junos-ez-srx 0.0.8

data/lib/junos-ez/srx/apps.rb

@@ -0,0 +1,160 @@
+class Junos::Ez::SRX::Apps::Provider < Junos::Ez::Provider::Parent
+    
+  ### ---------------------------------------------------------------
+  ### XML top placement
+  ### ---------------------------------------------------------------
+  
+  def xml_at_top
+    Nokogiri::XML::Builder.new{|x| x.configuration{ 
+      x.applications {
+        x.application { 
+          x.name @name 
+          return x
+        }
+      }
+    }}
+  end
+  
+  ### ---------------------------------------------------------------
+  ### XML readers
+  ### ---------------------------------------------------------------
+
+  def xml_get_has_xml( xml )
+    xml.xpath('//application')[0]
+  end
+    
+  def xml_read_parser( as_xml, as_hash )    
+    set_has_status( as_xml, as_hash )            
+
+    xml_when_item(as_xml.xpath('description')){|i| as_hash[:description] = i.text }  
+    xml_when_item(as_xml.xpath('protocol')){|i| as_hash[:proto] = i.text }
+    as_hash[:proto] ||= nil
+    
+    xml_when_item(as_xml.xpath('inactivity-timeout')){|i| as_hash[:timeout] = i.text.to_i }
+
+    if as_hash[:proto] == 'icmp'
+      xml_when_item(as_xml.xpath('icmp-type')){|i| as_hash[:icmp_type] = i.text }
+      xml_when_item(as_xml.xpath('icmp-code')){|i| as_hash[:icmp_code] = i.text }
+      return true
+    end
+    
+    ## check to see if we have a proto.  if not, this is a composite application
+    ## definition witha collection of terms.  return when done.
+    
+    if as_hash[:proto] == nil
+      terms = []      
+      as_xml.xpath('term').each do |term|
+        term_h = {}
+        term_h[:name] = term.xpath('name').text
+        term_h[:proto] = term.xpath('protocol').text
+        xml_when_item(term.xpath('destination-port')) do |i|
+          term_h[:dst_ports] = _xml_read_parse_destination_port_( i.text )
+        end
+        terms << term_h
+      end
+      as_hash[:terms] = terms
+      
+      return  #!!! end of excution
+    end
+    
+    ### rest of this is for non ICMP
+    
+    xml_when_item(as_xml.xpath('destination-port')) do |i|
+      text = i.text
+      if (Float(text) != nil rescue false)
+        as_hash[:dst_ports] = text.to_i
+      elsif text =~ /(\d+)-(\d+)/
+        as_hash[:dst_ports] = [ $1.to_i, $2.to_i ]
+      else
+        as_hash[:dst_ports] = text
+      end
+    end
+    
+    return true
+  end    
+  
+  def _xml_read_parse_destination_port_( text )
+    if (Float(text) != nil rescue false)
+      text.to_i
+    elsif text =~ /(\d+)-(\d+)/
+      [ $1.to_i, $2.to_i ]
+    else
+      text
+    end    
+  end
+  
+  ### ---------------------------------------------------------------
+  ### XML property writers
+  ### ---------------------------------------------------------------  
+  
+  def xml_change_proto( xml )
+    xml_set_or_delete( xml, 'protocol', @should[:proto] )
+  end
+  
+  def xml_change_dst_ports( xml )
+    e_value = 
+      ( @should[:dst_ports].kind_of? Array ) ? "#{@should[:dst_ports][0]}-#{@should[:dst_ports][1]}"
+      : @should[:dst_ports]      
+      
+    xml_set_or_delete( xml, 'destination-port', e_value )
+  end
+  
+  def xml_change_timeout( xml )
+    xml_set_or_delete( xml, 'inactivity-timeout', @should[:timeout] )
+  end
+  
+  def xml_change_icmp_type( xml )
+    xml_set_or_delete( xml, 'icmp-type', @should[:icmp_type] )    
+  end
+  
+  def xml_change_icmp_code( xml )
+    xml_set_or_delete( xml, 'icmp-code', @should[:icmp_code] )        
+  end
+  
+end
+
+##### ---------------------------------------------------------------
+##### Provider collection methods
+##### ---------------------------------------------------------------
+
+class Junos::Ez::SRX::Apps::Provider
+  
+  def build_list 
+    @ndev.rpc.get_configuration{|x| x.applications {
+      x.application(:recurse => 'false')
+    }}.xpath('applications/application/name').collect{ |n| n.text }
+  end
+  
+  def build_catalog
+    @catalog = {}
+    @ndev.rpc.get_configuration{|x| x.applications {
+      x.application
+    }}.xpath('applications/application').each do |app|
+      name = app.xpath('name').text
+      @catalog[name] = {}
+      xml_read_parser( app, @catalog[name] )
+    end    
+    @catalog
+  end
+  
+  def list_junos_defaults
+    @ndev.rpc.get_configuration{|x| x.groups { x.name 'junos-defaults' 
+      x.applications { x.application(:recurse => 'false')
+    }}}.xpath('//application/name').collect{ |n| n.text }    
+  end
+
+  def catalog_junos_defaults
+    j_catalog = {}
+    @ndev.rpc.get_configuration{|x| x.groups { x.name 'junos-defaults'
+      x.applications { x.application
+    }}}.xpath('//applications/application').each do |app|
+      name = app.xpath('name').text
+      j_catalog[name] = {}
+      xml_read_parser( app, j_catalog[name] )
+    end    
+    j_catalog
+  end
+  
+end
+
+

data/lib/junos-ez/srx/appsets.rb

@@ -0,0 +1,82 @@
+class Junos::Ez::SRX::AppSets::Provider < Junos::Ez::Provider::Parent
+    
+  ### ---------------------------------------------------------------
+  ### XML top placement
+  ### ---------------------------------------------------------------
+  
+  def xml_at_top
+    Nokogiri::XML::Builder.new{|x| x.configuration{ 
+      x.applications {
+        x.send(:'application-set') { 
+          x.name @name 
+          return x
+        }
+      }
+    }}
+  end
+  
+  ### ---------------------------------------------------------------
+  ### XML readers
+  ### ---------------------------------------------------------------
+
+  def xml_get_has_xml( xml )
+    xml.xpath('applications/application-set')[0]
+  end
+    
+  def xml_read_parser( as_xml, as_hash )    
+    set_has_status( as_xml, as_hash )            
+    xml_when_item(as_xml.xpath('description')){|i| as_hash[:description] = i.text }
+    as_hash[:app_names] = as_xml.xpath('application/name').collect{|i| i.text }
+    as_hash[:app_sets] = as_xml.xpath('application-set/name').collect{|i| i.text }
+    return true
+  end    
+  
+  ### ---------------------------------------------------------------
+  ### XML property writers
+  ### ---------------------------------------------------------------  
+  
+  def xml_change_app_names( xml )
+    add, del = diff_property_array( :app_names )       
+    return false if add.empty? and del.empty?
+    
+    add.each{ |item| xml.application { xml.name item } }    
+    del.each{ |item| xml.application( Netconf::JunosConfig::DELETE ) {  xml.name item  }}   
+  end
+  
+  def xml_change_app_sets( xml )
+    add, del = diff_property_array( :app_sets )       
+    return false if add.empty? and del.empty?
+    
+    add.each{ |item| xml.send(:'applicaiton-set') { xml.name item } }
+    del.each{ |item| xml.send(:'application-set', Netconf::JunosConfig::DELETE ) { xml.name item }}       
+  end
+  
+end
+
+##### ---------------------------------------------------------------
+##### Provider collection methods
+##### ---------------------------------------------------------------
+
+class Junos::Ez::SRX::AppSets::Provider
+  
+  def build_list 
+    @ndev.rpc.get_configuration{|x| x.applications {
+      x.send(:'application-set', :recurse => 'false' )
+    }}.xpath('applications/application-set/name').collect{ |n| n.text }
+  end
+  
+  def build_catalog
+    @catalog = {}
+    @ndev.rpc.get_configuration{|x| x.applications {
+      x.send(:'application-set')
+    }}.xpath('applications/application-set').each do |app|
+      name = app.xpath('name').text
+      @catalog[name] = {}
+      xml_read_parser( app, @catalog[name] )
+    end    
+    @catalog
+  end
+  
+end
+
+

data/lib/junos-ez/srx/interfaces.rb

@@ -0,0 +1,115 @@
+
+
+class Junos::Ez::SRX::Interfaces::Provider < Junos::Ez::Provider::Parent
+  
+  ### ---------------------------------------------------------------
+  ### XML top placement
+  ### ---------------------------------------------------------------
+    
+  def xml_at_top
+    
+    Nokogiri::XML::Builder.new{|x| x.configuration{ 
+      x.security { x.zones {
+        x.send(:'security-zone') { 
+          x.name @parent.name
+          xml_element_top( x, @name )
+        }
+      }}
+    }}
+  end
+  
+  def xml_element_top( xml, name )
+    xml.interfaces {
+      xml.name name
+      return xml
+    }    
+  end  
+  
+  ### ---------------------------------------------------------------
+  ### XML readers
+  ### ---------------------------------------------------------------
+
+  def xml_get_has_xml( xml )
+    xml.xpath('//interfaces')[0]
+  end  
+  
+  def xml_read_parser( as_xml, as_hash )
+    set_has_status( as_xml, as_hash )  
+    
+    host_ib = as_xml.xpath('host-inbound-traffic')    
+    
+    as_hash[:host_inbound_services] = host_ib.xpath('system-services').collect do |svc|
+      svc.xpath('name').text.strip
+    end    
+    
+    as_hash[:host_inbound_protocols] = host_ib.xpath('protocols').collect do |proto|
+      proto.xpath('name').text.strip
+    end
+    
+    true    
+  end   
+  
+  ### ---------------------------------------------------------------
+  ### XML writers
+  ### ---------------------------------------------------------------
+  
+  def xml_change_host_inbound_services( xml )    
+    add, del = diff_property_array( :host_inbound_services )       
+    return false if add.empty? and del.empty?
+          
+    xml.send( :'host-inbound-traffic' ) {
+      del.each do |i| 
+        xml.send(:'system-services', Netconf::JunosConfig::DELETE) {
+          xml.name i 
+        }
+      end
+      add.each{|i| xml.send(:'system-services', i) }
+    }
+  end
+  
+  def xml_change_host_inbound_protocols( xml )    
+    add, del = diff_property_array( :host_inbound_protocols )       
+    return false if add.empty? and del.empty?
+        
+    xml.send( :'host-inbound-traffic' ) {
+      del.each do |i| 
+        xml.protocols( Netconf::JunosConfig::DELETE ) {
+          xml.name i 
+        }
+      end
+      add.each{ |i| xml.protocols i }
+    }   
+  end  
+  
+end
+
+##### ---------------------------------------------------------------
+##### Provider collection methods
+##### ---------------------------------------------------------------
+
+class Junos::Ez::SRX::Interfaces::Provider
+  
+  def build_list    
+    args = { :get_zones_named_information => @parent.name }    
+    zinfo = @ndev.rpc.get_zones_information( args )
+    zinfo.xpath('//zones-security-interface-name').collect do |zif|
+      zif.text
+    end
+  end
+  
+  def build_catalog    
+    @catalog = {}    
+    
+    xml_get = @parent.xml_at_top
+    xml_get.interfaces
+    xml_cfg = @ndev.rpc.get_configuration( xml_get )
+    xml_cfg.xpath('//interfaces').each do |zif|
+      zif_name = zif.xpath('name').text
+      @catalog[zif_name] = {}
+      xml_read_parser( zif, @catalog[zif_name] )
+    end
+
+    return @catalog
+  end
+  
+end

data/lib/junos-ez/srx/policies.rb

@@ -0,0 +1,141 @@
+class Junos::Ez::SRX::Policies::Provider < Junos::Ez::Provider::Parent
+  
+  def initialize( p_obj, name = nil, opts = {} )
+    super    
+    return unless name            
+        
+    # bind in the child provider for managing the actual rules    
+    Junos::Ez::SRX::PolicyRules::Provider( self, :rules, :parent => self )     
+  end
+  
+  ### ---------------------------------------------------------------
+  ### XML top placement
+  ### ---------------------------------------------------------------
+  
+  def xml_at_top
+    Nokogiri::XML::Builder.new{|x| x.configuration{ 
+      x.security { x.policies { 
+        x.policy {
+          x.send( :'from-zone-name', @name[0] )
+          x.send( :'to-zone-name', @name[1] )
+          return x
+        }
+      }}
+    }}
+  end
+  
+  ### ---------------------------------------------------------------
+  ### XML readers
+  ### ---------------------------------------------------------------
+
+  ## override the reader to only pull in the policy names, and 
+  ## not all the details.
+  
+  def xml_config_read!
+    xml = xml_at_top
+    xml.policy( :recurse => 'false' )    
+    @ndev.rpc.get_configuration( xml )      
+  end
+  
+  def xml_get_has_xml( xml )
+    xml.xpath('security/policies/policy')[0]
+  end
+    
+  def xml_read_parser( as_xml, as_hash )   
+    set_has_status( as_xml, as_hash )      
+    as_hash[:rules] = as_xml.xpath('policy/name').collect do |pol|
+      pol.text
+    end    
+    as_hash[:rules_count] = as_hash[:rules].count
+    return true
+  end    
+  
+end
+
+##### ---------------------------------------------------------------
+##### Provider collection methods
+##### ---------------------------------------------------------------
+
+class Junos::Ez::SRX::Policies::Provider  
+  
+  def build_list     
+    fw = @ndev.rpc.get_firewall_policies( :zone_context => true )
+    fw.xpath('policy-zone-context/policy-zone-context-entry').collect do |pzc|
+      [ pzc.xpath('policy-zone-context-from-zone').text,
+        pzc.xpath('policy-zone-context-to-zone').text ]        
+    end
+  end
+  
+  def build_catalog
+    @catalog = {}  
+    fw = @ndev.rpc.get_firewall_policies( :zone_context => true )
+    fw.xpath('policy-zone-context/policy-zone-context-entry').collect do |pzc|
+      
+      name = [pzc.xpath('policy-zone-context-from-zone').text,
+          pzc.xpath('policy-zone-context-to-zone').text  ]
+      
+      @catalog[name] = {
+        :rules_count => pzc.xpath('policy-zone-context-policy-count').text.to_i
+      }
+    end    
+    return @catalog
+  end  
+end
+
+##### ---------------------------------------------------------------
+##### Provider EXPANDED methods
+##### ---------------------------------------------------------------
+
+class Junos::Ez::SRX::Policies::Provider
+
+  ## ----------------------------------------------------------------
+  ## create an 'expanded' hash structure
+  ## ----------------------------------------------------------------
+  
+  def to_h_expanded( opts = {} )       
+    { :name => @name,
+      :rules => rules.catalog!
+    } 
+  end
+
+  ## ----------------------------------------------------------------
+  ## create the XML for a complete policy rules set given a Hash
+  ## structure the mimics the provider and properties for the 
+  ## Policy and associated PolicyRules
+  ## ----------------------------------------------------------------
+  
+  def xml_from_h_expanded( from_hash, opts = {} )    
+    raise ArgumentError, "This is not a provider" unless is_provider?       
+    raise ArgumentError, ":name not provided in hash" unless from_hash[:name]
+    
+    provd = self.class.new( @ndev, from_hash[:name], @opts )   
+    
+    # setup the XML for writing the complete configuration
+    
+    xml_top = provd.xml_at_top    
+    xml_add_here = xml_top.parent
+    
+    # iterate through each of the policy rules. @@@ need
+    # to validate that the HASH actually contains this, yo!
+    
+    from_hash[:rules].each do |name, hash|
+      Nokogiri::XML::Builder.with( xml_add_here ) do |xml|
+        
+        # create the new object so we can generate XML on it
+        rule = Junos::Ez::SRX::PolicyRules::Provider.new( @ndev, name, :parent => provd )            
+                
+        # generate the object specific XML inside
+        rule.should = hash
+        rule_xml = rule.xml_element_top( xml, rule.name )    
+        rule.xml_build_change( rule_xml )
+      end      
+    end
+    
+    xml_top.parent[:replace] = "replace" if opts[:replace]    
+    xml_top.doc.root
+  end
+  
+  
+end
+
+