From eb3d47e71dbf6b93cb2d7f1ddeb1e044abf1a23d Mon Sep 17 00:00:00 2001 From: Garfield Freeman Date: Tue, 21 Dec 2021 16:58:08 -0800 Subject: [PATCH] feat(pbf): Adding GroupTag support --- poli/pbf/entry.go | 188 ++++++++++++++++++++------------------ poli/pbf/testdata_test.go | 1 + 2 files changed, 98 insertions(+), 91 deletions(-) diff --git a/poli/pbf/entry.go b/poli/pbf/entry.go index 82359b70..8ccad597 100644 --- a/poli/pbf/entry.go +++ b/poli/pbf/entry.go @@ -43,6 +43,7 @@ type Entry struct { Targets map[string][]string NegateTarget bool Uuid string // 9.0+ + GroupTag string // 9.0+ } // Copy copies the information from source Entry `s` to this object. As the @@ -74,6 +75,7 @@ func (o *Entry) Copy(s Entry) { o.ActiveActiveDeviceBinding = s.ActiveActiveDeviceBinding o.Targets = util.CopyTargets(s.Targets) o.NegateTarget = s.NegateTarget + o.GroupTag = s.GroupTag } /** Structs / functions for this namespace. **/ @@ -175,97 +177,6 @@ func (o *entry_v1) normalize() Entry { return ans } -type container_v2 struct { - Answer []entry_v2 `xml:"entry"` -} - -func (o *container_v2) Normalize() []Entry { - ans := make([]Entry, 0, len(o.Answer)) - for i := range o.Answer { - ans = append(ans, o.Answer[i].normalize()) - } - - return ans -} - -func (o *container_v2) Names() []string { - ans := make([]string, 0, len(o.Answer)) - for i := range o.Answer { - ans = append(ans, o.Answer[i].Name) - } - - return ans -} - -func (o *entry_v2) normalize() Entry { - ans := Entry{ - Name: o.Name, - SourceAddresses: util.MemToStr(o.SourceAddresses), - SourceUsers: util.MemToStr(o.SourceUsers), - NegateSource: util.AsBool(o.NegateSource), - DestinationAddresses: util.MemToStr(o.DestinationAddresses), - NegateDestination: util.AsBool(o.NegateDestination), - Applications: util.MemToStr(o.Applications), - Services: util.MemToStr(o.Services), - Schedule: o.Schedule, - Tags: util.MemToStr(o.Tags), - Disabled: util.AsBool(o.Disabled), - Description: o.Description, - ActiveActiveDeviceBinding: o.ActiveActiveDeviceBinding, - Uuid: o.Uuid, - } - - if o.TargetInfo != nil { - ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget) - ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets) - } - - switch { - case o.FromZones != nil: - ans.FromType = FromTypeZone - ans.FromValues = util.MemToStr(o.FromZones) - case o.FromInterfaces != nil: - ans.FromType = FromTypeInterface - ans.FromValues = util.MemToStr(o.FromInterfaces) - } - - switch { - case o.Action.Forward != nil: - ans.Action = ActionForward - ans.ForwardEgressInterface = o.Action.Forward.ForwardEgressInterface - - if o.Action.Forward.NextHop != nil { - if o.Action.Forward.NextHop.IpAddress != "" { - ans.ForwardNextHopType = ForwardNextHopTypeIpAddress - ans.ForwardNextHopValue = o.Action.Forward.NextHop.IpAddress - } else if o.Action.Forward.NextHop.Fqdn != "" { - ans.ForwardNextHopType = ForwardNextHopTypeFqdn - ans.ForwardNextHopValue = o.Action.Forward.NextHop.Fqdn - } - } - - if o.Action.Forward.Monitor != nil { - ans.ForwardMonitorProfile = o.Action.Forward.Monitor.ForwardMonitorProfile - ans.ForwardMonitorIpAddress = o.Action.Forward.Monitor.ForwardMonitorIpAddress - ans.ForwardMonitorDisableIfUnreachable = util.AsBool(o.Action.Forward.Monitor.ForwardMonitorDisableIfUnreachable) - } - case o.Action.ForwardVsys != nil: - ans.Action = ActionVsysForward - ans.ForwardVsys = *o.Action.ForwardVsys - case o.Action.Discard != nil: - ans.Action = ActionDiscard - case o.Action.NoPbf != nil: - ans.Action = ActionNoPbf - } - - if o.Symmetric != nil { - ans.EnableEnforceSymmetricReturn = util.AsBool(o.Symmetric.EnableEnforceSymmetricReturn) - ans.SymmetricReturnAddresses = util.EntToStr(o.Symmetric.SymmetricReturnAddresses) - } - - return ans -} - type entry_v1 struct { XMLName xml.Name `xml:"entry"` Name string `xml:"name,attr"` @@ -392,10 +303,104 @@ func specify_v1(e Entry) interface{} { return ans } +// PAN-OS 9.0 +type container_v2 struct { + Answer []entry_v2 `xml:"entry"` +} + +func (o *container_v2) Normalize() []Entry { + ans := make([]Entry, 0, len(o.Answer)) + for i := range o.Answer { + ans = append(ans, o.Answer[i].normalize()) + } + + return ans +} + +func (o *container_v2) Names() []string { + ans := make([]string, 0, len(o.Answer)) + for i := range o.Answer { + ans = append(ans, o.Answer[i].Name) + } + + return ans +} + +func (o *entry_v2) normalize() Entry { + ans := Entry{ + Name: o.Name, + SourceAddresses: util.MemToStr(o.SourceAddresses), + SourceUsers: util.MemToStr(o.SourceUsers), + NegateSource: util.AsBool(o.NegateSource), + DestinationAddresses: util.MemToStr(o.DestinationAddresses), + NegateDestination: util.AsBool(o.NegateDestination), + Applications: util.MemToStr(o.Applications), + Services: util.MemToStr(o.Services), + Schedule: o.Schedule, + Tags: util.MemToStr(o.Tags), + Disabled: util.AsBool(o.Disabled), + Description: o.Description, + ActiveActiveDeviceBinding: o.ActiveActiveDeviceBinding, + Uuid: o.Uuid, + GroupTag: o.GroupTag, + } + + if o.TargetInfo != nil { + ans.NegateTarget = util.AsBool(o.TargetInfo.NegateTarget) + ans.Targets = util.VsysEntToMap(o.TargetInfo.Targets) + } + + switch { + case o.FromZones != nil: + ans.FromType = FromTypeZone + ans.FromValues = util.MemToStr(o.FromZones) + case o.FromInterfaces != nil: + ans.FromType = FromTypeInterface + ans.FromValues = util.MemToStr(o.FromInterfaces) + } + + switch { + case o.Action.Forward != nil: + ans.Action = ActionForward + ans.ForwardEgressInterface = o.Action.Forward.ForwardEgressInterface + + if o.Action.Forward.NextHop != nil { + if o.Action.Forward.NextHop.IpAddress != "" { + ans.ForwardNextHopType = ForwardNextHopTypeIpAddress + ans.ForwardNextHopValue = o.Action.Forward.NextHop.IpAddress + } else if o.Action.Forward.NextHop.Fqdn != "" { + ans.ForwardNextHopType = ForwardNextHopTypeFqdn + ans.ForwardNextHopValue = o.Action.Forward.NextHop.Fqdn + } + } + + if o.Action.Forward.Monitor != nil { + ans.ForwardMonitorProfile = o.Action.Forward.Monitor.ForwardMonitorProfile + ans.ForwardMonitorIpAddress = o.Action.Forward.Monitor.ForwardMonitorIpAddress + ans.ForwardMonitorDisableIfUnreachable = util.AsBool(o.Action.Forward.Monitor.ForwardMonitorDisableIfUnreachable) + } + case o.Action.ForwardVsys != nil: + ans.Action = ActionVsysForward + ans.ForwardVsys = *o.Action.ForwardVsys + case o.Action.Discard != nil: + ans.Action = ActionDiscard + case o.Action.NoPbf != nil: + ans.Action = ActionNoPbf + } + + if o.Symmetric != nil { + ans.EnableEnforceSymmetricReturn = util.AsBool(o.Symmetric.EnableEnforceSymmetricReturn) + ans.SymmetricReturnAddresses = util.EntToStr(o.Symmetric.SymmetricReturnAddresses) + } + + return ans +} + type entry_v2 struct { XMLName xml.Name `xml:"entry"` Name string `xml:"name,attr"` Uuid string `xml:"uuid,attr,omitempty"` + GroupTag string `xml:"group-tag,omitempty"` FromZones *util.MemberType `xml:"from>zone"` FromInterfaces *util.MemberType `xml:"from>interface"` SourceAddresses *util.MemberType `xml:"source"` @@ -449,6 +454,7 @@ func specify_v2(e Entry) interface{} { Description: e.Description, ActiveActiveDeviceBinding: e.ActiveActiveDeviceBinding, Uuid: e.Uuid, + GroupTag: e.GroupTag, } if e.Targets != nil || e.NegateTarget { diff --git a/poli/pbf/testdata_test.go b/poli/pbf/testdata_test.go index 84748514..5a123082 100644 --- a/poli/pbf/testdata_test.go +++ b/poli/pbf/testdata_test.go @@ -219,6 +219,7 @@ func getTests() []tc { {"v2 forward fqdn nexthop", version.Number{9, 0, 0, ""}, Entry{ Name: "v2", Uuid: "aaaa-bb-ccccc", + GroupTag: "myGroupTag", Description: "my desc", FromType: FromTypeInterface, FromValues: []string{"ethernet1/1", "ethernet1/2"},