RubyGems - ruby-paloalto-client - Versions diffs - 0.0.3 → 0.0.4 - Mend

ruby-paloalto-client 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml +4 -4
data/lib/palo_alto/client/version.rb +1 -1
data/lib/palo_alto/models/rulebase.rb +31 -4
data/lib/palo_alto/v6/virtual_system_api.rb +13 -1
data/spec/fixtures/virtual_systems.xml +37 -0
data/spec/lib/palo-alto/models/rulebase_spec.rb +122 -2
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a06152dd488c1a8d36ac2f47ac28670bfde84fcb
-  data.tar.gz: 7e164cad49c518012be0200af326ef2a9e0b8c4a
+  metadata.gz: 2c9bfb2a7671306eeb62a2c873c54718ee5ca4d8
+  data.tar.gz: d03e30894d70ed3833b9a500cda88e3d84c8175c
 SHA512:
-  metadata.gz: 80a24f2db0629f423b871310a0c1028eb5c399c78e246629f66a79261e621dc65bae522a0aeba7d5a1782101b19159d42263929c92324e71edf34821131311bd
-  data.tar.gz: bea1dea302b1fbabd9ad0e19ee58c506419980988f08bd58eaac3b77bb5c1ebdd38799f5c4af2f5fc1a2fdd7dc3faeae9803c0f4b0318c82b12cfd8de7a30204
+  metadata.gz: 04775ad4348c01e7061dd1c232d7b51be10240b43fa1bb4f0eefaf4426d33dbb26df15e2241bea4e71ab67ac62118fa6b418e928216a9d91aeda0cf654fd161b
+  data.tar.gz: 7c2c37510d3a295b953fb64e5eee4aac8eb5c08a81f3affc12cab9b5568a44a6f2f065a11cc91d2e85fbbe161b141fbbdb4255a5453ce61474ae1f9fcf5bba2c

data/lib/palo_alto/client/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module PaloAlto
   module Client
-    VERSION = "0.0.3"
+    VERSION = "0.0.4"
   end
 end

data/lib/palo_alto/models/rulebase.rb CHANGED Viewed

@@ -3,19 +3,46 @@ module PaloAlto
     # Currently, Rulebase is a stand-in for "Security"
     # TODO: Add different Rulebase types (Security, NAT, etc)
     class Rulebase
-      attr_accessor :name
+      attr_accessor :name, :action, :from_zones, :to_zones, :sources, :destinations,
+                    :source_users, :services, :categories, :applications, :hip_profiles,
+                    :log_session_start, :log_session_end
       # Create and returns a new PaloAlto::Models::Rulebase instance with the given parameters
       #
       # == Attributes
       #
-      # * +name+ - Name of the rulebase
+      # * +name+              - Name of the rulebase
+      # * +action+            - Type of rule (deny, allow, etc)
+      # * +from_zones+        - User-defined source zones
+      # * +to_zones+          - User-defined destination zones
+      # * +sources+           - Source IP addresses or networks
+      # * +destinations+      - Destination IP addresses or networks
+      # * +source_users+      - Users defined for the source
+      # * +services+          - Services defined that the rule applies to
+      # * +categories+        - User-defined categories that the rule applies to
+      # * +applications+      - Applications defined that the rule applies to
+      # * +hip_profiles+      - Host information profile for defined hosts
+      # * +log_session_start+ - Whether to log the session start event for captured traffic
+      # * +log_session_end+   - Whether to log the session end even for captured traffic
       #
       # == Example
       #
       #  PaloAlto::Models::Rulebase.new name: 'rulebase-1'
-      def initialize(name:)
-        self.name = name
+      def initialize(name:, action:, from_zones:, to_zones:, sources:, destinations:, source_users:,
+                     services:, categories:, applications:, hip_profiles:, log_session_start:, log_session_end:)
+        self.name              = name
+        self.action            = action
+        self.from_zones        = from_zones
+        self.to_zones          = to_zones
+        self.sources           = sources
+        self.destinations      = destinations
+        self.source_users      = source_users
+        self.services          = services
+        self.categories        = categories
+        self.applications      = applications
+        self.hip_profiles      = hip_profiles
+        self.log_session_start = log_session_start
+        self.log_session_end   = log_session_end
         self
       end

data/lib/palo_alto/v6/virtual_system_api.rb CHANGED Viewed

@@ -62,7 +62,19 @@ module PaloAlto
             # get all rulebase members for the virtual system
             # TODO: Expand beyond just the security rulebase
             vsys_entry.xpath('rulebase/security/rules/entry').each do |rulebase_entry|
-              vsys.rulebases << PaloAlto::Models::Rulebase.new(name: rulebase_entry.xpath('@name').to_s)
+              vsys.rulebases << PaloAlto::Models::Rulebase.new(name:              rulebase_entry.xpath('@name').to_s,
+                                                               action:            (action = rulebase_entry.xpath('action')[0]) && action.content,
+                                                               from_zones:        (from_zones = rulebase_entry.xpath('from/member')) && from_zones.map{ |z| z.content.strip },
+                                                               to_zones:          (to_zones = rulebase_entry.xpath('to/member')) && to_zones.map{ |z| z.content.strip },
+                                                               sources:           (sources = rulebase_entry.xpath('source/member')) && sources.map{ |z| z.content.strip },
+                                                               destinations:      (destinations = rulebase_entry.xpath('destination/member')) && destinations.map{ |z| z.content.strip },
+                                                               source_users:      (users = rulebase_entry.xpath('source-user/member')) && users.map{ |z| z.content.strip },
+                                                               services:          (services = rulebase_entry.xpath('service/member')) && services.map{ |z| z.content.strip },
+                                                               categories:        (categories = rulebase_entry.xpath('category/member')) && categories.map{ |z| z.content.strip },
+                                                               applications:      (applications = rulebase_entry.xpath('application/member')) && applications.map{ |z| z.content.strip },
+                                                               hip_profiles:      (profiles = rulebase_entry.xpath('hip_profiles/member')) && profiles.map{ |z| z.content.strip },
+                                                               log_session_start: (log_start = rulebase_entry.xpath('log-start')[0]) && log_start.content || "no",
+                                                               log_session_end:   (log_end = rulebase_entry.xpath('log-end')[0]) && log_end.content || "no")
             end
             virtual_systems_list << vsys

data/spec/fixtures/virtual_systems.xml CHANGED Viewed

@@ -6,6 +6,43 @@
           <security admin="admin" time="2015/03/04 13:46:08">
             <rules admin="admin" time="2015/03/04 13:46:08">
               <entry name="DNS" admin="admin" time="2015/03/04 13:46:07">
+                <option>
+                  <disable-server-response-inspection>no</disable-server-response-inspection>
+                </option>
+                <from>
+                  <member>from1</member>
+                </from>
+                <to>
+                  <member>to1</member>
+                  <member>to2</member>
+                </to>
+                <source>
+                  <member>any</member>
+                </source>
+                <destination>
+                  <member>10.11.12.13-1</member>
+                  <member>1.2.3.4/32</member>
+                </destination>
+                <source-user>
+                  <member>any</member>
+                </source-user>
+                <category>
+                  <member>any</member>
+                </category>
+                <application>
+                  <member>dns</member>
+                </application>
+                <service>
+                  <member>any</member>
+                </service>
+                <hip-profiles>
+                  <member>any</member>
+                </hip-profiles>
+                <log-start>no</log-start>
+                <log-end>yes</log-end>
+                <negate-source>no</negate-source>
+                <negate-destination>no</negate-destination>
+                <action>allow</action>
               </entry>
             </rules>
           </security>

data/spec/lib/palo-alto/models/rulebase_spec.rb CHANGED Viewed

@@ -1,16 +1,88 @@
 require "palo_alto/models/rulebase"
 describe "PaloAlto::Models::Rulebase" do
-  let(:name) { "test-rulebase" }
+  let(:name)              { "test-rulebase" }
+  let(:action)            { "deny" }
+  let(:from_zones)        { [ "a", "b" ] }
+  let(:to_zones)          { [ "c", "d" ] }
+  let(:sources)           { [ "1.2.3.4", "5.6.7.8/23" ] }
+  let(:destinations)      { [ "4.3.2.2", "6.5.3.2/23" ] }
+  let(:source_users)      { [ "user1", "user2" ] }
+  let(:services)          { [ "service1", "service2" ] }
+  let(:categories)        { [ "category1", "category2" ] }
+  let(:applications)      { [ "application1", "application2" ] }
+  let(:hip_profiles)      { [ "profile1", "profile2" ] }
+  let(:log_session_start) { "true" }
+  let(:log_session_end)   { "false" }
   before do
-    @rulebase = PaloAlto::Models::Rulebase.new(name: name)
+    @rulebase = PaloAlto::Models::Rulebase.new(name:              name,
+                                               action:            action,
+                                               from_zones:        from_zones,
+                                               to_zones:          to_zones,
+                                               sources:           sources,
+                                               destinations:      destinations,
+                                               source_users:      source_users,
+                                               services:          services,
+                                               categories:        categories,
+                                               applications:      applications,
+                                               hip_profiles:      hip_profiles,
+                                               log_session_start: log_session_start,
+                                               log_session_end:   log_session_end)
   end
   it "has a name attribute" do
     expect(@rulebase).to respond_to(:name)
   end
+  it "has a action attribute" do
+    expect(@rulebase).to respond_to(:action)
+  end
+  it "has a from_zones attribute" do
+    expect(@rulebase).to respond_to(:from_zones)
+  end
+  it "has a to_zones attribute" do
+    expect(@rulebase).to respond_to(:to_zones)
+  end
+  it "has a sources attribute" do
+    expect(@rulebase).to respond_to(:sources)
+  end
+  it "has a destinations attribute" do
+    expect(@rulebase).to respond_to(:destinations)
+  end
+  it "has a source_users attribute" do
+    expect(@rulebase).to respond_to(:source_users)
+  end
+  it "has a services attribute" do
+    expect(@rulebase).to respond_to(:services)
+  end
+  it "has a categories attribute" do
+    expect(@rulebase).to respond_to(:categories)
+  end
+  it "has a applications attribute" do
+    expect(@rulebase).to respond_to(:applications)
+  end
+  it "has a hip_profiles attribute" do
+    expect(@rulebase).to respond_to(:hip_profiles)
+  end
+  it "has a log_session_start attribute" do
+    expect(@rulebase).to respond_to(:log_session_start)
+  end
+  it "has a log_session_end attribute" do
+    expect(@rulebase).to respond_to(:log_session_end)
+  end
   describe ".initialize" do
     it "returns a PaloAlto::Models::Rulebase instance" do
       expect(@rulebase).to be_instance_of(PaloAlto::Models::Rulebase)
@@ -19,5 +91,53 @@ describe "PaloAlto::Models::Rulebase" do
     it "assigns name" do
       expect(@rulebase.name).to eq(name)
     end
+    it "assigns action" do
+      expect(@rulebase.action).to eq(action)
+    end
+    it "assigns from_zones" do
+      expect(@rulebase.from_zones).to eq(from_zones)
+    end
+    it "assigns to_zones" do
+      expect(@rulebase.to_zones).to eq(to_zones)
+    end
+    it "assigns sources" do
+      expect(@rulebase.sources).to eq(sources)
+    end
+    it "assigns destinations" do
+      expect(@rulebase.destinations).to eq(destinations)
+    end
+    it "assigns source_users" do
+      expect(@rulebase.source_users).to eq(source_users)
+    end
+    it "assigns services" do
+      expect(@rulebase.services).to eq(services)
+    end
+    it "assigns categories" do
+      expect(@rulebase.categories).to eq(categories)
+    end
+    it "assigns applications" do
+      expect(@rulebase.applications).to eq(applications)
+    end
+    it "assigns hip_profiles" do
+      expect(@rulebase.hip_profiles).to eq(hip_profiles)
+    end
+    it "assigns log_session_start" do
+      expect(@rulebase.log_session_start).to eq(log_session_start)
+    end
+    it "assigns log_session_end" do
+      expect(@rulebase.log_session_end).to eq(log_session_end)
+    end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby-paloalto-client
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Justin Karimi