def edit(self,
source_values=None,
destination_values=None,
services=None,
new_name=None):
"""Edit a Firewall rule.
:param list source_values: list of source values. e.g.,
[value:value_type]
:param list destination_values: list of destination values. e.g.,
[value:value_type]
:param list services: protocol to port mapping.
e.g., [{'tcp' : {'any' : any}}]
:param str new_name: new name of the firewall rule.
"""
self._get_resource()
self.validate_types(source_values, FirewallRule.__SOURCE)
self.validate_types(destination_values, FirewallRule.__DESTINATION)
firewall_rule_temp = self.resource
if source_values:
if not hasattr(firewall_rule_temp, FirewallRule.__SOURCE):
firewall_rule_temp.append(create_element(
FirewallRule.__SOURCE))
if not hasattr(firewall_rule_temp.source, 'exclude'):
firewall_rule_temp.source.append(
create_element('exclude', False))
self._populate_objects_info(firewall_rule_temp, source_values,
FirewallRule.__SOURCE)
if destination_values:
if not hasattr(firewall_rule_temp, FirewallRule.__DESTINATION):
firewall_rule_temp.append(
create_element(FirewallRule.__DESTINATION))
if not hasattr(firewall_rule_temp.destination, 'exclude'):
firewall_rule_temp.destination.append(
create_element('exclude', False))
self._populate_objects_info(firewall_rule_temp, destination_values,
FirewallRule.__DESTINATION)
if services:
if not hasattr(firewall_rule_temp, FirewallRule.__APPLICATION):
firewall_rule_temp.append(
create_element(FirewallRule.__APPLICATION))
self._populate_services(firewall_rule_temp, services)
if new_name:
firewall_rule_temp.name = new_name
self.client.put_resource(self.href, firewall_rule_temp,
EntityType.DEFAULT_CONTENT_TYPE.value)
def edit(self,
source_values=None,
destination_values=None,
services=None,
new_name=None):
"""Edit a Firewall rule.
:param list source_values: list of source values. e.g.,
[value:value_type]
:param list destination_values: list of destination values. e.g.,
[value:value_type]
:param list services: protocol to port mapping.
e.g., [{'tcp' : {'any' : any}}]
:param str new_name: new name of the firewall rule.
"""
self._get_resource()
self.validate_types(source_values, FirewallRule.__SOURCE)
self.validate_types(destination_values, FirewallRule.__DESTINATION)
firewall_rule_temp = self.resource
if source_values:
if not hasattr(firewall_rule_temp, FirewallRule.__SOURCE):
firewall_rule_temp.append(
create_element(FirewallRule.__SOURCE))
if not hasattr(firewall_rule_temp.source, 'exclude'):
firewall_rule_temp.source.append(
create_element('exclude', False))
self._populate_objects_info(firewall_rule_temp, source_values,
FirewallRule.__SOURCE)
if destination_values:
if not hasattr(firewall_rule_temp, FirewallRule.__DESTINATION):
firewall_rule_temp.append(
create_element(FirewallRule.__DESTINATION))
if not hasattr(firewall_rule_temp.destination, 'exclude'):
firewall_rule_temp.destination.append(
create_element('exclude', False))
self._populate_objects_info(firewall_rule_temp, destination_values,
FirewallRule.__DESTINATION)
if services:
if not hasattr(firewall_rule_temp, FirewallRule.__APPLICATION):
firewall_rule_temp.append(
create_element(FirewallRule.__APPLICATION))
self._populate_services(firewall_rule_temp, services)
if new_name:
firewall_rule_temp.name = new_name
self.client.put_resource(self.href, firewall_rule_temp,
EntityType.DEFAULT_CONTENT_TYPE.value)
def __populate_protocol_elements(self, firewall_rule_temp, protocol,
source_port, destination_port):
"""Populate protocol elements. It mutates the firewall rule object.
:param firewall_rule_temp: Firewall rule obj
:param protocol: protocol
:param source_port: source port
:param destination_port: destination port
"""
application_tag = firewall_rule_temp.application
service_tag = create_element('service')
service_tag.append(create_element('protocol', protocol))
service_tag.append(create_element('port', destination_port))
service_tag.append(create_element('sourcePort', source_port))
if protocol == 'icmp':
service_tag.append(create_element('icmpType', 'any'))
application_tag.append(service_tag)
def __populate_protocol_elements(self, firewall_rule_temp, protocol,
source_port, destination_port):
"""Populate protocol elements. It mutates the firewall rule object.
:param firewall_rule_temp: Firewall rule obj
:param protocol: protocol
:param source_port: source port
:param destination_port: destination port
"""
application_tag = firewall_rule_temp.application
service_tag = create_element('service')
service_tag.append(create_element('protocol', protocol))
service_tag.append(create_element('port', destination_port))
service_tag.append(create_element('sourcePort', source_port))
if protocol == 'icmp':
service_tag.append(create_element('icmpType', 'any'))
application_tag.append(service_tag)
def __find_element(self, type, object_type, value, group_type):
"""Find element in the properties using group type.
:param str type: It can be source/destination
:param dict object_type: object types
:param str value: value
:param str group_type: group type. e.g., groupingObjectId
"""
gateway_res = Gateway(self.client, resource=self.parent)
object_list = gateway_res.list_firewall_objects(type, object_type)
for object in object_list:
if object.get('name') == value:
properties = object.get('prop')
for prop in properties:
if prop.get('name') == group_type:
return create_element(group_type, prop.get('value'))
def __find_element(self, type, object_type, value, group_type):
"""Find element in the properties using group type.
:param str type: It can be source/destination
:param dict object_type: object types
:param str value: value
:param str group_type: group type. e.g., groupingObjectId
"""
gateway_res = Gateway(self.client, resource=self.parent)
object_list = gateway_res.list_firewall_objects(type, object_type)
for object in object_list:
if object.get('name') == value:
properties = object.get('prop')
for prop in properties:
if prop.get('name') == group_type:
return create_element(group_type, prop.get('value'))
def _get_group_element(self, type, object_type, value):
"""Get group element base upon the type and object type.
:param str type: It can be source/destination
:param str object_type: Possible values for this would be
'gatewayinterface','virtualmachine','network', 'ipset',
'securitygroup', 'ip'
:param str value: value
:return: group objectified element
:rtype: :rtype: lxml.objectify.ObjectifiedElement
"""
if object_type == 'ip':
return create_element('ipAddress', value)
if object_type in FirewallRule.__GROUP_OBJECT_LIST:
return self.__find_element(type, object_type, value,
'groupingObjectId')
elif object_type in FirewallRule.__VNIC_GROUP_LIST:
return self.__find_element(type, object_type, value, 'vnicGroupId')
def _get_group_element(self, type, object_type, value):
"""Get group element base upon the type and object type.
:param str type: It can be source/destination
:param str object_type: Possible values for this would be
'gatewayinterface','virtualmachine','network', 'ipset',
'securitygroup', 'ip'
:param str value: value
:return: group objectified element
:rtype: :rtype: lxml.objectify.ObjectifiedElement
"""
if object_type == 'ip':
return create_element('ipAddress', value)
if object_type in FirewallRule.__GROUP_OBJECT_LIST:
return self.__find_element(type, object_type, value,
'groupingObjectId')
elif object_type in FirewallRule.__VNIC_GROUP_LIST:
return self.__find_element(type, object_type, value, 'vnicGroupId')