def get_inventory(self, context):
"""Discovers the resource structure and attributes.
:param ResourceCommandContext context: ResourceCommandContext object
with all Resource Attributes inside
:return Attribute and sub-resource information for the Shell resource
:rtype: AutoLoadDetails
"""
with LoggingSessionContext(context) as logger, LogCommand(
logger, "get_inventory"
):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
enable_disable_snmp_flow = CheckpointEnableDisableSnmpFlow(
cli_configurator, logger
)
snmp_configurator = EnableDisableSnmpConfigurator(
enable_disable_snmp_flow, resource_config, logger
)
resource_model = FirewallResourceModel.from_resource_config(resource_config)
autoload_operations = CheckpointSnmpAutoloadFlow(logger, snmp_configurator)
logger.info("Autoload started")
response = autoload_operations.discover(self.SUPPORTED_OS, resource_model)
logger.info("Autoload completed")
return response
def orchestration_restore(self, context, saved_artifact_info, custom_params):
"""Restores a saved artifact.
Restores a saved artifact previously saved by this Shell driver using the
orchestration_save function.
:param ResourceCommandContext context: The context object for the command
with resource andreservation info
:param str saved_artifact_info: A JSON string representing the state to
restore including saved artifacts and info
:param str custom_params: Set of custom parameters for the restore operation
"""
with LoggingSessionContext(context) as logger, LogCommand(
logger, "orchestration_restore"
):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
configuration_flow = CheckpointConfigurationFlow(
logger, resource_config, cli_configurator
)
return configuration_flow.orchestration_restore(
saved_artifact_info, custom_params
)
def health_check(self, context):
"""Checks if the device is up and connectable.
:param ResourceCommandContext context: ResourceCommandContext
object with all Resource Attributes inside
:return: Success or fail message
:rtype: str
"""
with LoggingSessionContext(context) as logger, LogCommand(
logger, "health_check"
):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
state_flow = CheckpointStateFlow(
logger, resource_config, cli_configurator, api
)
return state_flow.health_check()
def orchestration_save(self, context, mode, custom_params):
"""Saves the shell state.
Saves the shell state and returns a description of the saved
artifacts and information. This command is intended for API use
only by sandbox orchestration scripts to implement a save and
restore workflow.
:param ResourceCommandContext context: the context object containing
resource and reservation info
:param str mode: Snapshot save mode, can be one of two values
"shallow" (default) or "deep"
:param str custom_params: Set of custom parameters for the save operation
:return: SavedResults serialized as JSON
:rtype: OrchestrationSaveResult
"""
with LoggingSessionContext(context) as logger, LogCommand(
logger, "orchestration_save"
):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
configuration_flow = CheckpointConfigurationFlow(
logger, resource_config, cli_configurator
)
return configuration_flow.orchestration_save(mode, custom_params)
def save(self, context, folder_path, configuration_type, vrf_management_name):
"""Save a configuration file to the provided destination.
:param ResourceCommandContext context: The context object for
the command with resource and reservation info
:param str folder_path: The path to the folder in which the
configuration file will be saved
:param str configuration_type: startup or running config
:param vrf_management_name:
:return The configuration file name
:rtype: str
"""
with LoggingSessionContext(context) as logger, LogCommand(logger, "save"):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
configuration_flow = CheckpointConfigurationFlow(
logger, resource_config, cli_configurator
)
configuration_type = configuration_type or "running"
return configuration_flow.save(
folder_path, configuration_type, vrf_management_name
)
def orchestration_restore(
self,
context: ResourceCommandContext,
saved_artifact_info: str,
custom_params: str,
):
"""Restore selected file to the provided destination.
:param context: an object with all Resource Attributes inside
:param saved_artifact_info: OrchestrationSavedArtifactInfo json
:param custom_params: json with custom restore parameters
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
cli_handler = self._cli.get_cli_handler(resource_config, logger)
configuration_flow = ConfigurationFlow(
cli_handler=cli_handler,
logger=logger,
resource_config=resource_config)
logger.info("Orchestration restore started")
restore_params = OrchestrationSaveRestore(
logger, resource_config.name).parse_orchestration_save_result(
saved_artifact_info)
configuration_flow.restore(**restore_params)
logger.info("Orchestration restore completed")
def load_firmware(self, context: ResourceCommandContext, path: str,
vrf_management_name: str):
"""Upload and updates firmware on the resource.
:param context: an object with all Resource Attributes inside
:param path: full path to firmware file, i.e. tftp://10.10.10.1/firmware.tar
:param vrf_management_name: VRF management Name
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
if not vrf_management_name:
vrf_management_name = resource_config.vrf_management_name
cli_handler = self._cli.get_cli_handler(resource_config, logger)
logger.info("Start Load Firmware")
firmware_operations = FirmwareFlow(cli_handler=cli_handler,
logger=logger)
response = firmware_operations.load_firmware(
path=path, vrf_management_name=vrf_management_name)
logger.info("Finish Load Firmware: {}".format(response))
def get_inventory(self,
context: AutoLoadCommandContext) -> AutoLoadDetails:
"""Return device structure with all standard attributes.
:param context: an object with all Resource Attributes inside
:return: response
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
cli_handler = self._cli.get_cli_handler(resource_config, logger)
snmp_handler = SNMPHandler(resource_config, logger, cli_handler)
autoload_operations = AutoloadFlow(logger=logger,
snmp_handler=snmp_handler)
logger.info("Autoload started")
resource_model = FirewallResourceModel(
resource_config.name,
resource_config.shell_name,
resource_config.family_name,
)
response = autoload_operations.discover(
resource_config.supported_os, resource_model)
logger.info("Autoload completed")
return response
def shutdown(self, context: ResourceCommandContext):
"""Shutdown device.
:param context: an object with all Resource Attributes inside
:return:
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
cli_handler = self._cli.get_cli_handler(resource_config, logger)
state_operations = StateFlow(
logger=logger,
api=api,
resource_config=resource_config,
cli_configurator=cli_handler,
)
return state_operations.shutdown()
def run_custom_config_command(self, context: ResourceCommandContext,
custom_command: str) -> str:
"""Send custom command in configuration mode.
:param custom_command: Command user wants to send to the device
:param context: an object with all Resource Attributes inside
:return: result
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
cli_handler = self._cli.get_cli_handler(resource_config, logger)
send_command_operations = CommandFlow(logger=logger,
cli_configurator=cli_handler)
result_str = send_command_operations.run_custom_config_command(
custom_command=custom_command)
return result_str
def restore(self, context, path, configuration_type, restore_method):
"""Restores a configuration file.
:param ResourceCommandContext context: The context object for the
command with resource and reservation info
:param str path: The path to the configuration file, including
the configuration file name
:param str restore_method: Determines whether the restore should
append or override the current configuration
:param str configuration_type: Specify whether the file should
update the startup or running config
"""
with LoggingSessionContext(context) as logger, LogCommand(logger, "restore"):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
configuration_flow = CheckpointConfigurationFlow(
logger, resource_config, cli_configurator
)
configuration_type = configuration_type or "running"
restore_method = restore_method or "override"
return configuration_flow.restore(path, configuration_type, restore_method)
def initialize(self, context: InitCommandContext) -> str:
"""Initialize method.
:param context: an object with all Resource Attributes inside
"""
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context)
self._cli = PanOSCli(resource_config)
return "Finished initializing"
def initialize(self, context):
"""Initialize the driver session.
:param context: the context the command runs on
:rtype: str
"""
resource_config = FirewallResourceConfig.from_context(self.SHELL_NAME, context)
session_pool_size = int(resource_config.sessions_concurrency_limit)
self._cli = CLI(
SessionPoolManager(max_pool_size=session_pool_size, pool_timeout=100)
)
return "Finished initializing"
def restore(
self,
context: ResourceCommandContext,
path: str,
configuration_type: str,
restore_method: str,
vrf_management_name: str,
):
"""Restore selected file to the provided destination.
:param context: an object with all Resource Attributes inside
:param path: source config file
:param configuration_type: running or startup configs
:param restore_method: append or override methods
:param vrf_management_name: VRF management Name
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
if not configuration_type:
configuration_type = "running"
if not restore_method:
restore_method = "override"
if not vrf_management_name:
vrf_management_name = resource_config.vrf_management_name
cli_handler = self._cli.get_cli_handler(resource_config, logger)
configuration_flow = ConfigurationFlow(
cli_handler=cli_handler,
logger=logger,
resource_config=resource_config)
logger.info("Restore started")
configuration_flow.restore(
path=path,
restore_method=restore_method,
configuration_type=configuration_type,
vrf_management_name=vrf_management_name,
)
logger.info("Restore completed")
def save(
self,
context: ResourceCommandContext,
folder_path: str,
configuration_type: str,
vrf_management_name: str,
) -> str:
"""Save selected file to the provided destination.
:param context: an object with all Resource Attributes inside
:param configuration_type: source file, which will be saved
:param folder_path: destination path where file will be saved
:param vrf_management_name: VRF management Name
:return str saved configuration file name
"""
with LoggingSessionContext(context) as logger:
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
if not configuration_type:
configuration_type = "running"
if not vrf_management_name:
vrf_management_name = resource_config.vrf_management_name
cli_handler = self._cli.get_cli_handler(resource_config, logger)
configuration_flow = ConfigurationFlow(
cli_handler=cli_handler,
logger=logger,
resource_config=resource_config)
logger.info("Save started")
response = configuration_flow.save(
folder_path=folder_path,
configuration_type=configuration_type,
vrf_management_name=vrf_management_name,
)
logger.info("Save completed")
return response
def shutdown(self, context):
"""Sends a graceful shutdown to the device.
:param ResourceCommandContext context: The context object
for the command with resource and reservation info
"""
with LoggingSessionContext(context) as logger, LogCommand(logger, "shutdown"):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
state_flow = CheckpointStateFlow(
logger, resource_config, cli_configurator, api
)
return state_flow.shutdown()
def orchestration_save(self, context: ResourceCommandContext, mode: str,
custom_params: str) -> str:
"""Save selected file to the provided destination.
:param context: an object with all Resource Attributes inside
:param mode: mode
:param custom_params: json with custom save parameters
:return str response: response json
"""
with LoggingSessionContext(context) as logger:
if not mode:
mode = "shallow"
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
shell_name=self.SHELL_NAME,
supported_os=self.SUPPORTED_OS,
context=context,
api=api,
)
cli_handler = self._cli.get_cli_handler(resource_config, logger)
configuration_flow = ConfigurationFlow(
cli_handler=cli_handler,
logger=logger,
resource_config=resource_config)
logger.info("Orchestration save started")
response = configuration_flow.orchestration_save(
mode=mode, custom_params=custom_params)
response_json = OrchestrationSaveRestore(
logger,
resource_config.name).prepare_orchestration_save_result(
response)
logger.info("Orchestration save completed")
return response_json
def run_custom_config_command(self, context, custom_command):
"""Executes a custom command on the device in configuration mode.
:param ResourceCommandContext context: The context object for the
command with resource and reservation info
:param str custom_command: The command to run
:return: the command result text
:rtype: str
"""
with LoggingSessionContext(context) as logger, LogCommand(
logger, "run custom config command"
):
api = CloudShellSessionContext(context).get_api()
resource_config = FirewallResourceConfig.from_context(
self.SHELL_NAME, context, api, self.SUPPORTED_OS
)
cli_configurator = CheckpointCliConfigurator(
self._cli, resource_config, logger
)
run_command_flow = RunCommandFlow(logger, cli_configurator)
return run_command_flow.run_custom_config_command(custom_command)
def test_snmp_config(self):
shell_name = "Shell name"
api = MagicMock(
DecryptPassword=lambda password: MagicMock(Value=password))
attributes = {
SNMP_READ_COMMUNITY: "community",
SNMP_WRITE_COMMUNITY: "write community",
SNMP_V3_USER: "******",
SNMP_V3_PASSWORD: "******",
SNMP_V3_PRIVATE_KEY: "snmp private key",
SNMP_V3_AUTH_PROTOCOL: "snmp auth protocol",
SNMP_V3_PRIVACY_PROTOCOL: "snmp priv protocol",
SNMP_VERSION: "v2c",
ENABLE_SNMP: "True",
DISABLE_SNMP: "False",
VRF_MANAGEMENT_NAME: "vrf",
PASSWORD: "******",
BACKUP_LOCATION: "backup location",
BACKUP_PASSWORD: "******",
BACKUP_TYPE: "backup type",
BACKUP_USER: "******",
CLI_CONNECTION_TYPE: "ssh",
CLI_TCP_PORT: "22",
SESSION_CONCURRENCY_LIMIT: "1",
CONSOLE_PASSWORD: "******",
CONSOLE_PORT: "3322",
CONSOLE_SERVER_IP_ADDRESS: "192.168.1.1",
CONSOLE_USER: "******",
}
shell_attributes = {
"{}.{}".format(shell_name, key): value
for key, value in attributes.items()
}
config = FirewallResourceConfig(shell_name,
attributes=shell_attributes,
api=api)
self.assertEqual(attributes[SNMP_READ_COMMUNITY],
config.snmp_read_community)
self.assertEqual(attributes[SNMP_WRITE_COMMUNITY],
config.snmp_write_community)
self.assertEqual(attributes[SNMP_V3_USER], config.snmp_v3_user)
self.assertEqual(attributes[SNMP_V3_PASSWORD], config.snmp_v3_password)
self.assertEqual(attributes[SNMP_V3_PRIVATE_KEY],
config.snmp_v3_private_key)
self.assertEqual(attributes[SNMP_V3_AUTH_PROTOCOL],
config.snmp_v3_auth_protocol)
self.assertEqual(attributes[SNMP_V3_PRIVACY_PROTOCOL],
config.snmp_v3_priv_protocol)
self.assertEqual(attributes[SNMP_VERSION], config.snmp_version)
self.assertEqual(attributes[ENABLE_SNMP], config.enable_snmp)
self.assertEqual(attributes[DISABLE_SNMP], config.disable_snmp)
self.assertEqual(attributes[VRF_MANAGEMENT_NAME],
config.vrf_management_name)
self.assertEqual(attributes[PASSWORD], config.password)
self.assertEqual(attributes[BACKUP_LOCATION], config.backup_location)
self.assertEqual(attributes[BACKUP_PASSWORD], config.backup_password)
self.assertEqual(attributes[BACKUP_TYPE], config.backup_type)
self.assertEqual(attributes[BACKUP_USER], config.backup_user)
self.assertEqual(attributes[CLI_CONNECTION_TYPE],
config.cli_connection_type)
self.assertEqual(attributes[CLI_TCP_PORT], config.cli_tcp_port)
self.assertEqual(attributes[SESSION_CONCURRENCY_LIMIT],
config.sessions_concurrency_limit)
self.assertEqual(attributes[CONSOLE_PASSWORD], config.console_password)
self.assertEqual(attributes[CONSOLE_PORT], config.console_port)
self.assertEqual(attributes[CONSOLE_SERVER_IP_ADDRESS],
config.console_server_ip_address)
self.assertEqual(attributes[CONSOLE_USER], config.console_user)