def __init__(self, ifc_key='ScanningThreatRate', asa_key = ScanningThreatDetection.THREAT_DETECTION_SCANNING_RATE):
'''Constructor'''
self.extra_cli = None
SimpleType.__init__(self, ifc_key = ifc_key, asa_key = asa_key,
asa_gen_template = ScanningThreatDetection.THREAT_DETECTION_SCANNING_RATE + ' rate-interval %(rate_interval)s average-rate %(average_rate)s burst-rate %(burst_rate)s',
response_parser = ScanningThreatDetection.ignore_msg_response_parser)
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list, interfaces = None):
'''Generate ASA configuration from IFC configuration delta.
@see DMObject.ifc2asa for parameter details
'''
if not self.has_ifc_delta_cfg():
return
action = self.get_action()
if action == State.NOCHANGE:
return
if action == State.DESTROY and self.is_removable:
self.generate_cli(no_asa_cfg_stack, 'no ' + self.get_cli())
else:
self.generate_cli(asa_cfg_list, self.get_cli())
# apply the pool to the management interface
value = normalize_param_dict(self.delta_ifc_cfg_value['value'])
intf = self.get_top().get_mgmt_interface()
if not intf:
# default management interface: m0/0
intf = 'm0/0'
attr = self.get_mgmt_intf_attributes(intf)
if attr == None:
return
clii = CLIInteraction(mode_command='interface ' + util.normalize_interface_name(intf),
command='ip address ' + attr['ip'] + ' ' + attr['mask'] + ' cluster-pool ' + value['pool_name'],
response_parser=cluster_response_parser)
asa_cfg_list.append(clii)
SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def __init__(self, name, asa_key = "flow-export destination"):
'''Constructor'''
self.interface = None
SimpleType.__init__(self, name, asa_key,
asa_gen_template = 'flow-export destination %(interface)s %(host)s %(port)s',
response_parser = TemplateAndCollectors.ignore_msg_response_parser)
def __init__(self, name):
SimpleType.__init__(
self,
name,
asa_gen_template="failover link %(interface_name)s %(interface)s",
response_parser=failover_response_parser,
)
def __init__(self, name):
SimpleType.__init__(
self,
name,
is_removable=True,
asa_gen_template="failover interface ip %(interface_name)s %(active_ip)s",
response_parser=failover_response_parser,
)
def __init__(self, name):
'''@todo: use Route.__init__ instead of SimpleType.__init__
Route.__init__(self, name, defaults=None, asa_gen_template = 'ipv6 route %(interface)s %(prefix)s %(gateway)s')
'''
SimpleType.__init__(self, name,
asa_gen_template = 'ipv6 route %(interface)s %(prefix)s %(gateway)s %(hop_count)s %(tunneled)s',
defaults = {'hop_count': '', 'tunneled': ''},
response_parser = static_route_response_parser)
def __init__(self):
'''
Constructor
'''
SimpleType.__init__(self, ifc_key = 'IPSSettings', asa_key = 'ips',
asa_gen_template='ips %(operate_mode)s %(fail_mode)s',
response_parser = cli_interaction.ignore_warning_response_parser)
def __init__(self, ifc_key='BasicThreatDetectionRateAclDrop', asa_key='threat-detection rate acl-drop'):
'''Constructor '''
self.rate_type = None
self.extra_cli = None
SimpleType.__init__(self, ifc_key, asa_key,
asa_gen_template = 'threat-detection rate %(rate)s rate-interval %(rate_interval)s average-rate %(average_rate)s burst-rate %(burst_rate)s',
response_parser = cli_interaction.ignore_warning_response_parser)
def __init__(self, ifc_key, asa_key, on_value, response_parser):
'''
@param on_value: str
The value in the dictionary to turn on the feature, e.g. 'enable'
'''
SimpleType.__init__(self, ifc_key, asa_key)
self.on_value = on_value
self.response_parser = response_parser
def __init__(self, name):
SimpleType.__init__(
self,
name,
is_removable=True,
asa_gen_template="ip address %(active_ip)s %(netmask)s standby %(standby_ip)s",
asa_mode_template="interface %(interface)s",
response_parser=failover_response_parser,
)
def __init__(self, ifc_key='ExportAllEvent', asa_key='flow-export event-type all'):
self.action = None
self.destination = None
self.config = None
self.status = 'enable'
template = None
if ifc_key == 'ExportAllEvent':
template = self.FLOW_EXPORT_ALL_EVENT_DESTINATION + ' %(event_destination)s'
elif ifc_key == 'ExportCreationlEvent':
template = self.FLOW_EXPORT_CREATION_EVENT_DESTINATION + ' %(event_destination)s'
elif ifc_key == 'ExportDenyEvent':
template = self.FLOW_EXPORT_DENY_EVENT_DESTINATION + ' %(event_destination)s'
SimpleType.__init__(self, ifc_key, asa_key, asa_gen_template = template, response_parser = TemplateAndCollectors.ignore_msg_response_parser)
def parse_multi_parameter_cli(self, cli):
"""
Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter
"""
# Take care of the mandatory parameters
result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template=self.asa_gen_template)
"Take care of the optional parameters"
tokens = cli.split()
# The number of tokens must greater than 3, i.e. 'failover interface ip ...'
assert len(tokens) > 3
for name in ["interface_name", "active_ip", "standby_ip"]:
result[(Type.PARAM, name, "")] = {"state": State.NOCHANGE, "value": ""}
option = tokens[3:]
# for ipv4, option is: %(interface_name)s %(active_ip)s %(netmask)s standby %(standby_ip)s
# for ipv6, option is: %(interface_name)s %(active_ip)s standby %(standby_ip)s
result[Type.PARAM, "interface_name", ""]["value"] = option[0]
result[Type.PARAM, "active_ip", ""]["value"] = option[1]
if ":" not in option[1]: # ipv4
result[(Type.PARAM, "netmask", "")] = {"state": State.NOCHANGE, "value": ""}
result[Type.PARAM, "netmask", ""]["value"] = option[2]
# skip option[3], which should be the 'standby' keyword
result[Type.PARAM, "standby_ip", ""]["value"] = option[4]
else: # ipv6, no netmask
# skip option[2], which should be the 'standby' keyword
result[Type.PARAM, "standby_ip", ""]["value"] = option[3]
return result
def parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = None):
'''
Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter
'''
if not cli.endswith(AdvancedThreatDetection.THREAT_DETECTION_STATISTICS_TCP_INTERCEPT):
return SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template)
return self.parse_intercept_cli(cli)
def parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = None):
'''
Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter
'''
# Take care of the mandatory parameters
result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template)
#Take care of the optional parameters
tokens = cli.split()
if tokens[0] == 'no':
result = {(Type.PARAM, 'status', '') : {'state': State.NOCHANGE, 'value': 'disable'}}
return result
# The number of mandatory parameters is 3, i.e. 'threat-detection statistics host'
if len(tokens) == 3:
return result # no optional parameter
option = tokens[3:]
if 'number-of-rate' in option:
pos = option.index('number-of-rate') + 1
result = {(Type.PARAM, 'number_of_rate', '') : {'state': State.NOCHANGE, 'value': option[pos]}}
else:
return result
return result
def create_cli(self, config, state):
''' Create the CLI using the config and the state '''
if state == State.NOCHANGE:
return ''
if not config:
return ''
result = AdvancedThreatDetection.THREAT_DETECTION_STATISTICS
if state == State.DESTROY:
if self.parent.is_audit():
if self.parent.statistics_exists('statistics'):
return None
return 'no ' + AdvancedThreatDetection.THREAT_DETECTION_STATISTICS + ' ' + self.stat_type
status = 'enable'
try:
if isinstance(config, dict):
status = config.get('status')
else:
return ''
except KeyError:
return SimpleType.get_cli(self)
if status and status.startswith('disable'):
return 'no ' + AdvancedThreatDetection.THREAT_DETECTION_STATISTICS + ' ' + self.stat_type
result += ' ' + self.stat_type
rate = config.get('number_of_rate')
if rate:
result += ' number-of-rate ' + str(rate)
return result
def parse_cli(self, cli):
'''Override
'''
if cli.endswith(ScanningThreatDetection.THREAT_DETECTION_SCANNING):
return 'disable' if cli.startswith('no ') else 'enable'
return SimpleType.parse_cli(self, cli)
def get_cli(self):
'''Generate the CLI for this single cluster ip config.
'''
assert self.has_ifc_delta_cfg()
config = util.normalize_param_dict(self.delta_ifc_cfg_value['value'])
mask = config.get('mask')
result = SimpleType.get_cli(self)
if mask:
result += ' mask ' + mask
return ' '.join(result.split())
def get_cli(self):
"""Generate the CLI for this single failover ip config.
"""
assert self.has_ifc_delta_cfg()
config = util.normalize_param_dict(self.delta_ifc_cfg_value["value"])
netmask = config.get("netmask") if ":" not in config.get("active_ip") else ""
standby_ip = config.get("standby_ip")
result = SimpleType.get_cli(self)
result += " " + netmask + " standby " + standby_ip
return " ".join(result.split())
def get_cli(self):
'''
Generate the CLI for this single CLI with optional parameter 'reset'
'''
assert self.has_ifc_delta_cfg()
config = util.normalize_param_dict(self.delta_ifc_cfg_value['value'])
reset_option = (config.get('idle_reset') == 'enable') if config is not None else False # default value for reset: disable
reset_option = ' ' + TIMEOUT_RESET_CLI if reset_option else ''
return SimpleType.get_cli(self) + reset_option
def parse_multi_parameter_cli(self, cli):
'''Override the default implementation in case the CLI does not have optional max_retries value
'''
# Take care of the optional parameters
tokens = cli.split()
if len(tokens) < len(self.asa_gen_template.split()):
cli += ' ' + MAX_RETRIES_DEFAULT
return SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template)
def get_cli(self):
'''Generate the CLI for this CLACP system-mac configuration.
'''
if not self.has_ifc_delta_cfg():
return ''
config = util.normalize_param_dict(self.delta_ifc_cfg_value['value'])
priority = config.get('priority')
result = SimpleType.get_cli(self)
if priority:
result += ' system-priority ' + priority
return ' '.join(result.split())
def parse_single_parameter_cli(self, cli):
''' Parse CLI '''
result = {}
find_id = cli.find(self.get_asa_key())
if find_id >= 0:
self.destination = cli[find_id + len(self.get_asa_key()) + 1:]
if find_id > 0:
self.status = 'disable'
else:
self.status = 'enable'
result[(Type.PARAM, 'status', '')] = {'state': State.NOCHANGE, 'value': self.status}
result[(Type.PARAM, 'event_destination', '')] = {'state': State.NOCHANGE, 'value': self.destination}
return result
return SimpleType.parse_cli(self, cli)
def parse_multi_parameter_cli(self, cli):
'''
Override the default implementation in case the CLI does not match asa_gen_template due to optional
parameter 'reset'
'''
# Take care of the mandatory parameters
result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template)
# Take care of the optional parameters
tokens = cli.split()
# The number of mandatory parameters is the same as the asa_gen_template, i.e. 'service-policy global_policy global'
if (result is None) or (len(tokens) == len(self.asa_gen_template.split())):
return result # doesn't match or no optional parameter
if TIMEOUT_RESET_CLI in tokens[-1:]: # e.g. set connection timeout idle 2:3:4 reset
result[(Type.PARAM, 'idle_reset', TIMEOUT_RESET_CLI)] = {'state': State.NOCHANGE, 'value': 'enable'}
return result
def parse_multi_parameter_cli(self, cli):
'''
Override the default implementation in case the CLI does not match asa_gen_template due to optional parameter
'''
# Take care of the mandatory parameters
result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = self.asa_gen_template)
'Take care of the optional parameters'
tokens = cli.split()
# The number of tokens must greater than 3, i.e. 'clacp system-mac [H.H.H | auto]'
assert len(tokens) > 3
option = tokens[3:]
if len(option) > 0:
result[(Type.PARAM, 'system-priority', '')] = {'state': State.NOCHANGE, 'value': ''}
result[Type.PARAM, 'system-priority', '']['value'] = option[0]
return result
def parse_multi_parameter_cli(self, cli):
'''Override the default implementation in case the CLI does not match asa_gen_template due to optional
parameter
'''
'Take care of the mandatory parameters'
result = SimpleType.parse_multi_parameter_cli(self, cli, alternate_asa_gen_template = 'ipv6 route %(interface)s %(prefix)s %(gateway)s')
'Take care of the optional parameters'
for name, value in self.defaults.iteritems():
result[(Type.PARAM, name, '')] = {'state': State.NOCHANGE, 'value': value}
tokens = cli.split()
if len(tokens) == 5:
return result #no optional parameter
option = tokens[5]
if option == 'tunneled':
result[Type.PARAM, 'tunneled', '']['value'] = option
elif option:
result[Type.PARAM, 'hop_count', '']['value'] = option
return result
def __init__(self):
'''
Constructor
'''
SimpleType.__init__(self, 'timeout_idle', 'set connection timeout idle', asa_gen_template='set connection timeout idle %(idle_time)s', defaults={'idle_time': IDLE_TIME_DEFAULT})
def __init__(self, ifc_key, asa_key, default):
'''
Constructor
'''
SimpleType.__init__(self, ifc_key, asa_key, defaults=default)
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list):
value = self.get_value_with_connector()
'Prevent the deletion of route on management interface or IFC will not able to connect to the ASA'
self.is_removable = value.get('interface') != 'management'
return SimpleType.ifc2asa(self, no_asa_cfg_stack, asa_cfg_list)
def __init__(self, name):
SimpleType.__init__(self, name,
asa_gen_template = "ip local pool %(pool_name)s %(start_ip)s-%(end_ip)s",
response_parser = cluster_response_parser)
def __init__(self):
SimpleType.__init__(self, ifc_key = 'priority',
asa_key = 'priority',
asa_mode_template = 'cluster group %(group_name)s',
asa_gen_template = 'priority %(priority)s')
def __init__(self):
SimpleType.__init__(self, ifc_key = 'local_unit',
asa_key = 'local-unit',
asa_mode_template = 'cluster group %(group_name)s',
asa_gen_template = 'local-unit %(local_unit)s')
def __init__(self):
'''
Constructor
'''
SimpleType.__init__(self, 'timeout_dcd', 'set connection timeout dcd', asa_gen_template='set connection timeout dcd %(retry_interval)s %(max_retries)s', defaults={'retry_interval': RETRY_INTERVAL_DEFAULT, 'max_retries': MAX_RETRIES_DEFAULT})
def __init__(self, name):
SimpleType.__init__(
self,
name,
asa_gen_template='failover link %(interface_name)s %(interface)s',
response_parser=failover_response_parser)
def __init__(self):
SimpleType.__init__(
self,
ifc_key=AccessGroupGlobal.__name__,
asa_key='access-group',
asa_gen_template='access-group %(access_list_name)s global')
def __init__(self, instance):
SimpleType.__init__(
self,
ifc_key=instance,
asa_key='access-group',
asa_gen_template='access-group %(access_list_name)s %(direction)s interface %(interface_name)s')
def __init__(self, ifc_key, asa_key, default):
'''
Constructor
'''
SimpleType.__init__(self, ifc_key, asa_key, defaults=default)
def __init__(self):
SimpleType.__init__(self, ifc_key = 'cluster_interface',
asa_key = 'cluster-interface',
asa_gen_template='cluster-interface %(interface)s ip %(ip)s %(mask)s',
is_removable = False,
response_parser = cluster_response_parser)
def __init__(self):
SimpleType.__init__(self, ifc_key = 'health_check',
asa_key = 'health-check',
asa_mode_template = 'cluster group %(group_name)s',
asa_gen_template = 'health-check holdtime %(health_check)s')
def __init__(self):
SimpleType.__init__(self, ifc_key='clacp',
asa_key = 'clacp system-mac',
asa_gen_template='clacp system-mac %(system_mac)s')
def __init__(self):
SimpleType.__init__(self, ifc_key = 'mtu',
asa_key = 'mtu cluster',
asa_gen_template='mtu cluster %(mtu)s',
response_parser = cluster_response_parser)
def __init__(self, name):
SimpleType.__init__(self,
name,
asa_gen_template='failover polltime',
response_parser=failover_response_parser)
def __init__(self):
SimpleType.__init__(
self,
ifc_key='trap_level',
asa_key='logging trap',
response_parser=cli_interaction.ignore_warning_response_parser)
def __init__(self):
SimpleType.__init__(self, ifc_key = 'conn_rebalance',
asa_key = 'conn-rebalance',
asa_mode_template = 'cluster group %(group_name)s',
asa_gen_template = 'conn-rebalance frequency %(conn_rebalance)s')
