def patPool(self, name, options={}):
# Network Group Object permitted for patPool
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
items = ipaddresses_json.get("items", []) + networkgroup_json.get("items", [])
new_net = None
for item in items:
if item["name"] == name:
new_net = {"name": item["name"], "id": item["id"], "type": item["type"]}
break
if new_net is None:
logging.warning(
f'Network "{name}" is not found in FMC. Cannot add to patPool.'
)
else:
self.natType = "DYNAMIC"
self.patOptions = {"patPoolAddress": new_net}
self.patOptions["interfacePat"] = (
options.interfacePat if "interfacePat" in options.keys() else False
)
self.patOptions["includeReserve"] = (
options.includeReserve if "includeReserve" in options.keys() else False
)
self.patOptions["roundRobin"] = (
options.roundRobin if "roundRobin" in options.keys() else True
)
self.patOptions["extendedPat"] = (
options.extendedPat if "extendedPat" in options.keys() else False
)
self.patOptions["flatPortRange"] = (
options.flatPortRange if "flatPortRange" in options.keys() else False
)
logging.info(f'Adding "{name}" to patPool for this AutoNatRule.')
def identity_nat(self, name):
"""
Associate an Identity Network.
:param name: (str) Name of Network.
:return: None
"""
logging.debug("In identity_nat() for ManualNatRules class.")
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
items = ipaddresses_json.get("items", []) + networkgroup_json.get(
"items", [])
new_net = None
for item in items:
if item["name"] == name:
new_net = {"id": item["id"], "type": item["type"]}
break
if new_net is None:
logging.warning(
f'Network "{name}" is not found in FMC. Cannot add to this ManualNatRules.'
)
else:
self.natType = "STATIC"
self.originalSource = new_net
self.translatedSource = new_net
logging.info(f'Adding "{name}" to ManualNatRules.')
def find_group_object(self, name):
"""
Search for group object by name.
:param name: (str) Name of group object
:return: id (str), type (str) or None None
"""
group_object = NetworkGroups(fmc=self.fmc, name=name)
resp = group_object.get()
return self._return_id_type(resp)
def find_group_object(self, name):
"""
Search for group object by name
Args:
name (str): Name of group object
Returns:
id (str), type (str) or None None
"""
group_object = NetworkGroups(fmc=self.fmc, name=name)
resp = group_object.get()
return self._return_id_type(resp)
def encryption_domain(self, action, names=[]):
"""
Associate Encryption.
:param action: (str) 'add', 'remove', or 'clear'.
:param names: (list) List of Encryption names.
"""
logging.debug("In endpoint() for Endpoints class.")
fqdns_json = FQDNS(fmc=self.fmc).get()
host_json = Hosts(fmc=self.fmc).get()
net_json = Networks(fmc=self.fmc).get()
netg_json = NetworkGroups(fmc=self.fmc).get()
items = (
fqdns_json.get("items", [])
+ host_json.get("items", [])
+ net_json.get("items", [])
+ netg_json.get("items", [])
)
new_network = None
if action == "add":
for name in names:
for item in items:
if item["name"] == name:
new_network = {"id": item["id"], "type": item["type"]}
break
if new_network is None:
logging.warning(
f'FQDNS/Host/Network/Network Group"{name}" is not found in FMC.'
f" Cannot add to protectedNetworks."
)
else:
if "protectedNetworks" in self.__dict__:
self.protectedNetworks["networks"].append(new_network)
logging.info(f'Appending "{name}" to protectedNetworks.')
else:
self.protectedNetworks = {"networks": [new_network]}
logging.info(f'Adding "{name}" to protectedNetworks.')
elif action == "remove":
if "protectedNetworks" in self.__dict__:
for name in names:
self.protectedNetworks = list(
filter(lambda i: i["name"] != name, self.protectedNetworks)
)
else:
logging.warning(
"protectedNetworks has no members. Cannot remove network."
)
elif action == "clear":
if "protectedNetworks" in self.__dict__:
del self.protectedNetworks
def original_source(self, name):
"""
Associate Network to be used as Original Source.
:param name: (str) Name of Network.
:return: None
"""
logging.debug("In original_source() for ManualNatRules class.")
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(
fmc=self.fmc).get() # FIXME, shouldn't this be a part of items?
items = ipaddresses_json.get("items", [])
new_net = None
for item in items:
if item["name"] == name:
new_net = {"id": item["id"], "type": item["type"]}
break
if new_net is None:
logging.warning(
f'Network "{name}" is not found in FMC. Cannot add to original_source.'
)
else:
self.originalSource = new_net
logging.info(
f'Adding "{name}" to original_source for this ManualNatRule.')
def patPool(self, name, options={}):
"""
Associate a PAT Pool.
:param name: (str) Name of PAT Pool.
:param options: (dict) key/value of options.
:return: None
"""
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
items = ipaddresses_json.get("items", []) + networkgroup_json.get(
"items", [])
new_net = None
for item in items:
if item["name"] == name:
new_net = {
"name": item["name"],
"id": item["id"],
"type": item["type"]
}
break
if new_net is None:
logging.warning(
f'Network "{name}" is not found in FMC. Cannot add to patPool.'
)
else:
self.natType = "DYNAMIC"
self.unidirectional = True
self.patOptions = {"patPoolAddress": new_net}
self.patOptions["interfacePat"] = (options.interfacePat
if "interfacePat"
in options.keys() else False)
self.patOptions["includeReserve"] = (options.includeReserve
if "includeReserve"
in options.keys() else False)
self.patOptions["roundRobin"] = (options.roundRobin if "roundRobin"
in options.keys() else True)
self.patOptions["extendedPat"] = (options.extendedPat
if "extendedPat"
in options.keys() else False)
self.patOptions["flatPortRange"] = (options.flatPortRange
if "flatPortRange"
in options.keys() else False)
logging.info(f'Adding "{name}" to patPool for this ManualNatRule.')
def original_source(self, name):
logging.debug("In original_source() for ManualNatRules class.")
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
items = ipaddresses_json.get("items", [])
new_net = None
for item in items:
if item["name"] == name:
new_net = {"id": item["id"], "type": item["type"]}
break
if new_net is None:
logging.warning(
f'Network "{name}" is not found in FMC. Cannot add to original_source.'
)
else:
self.originalSource = new_net
logging.info(
f'Adding "{name}" to original_source for this ManualNatRule.')
def destination_network(self, action, name="", literal=None):
"""
Add/modify name/literal to destinationNetworks field of AccessRules object.
:param action: (str) the action to be done 'add', 'remove', 'clear'
:param name: (str) name of the object in question
:param literal: (dict) the literal in question {value:<>, type:<>}
:return: None
"""
# using dict() as default value is dangerous here, any thoughts/workarounds on this?
logging.debug("In destination_network() for ACPRule class.")
if literal and name != "":
raise ValueError(
"Only one of literals or name (object name) should be set while creating a source network"
)
if not hasattr(self, "destinationNetworks"):
self.destinationNetworks = {"objects": [], "literals": {}}
if action == "add":
if literal:
type_ = get_networkaddress_type(literal)
self.destinationNetworks["literals"][literal] = type_
logging.info(
f'Adding literal "{literal}" of type "{type_}" '
f"to destinationNetworks for this AccessRules."
)
else:
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
if self.fmc.serverVersion >= "6.4":
fqdns_json = FQDNS(fmc=self.fmc).get()
else:
fqdns_json = {"items": []}
items = (
ipaddresses_json.get("items", [])
+ networkgroup_json.get("items", [])
+ fqdns_json.get("items", [])
)
new_net = None
for item in items:
if item["name"] == name:
new_net = {
"name": item["name"],
"id": item["id"],
"type": item["type"],
}
break
if new_net is None:
logging.warning(
f'Network "{name}" is not found in FMC. Cannot add to destinationNetworks.'
)
else:
if "destinationNetworks" in self.__dict__:
# thus either some objects are already present in destinationNetworks,
# or only literals are present in destinationNetworks
if "objects" in self.__dict__["destinationNetworks"]:
# some objects are already present
duplicate = False
for obj in self.destinationNetworks["objects"]:
if obj["name"] == new_net["name"]:
duplicate = True
break
if not duplicate:
self.destinationNetworks["objects"].append(new_net)
logging.info(
f'Adding "{name}" to destinationNetworks for this AccessRules.'
)
else:
# this means no objects were present in destinationNetworks,
# and destinationNetworks contains literals only
self.destinationNetworks.update({"objects": [new_net]})
# So update the destinationNetworks dict which contained 'literals' key initially
# to have a 'objects' key as well
logging.info(
f'Adding "{name}" to destinationNetworks for this AccessRules.'
)
else:
# None of literals or objects are present in destinationNetworks,
# so initialize it with objects and update the provided object
self.destinationNetworks = {"objects": [new_net]}
logging.info(
f'Adding "{name}" to destinationNetworks for this AccessRules.'
)
elif action == "remove":
if "destinationNetworks" in self.__dict__:
if name != "":
# an object's name has been provided to be removed
objects = []
for obj in self.destinationNetworks["objects"]:
if obj["name"] != name:
objects.append(obj)
if len(objects) == 0:
# it was the last object which was deleted now
del self.destinationNetworks
logging.info(
f'Removed "{name}" from destinationNetworks for this AccessRules'
)
logging.info(
"All Destination Networks removed from this AccessRules object."
)
else:
self.destinationNetworks["objects"] = objects
logging.info(
f'Removed "{name}" from destinationNetworks for this AccessRules.'
)
else:
# a literal value has been provided to be removed
type_ = self.destinationNetworks["literals"].get(literal)
if type_:
self.destinationNetworks["literals"].pop(literal)
logging.info(
f'Removed literal "{literal}" of '
f'type "{type_}" from destinationNetworks for this AccessRules.'
)
else:
logging.info(
f'Unable to removed literal "{literal}" '
f"from destinationNetworks as it was not found"
)
else:
logging.info(
"destinationNetworks doesn't exist for this AccessRules. Nothing to remove."
)
elif action == "clear":
if "destinationNetworks" in self.__dict__:
del self.destinationNetworks
logging.info(
"All Destination Networks removed from this AccessRules object."
)
def networks(self, action, networks):
logging.info("In networks() for IPv4StaticRoute class.")
if action == "add":
# Valid objects are IPHost, IPNetwork and NetworkGroup.
# Create a dictionary to contain all three object type.
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
items = ipaddresses_json.get("items", []) + networkgroup_json.get(
"items", []
)
for network in networks:
# Find the matching object name in the dictionary if it exists
net1 = list(filter(lambda i: i["name"] == network, items))
if len(net1) > 0:
if "selectedNetworks" in self.__dict__:
# Check to see if network already exists
exists = list(
filter(
lambda i: i["id"] == net1[0]["id"],
self.selectedNetworks,
)
)
if "id" in exists:
logging.warning(
f'Network "{network}" already exists in selectedNetworks.'
)
else:
self.selectedNetworks.append(
{
"type": net1[0]["type"],
"id": net1[0]["id"],
"name": net1[0]["name"],
}
)
else:
self.selectedNetworks = [
{
"type": net1[0]["type"],
"id": net1[0]["id"],
"name": net1[0]["name"],
}
]
else:
logging.warning(
f'Network "{network}" not found. Cannot set up device for IPv4StaticRoute.'
)
elif action == "remove":
ipaddresses_json = NetworkAddresses(fmc=self.fmc).get()
networkgroup_json = NetworkGroups(fmc=self.fmc).get()
items = ipaddresses_json.get("items", []) + networkgroup_json.get(
"items", []
)
for network in networks:
net1 = list(filter(lambda i: i["name"] == network, items))
if len(net1) > 0:
if "selectedNetworks" in self.__dict__:
new_net1 = list(
filter(
lambda i: i["id"] != net1[0]["id"],
self.selectedNetworks,
)
)
else:
logging.warning(
"No selectedNetworks found for this Device's IPv4StaticRoute."
)
else:
logging.warning(
f'Network "{network}" not found. Cannot set up device for IPv4StaticRoute.'
)
elif action == "clear":
if "selectedNetworks" in self.__dict__:
del self.selectedNetworks
logging.info(
"All selectedNetworks removed from this IPv4StaticRoute object."
)
