Skip to content

Commit 90947ec

Browse files
wojtek0806wojtek0806
authored
Merge pull request #1449 from twainpereira/development
Changes for IP-Intelligence and Firewall Configuration
2 parents 9a90eb5 + 1e03b8d commit 90947ec

7 files changed

Lines changed: 730 additions & 1 deletion

File tree

f5/bigip/tm/security/__init__.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
from f5.bigip.tm.security.analytics import Analytics
3232
from f5.bigip.tm.security.dos import Dos
3333
from f5.bigip.tm.security.firewall import Firewall
34+
from f5.bigip.tm.security.ip_intelligence import Ip_Intelligence
3435
from f5.bigip.tm.security.log import Log
3536
from f5.bigip.tm.security.protocol_inspection import Protocol_Inspection
3637

@@ -44,6 +45,7 @@ def __init__(self, tm):
4445
Analytics,
4546
Dos,
4647
Firewall,
48+
Ip_Intelligence,
4749
Log,
4850
Protocol_Inspection,
4951
]

f5/bigip/tm/security/firewall.py

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,8 @@ def __init__(self, security):
4545
Port_Lists,
4646
Rule_Lists,
4747
Policy_s,
48-
Global_Rules]
48+
Global_Rules,
49+
Global_Fqdn_Policy]
4950

5051

5152
class Address_Lists(Collection):
@@ -232,3 +233,12 @@ def __init__(self, global_rules):
232233
super(Global_Rules, self).__init__(global_rules)
233234
self._meta_data['required_json_kind'] = \
234235
'tm:security:firewall:global-rules:global-rulesstate'
236+
237+
238+
class Global_Fqdn_Policy(UnnamedResource):
239+
"""BIG-IP® AFM® Global FQDN policy resource"""
240+
def __init__(self, global_fqdn_policy):
241+
super(Global_Fqdn_Policy, self).__init__(global_fqdn_policy)
242+
self._meta_data['required_json_kind'] = \
243+
'tm:security:firewall:global-fqdn-policy:global-fqdn-policystate'
244+
self._meta_data['minimum_version'] = '12.0.0'

f5/bigip/tm/security/ip_intelligence.py

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
# coding=utf-8
2+
#
3+
# Copyright 2015-2017 F5 Networks Inc.
4+
#
5+
# Licensed under the Apache License, Version 2.0 (the "License");
6+
# you may not use this file except in compliance with the License.
7+
# You may obtain a copy of the License at
8+
#
9+
# http://www.apache.org/licenses/LICENSE-2.0
10+
#
11+
# Unless required by applicable law or agreed to in writing, software
12+
# distributed under the License is distributed on an "AS IS" BASIS,
13+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14+
# See the License for the specific language governing permissions and
15+
# limitations under the License.
16+
#
17+
18+
"""BIG-IP® Advanced Firewall Manager™ (AFM®) module.
19+
20+
REST URI
21+
``http://localhost/mgmt/tm/security/ip-intelligence``
22+
23+
GUI Path
24+
``Security --> Network Firewall --> IP Intelligence``
25+
26+
REST Kind
27+
``tm:security:ip-intelligence:*``
28+
"""
29+
from f5.bigip.resource import Collection
30+
from f5.bigip.resource import OrganizingCollection
31+
from f5.bigip.resource import Resource
32+
from f5.bigip.resource import UnnamedResource
33+
34+
35+
class Ip_Intelligence(OrganizingCollection):
36+
"""BIG-IP® AFM® Firewall IP Intelligence organizing collection."""
37+
38+
def __init__(self, security):
39+
super(Ip_Intelligence, self).__init__(security)
40+
self._meta_data['allowed_lazy_attributes'] = [
41+
Feed_list_s,
42+
Policy_s,
43+
Blacklist_Categorys,
44+
Global_Policy]
45+
46+
47+
class Feed_list_s(Collection):
48+
"""BIG-IP® AFM® IP Intelligence Feedlist collection"""
49+
50+
def __init__(self, policy):
51+
super(Feed_list_s, self).__init__(policy)
52+
self._meta_data['allowed_lazy_attributes'] = [Feed_list]
53+
self._meta_data['attribute_registry'] = \
54+
{'tm:security:ip-intelligence:feed-list:feed-liststate':
55+
Feed_list}
56+
57+
58+
class Feed_list(Resource):
59+
"""BIG-IP® AFM® IP-INtelligence Feedlist resource"""
60+
61+
def __init__(self, feed_list_s):
62+
super(Feed_list, self).__init__(feed_list_s)
63+
self._meta_data['required_json_kind'] = \
64+
'tm:security:ip-intelligence:feed-list:feed-liststate'
65+
self._meta_data['required_creation_parameters'].update(('partition',))
66+
self._meta_data['required_load_parameters'].update(('partition',))
67+
68+
69+
class Policy_s(Collection):
70+
"""BIG-IP® AFM® IP-Intelligence Policy collection"""
71+
72+
def __init__(self, ip_intelligence):
73+
super(Policy_s, self).__init__(ip_intelligence)
74+
self._meta_data['allowed_lazy_attributes'] = [Policy]
75+
self._meta_data['attribute_registry'] = \
76+
{'tm:security:ip-intelligence:policy:policystate':
77+
Policy}
78+
79+
80+
class Policy(Resource):
81+
"""BIG-IP® AFM® IP-Intelligence Policy resource"""
82+
83+
def __init__(self, policy_s):
84+
super(Policy, self).__init__(policy_s)
85+
self._meta_data['required_json_kind'] = \
86+
'tm:security:ip-intelligence:policy:policystate'
87+
self._meta_data['allowed_lazy_attributes'] = [Feed_list_s]
88+
self._meta_data['required_creation_parameters'].update(('partition',))
89+
self._meta_data['required_load_parameters'].update(('partition',))
90+
self._meta_data['attribute_registry'] = \
91+
{'tm:security:ip-intelligence:feed-list:feed-listcollectionstate':
92+
Feed_list_s}
93+
94+
95+
class Blacklist_Categorys(Collection):
96+
"""BIG-IP® AFM® IP-Intelligence Blacklist Categories collection"""
97+
98+
def __init__(self, ip_intelligence):
99+
super(Blacklist_Categorys, self).__init__(ip_intelligence)
100+
self._meta_data['allowed_lazy_attributes'] = [Blacklist_Category]
101+
self._meta_data['attribute_registry'] = \
102+
{'tm:security:ip-intelligence:blacklist-category:blacklist-categorystate':
103+
Blacklist_Category}
104+
105+
106+
class Blacklist_Category(Resource):
107+
"""BIG-IP® AFM® IP-Intelligence Blacklist Category resource"""
108+
109+
def __init__(self, blacklist_categorys):
110+
super(Blacklist_Category, self).__init__(blacklist_categorys)
111+
self._meta_data['required_json_kind'] = \
112+
'tm:security:ip-intelligence:blacklist-category:blacklist-categorystate'
113+
self._meta_data['required_creation_parameters'].update(('partition',))
114+
self._meta_data['required_load_parameters'].update(('partition',))
115+
116+
117+
class Global_Policy(UnnamedResource):
118+
"""BIG-IP® AFM® Global Rules resource"""
119+
def __init__(self, global_policy):
120+
super(Global_Policy, self).__init__(global_policy)
121+
self._meta_data['required_json_kind'] = \
122+
'tm:security:ip-intelligence:global-policy:global-policystate'

f5/bigip/tm/security/test/functional/test_firewall.py

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,14 @@ def policy(mgmt_root):
7272
p1.delete()
7373

7474

75+
@pytest.fixture(scope='function')
76+
def dsnresolver(mgmt_root):
77+
d1 = mgmt_root.tm.net.dns_resolvers.dns_resolver.create(
78+
name='fake_dnsresolver', partition='Common')
79+
yield d1
80+
d1.delete()
81+
82+
7583
class TestAddressList(object):
7684
def test_create_missing_mandatory_attr_raises(self, mgmt_root):
7785
ac = mgmt_root.tm.security.firewall.address_lists
@@ -569,3 +577,17 @@ def test_modify_req_args(self, mgmt_root, policy):
569577
assert rules.enforcedPolicy == "/Common/fake_policy"
570578
rules.modify(enforcedPolicy='none', partition='Common')
571579
assert "enforcedPolicy" not in rules.__dict__
580+
581+
582+
@pytest.mark.skipif(
583+
pytest.config.getoption('--release') < '12.0.0',
584+
reason='This test will only work from version 12.0.X i.e Cascade.'
585+
)
586+
class TestGlobalFqdnPolicy(object):
587+
def test_modify_req_args(self, mgmt_root, dsnresolver):
588+
policy = mgmt_root.tm.security.firewall.global_fqdn_policy.load(partition='Common')
589+
assert "dnsResolver" not in policy.__dict__
590+
policy.modify(dnsResolver='fake_dnsresolver', partition='Common')
591+
assert policy.dnsResolver == "/Common/fake_dnsresolver"
592+
policy.modify(dnsResolver='none', partition='Common')
593+
assert "dnsResolver" not in policy.__dict__

0 commit comments

Comments
 (0)