def update_targets(self, sources, destinations, services):
source = Source()
destination = Destination()
service = Service()
if sources is not None:
if isinstance(sources, str) and sources.lower() == "any":
source.set_any()
else:
source.add_many(sources)
else:
source.set_none()
if destinations is not None:
if isinstance(destinations, str) and destinations.lower() == "any":
destination.set_any()
else:
destination.add_many(destinations)
else:
destination.set_none()
if services is not None:
if isinstance(services, str) and services.lower() == "any":
service.set_any()
else:
service.add_many(services)
else:
service.set_none()
e = {}
e.update(sources=source.data)
e.update(destinations=destination.data)
e.update(services=service.data)
return e
def destinations(self):
"""
Destinations for this rule
:return: :py:class:`smc.policy.rule_elements.Destination`
"""
return Destination(self.data.get('destinations'))
def destinations(self):
"""
Destinations for this rule
:rtype: Destination
"""
return Destination(self)
def test_services(self):
service = Service(data={'any': True})
source = Source()
dest = Destination()
self.assertEqual(service.data, {'any': True})
self.assertEqual(source.data, {'none': True})
self.assertEqual(dest.data, {'none': True})
source.set_any()
self.assertTrue(source.is_any)
source.set_none()
self.assertTrue(source.is_none)
source.add('http://1.1.1.1')
self.assertEqual(source.data, {'src': ['http://1.1.1.1']})
source.set_none()
source.add_many(['http://1.1.1.1', 'http://2.2.2.2'])
self.assertEqual(source.data,
{'src': ['http://1.1.1.1', 'http://2.2.2.2']})
self.assertEqual(source.all_as_href(),
['http://1.1.1.1', 'http://2.2.2.2'])
o = service()
self.assertIsNotNone(o.get('services'))
o = source()
self.assertIsNotNone(o.get('sources'))
o = dest()
self.assertIsNotNone(o.get('destinations'))
def update_targets(self, sources, destinations, services):
source = Source()
destination = Destination()
service = Service()
if sources is not None:
if isinstance(sources, str) and sources.lower() == 'any':
source.set_any()
else:
source.add_many(sources)
else:
source.set_none()
if destinations is not None:
if isinstance(destinations, str) and destinations.lower() == 'any':
destination.set_any()
else:
destination.add_many(destinations)
else:
destination.set_none()
if services is not None:
if isinstance(services, str) and services.lower() == 'any':
service.set_any()
else:
service.add_many(services)
else:
service.set_none()
e = {}
#e.update(source())
e.update(sources=source.data)
e.update(destinations=destination.data)
e.update(services=service.data)
return e
def _rule_common(sources, destinations, services):
"""
Common rule elements
"""
source = Source()
destination = Destination()
service = Service()
if sources is not None:
if isinstance(sources, str) and sources.lower() == 'any':
source.set_any()
else:
source.add_many(sources)
else:
source.set_none()
if destinations is not None:
if isinstance(destinations, str) and destinations.lower() == 'any':
destination.set_any()
else:
destination.add_many(destinations)
else:
destination.set_none()
if services is not None:
if isinstance(services, str) and services.lower() == 'any':
service.set_any()
else:
service.add_many(services)
else:
service.set_none()
e = {}
e.update(source())
e.update(destination())
e.update(service())
return e
def create(self,
name,
sources=None,
destinations=None,
services=None,
dynamic_src_nat=None,
dynamic_src_nat_ports=(1024, 65535),
static_src_nat=None,
static_dst_nat=None,
static_dst_nat_ports=None,
is_disabled=False,
used_on=None):
"""
Create a NAT rule.
When providing sources/destinations or services, you can provide the
element href, network element or service from
:py:class:`smc.elements.network` and :py:class:`smc.elements.service`.
You can also use both types of input for these fields.
:param str name: name of NAT rule
:param list sources: list of sources by href or :py:class:`smc.elements.network`
:param list destinations: list of destinations by href or :py:class:`smc.elements.network`
:param list services: list of services by href or :py:class:`smc.elements.service`
:param dynamic_src_nat: str ip or element from :py:class:`smc.elements.network` for dest NAT
:param tuple dynamic_src_nat_ports: starting and ending ports for PAT. Default: (1024, 65535)
:param static_src_nat: str ip or element href of used for source NAT
:param static_dst_nat: destination NAT IP address or element href
:param tuple static_dst_nat_ports: ports or port range used for original and destination ports
(only needed if a different destination port is used and does not match the rules service port)
:param boolean is_disabled: whether to disable rule or not
:param str used_on: element or href (of security engine) where this NAT rule applies, Default: Any
:raises: :py:class:`smc.api.exceptions.InvalidRuleValue`: if rule requirements are not met
:raises: :py:class:`smc.api.exceptions.CreateRuleFailed`: rule creation failure
:return: None
"""
rule_values = _rule_common(sources, destinations, services)
rule_values.update(name=name)
rule_values.update(is_disabled=is_disabled)
options = LogOptions()
if dynamic_src_nat:
nat = DynamicSourceNAT(options.data)
nat.translated_value = dynamic_src_nat
nat.translated_ports = (dynamic_src_nat_ports)
rule_values.update(options=nat.data)
elif static_src_nat:
nat = StaticSourceNAT(options.data)
nat.translated_value = static_src_nat
nat.original_value = sources[0].href
rule_values.update(options=nat.data)
if static_dst_nat:
destination = Destination(rule_values['destinations'])
if destination.is_any or destination.is_none:
raise InvalidRuleValue(
'Destination field cannot be none or any for '
'destination NAT.')
nat = StaticDestNAT(options.data)
nat.translated_value = static_dst_nat
nat.original_value = destination.all_as_href()[0]
rule_values.update(options=nat.data)
if 'options' not in rule_values: # No NAT
rule_values.update(options=options.data)
rule_values.update(used_on=used_on)
return prepared_request(CreateRuleFailed,
href=self.href,
json=rule_values).create()
def create(self,
name,
sources=None,
destinations=None,
services=None,
dynamic_src_nat=None,
dynamic_src_nat_ports=(1024, 65535),
static_src_nat=None,
static_dst_nat=None,
static_dst_nat_ports=None,
is_disabled=False,
used_on=None):
"""
Create a NAT rule.
When providing sources/destinations or services, you can provide the
element href, network element or services from ``smc.elements``.
You can also mix href strings with Element types in these fields.
:param str name: name of NAT rule
:param list sources: list of sources by href or Element
:type sources: list(str,Element)
:param list destinations: list of destinations by href or Element
:type destinations: list(str,Element)
:param list services: list of services by href or Element
:type services: list(str,Element)
:param dynamic_src_nat: str ip or Element for dest NAT
:type dynamic_src_nat: str,Element
:param tuple dynamic_src_nat_ports: starting and ending ports for PAT.
Default: (1024, 65535)
:param str static_src_nat: ip or element href of used for source NAT
:param str static_dst_nat: destination NAT IP address or element href
:param tuple static_dst_nat_ports: ports or port range used for original
and destination ports (only needed if a different destination port
is used and does not match the rules service port)
:param bool is_disabled: whether to disable rule or not
:param str used_on: href or Element (of security engine) where this
NAT rule applies, Default: Any
:type used_on: str,Element
:raises InvalidRuleValue: if rule requirements are not met
:raises CreateRuleFailed: rule creation failure
:return: newly created NAT rule
:rtype: IPv4NATRule
"""
rule_values = self.update_targets(sources, destinations, services)
rule_values.update(name=name)
rule_values.update(is_disabled=is_disabled)
options = LogOptions()
if dynamic_src_nat:
nat = DynamicSourceNAT(options.data)
nat.translated_value = dynamic_src_nat
nat.translated_ports = (dynamic_src_nat_ports)
rule_values.update(options=nat.data)
elif static_src_nat:
nat = StaticSourceNAT(options.data)
nat.translated_value = static_src_nat
nat.original_value = sources[0].href
rule_values.update(options=nat.data)
if static_dst_nat:
destinations = rule_values['destinations']
if 'any' in destinations or 'none' in destinations:
raise InvalidRuleValue(
'Destination field cannot be none or any for '
'destination NAT.')
destination = Destination()
destination.add_many(destinations.get('dst'))
nat = StaticDestNAT(options.data)
nat.translated_value = static_dst_nat
nat.original_value = destination.all_as_href()[0]
if static_dst_nat_ports:
nat.translated_ports = static_dst_nat_ports
rule_values.update(options=nat.data)
if 'options' not in rule_values: # No NAT
rule_values.update(options=options.data)
rule_values.update(used_on=used_on)
return SubElementCreator(self.__class__,
CreateRuleFailed,
href=self.href,
json=rule_values)
