def advertisements(self):
"""
Show all advertised networks for the BGP configuration.
::
for advertised in engine.bgp.advertisements:
net, route_map = advertised
:return: list of tuples (advertised_network, route_map). Tuple
may be (None, None) if advertised networks not set.
"""
return [(Element.from_href(ne.get('announced_ne_ref')),
Element.from_href(ne.get('announced_rm_ref')))
for ne in self.data.get('announced_ne_setting')]
def announced_networks(self):
"""
Show all announced networks for the BGP configuration.
Returns tuple of advertised network, routemap. Route
map may be None.
::
for advertised in engine.bgp.advertisements:
net, route_map = advertised
:return: list of tuples (advertised_network, route_map).
"""
return [(Element.from_href(ne.get('announced_ne_ref')),
Element.from_href(ne.get('announced_rm_ref')))
for ne in self.data.get('announced_ne_setting')]
def connection_profile(self):
"""
BGP Connection Profile used by this BGP Peering.
:return: :class:`~BGPConnectionProfile`
"""
return Element.from_href(self.data.get('connection_profile'))
def parent_policy(self):
"""
Read-only name of the parent policy
:return: :class:`smc.base.model.Element` of type policy
"""
return Element.from_href(self.data.get('parent_policy'))
def data_context(self):
"""
The type of log data that is forwarded.
:rtype: DataContext
"""
return (Element.from_href(self.get("data_context"))
if self.get("data_context") is not None else None)
def vpn_profile(self):
"""
Specified VPN Profile used by this VPN Policy
:return: :class:`smc.vpn.elements.VPNProfile`
"""
return Element.from_href(self.data.get('vpn_profile'))
def location(self):
"""
Location name for contact address
:rtype: str
"""
return Element.from_href(self.location_ref)
def physical_interface(self):
"""
Physical interface for this endpoint.
:rtype: PhysicalInterface
"""
return Element.from_href(self.data.get('physical_interface'))
def domain(self):
"""
Domain this permission applies to. Shared Domain if unspecified.
:rtype: AdminDomain
"""
return Element.from_href(self.get('granted_domain_ref', 'Shared Domain'))
def neighbor_as(self):
"""
AutonomousSystem for this external BGP peer
:return: :class:`~AutonomousSystem` element
"""
return Element.from_href(self.data.get('neighbor_as'))
def location(self):
"""
Location name for contact address
:rtype: str
"""
return Element.from_href(self.data['location_ref']).name
def announced_networks(self):
"""
Show all announced networks for the BGP configuration.
Returns tuple of advertised network, routemap. Route
map may be None.
::
for advertised in engine.bgp.advertisements:
net, route_map = advertised
:return: list of tuples (advertised_network, route_map).
"""
return [(
Element.from_href(ne.get("announced_ne_ref")),
Element.from_href(ne.get("announced_rm_ref")),
) for ne in self.data.get("announced_ne_setting")]
def modified_by(self):
"""
The account that last modified this element.
:rtype: Element
"""
return Element.from_href(self.modifier)
def methods(self):
"""
Read only authentication methods enabled
:return: list value: auth methods enabled
"""
return [Element.from_href(method) for method in self.get('methods')]
def users(self):
"""
List of users required to authenticate
:return: list
"""
return [Element.from_href(user) for user in self.get('users', [])]
def methods(self):
"""
Read only authentication methods enabled
:return: list value: auth methods enabled
"""
return [Element.from_href(method) for method in self.get('methods')]
def users(self):
"""
List of users required to authenticate
:return: list
"""
return [Element.from_href(user) for user in self.get('users', [])]
def parent_policy(self):
"""
Read-only name of the parent policy
:return: :class:`smc.base.model.Element` of type policy
"""
return Element.from_href(self.data.get("parent_policy"))
def domain_settings_ref(self):
"""
OSPF Domain Settings profile used for this OSPF Profile
:return: :class:`~OSPFDomainSetting`
"""
return Element.from_href(self.data.get('domain_settings_ref'))
def __iter__(self):
for condition in self.conditions:
condition_type = condition.get('type')
if 'element' in condition_type:
entry = Element.from_href(condition.get('access_list_ref'))
condition_type = 'access_list'
elif 'metric' in condition_type:
entry = Metric(condition.get('metric'))
elif 'peer_address' in condition_type:
ref = 'fwcluster_peer_address_ref' if 'fwcluster_peer_address_ref'\
in condition else 'external_bgp_peer_address_ref'
entry = Element.from_href(condition.get(ref))
elif 'next_hop' in condition_type:
entry = Element.from_href(condition.get('next_hop_ref'))
yield Condition(condition.get('rank'), entry, condition_type)
def netlink(self):
"""
The static netlink referenced in this multilink member
:rtype: StaticNetlink
"""
return Element.from_href(self.data.get('netlink_ref'))
def modified_by(self):
"""
The account that last modified this element.
:rtype: Element
"""
return Element.from_href(self.modifier)
def subnet_distance(self):
"""
Specific subnet administrative distances
:return: list of tuple (subnet, distance)
"""
return [(Element.from_href(entry.get('subnet')), entry.get('distance'))
for entry in self.data.get('distance_entry')]
def sub_policy(self):
"""
Sub policy is used when ``action=jump``.
:rtype: FirewallSubPolicy
"""
if 'sub_policy' in self:
return Element.from_href(self.get('sub_policy'))
def permissions(self):
"""
Elements associated to this permission. Granted elements can be
Engines, Policies or other Access Control Lists.
:return: Element class deriving from :py:class:`smc.base.model.Element`
"""
return [Element.from_href(e) for e in self.granted_element]
def auth_method(self):
"""
Default authentication method for this LDAP User Domain. Can
also be set on the LDAP server as well.
:rtype: AuthenticationService
"""
return Element.from_href(self.data.get('auth_method'))
def resource(self):
"""
The resource/s associated with this task
:rtype: list(Element)
"""
return [Element.from_href(resource)
for resource in self.data.get('resource', [])]
def role(self):
"""
Specific Role assigned to this permission. A role is what allows read/write
access to specific operations on the granted elements
:rtype: Role
"""
return Element.from_href(self.get('role_ref'))
def ldap_server(self):
"""
LDAP Servers associated with this ExternalLdapUserDomain. You must
have at least one ldap server but can have multiple.
:rtype: ActiveDirectoryServer
"""
return [Element.from_href(server) for server in self.data.get('ldap_server', [])]
def http_proxy(self):
"""
Return any HTTP Proxies that are configured for Sandbox.
:return: list of http proxy instances
:rtype: list(HttpProxy)
"""
return [Element.from_href(proxy) for proxy in self.get('http_proxy')]
def created_by(self):
"""
The account that created this element. Returned as
an Element.
:rtype: Element
"""
return Element.from_href(self.creator)
def rule(self):
"""
Return the Rule element for this rule counter. A rule may be from
the policy or the policy template.
:rtype: Rule
"""
return Element.from_href(self.rule_ref)
def granted_elements(self):
"""
List of elements this permission has rights to. Elements will be of type
Engine, Policy or ACLs
:rtype: list(Element)
"""
return [Element.from_href(element) for element in self.get('granted_elements')]
def permissions(self):
"""
Elements associated to this permission. Granted elements can be
Engines, Policies or other Access Control Lists.
:return: Element class deriving from :py:class:`smc.base.model.Element`
"""
return [Element.from_href(e) for e in self.granted_element]
def vpn_profile(self):
"""
VPN profile for this RBVPN
:rtype: VPNProfile
"""
if self.data.get('vpn_profile_ref'):
return Element.from_href(self.vpn_profile_ref)
def gateway(self):
"""
The gateway (engine) that this netlink is used on. You can set
the gateway by providing an element of type Engine or Router.
:rtype: Element
"""
return Element.from_href(self.data.get('gateway_ref'))
def subnet_distance(self):
"""
Specific subnet administrative distances
:return: list of tuple (subnet, distance)
"""
return [(Element.from_href(entry.get('subnet')), entry.get('distance'))
for entry in self.data.get('distance_entry')]
def sub_policy(self):
"""
Sub policy is used when ``action=jump``.
:rtype: FirewallSubPolicy
"""
if 'sub_policy' in self:
return Element.from_href(self.get('sub_policy'))
def rule(self):
"""
Return the Rule element for this rule counter. A rule may be from
the policy or the policy template.
:rtype: Rule
"""
return Element.from_href(self.rule_ref)
def policy(self):
"""
Policy associated with this task
:return: Policy as element
:rtype: Element
"""
return Element.from_href(self.data.get('policy'))
def gateway(self):
"""
The gateway (engine) that this netlink is used on.
:return: Element type for engine
:rtype: Element
"""
return Element.from_href(self.data.get('gateway_ref'))
def networks(self):
"""
List of networks this static netlink uses.
:return: networks associated with this netlink, as Element
:rtype: Element
"""
return [Element.from_href(element) for element in self.data.get('ref')]
def obtain_members(self):
"""
Obtain all group members from this group
:return: group members as elements
:rtype: list(Element)
"""
return [Element.from_href(member) for member in self.data.get("element", [])]
def protocol_agent(self):
""" Protocol Agent for this service
:return: :py:class:`smc.elements.service.Protocol` or None
"""
href = self.data.get('protocol_agent_ref')
if href:
return Element.from_href(href)
def http_proxy(self):
"""
Return any HTTP Proxies that are configured for Sandbox.
:return: list of http proxy instances
:rtype: list(HttpProxy)
"""
return [Element.from_href(proxy) for proxy in self.get('http_proxy')]
def server_credentials(self):
"""
Return a list of assigned (if any) TLSServerCredentials
assigned to this engine.
:rtype: list(TLSServerCredential)
"""
return [Element.from_href(credential)
for credential in self.engine.server_credential]
def site_element(self):
"""
Site elements for this VPN Site.
:return: Elements used in this VPN site
:rtype: list(Element)
"""
return [Element.from_href(element)
for element in self.data.get('site_element')]
def protocol_agent(self):
""" Protocol Agent for this service
:return: Return the protocol agent or None if this service does not
reference a protocol agent
:rtype: ProtocolAgent
"""
if 'protocol_agent_ref' in self.data:
return Element.from_href(self.protocol_agent_ref)
def gateway(self):
"""
The VPN gateway for this node. This is either an internal gateway
or an external gateway
:return: the VPN gateway
:rtype: Element
"""
return Element.from_href(self.data['gateway'])
def resources(self):
"""
Resources associated with this task. Depending on the task, this
may be engines, policies, servers, etc.
:return: list of Elements
:rtype: list
"""
return [Element.from_href(href)
for href in self.data.get('resources')]
def vpn(self):
"""
Return vpn reference. Only used if 'enforce_vpn', 'apply_vpn',
or 'forward_vpn' is the action type.
:param PolicyVPN value: set the policy VPN for VPN action
:rtype: PolicyVPN
"""
if 'vpn' in self:
return Element.from_href(self.get('vpn'))
def goto(self):
"""
If the rule is set to goto a rule section, return
the rule section, otherwise it will return None.
Check the value of finish to determine if the rule
is set to finish on match.
:return: RouteMap or None
"""
return Element.from_href(
self.data.get('goto'))
def used_on(self):
"""
Used on specific whether this NAT rule has a specific engine that
this rule applies to. Default is ANY (unspecified).
:param str,Element value: :py:class:`smc.elements.network` element to
apply to this NAT rule, or str href
:return: Element value: name of element this NAT rule is applied on
"""
if 'used_on' in self.data:
return Element.from_href(self.data.get('used_on'))
def __iter__(self):
for condition in self.conditions:
condition_type = condition.get('type')
if 'element' in condition_type:
entry = Element.from_href(
condition.get('access_list_ref'))
condition_type = 'access_list'
elif 'metric' in condition_type:
entry = Metric(
condition.get('metric'))
elif 'peer_address' in condition_type:
ref = 'fwcluster_peer_address_ref' if 'fwcluster_peer_address_ref'\
in condition else 'external_bgp_peer_address_ref'
entry = Element.from_href(
condition.get(ref))
elif 'next_hop' in condition_type:
entry = Element.from_href(
condition.get('next_hop_ref'))
yield Condition(condition.get('rank'), entry, condition_type)
def tls_policy(self):
"""
The HTTPSInspectionExceptions element referenced in this protocol
agent parameter. Will be None if one is not assigned.
:return: The https inspection exceptions element or None if not
assigned
:rtype: HTTPSInspectionExceptions
"""
if self._tls_inspection_policy_ref:
return Element.from_href(self._tls_inspection_policy_ref)
def endpoint(self):
"""
Endpoint is used to specify which interface is enabled for
VPN. This is the InternalEndpoint property of the
InternalGateway.
:return: internal endpoint where VPN is enabled
:rtype: InternalEndpoint,ExternalGateway
"""
if self.endpoint_ref and self.tunnel_interface_ref:
return InternalEndpoint(href=self.endpoint_ref)
return Element.from_href(self.endpoint_ref)
def vss_contexts(self):
"""
Return all virtual contexts for this VSS Container.
:return list VSSContext
"""
result = self.make_request(
href=fetch_entry_point('visible_virtual_engine_mapping'),
params={'filter': self.name})
if result.get('mapping', []):
return [Element.from_href(ve)
for ve in result['mapping'][0].get('virtual_engine', [])]
return []
def related_element_type(self):
"""
.. versionadded:: 0.6.0
Requires SMC version >= 6.4
Related element type defines the 'type' of element at this
routing or antispoofing node level.
:rtype: str
"""
if 'related_element_type' in self.data:
return self.data.get('related_element_type')
return None if self.dynamic_nicid or (self.nicid and '.' in self.nicid) else \
Element.from_href(self.data.get('href')).typeof # pre-6.4
def all(self):
"""
Return all destinations for this rule. Elements returned
are of the object type for the given element for further
introspection.
Search the fields in rule::
for sources in rule.sources.all():
print('My source: %s' % sources)
:return: elements by resolved object type
:rtype: list(Element)
"""
if not self.is_any and not self.is_none:
return [Element.from_href(href)
for href in self.get(self.typeof)]
return []
def from_meta(node):
"""
Helper method that reolves a routing node to element. Rather than doing
a lookup and fetch, the routing node provides the information to
build the element from meta alone.
:rtype: Element
"""
# Version SMC < 6.4
if 'related_element_type' not in node.data:
return Element.from_href(
node.data.get('href'))
# SMC Version >= 6.4 - more efficient because it builds the
# element by meta versus requiring a query
return Element.from_meta(
name=node.data.get('name'),
type=node.related_element_type,
href=node.data.get('href'))