Source code for smc.policy.interface

#  Licensed under the Apache License, Version 2.0 (the "License"); you may
#  not use this file except in compliance with the License. You may obtain
#  a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#  License for the specific language governing permissions and limitations
#  under the License.
"""

Interface Policies are applied at the engine level when layer 3 single
engines or cluster layer 3 engines have layer 2 interfaces. The configuration
is identical to creating Layer 2 Rules for layer 2 or IPS engines.

"""
from smc.base.collection import rule_collection
from smc.policy.policy import Policy
from smc.policy.rule import IPv4Layer2Rule, IPv6Layer2Rule, EthernetRule
from smc.api.exceptions import (
    ElementNotFound,
    LoadPolicyFailed,
    CreateElementFailed,
    CreatePolicyFailed,
)
from smc.base.model import ElementCreator




[docs]
class InterfaceRule(object):
    """
    Layer 2 Interface Rules are the same as Layer 2 Engine/IPS rules.
    """

    @property
    def layer2_ipv4_access_rules(self):
        """
        Layer2 IPv4 access rule

        :rtype: rule_collection(IPv4Layer2Rule)
        """
        return rule_collection(self.get_relation("l2_interface_ipv4_access_rules"), IPv4Layer2Rule)

    @property
    def layer2_ipv6_access_rules(self):
        """
        Layer 2 IPv6 access rule

        """
        # l2_interface_ipv6_access_rules
        return rule_collection(self.get_relation("l2_interface_ipv6_access_rules"), IPv6Layer2Rule)
        pass

    @property
    def layer2_ethernet_rules(self):
        """
        Layer 2 Ethernet access rule

        :rtype: rule_collection(EthernetRule)
        """
        return rule_collection(self.get_relation("l2_interface_ethernet_rules"), EthernetRule)






[docs]
class InterfacePolicy(InterfaceRule, Policy):
    """
    Layer 2 Interface Policy represents a set of rules applied to layer 2
    interfaces installed on a single or cluster layer 3 engine. Set the interface
    policy on the engine properties.
    Interface policies do not have inspection policies and instead inherit
    from the engines primary policy.

    Instance Resources:

    :ivar layer2_ipv4_access_rules: :py:class:`~Layer2Rule.layer2_ipv4_access_rules`
    :ivar layer2_ipv6_access_rules: :py:class:`~Layer2Rule.layer2_ipv6_access_rules`
    :ivar layer2_ethernet_rules: :py:class:`~Layer2Rule.layer2_ethernet_rules`
    """

    typeof = "l2_interface_policy"



[docs]
    @classmethod
    def create(cls, name, template):
        """
        Create a new Layer 2 Interface Policy.

        :param str name: name of policy
        :param str template: name of the NGFW Engine template to base policy on
        :raises LoadPolicyFailed: cannot find policy by name
        :raises CreatePolicyFailed: cannot create policy with reason
        :return: Layer2InterfacePolicy
        """
        try:
            fw_template = InterfaceTemplatePolicy(template).href
        except ElementNotFound:
            raise LoadPolicyFailed(
                "Cannot find specified layer2 firewall template: {}".format(template)
            )

        json = {"name": name, "template": fw_template}
        try:
            return ElementCreator(cls, json)
        except CreateElementFailed as err:
            raise CreatePolicyFailed(err)





[docs]
    def inspection_policy(self):
        pass








[docs]
class InterfaceTemplatePolicy(InterfacePolicy):
    """
    Interface Template Policy. Required when creating a new
    Interface Policy. Useful for containing global rules or
    best practice configurations which will be inherited by
    the assigned policy.
    ::

        print(list(InterfaceTemplatePolicy.objects.all())

    """

    typeof = "l2_interface_template_policy"



[docs]
    def inspection_policy(self):
        pass





[docs]
    def upload(self):
        pass  # Not supported on the template








[docs]
class InterfaceSubPolicy(Policy):
    """
    A Interface Sub Policy is a rule section within a Interface policy
    that provides a container to create rules that are referenced from
    a 'jump' rule. Typically rules in a sub policy are similar in some
    fashion such as applying to a specific service. Sub Policies can also
    be delegated from an administrative perspective.

    Interface Sub Policies only provide access to creating IPv4 rules.

        p = InterfaceSubPolicy('MySubPolicy')
        p.layer2_ethernet_rules.create(
            name='newule',
            sources='any',
            destinations='any',
            services=[TCPService('SSH')],
            action='discard')
    """

    typeof = "sub_l2_interface_policy"



[docs]
    @classmethod
    def create(cls, name):
        """
        Create a sub policy. Only name is required. Other settings are
        inherited from the parent firewall policy (template, policy, etc).

        :param str name: name of sub policy
        :raises CreateElementFailed: failed to create policy
        :rtype: InterfaceSubPolicy
        """
        return ElementCreator(cls, json={"name": name})



    @property
    def layer2_ipv4_access_rules(self):
        """
        IPv4 rule entry point

        :rtype: rule_collection(EthernetRule)
        """
        return rule_collection(self.get_relation("l2_interface_ipv4_access_rules"), EthernetRule)