='ipv6 address')) self.register_child(IPv6Enable('ipv6_enable')) self.register_child(IPv6NDDad('ipv6_nd_dad_attempts')) self.register_child(IPv6NDNsInterval('ipv6_nd_ns_interval')) self.register_child(IPv6NDReachable('ipv6_nd_reachable_time')) self.member1 = BridgeGroupMember() self.member2 = BridgeGroupMember() self.response_parser = cli_interaction.ignore_info_response_parser
def get_translator(self, cli): 'Override the default implementation as the suffix is part of the key' result = SimpleType.get_translator(self, cli) if result: tokens = cli.split() suffix = tokens[len(tokens) - 1] result = self if suffix == self.asa_suffix else None return result
def parse_multi_parameter_cli(self, cli): # Take care of the mandatory parameters result = SimpleType.parse_multi_parameter_cli( self, cli, alternate_asa_gen_template=self.asa_gen_template) 'Take care of the optional parameters' tokens = cli.split() # The number of tokens must greater than 2, i.e. 'ipv6 address prefix or default' assert len(tokens) > 2 if ' at ' in cli: colon_index_list = [a for a, b in enumerate(tokens) if ':' in b] d1 = self.get_date_without_year(' '.join( tokens[5:colon_index_list[0] + 1])) d2 = self.get_date_without_year(' '.join( tokens[(colon_index_list[0] + 1):colon_index_list[1] + 1])) result[(Type.PARAM, 'valid_lifetime_in_date', '')] = { 'state': State.NOCHANGE, 'value': d1 } result[(Type.PARAM, 'prefered_lifetime_in_date', '')] = { 'state': State.NOCHANGE, 'value': d2 } elif len(tokens) > 5 and (tokens[4].isdigit() or tokens[4] == 'infinite') and \ (tokens[5].isdigit() or tokens[5] == 'infinite'): s1 = 'valid_lifetime_in_seconds' if tokens[5].isdigit( ) else 'valid_lifetime_never_expire' s2 = 'prefered_lifetime_in_seconds' if tokens[5].isdigit( ) else 'prefered_lifetime_never_expire' result[(Type.PARAM, s1, '')] = { 'state': State.NOCHANGE, 'value': tokens[4] } result[(Type.PARAM, s2, '')] = { 'state': State.NOCHANGE, 'value': tokens[5] } if 'no-advertise' in cli: result[(Type.PARAM, 'no_advertise', '')] = { 'state': State.NOCHANGE, 'value': 'enable' } else: if 'off-link' in cli: result[(Type.PARAM, 'off-link', '')] = { 'state': State.NOCHANGE, 'value': 'enable' } if 'no-autoconfig' in cli: result[(Type.PARAM, 'no-autoconfig', '')] = { 'state': State.NOCHANGE, 'value': 'enable' } return result
def __init__(self, instance): SimpleType.__init__(self, ifc_key=instance, asa_gen_template='object-group service %(name)s') self.register_child(Description()) children = [ # ifc_key child_class asa_key ('protocol_type', ProtocolObject, '^service-object \S+$'), ('object_name', ObjectObject, '^service-object object'), ('tcp', TCPObject, '^service-object tcp '), ('udp', UDPObject, '^service-object udp '), ('tcp-udp', TCPUDPObject, '^service-object tcp-udp'), ('icmp', ICMPObject, '^service-object icmp '), ('icmp6', ICMP6Object, '^service-object icmp6'), ('object_group_name', GroupObject, '^group-object'), ] for ifc_key, child_class, asa_key in children: self.register_child( DMList(ifc_key, child_class, re.compile(asa_key)))
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): '''Override the default implementation to take care of the class-map command which is global rather than sub-command. ''' if not self.has_ifc_delta_cfg(): return class_map = self.children.values()[0] sub_commands = self.children.values()[1] if self.get_action() == State.DESTROY: 'To generate the no form of the command, rid of class-map global command, no need to issue "no class" sub-command' class_map.ifc2asa(no_asa_cfg_stack, asa_cfg_list) 'Only issue "no class" command if we modify the policy-map rather than destroy the policy-map' if self.parent.get_action() != State.DESTROY: SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list) return 'Generate CLIs from the children, class_map is a global command.' class_map.ifc2asa(no_asa_cfg_stack, asa_cfg_list); sub_commands.mode_command = self.get_child_mode_command() sub_commands.ifc2asa(no_asa_cfg_stack, asa_cfg_list);
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='object-group network %(name)s') self.register_child(Description()) self.register_child( DMList(name='host_ip_address', child_class=HostObject, asa_key='network-object host')) self.register_child( DMList(name='object_name', child_class=ObjectObject, asa_key='network-object object')) self.register_child( DMList(name='network_ip_address', child_class=NetworkObject, asa_key='network-object')) self.register_child( DMList(name='object_group_name', child_class=GroupObject, asa_key='group-object'))
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): 'Override default implementation to deal with different CLI for no commands.' tmp_no_asa_cfg_stack = [] result = SimpleType.ifc2asa(self, tmp_no_asa_cfg_stack, asa_cfg_list) if tmp_no_asa_cfg_stack: action = self.get_action() if action == State.DESTROY and self.is_removable: if self.get_asa_key() == 'ip audit info': self.generate_cli(no_asa_cfg_stack, 'no ip audit info') else: self.generate_cli(no_asa_cfg_stack, 'no ip audit attack') return result
def parse_multi_parameter_cli(self, cli): result = SimpleType.parse_multi_parameter_cli( self, cli, alternate_asa_gen_template=self.asa_gen_template) tokens = cli.split() if len(tokens) == 3: return result # no optional parameter result[(Type.PARAM, 'peer_mac', '')] = { 'state': State.NOCHANGE, 'value': '' } option = tokens[3:] if 'mac' in option: # e.g. "peer ip 10.10.10.10 mac 1234.5678.9abc" result[Type.PARAM, 'peer_mac', '']['value'] = option[1] return result
def parse_multi_parameter_cli(self, cli): # Take care of the mandatory parameters result = SimpleType.parse_multi_parameter_cli( self, cli, alternate_asa_gen_template=self.asa_gen_template) 'Take care of the optional parameters' tokens = cli.split() # The number of tokens must greater than 2, i.e. 'ipv6 address x:x:x:x::x/prefix eui-64' assert len(tokens) > 2 if len(tokens) == 4: result[(Type.PARAM, 'eui64', '')] = { 'state': State.NOCHANGE, 'value': '' } result[Type.PARAM, 'eui64', '']['value'] = 'enable' return result
def gen_diff_ifc_asa(self, cli_dict): if not self.cli_key in cli_dict: return SimpleType.diff_ifc_asa(self, cli_dict[self.cli_key]) return self.get_action()
def __init__(self): SimpleType.__init__(self, ifc_key='TrafficSelection', asa_key='match', defaults='any')
def diff_ifc_asa(self, cli): 'Override the default implementation to remember the old cli for deletion purpose' SimpleType.diff_ifc_asa(self, cli) self.delta_ifc_cfg_value['old_cli'] = cli
def __init__(self, connector = None): '@param connector: str, the name of a connector; None for global policy' SimpleType.__init__(self, ifc_key = 'ServicePolicyState', asa_key = "service-policy") NameIf.__init__(self, connector)
def gen_diff_ifc_asa(self, cli): if not 'ipv6 nd prefix' in cli: return SimpleType.diff_ifc_asa(self, cli) return self.get_action()
def __init__(self): CompositeType.__init__(self, ifc_key = DNSServer.__name__, asa_key = 'dns server-group DefaultDNS') self.register_child(SimpleType("domain_name", "domain-name")) self.register_child(DMList('name_server', DNSNameServer, 'name-server'))
def gen_diff_ifc_asa(self, cli): if cli.startswith('segment-id') and self.segment_key in cli: SimpleType.diff_ifc_asa(self, cli) return self.get_action()
def __init__(self, name): SimpleType.__init__(self, name, asa_gen_template='name-server %s')
def __init__(self): ''' Constructor ''' SimpleType.__init__(self, "domain_lookup", 'dns domain-lookup')
def __init__(self, ifc_key, asa_gen_template): SimpleType.__init__(self, ifc_key=ifc_key, asa_gen_template=asa_gen_template) self.cli_key = '' self.response_parser = cli_interaction.ignore_info_response_parser
def __init__(self, instance): SimpleType.__init__(self, ifc_key=instance, asa_gen_template='ipv6 address %s')
def __init__(self, instance): SimpleType.__init__(self, ifc_key = instance, asa_key = 'ipv6 nd reachable-time', \ asa_gen_template='ipv6 nd reachable-time %s')
def __init__(self, instance): SimpleType.__init__(self, ifc_key = instance, asa_key = 'ipv6 nd ns-interval', \ asa_gen_template='ipv6 nd ns-interval %s')
def gen_ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): '''Generate ASA configuration from IFC configuration delta. @see SimpleType.ifc2asa for parameter details ''' SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def __init__(self): SimpleType.__init__(self, ifc_key='protocol_type', asa_key='service')
def __init__(self, instance): SimpleType.__init__(self, ifc_key = instance, asa_key = 'ipv6 nd dad attempts', \ asa_gen_template='ipv6 nd dad attempts %s')