Skip to content

Commit feb1515

Browse files
sbasansbasan
authored
dev: security mode and nextHopIpv6 (#5)
* allow empty string as security policy mode * fix: policy mode default to security * fix: data policy nextHopIpv6 action set entry * bump sdk dev version
1 parent c3c514c commit feb1515

File tree

6 files changed

+38
-21
lines changed

6 files changed

+38
-21
lines changed

catalystwan/models/common.py

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -676,7 +676,18 @@ def str_as_interface_list(val: Union[str, Sequence[InterfaceStr]]) -> Sequence[I
676676
"umbrella",
677677
]
678678

679-
PolicyModeType = Literal["security", "unified"]
679+
_PolicyModeType = Literal["security", "unified"]
680+
681+
def parse_policy_mode(val: Optional[str]) -> _PolicyModeType:
682+
if isinstance(val, str) and val == "unified":
683+
return "unified"
684+
return "security"
685+
686+
PolicyModeType = Annotated[
687+
_PolicyModeType,
688+
BeforeValidator(parse_policy_mode)
689+
]
690+
680691

681692
CoreRegion = Literal[
682693
"core",

catalystwan/models/policy/definition/traffic_data.py

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
# Copyright 2023 Cisco Systems, Inc. and its affiliates
22

3-
from ipaddress import IPv4Address, IPv4Network, IPv6Network
3+
from ipaddress import IPv4Address, IPv4Network, IPv6Address, IPv6Network
44
from typing import List, Literal, Optional, Set, Tuple, Union, overload
55
from uuid import UUID
66

@@ -49,6 +49,7 @@
4949
Match,
5050
NATAction,
5151
NextHopActionEntry,
52+
NextHopIpv6ActionEntry,
5253
NextHopLooseEntry,
5354
PacketLengthEntry,
5455
PLPEntry,
@@ -274,8 +275,11 @@ def associate_nat_action(
274275
self._insert_action(nat_action)
275276

276277
@accept_action
277-
def associate_next_hop_action(self, next_hop: IPv4Address, loose: bool = False) -> None:
278-
self._insert_action_in_set(NextHopActionEntry(value=next_hop))
278+
def associate_next_hop_action(self, next_hop: Union[IPv4Address, IPv6Address], loose: bool = False) -> None:
279+
if isinstance(next_hop, IPv6Address):
280+
self._insert_action_in_set(NextHopIpv6ActionEntry(value=next_hop))
281+
else:
282+
self._insert_action_in_set(NextHopActionEntry(value=next_hop))
279283
self._insert_action_in_set(NextHopLooseEntry(value=loose))
280284

281285
@accept_action

catalystwan/models/policy/definition/zone_based_firewall.py

Lines changed: 4 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
from pydantic import BaseModel, ConfigDict, Field
88
from typing_extensions import Annotated
99

10+
from catalystwan.models.common import PolicyModeType
1011
from catalystwan.models.misc.application_protocols import ApplicationProtocol
1112
from catalystwan.models.policy.policy_definition import (
1213
AdvancedInspectionProfileAction,
@@ -220,12 +221,6 @@ class ZoneBasedFWPolicyEntry(BaseModel):
220221
model_config = ConfigDict(populate_by_name=True)
221222

222223

223-
class ZoneBasedFWPolicyHeader(PolicyDefinitionBase):
224-
type: Literal["zoneBasedFW"] = "zoneBasedFW"
225-
mode: str = Field(default="security")
226-
model_config = ConfigDict(populate_by_name=True)
227-
228-
229224
class ZoneBasedFWPolicyDefinition(DefinitionWithSequencesCommonBase):
230225
default_action: ZoneBasedFirewallDefaultAction = Field(
231226
default=ZoneBasedFirewallDefaultAction(type="drop"),
@@ -236,9 +231,10 @@ class ZoneBasedFWPolicyDefinition(DefinitionWithSequencesCommonBase):
236231
entries: List[ZoneBasedFWPolicyEntry] = []
237232

238233

239-
class ZoneBasedFWPolicy(ZoneBasedFWPolicyHeader):
234+
class ZoneBasedFWPolicy(PolicyDefinitionBase):
235+
model_config = ConfigDict(populate_by_name=True)
240236
type: Literal["zoneBasedFW"] = "zoneBasedFW"
241-
mode: Literal["security", "unified"] = "security"
237+
mode: PolicyModeType = "security"
242238
definition: ZoneBasedFWPolicyDefinition = ZoneBasedFWPolicyDefinition()
243239

244240
def add_ipv4_rule(

catalystwan/models/policy/policy_definition.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -492,6 +492,11 @@ class NextHopActionEntry(BaseModel):
492492
value: Union[IPv4Address, IPv6Address]
493493

494494

495+
class NextHopIpv6ActionEntry(BaseModel):
496+
field: Literal["nextHopIpv6"] = "nextHopIpv6"
497+
value: IPv6Address
498+
499+
495500
class NextHopMatchEntry(BaseModel):
496501
field: Literal["nextHop"] = "nextHop"
497502
ref: UUID
@@ -1205,6 +1210,7 @@ class CloudSaaSAction(BaseModel):
12051210
MetricEntry,
12061211
MetricTypeEntry,
12071212
NextHopActionEntry,
1213+
NextHopIpv6ActionEntry,
12081214
NextHopLooseEntry,
12091215
OMPTagEntry,
12101216
OriginatorEntry,

catalystwan/models/policy/security.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -124,7 +124,7 @@ class UnifiedSecurityPolicyDefinition(PolicyDefinition):
124124

125125

126126
class SecurityPolicy(PolicyCreationPayload):
127-
policy_mode: Literal[None, "security"] = Field(
127+
policy_mode: Literal[None, "", "security"] = Field(
128128
default="security", serialization_alias="policyMode", validation_alias="policyMode"
129129
)
130130
policy_type: str = Field(default="feature", serialization_alias="policyType", validation_alias="policyType")
@@ -138,26 +138,26 @@ class SecurityPolicy(PolicyCreationPayload):
138138
def get_assemby_item_uuids(self) -> Set[UUID]:
139139
return set((item.definition_id for item in self.policy_definition.assembly))
140140

141-
def add_item(self, item: SecurityPolicyAssemblyItem) -> None:
141+
def _add_item(self, item: SecurityPolicyAssemblyItem) -> None:
142142
self.policy_definition.assembly.append(item)
143143

144144
def add_zone_based_fw(self, definition_id: UUID) -> None:
145-
self.add_item(ZoneBasedFWAssemblyItem(definition_id=definition_id))
145+
self._add_item(ZoneBasedFWAssemblyItem(definition_id=definition_id))
146146

147147
def add_dns_security(self, definition_id: UUID) -> None:
148-
self.add_item(DNSSecurityAssemblyItem(definition_id=definition_id))
148+
self._add_item(DNSSecurityAssemblyItem(definition_id=definition_id))
149149

150150
def add_intrusion_prevention(self, definition_id: UUID) -> None:
151-
self.add_item(IntrusionPreventionAssemblyItem(definition_id=definition_id))
151+
self._add_item(IntrusionPreventionAssemblyItem(definition_id=definition_id))
152152

153153
def add_url_filtering(self, definition_id: UUID) -> None:
154-
self.add_item(URLFilteringAssemblyItem(definition_id=definition_id))
154+
self._add_item(URLFilteringAssemblyItem(definition_id=definition_id))
155155

156156
def add_advanced_malware_protection(self, definition_id: UUID) -> None:
157-
self.add_item(AdvancedMalwareProtectionAssemblyItem(definition_id=definition_id))
157+
self._add_item(AdvancedMalwareProtectionAssemblyItem(definition_id=definition_id))
158158

159159
def add_ssl_decryption(self, definition_id: UUID) -> None:
160-
self.add_item(SSLDecryptionAssemblyItem(definition_id=definition_id))
160+
self._add_item(SSLDecryptionAssemblyItem(definition_id=definition_id))
161161

162162
@field_validator("policy_definition", mode="before")
163163
@classmethod

pyproject.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
[tool.poetry]
22
name = "catalystwan"
3-
version = "0.40.0dev0"
3+
version = "0.40.0dev1"
44
description = "Cisco Catalyst WAN SDK for Python"
55
authors = ["kagorski <kagorski@cisco.com>"]
66
readme = "README.md"

0 commit comments

Comments
 (0)