def __init__(self, device=None, interfaces=None, include_shared_config=True): ''' @param device: dict to identify the ASA device, passed in from device_script APIs @param interfaces: dict physical interfaces names passed in from device_script APIs @param include_shared_config: boolean Flag to indicate if the function configuration should be modified. ''' DMObject.__init__(self, ifc_key=DeviceModel.__name__) self.device = device self.interfaces = interfaces self.sts_table = {} self.label2nameif = {} #cache of label to nameif map 'All the stuff defined in vnsMDevCfg section of device_specification.xml' self.register_child(Vifs()) self.register_child(DMList('VLAN', Vlan)) self.register_child(VxlanPort('vxlan_port')) self.register_child(NVE('NVE')) self.register_child(TVIs()) self.register_child(DMList('ENCAPASS', EncapAss)) self.register_child(DMList('InterfaceConfig', InterfaceConfig)) self.register_child(PortChannelMembers()) self.register_child(HostObjects()) self.register_child(SubnetObjects()) self.register_child(RangeObjects()) self.register_child(FQDNObjects()) self.register_child(ICMP4Objects()) self.register_child(ICMP6Objects()) self.register_child(ProtocolObjects()) self.register_child(TCPObjects()) self.register_child(UDPObjects()) self.register_child(NetworkObjectGroups()) self.register_child(ServiceObjectGroups()) self.register_child(AccessListList()) self.register_child( AccessListDeployment()) # Must follow AccessListList self.register_child(ClusterConfig()) self.register_child(LoggingConfig()) self.register_child(FailoverConfig()) self.register_child(AccessGroupGlobal()) self.register_child(Timeouts()) self.register_child(BasicThreatDetection()) self.register_child(AdvancedThreatDetection()) self.register_child(ScanningThreatDetection()) self.register_child(NetFlowObjects()) self.register_child(IPAudit()) self.register_child(NTP()) self.register_child(DNS()) self.register_child(SmartCallHome()) self.register_child(GlobalServicePolicyContainer()) 'Child for vsnGrpCfg element' if include_shared_config: self.register_child(SharedConfig())
def __init__(self): ''' Constructor ''' DMObject.__init__(self, ifc_key = Timeouts.__name__, asa_key = 'timeout') ifc_asa_keys = [# IFC Key ASA Key Default min max allow0 ("Connection", "timeout conn", '1:0:0', '0:5:0', '1193:0:0', True), ("HalfClosedConnection", "timeout half-closed", '0:10:0', '0:0:30', '1193:0:0', True), ("Udp", "timeout udp", '0:2:0', '0:1:0', '1193:0:0', True), ("Icmp", "timeout icmp", '0:0:2', '0:0:2', '1193:0:0', False), ("H323", "timeout h323", '0:5:0', '0:0:0', '1193:0:0', False), ("H225", "timeout h225", '1:0:0', '0:0:0', '1193:0:0', False), #Trailing space in the ASA key for Mgcp is to avoid collision with mgcp-pat ("Mgcp", "timeout mgcp ", '0:5:0', '0:0:0', '1193:0:0', True), ("MgcpPat", "timeout mgcp-pat", '0:5:0', '0:0:0', '1193:0:0', True), ("TcpProxyReassembly", "timeout tcp-proxy-reassembly", '0:1:0', '0:0:10', '1193:0:0', False), ("FloatingConn", "timeout floating-conn", '0:0:0', '0:0:30', '1193:0:0', True), ("SunRpc", "timeout sunrpc", '0:10:0', '0:1:0', '1193:0:0', True), #Trailing space in the ASA key for Sip is to avoid collision with other sip-* command ("Sip", "timeout sip ", '0:30:0', '0:5:0', '1193:0:0', True), ("SipMedia", "timeout sip_media", '0:2:0', '0:1:0', '1193:0:0', True), ("SipProvisionalMedia", "timeout sip-provisional-media", '0:2:0', '0:1:0', '1193:0:0', False), ("SipInvite", "timeout sip-invite", '0:1:0', '0:0:30', '1193:0:0', False), ("SipDisconnect", "timeout sip-disconnect", '0:2:0', '0:0:1', '1193:0:0', False), ("Xlate", "timeout xlate", '3:0:0', '0:1:0', '1193:0:0', False), ("PatXlate", "timeout pat-xlate", '0:0:30', '0:0:30', '0:5:0', False) ] for (ifc, asa, dflt, min, max, allow0) in ifc_asa_keys: self.register_child(Timeout(ifc, asa, dflt, min, max, allow0)) self.register_child(AuthenticationTimeout("AuthenAbsolute", "absolute")) self.register_child(AuthenticationTimeout("AuthenInactivity", "inactivity"))
def __init__(self): ''' Constructor ''' DMObject.__init__(self, ifc_key = IPAudit.__name__, asa_key = 'ip audit') self.register_child(IPAuditObj(ifc_key='IPAuditAttack', asa_key='ip audit attack', asa_gen_template='ip audit attack action %s')) self.register_child(IPAuditObj(ifc_key='IPAuditInfo', asa_key='ip audit info', asa_gen_template='ip audit info action %s'))
def __init__(self, device = None, interfaces = None, include_shared_config = True): ''' @param device: dict to identify the ASA device, passed in from device_script APIs @param interfaces: dict physical interfaces names passed in from device_script APIs @param include_shared_config: boolean Flag to indicate if the function configuration should be modified. ''' DMObject.__init__(self, ifc_key = DeviceModel.__name__) self.device = device self.interfaces = interfaces self.sts_table = {} self.label2nameif = {} #cache of label to nameif map 'All the stuff defined in vnsMDevCfg section of device_specification.xml' self.register_child(Vifs()) self.register_child(DMList('VLAN', Vlan)) self.register_child(VxlanPort('vxlan_port')) self.register_child(NVE('NVE')) self.register_child(TVIs()) self.register_child(DMList('ENCAPASS', EncapAss)) self.register_child(DMList('InterfaceConfig', InterfaceConfig)) self.register_child(PortChannelMembers()) self.register_child(HostObjects()) self.register_child(SubnetObjects()) self.register_child(RangeObjects()) self.register_child(FQDNObjects()) self.register_child(ICMP4Objects()) self.register_child(ICMP6Objects()) self.register_child(ProtocolObjects()) self.register_child(TCPObjects()) self.register_child(UDPObjects()) self.register_child(NetworkObjectGroups()) self.register_child(ServiceObjectGroups()) self.register_child(AccessListList()) self.register_child(AccessListDeployment()) # Must follow AccessListList self.register_child(ClusterConfig()) self.register_child(LoggingConfig()) self.register_child(FailoverConfig()) self.register_child(AccessGroupGlobal()) self.register_child(Timeouts()) self.register_child(BasicThreatDetection()) self.register_child(AdvancedThreatDetection()) self.register_child(ScanningThreatDetection()) self.register_child(NetFlowObjects()) self.register_child(IPAudit()) self.register_child(NTP()) self.register_child(DNS()) self.register_child(SmartCallHome()) self.register_child(GlobalServicePolicyContainer()) 'Child for vsnGrpCfg element' if include_shared_config: self.register_child(SharedConfig())
def populate_model(self, delta_ifc_key, delta_ifc_cfg_value): 'Override the default implementation because the IFC model does not directly map to self.children' DMObject.populate_model(self, delta_ifc_key, delta_ifc_cfg_value) 'Let PolicyMap share the configuration with this translator' policy_map = self.children.values()[0] policy_map.populate_model(delta_ifc_key, delta_ifc_cfg_value) 'If the this configuration for this object is destroyed, destroy its ServicePolicy child as well' if self.delta_ifc_cfg_value['state'] != State.DESTROY: return service_policy = self.children.values()[1] service_policy.populate_model((Type.PARAM, service_policy.ifc_key,''), {'state': State.DESTROY})
def create_missing_ifc_delta_cfg(self): """Override the default implementation to leave indicator for absence of IFC configuration. Reminder: the purpose of this method is to prepare for configuration delete operation in diff_ifc_asa method. Note on implementing State.DESTROY operation for deviceAudit API on this translator: For deviceAudit operation, the framework uses the absence of self.delta_ifc_cfg_value to indicate this translator does not have IFC configuration. However, we have to create self.delta_ifc_cfg_value for this particular translator. Question: So how do we tell if IFC does not have configuration for this translator? Answer: by introducing an special entry, named 'PolicyMap_state', in the value dictionary for this translator, so that the get_action method can use this entry in the self.delta_ifc_cfg_value, i.e. self.delta_ifc_cfg_value['PolicyMap_state'] to determine if the operation is State.DESTROY. """ if self.has_ifc_delta_cfg(): return DMObject.create_missing_ifc_delta_cfg(self) self.mark_absent() for child in self.children.values(): child.create_missing_ifc_delta_cfg() 'Let PolicyMap share the configuration with this translator' policy_map = self.children.values()[0] policy_map.populate_model(self.delta_ifc_key, self.delta_ifc_cfg_value)
def __init__(self, instance): DMObject.__init__(self, instance) self.register_child(ExIntfConfigRelFolder()) self.register_child(InIntfConfigRelFolder()) self.register_child(Connectors('CONN', Connector)) self.register_child(BridgeGroupIntfs()) self.register_child(NATRuleList()) self.register_child(NATRuleDeployment()) # Must follow NATRuleList self.register_child(AccessGroupList('ExtAccessGroup', 'external')) self.register_child(AccessGroupList('IntAccessGroup', 'internal')) self.register_child(IntStaticRoute()) self.register_child(ExtStaticRoute()) self.register_child(InIPv6EnforceEUI64()) self.register_child(ExIPv6EnforceEUI64()) self.register_child(IntConnectorServicePolicyContainer()) self.register_child(ExtConnectorServicePolicyContainer())
def ifc2asa(self, no_asa_cfg_stack, asa_cfg_list): 'Override default implementation to deal with "no timeout ...", which is not accepted by ASA. Use "clear config timeout" instead' tmp_no_asa_cfg_stack = [] result = DMObject.ifc2asa(self, tmp_no_asa_cfg_stack, asa_cfg_list) if tmp_no_asa_cfg_stack: 'consolidate "no timeout ..." commands into "clear config timeout"' self.generate_cli(no_asa_cfg_stack, "clear config timeout") return result
def __init__(self, instance): DMObject.__init__(self, instance) self.register_child(IPv4Addr('ipv4_address')) self.register_child(SecurityLevel('security_level')) self.register_child(IPv6AddrList()) self.register_child(IPv6AutoConfig('ipv6_autoconfig')) self.register_child(IPv6Enable('ipv6_enable')) self.register_child(IPv6NDDad('ipv6_nd_dad_attempts')) self.register_child(IPv6NDNsInterval('ipv6_nd_ns_interval')) self.register_child(IPv6NDReachable('ipv6_nd_reachable_time')) self.register_child(IPv6NDRaInterval('ipv6_nd_ra_interval')) self.register_child(IPv6NDRaLifetime('ipv6_nd_ra_lifetime')) self.register_child(IPv6LinkLocal('ipv6_link_local_address')) self.register_child(IPv6NeighborDiscoveryList()) 'vxlan config below' self.register_child(SegmentIDSecondarys()) self.register_child(SegmentIDOriginates())
def __init__(self): ''' Constructor ''' DMObject.__init__(self, ifc_key=Timeouts.__name__, asa_key='timeout') ifc_asa_keys = [ # IFC Key ASA Key Default min max allow0 ("Connection", "timeout conn", '1:0:0', '0:5:0', '1193:0:0', True), ("HalfClosedConnection", "timeout half-closed", '0:10:0', '0:0:30', '1193:0:0', True), ("Udp", "timeout udp", '0:2:0', '0:1:0', '1193:0:0', True), ("Icmp", "timeout icmp", '0:0:2', '0:0:2', '1193:0:0', False), ("H323", "timeout h323", '0:5:0', '0:0:0', '1193:0:0', False), ("H225", "timeout h225", '1:0:0', '0:0:0', '1193:0:0', False), #Trailing space in the ASA key for Mgcp is to avoid collision with mgcp-pat ("Mgcp", "timeout mgcp ", '0:5:0', '0:0:0', '1193:0:0', True), ("MgcpPat", "timeout mgcp-pat", '0:5:0', '0:0:0', '1193:0:0', True), ("TcpProxyReassembly", "timeout tcp-proxy-reassembly", '0:1:0', '0:0:10', '1193:0:0', False), ("FloatingConn", "timeout floating-conn", '0:0:0', '0:0:30', '1193:0:0', True), ("SunRpc", "timeout sunrpc", '0:10:0', '0:1:0', '1193:0:0', True), #Trailing space in the ASA key for Sip is to avoid collision with other sip-* command ("Sip", "timeout sip ", '0:30:0', '0:5:0', '1193:0:0', True), ("SipMedia", "timeout sip_media", '0:2:0', '0:1:0', '1193:0:0', True), ("SipProvisionalMedia", "timeout sip-provisional-media", '0:2:0', '0:1:0', '1193:0:0', False), ("SipInvite", "timeout sip-invite", '0:1:0', '0:0:30', '1193:0:0', False), ("SipDisconnect", "timeout sip-disconnect", '0:2:0', '0:0:1', '1193:0:0', False), ("Xlate", "timeout xlate", '3:0:0', '0:1:0', '1193:0:0', False), ("PatXlate", "timeout pat-xlate", '0:0:30', '0:0:30', '0:5:0', False) ] for (ifc, asa, dflt, min, max, allow0) in ifc_asa_keys: self.register_child(Timeout(ifc, asa, dflt, min, max, allow0)) self.register_child(AuthenticationTimeout("AuthenAbsolute", "absolute")) self.register_child( AuthenticationTimeout("AuthenInactivity", "inactivity"))
def __init__(self): DMObject.__init__(self, ifc_key = 'port_channel_id')
def __init__(self): DMObject.__init__(self, ifc_key='port_channel_id')
def __init__(self): DMObject.__init__(self, SharedConfig.__name__) self.register_child(Firewalls())
def __init__(self, type): DMObject.__init__(self, ifc_key = 'ipv6_enforce_eui64') self.conn_type = type
def __init__(self): DMObject.__init__(self, InIntfConfigRel.__name__)
def __init__(self): DMObject.__init__(self, ifc_key='interface')
def populate_model(self, delta_ifc_key, delta_ifc_cfg_value): ''' Populate model ''' DMObject.populate_model(self, delta_ifc_key, delta_ifc_cfg_value) self.state = delta_ifc_cfg_value['state']
def __init__(self, name): DMObject.__init__(self, name) self.register_child(ChannelGroup()) self.register_child(InterfaceObject()) self.response_parser = cli_interaction.ignore_info_response_parser
def __init__(self): DMObject.__init__(self, ifc_key = 'interface')
def __init__(self, ifc_key = "GlobalServicePolicy", connector = None): DMObject.__init__(self, ifc_key = ifc_key) self.register_child(PolicyMap(connector)) self.register_child(ServicePolicy(connector))
def __init__(self): DMObject.__init__(self, InIntfConfigRelFolder.__name__) self.register_child(InIntfConfigRel())
def __init__(self): DMObject.__init__(self, ExIPv6EnforceEUI64.__name__) self.register_child(IPv6EnforceEUI64('external'))