enfcli 3.3.2.pre.alpha

data/lib/enfcli/commands/xcr.rb

@@ -0,0 +1,480 @@
+#
+# Copyright 2018 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'enfthor'
+require 'enfapi'
+
+module EnfCli
+  
+  module Cmd
+    
+    class Xcr < EnfThor
+      no_commands {
+        def display_endpoints eps
+          headings = ['IPV6', 'Name', 'State', 'Network', 'Remote IP']
+          rows = eps.map{ |hash|
+            [ hash[:ipv6],
+              hash[:name],
+              hash[:state],
+              hash[:state] == 'OFFLINE' ? '' : hash[:ev_asn_org],
+              hash[:state] == 'OFFLINE' ? '' : hash[:ev_remote_ip]
+            ]
+          }
+          render_table(headings, rows, options.file)
+        end
+        
+        def display_endpoint_events events
+          headings = ['Time', 'IPV6', 'Source', 'Event', 'Network', 'Remote IP']
+          rows = events.map{ |hash|
+            [ hash[:inserted_date], hash[:ipv6_text], hash[:source], hash[:type], hash[:asn_org], hash[:remote_ip]]
+          }
+          render_table(headings, rows)
+        end
+        
+        def display_domains domains
+          headings = ['Name', 'Network', 'Status']
+          rows = domains.map{ |hash|
+            [ hash[:name], hash[:network], hash[:status]
+            ]
+          }
+          render_table(headings, rows)
+        end
+
+        def display_networks networks
+          headings = ['Name', 'Network', 'Description', 'Status']
+          rows = networks.map{ |hash|
+            [ hash[:name], hash[:network], hash[:description], hash[:status]
+            ]
+          }
+          render_table(headings, rows)
+        end
+
+        def display_limits limits
+          # Extract default limits          
+          default_limits = limits[:default]
+          current_limits = limits[:current]
+          max_limits = limits[:max]
+
+          # add type to the limits hash
+          default_limits[:limit] = 'DEFAULT' if default_limits
+          max_limits[:limit] = 'MAX' if max_limits
+          current_limits[:limit] = 'CURRENT' if current_limits
+
+          limits_array = []
+          limits_array.push default_limits if default_limits
+          limits_array.push current_limits if current_limits
+          limits_array.push max_limits if max_limits
+          
+          headings = ['Limit', 'Pkts/Sec', 'Pkts Burst Size', 'Bytes/Sec', 'Bytes Burst Size', 'Inherited']
+          rows = limits_array.map{ |hash|
+            [ hash[:limit], hash[:packets_per_second], hash[:packets_burst_size], hash[:bytes_per_second], hash[:bytes_burst_size],
+              hash[:inherit] ? hash[:inherit] : "N/A"
+            ]
+          }
+          render_table(headings, rows)
+        end
+      }
+      
+      desc "list-networks", "List all virtual networks in domain"
+      def list_networks
+        try_with_rescue_in_session do
+          domain_id = EnfCli::CTX.instance.session[:domain_id]
+          
+          # Call the api
+          data = EnfApi::API.instance.list_domain_nws domain_id
+          networks = data[:data]
+
+          # display table
+          display_networks networks
+        end
+      end
+
+      desc "provision-network", "Provision a Network"
+      method_option :name, :type => :array, :required => true, :banner => "NAME"
+      method_option :description, :type => :array, :banner => "DESCRIPTION"
+      def provision_network
+        try_with_rescue_in_session do
+          # verify domain context is set
+          domain_id = EnfCli::CTX.instance.session[:domain_id]
+          raise EnfCli::ERROR, "User's domain not available!" if !domain_id || domain_id < 0
+
+          # Get options
+          description = ""
+          network_name = options.name.join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
+          description = options.description.join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1') if options.description
+                                                                                             
+          # Call the api
+          hash = {
+            :name => network_name,
+            :domain_id => domain_id,
+            :description => description
+          }
+          data = EnfApi::API.instance.create_nw hash
+          networks = data[:data]
+
+          # display table
+          say "Provisioned a network!", :green
+          display_networks networks
+        end
+      end      
+
+      desc "list-enf-networks", "List enf /34 networks"
+      def list_enf_networks
+        try_with_rescue_in_session do
+          # Call the api
+          data = EnfApi::API.instance.list_enfnws
+          networks = data[:data]
+
+          # Display the data
+          headings = ['Id', 'Parent', 'Network', 'Notes', 'Status', 'Type']
+          rows = networks.map{ |hash|
+            [ hash[:id], hash[:parent], hash[:network], hash[:notes], hash[:status], hash[:type] ]
+          }
+          render_table(headings, rows)
+
+        end
+      end
+
+      desc "list-domains", "List all domains"
+      def list_domains
+        try_with_rescue_in_session do
+          session = EnfCli::CTX.instance.session
+          
+          # call api
+          data = {:data => []}
+          case session[:type]
+          when 'XAPTUM_ADMIN'            
+            data = EnfApi::API.instance.list_domains
+
+          when 'DOMAIN_ADMIN'
+            data = EnfApi::API.instance.get_domain session[:domain_id]
+          end
+
+          # Display the data
+          domains = data[:data]
+          display_domains domains
+        end
+      end
+      
+      desc "provision-domain", "Provision a new customer /48 network domain"
+      method_option :name, :type => :string, :required => true
+      method_option :'admin-name', :type => :array, :required => true, :banner => "ADMIN_NAME"
+      method_option :'admin-email', :type => :string, :required => true, :banner => "EMAIL"
+      def provision_domain
+        try_with_rescue_in_session do          
+          # Get cli params
+          domain_name = options[:name]
+          admin_name = options[:'admin-name'].join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
+          admin_email = options[:'admin-email']
+
+          # Call api
+          hash = {
+            :admin_name => admin_name,
+            :admin_email => admin_email,
+            :name => domain_name,
+            :type => 'CUSTOMER_SOURCE'            
+          }
+          data = EnfApi::API.instance.create_domain hash
+
+          # Display the data
+          domains = data[:data]
+          display_domains domains
+        end
+      end
+
+      desc "list-domain-rate-limits", "List domain rate limits"
+      method_option :network, :type => :string, :required => true, :banner => '</48 Network>'
+      method_option :filter, :type => :string, :enum => ['default', 'max']
+      def list_domain_rate_limits
+        try_with_rescue_in_session do
+          # Call the api
+          data = EnfApi::API.instance.get_domain_rate_limits options[:network], options[:filter]
+          
+          # Get the limits
+          limits = data[:data][0]
+
+          # Display limits
+          display_limits limits
+        end
+      end
+
+      desc "list-network-rate-limits", "List network rate limits"
+      method_option :network, :type => :string, :required => true
+      method_option :filter, :type => :string, :enum => ['default', 'max']
+      def list_network_rate_limits
+        try_with_rescue_in_session do
+          # Call the api
+          data = EnfApi::API.instance.get_network_rate_limits options[:network], options[:filter]
+          
+          # Get the limits
+          limits = data[:data][0]
+
+          # Display limits
+          display_limits limits
+        end
+      end
+
+      desc "list-endpoint-rate-limits", "List endpoints rate limits"
+      method_option :ipv6, :type => :string, :required => true
+      method_option :filter, :type => :string, :enum => ['current', 'max']
+      def list_endpoint_rate_limits
+        try_with_rescue_in_session do
+          # Call the api
+          data = EnfApi::API.instance.get_ep_rate_limits options[:ipv6], options[:filter]
+          
+          # Get the limits
+          limits = data[:data][0]
+
+          # Display limits
+          display_limits limits
+        end
+      end      
+
+      desc "activate-domain", "Activate a customer's /48 domain"
+      method_option :network, :type => :string, :required => true
+      def activate_domain
+        try_with_rescue_in_session do
+          # Call api
+          data = EnfApi::API.instance.activate_domain options[:network]
+          domains = data[:data]
+          
+          # Display the data
+          say "Activated Domain!", :green
+          display_domains domains
+        end        
+      end
+
+      desc "deactivate-domain", "Deactivate a customer's /48 domain"
+      method_option :network, :type => :string, :required => true
+      def deactivate_domain
+        try_with_rescue_in_session do
+          # Call api
+          data = EnfApi::API.instance.deactivate_domain options[:network]
+          domains = data[:data]
+          
+          # Display the data
+          say "Deactivated Domain!", :yellow
+          display_domains domains
+        end        
+      end      
+      
+      desc "set-domain-rate-limits", "Update a customer /48 domain's endpoint rate limits"
+      method_option :network, :type => :string, :required => true
+      method_option :limit, :type => :string, :enum => ['default', 'max'], :required => true
+      method_option :'packets-per-second', :type => :numeric, :required => true
+      method_option :'packets-burst-size', :type => :numeric, :required => true
+      method_option :'bytes-per-second', :type => :numeric, :required => true
+      method_option :'bytes-burst-size', :type => :numeric, :required => true
+      def set_domain_rate_limits
+        try_with_rescue_in_session do
+          # Call api
+          hash = {
+            :packets_per_second => options['packets-per-second'],
+            :packets_burst_size => options['packets-burst-size'],
+            :bytes_per_second => options['bytes-per-second'],
+            :bytes_burst_size => options['bytes-burst-size']            
+          }
+          data = EnfApi::API.instance.update_domain_rate_limits options[:network], options[:limit], hash
+          limits = data[:data][0]
+
+          # The Api returns only the rate limits object. Have to add type explicitly to display
+          limits_hash = {
+            options[:limit].to_sym => limits
+          }
+          display_limits limits_hash
+        end
+      end
+      
+      desc "set-network-rate-limits", "Update a customer /64 network's endpoint rate limits"
+      method_option :network, :type => :string, :required => true
+      method_option :limit, :type => :string, :enum => ['default', 'max'], :required => true
+      method_option :'packets-per-second', :type => :numeric, :required => true
+      method_option :'packets-burst-size', :type => :numeric, :required => true
+      method_option :'bytes-per-second', :type => :numeric, :required => true
+      method_option :'bytes-burst-size', :type => :numeric, :required => true
+      def set_network_rate_limits
+        try_with_rescue_in_session do
+          # Call api
+          hash = {
+            :packets_per_second => options['packets-per-second'],
+            :packets_burst_size => options['packets-burst-size'],
+            :bytes_per_second => options['bytes-per-second'],
+            :bytes_burst_size => options['bytes-burst-size']            
+          }
+          data = EnfApi::API.instance.update_network_rate_limits options[:network], options[:limit], hash
+          limits = data[:data][0]
+
+          # The Api returns only the rate limits object. Have to add type explicitly to display
+          limits_hash = {
+            options[:limit].to_sym => limits
+          }
+          display_limits limits_hash
+        end
+      end
+      
+      desc "reset-network-rate-limits", "Reset customer /64 network's endpoint rate limits to domains rate limits"
+      method_option :network, :type => :string, :required => true
+      method_option :limit, :type => :string, :enum => ['default', 'max'], :required => true
+      def reset_network_rate_limits
+        try_with_rescue_in_session do
+          # Call api
+          hash = {
+            :inherit => 'Y'
+          }
+          data = EnfApi::API.instance.update_network_rate_limits options[:network], options[:limit], hash
+          limits = data[:data][0]
+
+          # The Api returns only the rate limits object. Have to add type explicitly to display
+          limits_hash = {
+            options[:limit].to_sym => limits
+          }
+          display_limits limits_hash
+        end
+      end
+      
+      desc "set-endpoint-rate-limits", "Update an ipv6 endpoint rate limits"
+      method_option :ipv6, :type => :string, :required => true
+      method_option :limit, :type => :string, :enum => ['current', 'max'], :required => true
+      method_option :'packets-per-second', :type => :numeric, :required => true
+      method_option :'packets-burst-size', :type => :numeric, :required => true
+      method_option :'bytes-per-second', :type => :numeric, :required => true
+      method_option :'bytes-burst-size', :type => :numeric, :required => true
+      def set_endpoint_rate_limits
+        try_with_rescue_in_session do
+          # Call api
+          hash = {
+            :packets_per_second => options['packets-per-second'],
+            :packets_burst_size => options['packets-burst-size'],
+            :bytes_per_second => options['bytes-per-second'],
+            :bytes_burst_size => options['bytes-burst-size']            
+          }
+          data = EnfApi::API.instance.update_ep_rate_limits options[:ipv6], options[:limit], hash
+          limits = data[:data][0]
+
+          # The Api returns only the rate limits object. Have to add type explicitly to display
+          limits_hash = {
+            options[:limit].to_sym => limits
+          }
+          display_limits limits_hash
+        end
+      end
+      
+      desc "reset-endpoint-rate-limits", "Reset an ipv6 endpoint rate limits to network's rate limits"
+      method_option :ipv6, :type => :string, :required => true
+      method_option :limit, :type => :string, :enum => ['current', 'max'], :required => true
+      def reset_endpoint_rate_limits
+        try_with_rescue_in_session do
+          # Call api
+          hash = {
+            :inherit => 'Y'            
+          }
+          data = EnfApi::API.instance.update_ep_rate_limits options[:ipv6], options[:limit], hash
+          limits = data[:data][0]
+
+          # The Api returns only the rate limits object. Have to add type explicitly to display
+          limits_hash = {
+            options[:limit].to_sym => limits
+          }
+          display_limits limits_hash
+        end
+      end
+      
+      desc "list-endpoints", "List all connections in a network"
+      method_option :network, :type => :string, :required => true
+      method_option :file, :type => :string, :aliases => "-f"      
+      def list_endpoints
+        try_with_rescue_in_session do
+          # verify domain context is set
+          domain_id = EnfCli::CTX.instance.session[:domain_id]
+          raise EnfCli::ERROR, "User's domain not available!" if !domain_id || domain_id < 0
+
+          # call api
+          data = EnfApi::API.instance.list_nw_connections domain_id, options.network, options.file
+          cxns = data[:data]
+
+          # display table
+          display_endpoints cxns
+        end
+      end
+
+      desc "list-endpoint-events", "List connect/disconnect events for an ipv6 endpoint"
+      method_option :ipv6, :type => :string, :required => true
+      def list_endpoint_events
+        try_with_rescue_in_session do
+          # call the api
+          data = EnfApi::API.instance.list_endpoint_events options.ipv6
+          events = data[:data]
+
+          # display data
+          display_endpoint_events events
+          
+        end
+      end
+
+      desc "list-network-events", "List connect/disconnect events of ipv6 endpoints in a network"
+      method_option :network, :type => :string, :required => true
+      def list_network_events
+        try_with_rescue_in_session do
+          # call the api
+          data = EnfApi::API.instance.list_network_events options.network
+          events = data[:data]
+
+          # display data
+          display_endpoint_events events
+        end
+      end
+
+      desc "get-endpoint", "Display an ipv6 endpoint's information"
+      method_option :ipv6, :type => :string, :required => true
+      def get_endpoint
+        try_with_rescue_in_session do
+          # call the api
+          data = EnfApi::API.instance.get_endpoint options.ipv6
+          eps = data[:data]
+
+          # display data
+          display_endpoints eps
+        end
+      end
+
+      desc "update-endpoint", "Update an ipv6 endpoint's name"
+      method_option :ipv6, :type => :string, :required => true
+      method_option :name, :type => :array, :required => true, :banner => "NAME"
+      def update_endpoint
+        try_with_rescue_in_session do
+          # Call the api
+          data = EnfApi::API.instance.update_endpoint options.ipv6, options.name.join(" ").gsub(/\A"+(.*?)"+\Z/m, '\1')
+          eps = data[:data]
+
+          # display data
+          display_endpoints eps
+        end
+      end
+
+      desc "activate-enf-network", "Active a /34 enf network"
+      method_option :network, :type => :string, :required => true
+      def activate_enfnw
+        try_with_rescue_in_session do
+          # Call the api
+          EnfApi::API.instance.activate_enfnw options.network
+
+          # Print success
+          say "Activated Enf Network #{options.network}!", :green
+        end
+      end
+                      
+    end # class
+  end # module Cmd
+end # module EnfCli

data/lib/enfcli/commands/xfw.rb

@@ -0,0 +1,151 @@
+#
+# Copyright 2018 Xaptum,Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require 'enfthor'
+require 'enfapi'
+require 'base64'
+require 'digest'
+require 'openssl'
+require 'ipaddr'
+
+module EnfCli
+  module Cmd
+    
+    class Xfw < EnfThor
+      no_commands {
+        def display_firewall_rules rules
+          headings = ['Id', 'Priority', 'Protocol', 'Direction', 'Source', 'Source Port', 'Destination', 'Destination Port', 'Action']
+          rows = rules.map{ |hash|
+            [ hash[:id], hash[:priority], hash[:protocol], hash[:direction],
+              hash[:source_ip] == '' ? '*' : hash[:source_ip],
+              hash[:source_port] == 0 ? '*' : hash[:source_port],
+              hash[:dest_ip] == '' ? '*' : hash[:dest_ip],
+              hash[:dest_port] == 0 ? '*' : hash[:dest_port],
+              hash[:action] ]
+          }
+          render_table(headings, rows)
+        end
+      }
+
+      desc "list-firewall-rules", "List all firewall rules in a /64 network"
+      method_option :network, :type => :string, :required => true
+      def list_firewall_rules
+        try_with_rescue_in_session do
+          # call the api
+          rules = EnfApi::Firewall.instance.list_firewall_rules options[:network]
+
+          # display empty table and return
+          if rules.length == 0 then
+            display_firewall_rules rules
+            return
+          end
+
+          # sort the rules by direction, priority
+          sorted_rules = rules.sort{ |x,y|
+            r = x[:direction] <=> y[:direction]
+            if r == 0 then
+              x[:priority] <=> y[:priority]
+            else
+              r
+            end
+          }
+         
+          # chunk them into egress/ingress arrays
+          egress_rules = Array.new
+          ingress_rules = Array.new
+          sorted_rules.each{ |rule|
+            if rule[:direction] == 'INGRESS' then
+              ingress_rules << rule
+            else
+              egress_rules << rule
+            end
+          }
+          
+          # display data
+          if egress_rules.length > 0 then
+            say "Egress firewall rules(Endpoint -> ENF)", :yellow
+            display_firewall_rules egress_rules
+
+            # separate two tables
+            say ""
+          end
+
+          if ingress_rules.length > 0 then
+            say "Ingress firewall rules(ENF -> Endpoint)", :yellow
+            display_firewall_rules ingress_rules
+          end
+        end
+      end
+
+      desc "add-firewall-rule", "Add a firewall rule to a /64 network"
+      method_option :network, :type => :string, :required => true
+      method_option :priority, :type => :numeric, :required => true
+      method_option :protocol, :type => :string, :required => true, :enum => ['TCP', 'UDP', 'ICMP6', '6', '17', '58']
+      method_option :source_ip, :type => :string
+      method_option :source_port, :type => :numeric
+      method_option :dest_ip, :type => :string
+      method_option :dest_port, :type => :numeric
+      method_option :direction, :type => :string, :required => true, :enum => ['EGRESS', 'INGRESS']
+      method_option :action, :type => :string, :required => true, :enum => ['ACCEPT', 'DROP']
+      
+      def add_firewall_rule
+        protocol_map = { 'TCP' => 'TCP', 'UDP' => 'UDP', 'ICMP6' => 'ICMP6', '6' => 'TCP', '17' => 'UDP', '58' => 'ICMP6' }
+        try_with_rescue_in_session do
+          # get options
+          rule = {
+            :ip_family => 'IP6',
+            :priority => options[:priority],
+            :protocol => protocol_map[ options[:protocol] ],
+            :source_ip => options[:source_ip] ? options[:source_ip] : '*',
+            :source_port => options[:source_port] ? options[:source_port] : 0,
+            :dest_ip => options[:dest_ip] ? options[:dest_ip] : '*',
+            :dest_port => options[:dest_port] ? options[:dest_port] : 0,
+            :direction => options[:direction],
+            :action => options[:action]
+          }
+
+          # call the api
+          EnfApi::Firewall.instance.add_firewall_rule options[:network], rule
+
+          # print success
+          say "Created firewall rule!", :green
+        end
+      end
+
+      desc "delete-firewall-rule", "Delete a firewall rule"
+      method_option :network, :type => :string, :required => true
+      method_option :id, :type => :string, :required => true
+      def delete_firewall_rule
+        try_with_rescue_in_session do
+          # call the api
+          EnfApi::Firewall.instance.delete_firewall_rules options[:network], options[:id]
+
+          # print success
+          say "Deleted firewall rule in #{options[:network]}!", :green
+        end
+      end
+
+      # desc "delete-all-firewall-rules", "Delete a firewall rules in a /64 network"
+      # method_option :network, :type => :string, :required => true
+      # def delete_all_firewall_rules
+      #  session = EnfCli::CTX.instance.session
+      #  raise EnfCli::ERROR, "User Session not establised!" if !session
+      #  EnfApi::Firewall.instance.delete_firewall_rules options[:network]
+      # end
+      
+    end
+
+  end
+end