pa_api.xmlapi.types.config.rules.security
1from typing import TYPE_CHECKING, Literal, Optional 2 3from pydantic import AliasPath, ConfigDict, Field 4 5from pa_api.xmlapi.types.utils import List, ObjectBaseModel, String, XMLBaseModel 6 7if TYPE_CHECKING: 8 from pa_api.xmlapi.clients import Client 9 10 11class ProfileSetting(XMLBaseModel): 12 groups: List[String] = Field( 13 validation_alias=AliasPath("group", "member"), default_factory=list 14 ) 15 16 17class Option(XMLBaseModel): 18 disable_server_response_inspection: Optional[bool] = Field( 19 validation_alias="disable-server-response-inspection", default=None 20 ) 21 22 23class Target(XMLBaseModel): 24 negate: Optional[bool] = None 25 26 27class Security(ObjectBaseModel): 28 @property 29 def xpath(self): 30 return self.get_xpath() 31 32 def get_xpath(self, rulebase=None): 33 if rulebase is None: 34 rulebase = "*[self::pre-rulebase or self::post-rulebase]" 35 return f"/config/devices/entry/device-group/entry/{rulebase}/security/rules/entry[@uuid='{self.uuid}']" 36 37 # def add_destination_member(self, client: "Client", member: str): 38 # return client.configuration.create(f"{self.xpath}/destination", f"<member>{member}</member>") 39 40 def _remove_member(self, member_type, client: "Client", member: str, rulebase=None): 41 """ 42 Remove the member from destination. 43 44 NOTE: Rulebase information is required for panorama 45 """ 46 rule_xpath = self.get_xpath(rulebase) 47 # panorama_rule_xpath = f"/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@uuid='{self.uuid}']" 48 member_xpath = f"{rule_xpath}/{member_type}/member[text()='{member}']" 49 return client.configuration.delete(member_xpath) 50 51 def remove_destination_member(self, client: "Client", member: str, rulebase=None): 52 return self._remove_member("destination", client, member, rulebase=rulebase) 53 54 def remove_source_member(self, client: "Client", member: str, rulebase=None): 55 return self._remove_member("source", client, member, rulebase=rulebase) 56 57 # def remove_destination_members( 58 # self, client: "Client", members: Union[str, Iterable[str]], rulebase=None 59 # ): 60 # # We cannot direclty edit members, we need to replace the whole object with its new configuration 61 # # pre-rulebase is required 62 # if isinstance(members, str): 63 # members = {members} 64 # if not isinstance(members, set): 65 # members_to_remove = set(members) 66 # if not members: 67 # return 68 69 # rule_xpath = self.get_xpath(rulebase) 70 # rule = client.configuration.get(rule_xpath).xpath("/response/result/entry")[0] 71 # destination = rule.xpath(".//destination")[0] 72 # nodes_to_remove = [ 73 # m 74 # for m in destination.getchildren() 75 # if m.tag == "member" and m.text in members_to_remove 76 # ] 77 # for n in nodes_to_remove: 78 # destination.remove(n) 79 # client.configuration.replace(rule_xpath, etree_tostring(rule)) 80 81 model_config = ConfigDict(extra="allow") 82 83 name: String = Field(validation_alias="@name") 84 uuid: String = Field(validation_alias="@uuid") 85 disabled: Optional[bool] = None 86 87 action: Literal["allow", "deny", "reset-client"] 88 89 to: List[String] = Field( 90 validation_alias=AliasPath("to", "member"), default_factory=list 91 ) 92 from_: List[String] = Field( 93 validation_alias=AliasPath("from", "member"), default_factory=list 94 ) 95 sources: List[String] = Field( 96 validation_alias=AliasPath("source", "member"), default_factory=list 97 ) 98 destinations: List[String] = Field( 99 validation_alias=AliasPath("destination", "member"), default_factory=list 100 ) 101 source_users: List[String] = Field( 102 validation_alias=AliasPath("source-user", "member"), default_factory=list 103 ) 104 services: List[String] = Field( 105 validation_alias=AliasPath("service", "member"), default_factory=list 106 ) 107 applications: List[String] = Field( 108 validation_alias=AliasPath("application", "member"), default_factory=list 109 ) 110 111 description: String = "" 112 categories: List[String] = Field( 113 validation_alias=AliasPath("category", "member"), default_factory=list 114 ) 115 tags: List[String] = Field( 116 validation_alias=AliasPath("tag", "member"), default_factory=list 117 ) 118 group_tag: Optional[String] = Field(validation_alias="group-tag", default=None) 119 120 profile_settings: List[ProfileSetting] = Field( 121 validation_alias=AliasPath("profile-settings"), default_factory=list 122 ) 123 target: Optional[Target] = Field(validation_alias=AliasPath("target"), default=None) 124 125 option: Optional[Option] = Field(default=None) 126 rule_type: Optional[str] = Field(validation_alias="rule-type", default=None) 127 negate_source: Optional[bool] = Field( 128 validation_alias="negate-source", default=None 129 ) 130 negate_destination: Optional[bool] = Field( 131 validation_alias="negate-destination", default=None 132 ) 133 log_settings: Optional[str] = Field(validation_alias="log-settings", default=None) 134 log_start: Optional[bool] = Field(validation_alias="log-start", default=None) 135 log_end: Optional[bool] = Field(validation_alias="log-end", default=None) 136 icmp_unreachable: Optional[bool] = Field( 137 validation_alias="icmp-unreachable", default=None 138 )
12class ProfileSetting(XMLBaseModel): 13 groups: List[String] = Field( 14 validation_alias=AliasPath("group", "member"), default_factory=list 15 )
!!! abstract "Usage Documentation" Models
A base class for creating Pydantic models.
Attributes:
__class_vars__: The names of the class variables defined on the model.
__private_attributes__: Metadata about the private attributes of the model.
__signature__: The synthesized __init__ [Signature][inspect.Signature] of the model.
__pydantic_complete__: Whether model building is completed, or if there are still undefined fields.
__pydantic_core_schema__: The core schema of the model.
__pydantic_custom_init__: Whether the model has a custom `__init__` function.
__pydantic_decorators__: Metadata containing the decorators defined on the model.
This replaces `Model.__validators__` and `Model.__root_validators__` from Pydantic V1.
__pydantic_generic_metadata__: Metadata for generic models; contains data used for a similar purpose to
__args__, __origin__, __parameters__ in typing-module generics. May eventually be replaced by these.
__pydantic_parent_namespace__: Parent namespace of the model, used for automatic rebuilding of models.
__pydantic_post_init__: The name of the post-init method for the model, if defined.
__pydantic_root_model__: Whether the model is a [`RootModel`][pydantic.root_model.RootModel].
__pydantic_serializer__: The `pydantic-core` `SchemaSerializer` used to dump instances of the model.
__pydantic_validator__: The `pydantic-core` `SchemaValidator` used to validate instances of the model.
__pydantic_fields__: A dictionary of field names and their corresponding [`FieldInfo`][pydantic.fields.FieldInfo] objects.
__pydantic_computed_fields__: A dictionary of computed field names and their corresponding [`ComputedFieldInfo`][pydantic.fields.ComputedFieldInfo] objects.
__pydantic_extra__: A dictionary containing extra values, if [`extra`][pydantic.config.ConfigDict.extra]
is set to `'allow'`.
__pydantic_fields_set__: The names of fields explicitly set during instantiation.
__pydantic_private__: Values of private attributes set on the model instance.
groups: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
model_config: ClassVar[pydantic.config.ConfigDict] =
{}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
Inherited Members
18class Option(XMLBaseModel): 19 disable_server_response_inspection: Optional[bool] = Field( 20 validation_alias="disable-server-response-inspection", default=None 21 )
!!! abstract "Usage Documentation" Models
A base class for creating Pydantic models.
Attributes:
__class_vars__: The names of the class variables defined on the model.
__private_attributes__: Metadata about the private attributes of the model.
__signature__: The synthesized __init__ [Signature][inspect.Signature] of the model.
__pydantic_complete__: Whether model building is completed, or if there are still undefined fields.
__pydantic_core_schema__: The core schema of the model.
__pydantic_custom_init__: Whether the model has a custom `__init__` function.
__pydantic_decorators__: Metadata containing the decorators defined on the model.
This replaces `Model.__validators__` and `Model.__root_validators__` from Pydantic V1.
__pydantic_generic_metadata__: Metadata for generic models; contains data used for a similar purpose to
__args__, __origin__, __parameters__ in typing-module generics. May eventually be replaced by these.
__pydantic_parent_namespace__: Parent namespace of the model, used for automatic rebuilding of models.
__pydantic_post_init__: The name of the post-init method for the model, if defined.
__pydantic_root_model__: Whether the model is a [`RootModel`][pydantic.root_model.RootModel].
__pydantic_serializer__: The `pydantic-core` `SchemaSerializer` used to dump instances of the model.
__pydantic_validator__: The `pydantic-core` `SchemaValidator` used to validate instances of the model.
__pydantic_fields__: A dictionary of field names and their corresponding [`FieldInfo`][pydantic.fields.FieldInfo] objects.
__pydantic_computed_fields__: A dictionary of computed field names and their corresponding [`ComputedFieldInfo`][pydantic.fields.ComputedFieldInfo] objects.
__pydantic_extra__: A dictionary containing extra values, if [`extra`][pydantic.config.ConfigDict.extra]
is set to `'allow'`.
__pydantic_fields_set__: The names of fields explicitly set during instantiation.
__pydantic_private__: Values of private attributes set on the model instance.
model_config: ClassVar[pydantic.config.ConfigDict] =
{}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
Inherited Members
!!! abstract "Usage Documentation" Models
A base class for creating Pydantic models.
Attributes:
__class_vars__: The names of the class variables defined on the model.
__private_attributes__: Metadata about the private attributes of the model.
__signature__: The synthesized __init__ [Signature][inspect.Signature] of the model.
__pydantic_complete__: Whether model building is completed, or if there are still undefined fields.
__pydantic_core_schema__: The core schema of the model.
__pydantic_custom_init__: Whether the model has a custom `__init__` function.
__pydantic_decorators__: Metadata containing the decorators defined on the model.
This replaces `Model.__validators__` and `Model.__root_validators__` from Pydantic V1.
__pydantic_generic_metadata__: Metadata for generic models; contains data used for a similar purpose to
__args__, __origin__, __parameters__ in typing-module generics. May eventually be replaced by these.
__pydantic_parent_namespace__: Parent namespace of the model, used for automatic rebuilding of models.
__pydantic_post_init__: The name of the post-init method for the model, if defined.
__pydantic_root_model__: Whether the model is a [`RootModel`][pydantic.root_model.RootModel].
__pydantic_serializer__: The `pydantic-core` `SchemaSerializer` used to dump instances of the model.
__pydantic_validator__: The `pydantic-core` `SchemaValidator` used to validate instances of the model.
__pydantic_fields__: A dictionary of field names and their corresponding [`FieldInfo`][pydantic.fields.FieldInfo] objects.
__pydantic_computed_fields__: A dictionary of computed field names and their corresponding [`ComputedFieldInfo`][pydantic.fields.ComputedFieldInfo] objects.
__pydantic_extra__: A dictionary containing extra values, if [`extra`][pydantic.config.ConfigDict.extra]
is set to `'allow'`.
__pydantic_fields_set__: The names of fields explicitly set during instantiation.
__pydantic_private__: Values of private attributes set on the model instance.
model_config: ClassVar[pydantic.config.ConfigDict] =
{}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
Inherited Members
28class Security(ObjectBaseModel): 29 @property 30 def xpath(self): 31 return self.get_xpath() 32 33 def get_xpath(self, rulebase=None): 34 if rulebase is None: 35 rulebase = "*[self::pre-rulebase or self::post-rulebase]" 36 return f"/config/devices/entry/device-group/entry/{rulebase}/security/rules/entry[@uuid='{self.uuid}']" 37 38 # def add_destination_member(self, client: "Client", member: str): 39 # return client.configuration.create(f"{self.xpath}/destination", f"<member>{member}</member>") 40 41 def _remove_member(self, member_type, client: "Client", member: str, rulebase=None): 42 """ 43 Remove the member from destination. 44 45 NOTE: Rulebase information is required for panorama 46 """ 47 rule_xpath = self.get_xpath(rulebase) 48 # panorama_rule_xpath = f"/config/devices/entry/vsys/entry/rulebase/security/rules/entry[@uuid='{self.uuid}']" 49 member_xpath = f"{rule_xpath}/{member_type}/member[text()='{member}']" 50 return client.configuration.delete(member_xpath) 51 52 def remove_destination_member(self, client: "Client", member: str, rulebase=None): 53 return self._remove_member("destination", client, member, rulebase=rulebase) 54 55 def remove_source_member(self, client: "Client", member: str, rulebase=None): 56 return self._remove_member("source", client, member, rulebase=rulebase) 57 58 # def remove_destination_members( 59 # self, client: "Client", members: Union[str, Iterable[str]], rulebase=None 60 # ): 61 # # We cannot direclty edit members, we need to replace the whole object with its new configuration 62 # # pre-rulebase is required 63 # if isinstance(members, str): 64 # members = {members} 65 # if not isinstance(members, set): 66 # members_to_remove = set(members) 67 # if not members: 68 # return 69 70 # rule_xpath = self.get_xpath(rulebase) 71 # rule = client.configuration.get(rule_xpath).xpath("/response/result/entry")[0] 72 # destination = rule.xpath(".//destination")[0] 73 # nodes_to_remove = [ 74 # m 75 # for m in destination.getchildren() 76 # if m.tag == "member" and m.text in members_to_remove 77 # ] 78 # for n in nodes_to_remove: 79 # destination.remove(n) 80 # client.configuration.replace(rule_xpath, etree_tostring(rule)) 81 82 model_config = ConfigDict(extra="allow") 83 84 name: String = Field(validation_alias="@name") 85 uuid: String = Field(validation_alias="@uuid") 86 disabled: Optional[bool] = None 87 88 action: Literal["allow", "deny", "reset-client"] 89 90 to: List[String] = Field( 91 validation_alias=AliasPath("to", "member"), default_factory=list 92 ) 93 from_: List[String] = Field( 94 validation_alias=AliasPath("from", "member"), default_factory=list 95 ) 96 sources: List[String] = Field( 97 validation_alias=AliasPath("source", "member"), default_factory=list 98 ) 99 destinations: List[String] = Field( 100 validation_alias=AliasPath("destination", "member"), default_factory=list 101 ) 102 source_users: List[String] = Field( 103 validation_alias=AliasPath("source-user", "member"), default_factory=list 104 ) 105 services: List[String] = Field( 106 validation_alias=AliasPath("service", "member"), default_factory=list 107 ) 108 applications: List[String] = Field( 109 validation_alias=AliasPath("application", "member"), default_factory=list 110 ) 111 112 description: String = "" 113 categories: List[String] = Field( 114 validation_alias=AliasPath("category", "member"), default_factory=list 115 ) 116 tags: List[String] = Field( 117 validation_alias=AliasPath("tag", "member"), default_factory=list 118 ) 119 group_tag: Optional[String] = Field(validation_alias="group-tag", default=None) 120 121 profile_settings: List[ProfileSetting] = Field( 122 validation_alias=AliasPath("profile-settings"), default_factory=list 123 ) 124 target: Optional[Target] = Field(validation_alias=AliasPath("target"), default=None) 125 126 option: Optional[Option] = Field(default=None) 127 rule_type: Optional[str] = Field(validation_alias="rule-type", default=None) 128 negate_source: Optional[bool] = Field( 129 validation_alias="negate-source", default=None 130 ) 131 negate_destination: Optional[bool] = Field( 132 validation_alias="negate-destination", default=None 133 ) 134 log_settings: Optional[str] = Field(validation_alias="log-settings", default=None) 135 log_start: Optional[bool] = Field(validation_alias="log-start", default=None) 136 log_end: Optional[bool] = Field(validation_alias="log-end", default=None) 137 icmp_unreachable: Optional[bool] = Field( 138 validation_alias="icmp-unreachable", default=None 139 )
!!! abstract "Usage Documentation" Models
A base class for creating Pydantic models.
Attributes:
__class_vars__: The names of the class variables defined on the model.
__private_attributes__: Metadata about the private attributes of the model.
__signature__: The synthesized __init__ [Signature][inspect.Signature] of the model.
__pydantic_complete__: Whether model building is completed, or if there are still undefined fields.
__pydantic_core_schema__: The core schema of the model.
__pydantic_custom_init__: Whether the model has a custom `__init__` function.
__pydantic_decorators__: Metadata containing the decorators defined on the model.
This replaces `Model.__validators__` and `Model.__root_validators__` from Pydantic V1.
__pydantic_generic_metadata__: Metadata for generic models; contains data used for a similar purpose to
__args__, __origin__, __parameters__ in typing-module generics. May eventually be replaced by these.
__pydantic_parent_namespace__: Parent namespace of the model, used for automatic rebuilding of models.
__pydantic_post_init__: The name of the post-init method for the model, if defined.
__pydantic_root_model__: Whether the model is a [`RootModel`][pydantic.root_model.RootModel].
__pydantic_serializer__: The `pydantic-core` `SchemaSerializer` used to dump instances of the model.
__pydantic_validator__: The `pydantic-core` `SchemaValidator` used to validate instances of the model.
__pydantic_fields__: A dictionary of field names and their corresponding [`FieldInfo`][pydantic.fields.FieldInfo] objects.
__pydantic_computed_fields__: A dictionary of computed field names and their corresponding [`ComputedFieldInfo`][pydantic.fields.ComputedFieldInfo] objects.
__pydantic_extra__: A dictionary containing extra values, if [`extra`][pydantic.config.ConfigDict.extra]
is set to `'allow'`.
__pydantic_fields_set__: The names of fields explicitly set during instantiation.
__pydantic_private__: Values of private attributes set on the model instance.
model_config =
{'extra': 'allow'}
Configuration for the model, should be a dictionary conforming to [ConfigDict][pydantic.config.ConfigDict].
name: typing.Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]
uuid: typing.Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]
to: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
from_: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
sources: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
destinations: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
source_users: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
services: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
applications: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
description: typing.Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]
categories: Annotated[List[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
group_tag: Optional[Annotated[str, BeforeValidator(func=<function ensure_str at 0x7f4bd793fac0>, json_schema_input_type=PydanticUndefined)]]
profile_settings: Annotated[List[ProfileSetting], BeforeValidator(func=<function ensure_list at 0x7f4bd793f9a0>, json_schema_input_type=PydanticUndefined)]
target: Optional[Target]
option: Optional[Option]