From e3c5528272a9895cdc1e0646c4c610c5d3645160 Mon Sep 17 00:00:00 2001 From: Jakub Krajewski Date: Mon, 22 Jul 2024 13:28:16 +0200 Subject: [PATCH 1/2] Add models - identity , scalable group tag --- .../sdwan/policy_object/__init__.py | 4 +++ .../sdwan/policy_object/security/identity.py | 29 +++++++++++++++++++ .../security/scalable_group_tag.py | 22 ++++++++++++++ 3 files changed, 55 insertions(+) create mode 100644 catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py create mode 100644 catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py diff --git a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py index 80c74a32..d5a9665b 100644 --- a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py +++ b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py @@ -32,6 +32,7 @@ from .security.data_prefix import SecurityDataPrefixEntry, SecurityDataPrefixParcel from .security.fqdn import FQDNDomainParcel, FQDNListEntry from .security.geolocation_list import GeoLocationListEntry, GeoLocationListParcel +from .security.identity import IdentityEntries, IdentityParcel from .security.intrusion_prevention import IntrusionPreventionParcel from .security.ips_signature import IPSSignatureListEntry, IPSSignatureParcel from .security.local_domain import LocalDomainListEntry, LocalDomainParcel @@ -57,6 +58,7 @@ FowardingClassParcel, FQDNDomainParcel, GeoLocationListParcel, + IdentityParcel, IntrusionPreventionParcel, IPSSignatureParcel, IPv6DataPrefixParcel, @@ -116,6 +118,8 @@ "FQDNListEntry", "GeoLocationListEntry", "GeoLocationListParcel", + "IdentityParcel", + "IdentityEntries", "IntrusionPreventionParcel", "IPSSignatureListEntry", "IPSSignatureParcel", diff --git a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py new file mode 100644 index 00000000..7cd62f00 --- /dev/null +++ b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py @@ -0,0 +1,29 @@ +from typing import List, Literal, Optional + +from pydantic import AliasPath, BaseModel, Field + +from catalystwan.api.configuration_groups.parcel import Global, _ParcelBase, as_optional_global + + +class IdentityEntries(BaseModel): + user: Optional[Global[str]] = Field(default=None) + user_group: Optional[Global[str]] = Field( + default=None, validation_alias="userGroup", serialization_alias="userGroup" + ) + + +class IdentityParcel(_ParcelBase): + type_: Literal["security-identity"] = Field(default="security-identity", exclude=True) + entries: List[IdentityEntries] = Field( + validation_alias=AliasPath("data", "entries"), + default_factory=list, + description="Array of Users and User Groups", + ) + + def add_entry(self, user: Optional[str] = None, user_group: Optional[str] = None): + self.entries.append( + IdentityEntries( + user=as_optional_global(user), + user_group=as_optional_global(user_group), + ) + ) diff --git a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py new file mode 100644 index 00000000..7e6d2a10 --- /dev/null +++ b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py @@ -0,0 +1,22 @@ +from typing import List, Optional + +from pydantic import AliasPath, BaseModel, Field + +from catalystwan.api.configuration_groups.parcel import Global, _ParcelBase, as_optional_global + + +class ScalableGroupTagEntries(BaseModel): + sgt_name: Optional[Global[str]] = Field(default=None, validation_alias="sgtName", serialization_alias="sgtName") + tag: Optional[Global[str]] = Field(default=None) + + +class ScalableGroupTagParcel(_ParcelBase): + entries: List[ScalableGroupTagEntries] = Field(validation_alias=AliasPath("data", "entries"), default_factory=list) + + def add_entry(self, sgt_name: Optional[str] = None, tag: Optional[str] = None): + self.entries.append( + ScalableGroupTagEntries( + sgt_name=as_optional_global(sgt_name), + tag=as_optional_global(tag), + ) + ) From 9e3ac8313e02324451958ea2f1e7546619f173ab Mon Sep 17 00:00:00 2001 From: Jakub Krajewski Date: Tue, 23 Jul 2024 12:38:00 +0200 Subject: [PATCH 2/2] Add ux1 endpoints and models. Add converters --- catalystwan/api/policy_api.py | 22 ++++++++ .../configuration/policy/list/identity.py | 48 +++++++++++++++++ .../policy/list/scalable_group_tag.py | 52 +++++++++++++++++++ .../configuration/feature_profile/parcel.py | 12 +++-- .../sdwan/policy_object/__init__.py | 33 +++++++----- .../sdwan/policy_object/security/identity.py | 6 +-- .../security/scalable_group_tag.py | 9 ++-- catalystwan/models/policy/__init__.py | 8 +++ catalystwan/models/policy/list/identity.py | 29 +++++++++++ .../models/policy/list/scalable_group_tag.py | 30 +++++++++++ .../converters/policy/policy_lists.py | 27 +++++++++- 11 files changed, 250 insertions(+), 26 deletions(-) create mode 100644 catalystwan/endpoints/configuration/policy/list/identity.py create mode 100644 catalystwan/endpoints/configuration/policy/list/scalable_group_tag.py create mode 100644 catalystwan/models/policy/list/identity.py create mode 100644 catalystwan/models/policy/list/scalable_group_tag.py diff --git a/catalystwan/api/policy_api.py b/catalystwan/api/policy_api.py index a1a2afee..7e1cbc75 100644 --- a/catalystwan/api/policy_api.py +++ b/catalystwan/api/policy_api.py @@ -60,6 +60,7 @@ from catalystwan.endpoints.configuration.policy.list.extended_community import ConfigurationPolicyExtendedCommunityList from catalystwan.endpoints.configuration.policy.list.fqdn import ConfigurationPolicyFQDNList, FQDNListInfo from catalystwan.endpoints.configuration.policy.list.geo_location import ConfigurationPolicyGeoLocationList +from catalystwan.endpoints.configuration.policy.list.identity import ConfigurationPolicyIdentityList from catalystwan.endpoints.configuration.policy.list.ips_signature import ConfigurationPolicyIPSSignatureList from catalystwan.endpoints.configuration.policy.list.ipv6_prefix import ConfigurationPolicyIPv6PrefixList from catalystwan.endpoints.configuration.policy.list.local_app import ConfigurationPolicyLocalAppList, LocalAppListInfo @@ -77,6 +78,7 @@ ProtocolNameListInfo, ) from catalystwan.endpoints.configuration.policy.list.region import ConfigurationPolicyRegionList, RegionListInfo +from catalystwan.endpoints.configuration.policy.list.scalable_group_tag import ConfigurationPolicyScalableGroupTagList from catalystwan.endpoints.configuration.policy.list.site import ConfigurationPolicySiteList, SiteListInfo from catalystwan.endpoints.configuration.policy.list.sla import ConfigurationPolicySLAClassList, SLAClassListInfo from catalystwan.endpoints.configuration.policy.list.threat_grid_api_key import ConfigurationPolicyThreatGridApiKeyList @@ -183,9 +185,11 @@ from catalystwan.models.policy.list.data_ipv6_prefix import DataIPv6PrefixListInfo from catalystwan.models.policy.list.data_prefix import DataPrefixListInfo from catalystwan.models.policy.list.geo_location import GeoLocationListInfo +from catalystwan.models.policy.list.identity import IdentityList, IdentityListInfo from catalystwan.models.policy.list.ips_signature import IPSSignatureListInfo from catalystwan.models.policy.list.ipv6_prefix import IPv6PrefixListInfo from catalystwan.models.policy.list.local_domain import LocalDomainListInfo +from catalystwan.models.policy.list.scalable_group_tag import ScalableGroupTagList, ScalableGroupTagListInfo from catalystwan.models.policy.list.threat_grid_api_key import ThreatGridApiKeyList, ThreatGridApiKeyListInfo from catalystwan.models.policy.list.trunkgroup import TrunkGroupList, TrunkGroupListInfo from catalystwan.models.policy.list.umbrella_data import UmbrellaDataList, UmbrellaDataListInfo @@ -233,6 +237,7 @@ LocalDomainList: ConfigurationPolicyLocalDomainList, MirrorList: ConfigurationPolicyMirrorList, PolicerList: ConfigurationPolicyPolicerClassList, + ScalableGroupTagList: ConfigurationPolicyScalableGroupTagList, PortList: ConfigurationPolicyPortList, PreferredColorGroupList: ConfigurationPreferredColorGroupList, PrefixList: ConfigurationPolicyPrefixList, @@ -248,6 +253,7 @@ URLAllowList: ConfigurationPolicyURLAllowList, VPNList: ConfigurationPolicyVPNList, ZoneList: ConfigurationPolicyZoneList, + IdentityList: ConfigurationPolicyIdentityList, } POLICY_DEFINITION_ENDPOINTS_MAP: Mapping[type, type] = { @@ -544,6 +550,14 @@ def get(self, type: Type[VPNList]) -> DataSequence[VPNListInfo]: def get(self, type: Type[ZoneList]) -> DataSequence[ZoneListInfo]: ... + @overload + def get(self, type: Type[ScalableGroupTagList]) -> DataSequence[ScalableGroupTagListInfo]: + ... + + @overload + def get(self, type: Type[IdentityList]) -> DataSequence[IdentityListInfo]: + ... + # get by id @overload @@ -678,6 +692,14 @@ def get(self, type: Type[VPNList], id: UUID) -> VPNListInfo: def get(self, type: Type[ZoneList], id: UUID) -> ZoneListInfo: ... + @overload + def get(self, type: Type[ScalableGroupTagList], id: UUID) -> ScalableGroupTagListInfo: + ... + + @overload + def get(self, type: Type[IdentityList], id: UUID) -> IdentityListInfo: + ... + def get(self, type: Type[AnyPolicyList], id: Optional[UUID] = None) -> Any: endpoints = self.__get_list_endpoints_instance(type) if id is not None: diff --git a/catalystwan/endpoints/configuration/policy/list/identity.py b/catalystwan/endpoints/configuration/policy/list/identity.py new file mode 100644 index 00000000..1734d06c --- /dev/null +++ b/catalystwan/endpoints/configuration/policy/list/identity.py @@ -0,0 +1,48 @@ +# Copyright 2023 Cisco Systems, Inc. and its affiliates + +# mypy: disable-error-code="empty-body" +from uuid import UUID + +from catalystwan.endpoints import APIEndpoints, delete, get, post, put +from catalystwan.endpoints.configuration.policy.abstractions import PolicyListEndpoints +from catalystwan.models.policy.list.identity import IdentityList, IdentityListEditPayload, IdentityListInfo +from catalystwan.models.policy.policy_list import InfoTag, PolicyListId, PolicyListPreview +from catalystwan.typed_list import DataSequence + + +class ConfigurationPolicyIdentityList(APIEndpoints, PolicyListEndpoints): + @post("/template/policy/list/identity") + def create_policy_list(self, payload: IdentityList) -> PolicyListId: + ... + + @delete("/template/policy/list/identity/{id}") + def delete_policy_list(self, id: UUID) -> None: + ... + + @delete("/template/policy/list/identity") + def delete_policy_lists_with_info_tag(self, params: InfoTag) -> None: + ... + + @put("/template/policy/list/identity/{id}") + def edit_policy_list(self, id: UUID, payload: IdentityListEditPayload) -> None: + ... + + @get("/template/policy/list/identity/{id}") + def get_lists_by_id(self, id: UUID) -> IdentityListInfo: + ... + + @get("/template/policy/list/identity", "data") + def get_policy_lists(self) -> DataSequence[IdentityListInfo]: + ... + + @get("/template/policy/list/identity/filtered", "data") + def get_policy_lists_with_info_tag(self, params: InfoTag) -> DataSequence[IdentityListInfo]: + ... + + @post("/template/policy/list/identity/preview") + def preview_policy_list(self, payload: IdentityList) -> PolicyListPreview: + ... + + @get("/template/policy/list/identity/preview/{id}") + def preview_policy_list_by_id(self, id: UUID) -> PolicyListPreview: + ... diff --git a/catalystwan/endpoints/configuration/policy/list/scalable_group_tag.py b/catalystwan/endpoints/configuration/policy/list/scalable_group_tag.py new file mode 100644 index 00000000..a8ce0825 --- /dev/null +++ b/catalystwan/endpoints/configuration/policy/list/scalable_group_tag.py @@ -0,0 +1,52 @@ +# Copyright 2023 Cisco Systems, Inc. and its affiliates + +# mypy: disable-error-code="empty-body" +from uuid import UUID + +from catalystwan.endpoints import APIEndpoints, delete, get, post, put +from catalystwan.endpoints.configuration.policy.abstractions import PolicyListEndpoints +from catalystwan.models.policy.list.scalable_group_tag import ( + ScalableGroupTagList, + ScalableGroupTagListEditPayload, + ScalableGroupTagListInfo, +) +from catalystwan.models.policy.policy_list import InfoTag, PolicyListId, PolicyListPreview +from catalystwan.typed_list import DataSequence + + +class ConfigurationPolicyScalableGroupTagList(APIEndpoints, PolicyListEndpoints): + @post("/template/policy/list/scalablegrouptag") + def create_policy_list(self, payload: ScalableGroupTagList) -> PolicyListId: + ... + + @delete("/template/policy/list/scalablegrouptag/{id}") + def delete_policy_list(self, id: UUID) -> None: + ... + + @delete("/template/policy/list/scalablegrouptag") + def delete_policy_lists_with_info_tag(self, params: InfoTag) -> None: + ... + + @put("/template/policy/list/scalablegrouptag/{id}") + def edit_policy_list(self, id: UUID, payload: ScalableGroupTagListEditPayload) -> None: + ... + + @get("/template/policy/list/scalablegrouptag/{id}") + def get_lists_by_id(self, id: UUID) -> ScalableGroupTagListInfo: + ... + + @get("/template/policy/list/scalablegrouptag", "data") + def get_policy_lists(self) -> DataSequence[ScalableGroupTagListInfo]: + ... + + @get("/template/policy/list/scalablegrouptag/filtered", "data") + def get_policy_lists_with_info_tag(self, params: InfoTag) -> DataSequence[ScalableGroupTagListInfo]: + ... + + @post("/template/policy/list/scalablegrouptag/preview") + def preview_policy_list(self, payload: ScalableGroupTagList) -> PolicyListPreview: + ... + + @get("/template/policy/list/scalablegrouptag/preview/{id}") + def preview_policy_list_by_id(self, id: UUID) -> PolicyListPreview: + ... diff --git a/catalystwan/models/configuration/feature_profile/parcel.py b/catalystwan/models/configuration/feature_profile/parcel.py index bd55631f..537faf5c 100644 --- a/catalystwan/models/configuration/feature_profile/parcel.py +++ b/catalystwan/models/configuration/feature_profile/parcel.py @@ -31,6 +31,7 @@ "bfd", "bgp", "cellular-controller", + "cellular-profile", "class", "color", "config", @@ -63,6 +64,7 @@ "omp", "policer", "policy-settings", + "policy", "preferred-color-group", "prefix", "qos-policy", @@ -74,11 +76,13 @@ "routing/ospfv3/ipv6", "security-fqdn", "security-geolocation", + "security-identity", "security-ipssignature", "security-localapp", "security-localdomain", "security-port", "security-protocolname", + "security-scalablegrouptag", "security-urllist", "security-zone", "security", @@ -90,9 +94,11 @@ "tloc", "tracker", "trackergroup", + "traffic-policy", "unified/advanced-inspection-profile", "unified/advanced-malware-protection", "unified/intrusion-prevention", + "unified/ngfirewall", "unified/ssl-decryption-profile", "unified/ssl-decryption", "unified/url-filtering", @@ -102,15 +108,11 @@ "wan/vpn/interface/dsl-pppoa", "wan/vpn/interface/dsl-pppoe", "wan/vpn/interface/ethernet", + "wan/vpn/interface/ethpppoe", "wan/vpn/interface/gre", "wan/vpn/interface/multilink", - "traffic-policy", "wan/vpn/interface/serial", "wirelesslan", - "cellular-profile", - "wan/vpn/interface/ethpppoe", - "unified/ngfirewall", - "policy", ] diff --git a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py index d5a9665b..af5c4df9 100644 --- a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py +++ b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/__init__.py @@ -32,11 +32,12 @@ from .security.data_prefix import SecurityDataPrefixEntry, SecurityDataPrefixParcel from .security.fqdn import FQDNDomainParcel, FQDNListEntry from .security.geolocation_list import GeoLocationListEntry, GeoLocationListParcel -from .security.identity import IdentityEntries, IdentityParcel +from .security.identity import IdentityEntry, IdentityParcel from .security.intrusion_prevention import IntrusionPreventionParcel from .security.ips_signature import IPSSignatureListEntry, IPSSignatureParcel from .security.local_domain import LocalDomainListEntry, LocalDomainParcel from .security.protocol_list import ProtocolListEntry, ProtocolListParcel +from .security.scalable_group_tag import ScalableGroupTagEntry, ScalableGroupTagParcel from .security.security_port import SecurityPortListEntry, SecurityPortParcel from .security.ssl_decryption import SslDecryptionParcel from .security.ssl_decryption_profile import SslDecryptionProfileParcel @@ -57,38 +58,40 @@ ExtendedCommunityParcel, FowardingClassParcel, FQDNDomainParcel, + FQDNDomainParcel, + GeoLocationListParcel, GeoLocationListParcel, IdentityParcel, + IdentityParcel, IntrusionPreventionParcel, IPSSignatureParcel, + IPSSignatureParcel, IPv6DataPrefixParcel, IPv6PrefixListParcel, LocalDomainParcel, + LocalDomainParcel, MirrorParcel, PolicerParcel, PreferredColorGroupParcel, PrefixListParcel, - SLAClassParcel, - TlocParcel, - StandardCommunityParcel, - LocalDomainParcel, - FQDNDomainParcel, - IPSSignatureParcel, - SecurityPortParcel, ProtocolListParcel, - GeoLocationListParcel, - SecurityZoneListParcel, + ScalableGroupTagParcel, SecurityApplicationListParcel, SecurityDataPrefixParcel, SecurityPortParcel, + SecurityPortParcel, SecurityZoneListParcel, + SecurityZoneListParcel, + SLAClassParcel, SLAClassParcel, SslDecryptionParcel, SslDecryptionProfileParcel, StandardCommunityParcel, + StandardCommunityParcel, + TlocParcel, TlocParcel, - URLParcel, UrlFilteringParcel, + URLParcel, ], Field(discriminator="type_"), ] @@ -118,8 +121,10 @@ "FQDNListEntry", "GeoLocationListEntry", "GeoLocationListParcel", + "IdentityEntry", + "IdentityEntry", + "IdentityParcel", "IdentityParcel", - "IdentityEntries", "IntrusionPreventionParcel", "IPSSignatureListEntry", "IPSSignatureParcel", @@ -139,6 +144,8 @@ "PrefixListParcel", "ProtocolListEntry", "ProtocolListParcel", + "ScalableGroupTagEntry", + "ScalableGroupTagParcel", "SecurityApplicationFamilyListEntry", "SecurityApplicationListEntry", "SecurityApplicationListParcel", @@ -158,9 +165,9 @@ "StandardCommunityParcel", "TlocEntry", "TlocParcel", - "URLParcel", "URLAllowParcel", "URLBlockParcel", + "URLParcel", ) diff --git a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py index 7cd62f00..6afe702a 100644 --- a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py +++ b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/identity.py @@ -5,7 +5,7 @@ from catalystwan.api.configuration_groups.parcel import Global, _ParcelBase, as_optional_global -class IdentityEntries(BaseModel): +class IdentityEntry(BaseModel): user: Optional[Global[str]] = Field(default=None) user_group: Optional[Global[str]] = Field( default=None, validation_alias="userGroup", serialization_alias="userGroup" @@ -14,7 +14,7 @@ class IdentityEntries(BaseModel): class IdentityParcel(_ParcelBase): type_: Literal["security-identity"] = Field(default="security-identity", exclude=True) - entries: List[IdentityEntries] = Field( + entries: List[IdentityEntry] = Field( validation_alias=AliasPath("data", "entries"), default_factory=list, description="Array of Users and User Groups", @@ -22,7 +22,7 @@ class IdentityParcel(_ParcelBase): def add_entry(self, user: Optional[str] = None, user_group: Optional[str] = None): self.entries.append( - IdentityEntries( + IdentityEntry( user=as_optional_global(user), user_group=as_optional_global(user_group), ) diff --git a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py index 7e6d2a10..d440c691 100644 --- a/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py +++ b/catalystwan/models/configuration/feature_profile/sdwan/policy_object/security/scalable_group_tag.py @@ -1,21 +1,22 @@ -from typing import List, Optional +from typing import List, Literal, Optional from pydantic import AliasPath, BaseModel, Field from catalystwan.api.configuration_groups.parcel import Global, _ParcelBase, as_optional_global -class ScalableGroupTagEntries(BaseModel): +class ScalableGroupTagEntry(BaseModel): sgt_name: Optional[Global[str]] = Field(default=None, validation_alias="sgtName", serialization_alias="sgtName") tag: Optional[Global[str]] = Field(default=None) class ScalableGroupTagParcel(_ParcelBase): - entries: List[ScalableGroupTagEntries] = Field(validation_alias=AliasPath("data", "entries"), default_factory=list) + type_: Literal["security-scalablegrouptag"] = Field(default="security-scalablegrouptag") + entries: List[ScalableGroupTagEntry] = Field(validation_alias=AliasPath("data", "entries"), default_factory=list) def add_entry(self, sgt_name: Optional[str] = None, tag: Optional[str] = None): self.entries.append( - ScalableGroupTagEntries( + ScalableGroupTagEntry( sgt_name=as_optional_global(sgt_name), tag=as_optional_global(tag), ) diff --git a/catalystwan/models/policy/__init__.py b/catalystwan/models/policy/__init__.py index 1944031a..a0d91e14 100644 --- a/catalystwan/models/policy/__init__.py +++ b/catalystwan/models/policy/__init__.py @@ -23,6 +23,7 @@ from catalystwan.models.policy.list.data_prefix import DataPrefixList, DataPrefixListInfo from catalystwan.models.policy.list.fqdn import FQDNList, FQDNListInfo from catalystwan.models.policy.list.geo_location import GeoLocationList, GeoLocationListInfo +from catalystwan.models.policy.list.identity import IdentityList, IdentityListInfo from catalystwan.models.policy.list.ips_signature import IPSSignatureList, IPSSignatureListInfo from catalystwan.models.policy.list.ipv6_prefix import IPv6PrefixList, IPv6PrefixListInfo from catalystwan.models.policy.list.local_app import LocalAppList, LocalAppListInfo @@ -34,6 +35,7 @@ from catalystwan.models.policy.list.prefix import PrefixList, PrefixListInfo from catalystwan.models.policy.list.protocol_name import ProtocolNameList, ProtocolNameListInfo from catalystwan.models.policy.list.region import RegionList, RegionListInfo +from catalystwan.models.policy.list.scalable_group_tag import ScalableGroupTagList, ScalableGroupTagListInfo from catalystwan.models.policy.list.site import SiteList, SiteListInfo from catalystwan.models.policy.list.sla import SLAClassList, SLAClassListInfo from catalystwan.models.policy.list.threat_grid_api_key import ThreatGridApiKeyList, ThreatGridApiKeyListInfo @@ -129,6 +131,7 @@ GeoLocationList, IPSSignatureList, IPv6PrefixList, + IdentityList, LocalAppList, LocalDomainList, MirrorList, @@ -148,6 +151,7 @@ URLAllowList, VPNList, ZoneList, + ScalableGroupTagList, ], Field(discriminator="type"), ] @@ -169,6 +173,7 @@ IPSSignatureListInfo, IPv6PrefixListInfo, LocalAppListInfo, + IdentityListInfo, LocalDomainListInfo, MirrorListInfo, PolicerListInfo, @@ -187,6 +192,7 @@ URLBlockListInfo, VPNListInfo, ZoneListInfo, + ScalableGroupTagListInfo, ], Field(discriminator="type"), ] @@ -294,6 +300,8 @@ "VPNMembershipPolicy", "ZoneBasedFWPolicy", "ZoneList", + "ScalableGroupTagList", + "IdentityList", ) diff --git a/catalystwan/models/policy/list/identity.py b/catalystwan/models/policy/list/identity.py new file mode 100644 index 00000000..ef6aeb9c --- /dev/null +++ b/catalystwan/models/policy/list/identity.py @@ -0,0 +1,29 @@ +# Copyright 2022 Cisco Systems, Inc. and its affiliates + +from typing import List, Literal + +from pydantic import BaseModel, ConfigDict, Field + +from catalystwan.models.policy.policy_list import PolicyListBase, PolicyListId, PolicyListInfo + + +class IdentityListEntry(BaseModel): + model_config = ConfigDict(populate_by_name=True) + user: str = Field(default=None) + user_group: str = Field(default=None, validation_alias="userGroup", serialization_alias="userGroup") + + +class IdentityList(PolicyListBase): + type: Literal["identity"] = "identity" + entries: List[IdentityListEntry] = Field(default_factory=list) + + def add_entry(self, user: str, user_group: str) -> None: + self._add_entry(IdentityListEntry(user=user, user_group=user_group)) + + +class IdentityListEditPayload(IdentityList, PolicyListId): + pass + + +class IdentityListInfo(IdentityList, PolicyListInfo): + pass diff --git a/catalystwan/models/policy/list/scalable_group_tag.py b/catalystwan/models/policy/list/scalable_group_tag.py new file mode 100644 index 00000000..503051ab --- /dev/null +++ b/catalystwan/models/policy/list/scalable_group_tag.py @@ -0,0 +1,30 @@ +# Copyright 2022 Cisco Systems, Inc. and its affiliates + +from typing import List, Literal + +from pydantic import BaseModel, ConfigDict, Field + +from catalystwan.models.policy.policy_list import PolicyListBase, PolicyListId, PolicyListInfo + + +class ScalableGroupTagListEntry(BaseModel): + model_config = ConfigDict(populate_by_name=True) + + stg_name: str = Field(serialization_alias="sgtName", validation_alias="sgtName") + tag: str = Field(serialization_alias="tag", validation_alias="tag") + + +class ScalableGroupTagList(PolicyListBase): + type: Literal["scalablegrouptag", "scalableGroupTag"] = "scalablegrouptag" + entries: List[ScalableGroupTagListEntry] = Field(default_factory=list) + + def add_entry(self, stg_name: str, tag: str) -> None: + self._add_entry(ScalableGroupTagListEntry(stg_name=stg_name, tag=tag)) + + +class ScalableGroupTagListEditPayload(ScalableGroupTagList, PolicyListId): + pass + + +class ScalableGroupTagListInfo(ScalableGroupTagList, PolicyListInfo): + pass diff --git a/catalystwan/utils/config_migration/converters/policy/policy_lists.py b/catalystwan/utils/config_migration/converters/policy/policy_lists.py index 6445d711..8ed46b8e 100644 --- a/catalystwan/utils/config_migration/converters/policy/policy_lists.py +++ b/catalystwan/utils/config_migration/converters/policy/policy_lists.py @@ -19,6 +19,7 @@ FowardingClassParcel, FQDNDomainParcel, GeoLocationListParcel, + IdentityParcel, IPSSignatureParcel, IPv6DataPrefixParcel, IPv6PrefixListParcel, @@ -28,6 +29,7 @@ PreferredColorGroupParcel, PrefixListParcel, ProtocolListParcel, + ScalableGroupTagParcel, SecurityPortParcel, SecurityZoneListParcel, SLAClassParcel, @@ -69,8 +71,10 @@ URLBlockList, ZoneList, ) +from catalystwan.models.policy.list.identity import IdentityList from catalystwan.models.policy.list.local_app import LocalAppList from catalystwan.models.policy.list.region import RegionList, RegionListInfo +from catalystwan.models.policy.list.scalable_group_tag import ScalableGroupTagList from catalystwan.models.policy.list.site import SiteList, SiteListInfo from catalystwan.models.policy.list.vpn import VPNList, VPNListInfo @@ -420,15 +424,34 @@ def local_app_list(in_: LocalAppList, context: PolicyConvertContext) -> ConvertR return ConvertResult[SecurityApplicationListParcel](output=out, status="complete") +def scalable_group_tag( + in_: ScalableGroupTagList, context: PolicyConvertContext +) -> ConvertResult[ScalableGroupTagParcel]: + out = ScalableGroupTagParcel(**_get_parcel_name_desc(in_)) + for e in in_.entries: + out.add_entry(sgt_name=e.stg_name, tag=e.tag) + return ConvertResult[ScalableGroupTagParcel](output=out) + + +def identity_list(in_: IdentityList, context: PolicyConvertContext) -> ConvertResult[IdentityParcel]: + out = IdentityParcel(**_get_parcel_name_desc(in_)) + for e in in_.entries: + out.add_entry( + user=e.user, + user_group=e.user_group, + ) + return ConvertResult[IdentityParcel](output=out) + + OPL = TypeVar("OPL", AnyPolicyObjectParcel, None) Input = AnyPolicyList Output = ConvertResult[OPL] CONVERTERS: Mapping[Type[Input], Callable[..., Output]] = { - ASPathList: as_path, AppList: app_list, AppProbeClassList: app_probe, + ASPathList: as_path, ClassMapList: class_map, ColorList: color, CommunityList: community, @@ -438,6 +461,7 @@ def local_app_list(in_: LocalAppList, context: PolicyConvertContext) -> ConvertR ExtendedCommunityList: extended_community, FQDNList: fqdn, GeoLocationList: geo_location, + IdentityList: identity_list, IPSSignatureList: ips_signature, IPv6PrefixList: prefix_ipv6, LocalAppList: local_app_list, @@ -449,6 +473,7 @@ def local_app_list(in_: LocalAppList, context: PolicyConvertContext) -> ConvertR PrefixList: prefix, ProtocolNameList: protocol, RegionList: region, + ScalableGroupTagList: scalable_group_tag, SiteList: site, SLAClassList: sla_class, TLOCList: tloc,