Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SD-WAN Updates Part 2 #75

Merged
merged 4 commits into from
Jan 9, 2025
Merged

SD-WAN Updates Part 2 #75

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
76bec2d
Update endpoints_sdwan.yaml
tzarski0 Jan 9, 2025
4e01b46
Update github_repo_wrapper.py
tzarski0 Jan 9, 2025
399a6ec
Update cisco_client_sdwan.py
tzarski0 Jan 9, 2025
acf078a
fix formatting
tzarski0 Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
339 changes: 256 additions & 83 deletions examples/endpoints_sdwan.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,250 @@
- name: feature_templates
endpoint: /template/feature/object/%i
- name: transport_feature_profile
endpoint: /v1/feature-profile/sdwan/transport
children:
- name: transport_tracker
endpoint: /tracker
- name: transport_routing_bgp
endpoint: /routing/bgp
- name: transport_wan_vpn
endpoint: /wan/vpn
children:
- name: transport_wan_vpn_interface_cellular
endpoint: /interface/cellular
- name: transport_wan_vpn_interface_gre
endpoint: /interface/gre
- name: transport_wan_vpn_interface_t1_e1_serial
endpoint: /interface/serial
- name: transport_wan_vpn_interface_ipsec
endpoint: /interface/ipsec
- name: transport_wan_vpn_interface_ethernet
endpoint: /interface/ethernet
children:
- name: transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker_group
endpoint: /ipv6-trackergroup
- name: transport_wan_vpn_interface_ethernet_feature_associate_tracker_group
endpoint: /trackergroup
- name: transport_wan_vpn_interface_ethernet_feature_associate_tracker
endpoint: /tracker
- name: transport_wan_vpn_interface_ethernet_feature_associate_ipv6_tracker
endpoint: /ipv6-tracker
- name: transport_wan_vpn_feature_associate_routing_bgp
endpoint: /routing/bgp
- name: transport_wan_vpn_feature_associate_routing_ospfv3_ipv4
endpoint: /routing/ospfv3/ipv4
- name: transport_wan_vpn_feature_associate_routing_ospf
endpoint: /routing/ospf
- name: transport_wan_vpn_feature_associate_routing_ospfv3_ipv6
endpoint: /routing/ospfv3/ipv6
- name: transport_routing_ospfv3_ipv4
endpoint: /routing/ospfv3/ipv4
- name: transport_t1_e1_controller
endpoint: /t1-e1-controller
- name: transport_gps
endpoint: /gps
- name: transport_routing_ospf
endpoint: /routing/ospf
- name: transport_cellular_controller
endpoint: /cellular-controller
- name: transport_ipv4_acl
endpoint: /ipv4-acl
- name: transport_management_vpn
endpoint: /management/vpn
children:
- name: transport_management_vpn_interface_ethernet
endpoint: /interface/ethernet
- name: transport_cellular_profile
endpoint: /cellular-profile
- name: transport_ipv6_tracker_group
endpoint: /ipv6-trackergroup
- name: transport_route_policy
endpoint: /route-policy
- name: transport_ipv6_acl
endpoint: /ipv6-acl
- name: transport_routing_ospfv3_ipv6
endpoint: /routing/ospfv3/ipv6
- name: transport_ipv6_tracker
endpoint: /ipv6-tracker
- name: transport_tracker_group
endpoint: /trackergroup
- name: service_feature_profile
endpoint: /v1/feature-profile/sdwan/service
children:
- name: service_routing_ospf
endpoint: /routing/ospf
- name: service_lan_vpn
endpoint: /lan/vpn
children:
- name: service_lan_vpn_interface_ethernet
endpoint: /interface/ethernet
children:
- name: service_lan_vpn_ethernet_interface_feature_associate_dhcp_server
endpoint: /dhcp-server
- name: service_lan_vpn_interface_ipsec
endpoint: /interface/ipsec
children:
- name: service_lan_vpn_ethernet_ipsec_feature_associate_dhcp_server
endpoint: /dhcp-server
- name: service_lan_vpn_interface_gre
endpoint: /interface/gre
- name: service_lan_vpn_interface_svi
endpoint: /interface/svi
children:
- name: service_lan_vpn_ethernet_svi_feature_associate_dhcp_server
endpoint: /dhcp-server
- name: service_lan_vpn_feature_associate_routing_bgp
endpoint: /routing/bgp
- name: service_lan_vpn_feature_associate_routing_ospfv3_ipv4
endpoint: /routing/ospfv3/ipv4
- name: service_lan_vpn_feature_associate_routing_ospfv3_ipv6
endpoint: /routing/ospfv3/ipv6
- name: service_lan_vpn_feature_associate_routing_ospf
endpoint: /routing/ospf
- name: service_lan_vpn_feature_associate_routing_eigrp
endpoint: /routing/eigrp
- name: service_lan_vpn_feature_associate_mulitcast
endpoint: /routing/multicast
- name: service_switchport
endpoint: /switchport
- name: service_routing_ospfv3_ipv4
endpoint: /routing/ospfv3/ipv4
- name: service_wireless_lan
endpoint: /wirelesslan
- name: service_ipv4_acl
endpoint: /ipv4-acl
- name: service_object_tracker
endpoint: /objecttracker
- name: service_object_tracker_group
endpoint: /objecttrackergroup
- name: service_multicast
endpoint: /routing/multicast
- name: service_routing_eigrp
endpoint: /routing/eigrp
- name: service_dhcp_server
endpoint: /dhcp-server
- name: service_ipv6_acl
endpoint: /ipv6-acl
- name: service_tracker_group
endpoint: /trackergroup
- name: service_tracker
endpoint: /tracker
- name: service_routing_bgp
endpoint: /routing/bgp
- name: service_routing_ospfv3_ipv6
endpoint: /routing/ospfv3/ipv6
- name: service_route_policy
endpoint: /route-policy
- name: system_feature_profile
endpoint: /v1/feature-profile/sdwan/system
children:
- name: system_banner
endpoint: /banner
- name: system_ipv4_device_access
endpoint: /ipv4-device-access-policy
- name: system_omp
endpoint: /omp
- name: system_bfd
endpoint: /bfd
- name: system_remote_access
endpoint: /remote-access
- name: system_aaa
endpoint: /aaa
- name: system_security
endpoint: /security
- name: system_snmp
endpoint: /snmp
- name: system_logging
endpoint: /logging
- name: system_ntp
endpoint: /ntp
- name: system_perfomance_monitoring
endpoint: /perfmonitor
- name: system_ipv6_device_access
endpoint: /ipv6-device-access-policy
- name: system_global
endpoint: /global
- name: system_mrf
endpoint: /mrf
- name: system_basic
endpoint: /basic
- name: system_flexible_port_speed
endpoint: /flexible-port-speed
- name: policy_object_feature_profile
endpoint: /v1/feature-profile/sdwan/policy-object
children:
- name: policy_object_security_url_block_list
endpoint: /security-urllist
- name: policy_object_security_url_allow_list
endpoint: /security-urllist
- name: policy_object_security_ips_signature
endpoint: /security-ipssignature
- name: policy_object_security_port_list
endpoint: /security-port
- name: policy_object_app_probe_class
endpoint: /app-probe
- name: policy_object_ipv6_prefix_list
endpoint: /ipv6-prefix
- name: policy_object_standard_community_list
endpoint: /standard-community
- name: policy_object_data_ipv6_prefix_list
endpoint: /data-ipv6-prefix
- name: policy_object_tloc_list
endpoint: /tloc
- name: policy_object_as_path_list
endpoint: /as-path
- name: policy_object_policer
endpoint: /policer
- name: policy_object_security_fqdn_list
endpoint: /security-fqdn
- name: policy_object_security_data_ipv4_prefix_list
endpoint: /security-data-ip-prefix
- name: policy_object_security_identity_list
endpoint: /security-identity
- name: policy_object_vpn_group
endpoint: /vpn-group
- name: policy_object_preferred_color_group
endpoint: /preferred-color-group
- name: policy_object_ipv4_prefix_list
endpoint: /prefix
- name: policy_object_security_scalable_group_tag_list
endpoint: /security-scalablegrouptag
- name: policy_object_security_local_domain_list
endpoint: /security-localdomain
- name: policy_object_mirror
endpoint: /mirror
- name: policy_object_extended_community_list
endpoint: /ext-community
- name: policy_object_application_list
endpoint: /app-list
- name: policy_object_color_list
endpoint: /color
- name: policy_object_security_geolocation_list
endpoint: /security-geolocation
- name: policy_object_class_map
endpoint: /class
- name: policy_object_data_ipv4_prefix_list
endpoint: /data-prefix
- name: policy_object_expanded_community_list
endpoint: /expanded-community
- name: policy_object_security_local_application_list
endpoint: /security-localapp
- name: policy_object_sla_class_list
endpoint: /sla-class
- name: application_priority_feature_profile
endpoint: /v1/feature-profile/sdwan/application-priority
children:
- name: application_priority_qos
endpoint: /qos-policy
- name: application_priority_traffic_policy
endpoint: /traffic-policy
- name: other_feature_profile
endpoint: /v1/feature-profile/sdwan/other
children:
- name: other_ucse
endpoint: /ucse
- name: other_thousandeyes
endpoint: /thousandeyes
- name: as_path_list_policy_object
endpoint: /template/policy/list/aspath/
- name: custom_control_topology_policy_definition
Expand All @@ -8,6 +253,11 @@
endpoint: /template/policy/list/tloc/
- name: advanced_malware_protection_policy_definition
endpoint: /template/policy/definition/advancedMalwareProtection/
- name: cli_feature_profile
endpoint: /v1/feature-profile/sdwan/cli
children:
- name: cli_config_feature
endpoint: /config
- name: ips_signature_list_policy_object
endpoint: /template/policy/list/ipssignature/
- name: geo_location_list_policy_object
Expand Down Expand Up @@ -36,10 +286,14 @@
endpoint: /template/policy/definition/aclv6/
- name: localized_policy
endpoint: /template/policy/vedge/
- name: embedded_security_feature_profile
endpoint: /v1/feature-profile/sdwan/embedded-security
- name: block_url_list_policy_object
endpoint: /template/policy/list/urlblacklist/
- name: rewrite_rule_policy_definition
endpoint: /template/policy/definition/rewriterule/
- name: sig_security_feature_profile
endpoint: /v1/feature-profile/sdwan/sig-security
- name: data_ipv4_prefix_list_policy_object
endpoint: /template/policy/list/dataprefix/
- name: region_list_policy_object
Expand Down Expand Up @@ -114,6 +368,8 @@
endpoint: /template/policy/definition/acl/
- name: zone_list_policy_object
endpoint: /template/policy/list/zone/
- name: dns_security_feature_profile
endpoint: /v1/feature-profile/sdwan/dns-security
- name: policer_policy_object
endpoint: /template/policy/list/policer/
- name: vedge_inventory
Expand All @@ -122,86 +378,3 @@
endpoint: /template/policy/list/ipv6prefix/
- name: zone_based_firewall_policy_definition
endpoint: /template/policy/definition/zonebasedfw/
- name: system_feature_profile
endpoint: /v1/feature-profile/sdwan/system
children:
- name: system_banner
endpoint: /banner
- name: system_ipv4_device_access
endpoint: /ipv4-device-access-policy
- name: system_omp
endpoint: /omp
- name: system_bfd
endpoint: /bfd
- name: system_remote_access
endpoint: /remote-access
- name: system_aaa
endpoint: /aaa
- name: system_security
endpoint: /security
- name: system_snmp
endpoint: /snmp
- name: system_logging
endpoint: /logging
- name: system_ntp
endpoint: /ntp
- name: system_perfomance_monitoring
endpoint: /perfmonitor
- name: system_ipv6_device_access
endpoint: /ipv6-device-access-policy
- name: system_global
endpoint: /global
- name: system_mrf
endpoint: /mrf
- name: system_basic
endpoint: /basic
- name: system_flexible_port_speed
endpoint: /flexible-port-speed
- name: transport_feature_profile
endpoint: /v1/feature-profile/sdwan/transport
children:
- name: transport_routing_bgp
endpoint: /routing/bgp
- name: transport_wan_vpn_interface_cellular
endpoint: /wan/vpn/%s/interface/cellular
- name: transport_wan_vpn_interface_gre
endpoint: /wan/vpn/%s/interface/gre
- name: transport_wan_vpn
endpoint: /wan/vpn
- name: transport_wan_vpn_interface_t1_e1_serial
endpoint: /wan/vpn/%s/interface/serial
- name: transport_management_vpn
endpoint: /management/vpn
- name: transport_wan_vpn_interface_ipsec
endpoint: /wan/vpn/%s/interface/ipsec
- name: transport_management_vpn_interface_ethernet
endpoint: /management/vpn/%s/interface/ethernet
- name: transport_wan_vpn_interface_ethernet
endpoint: /wan/vpn/%s/interface/ethernet
- name: transport_ipv6_tracker
endpoint: /ipv6-tracker
- name: service_feature_profile
endpoint: /v1/feature-profile/sdwan/service
children:
- name: service_lan_vpn_interface_ethernet
endpoint: /lan/vpn/%s/interface/ethernet
- name: service_lan_vpn_interface_ipsec
endpoint: /lan/vpn/%s/interface/ipsec
- name: service_lan_vpn
endpoint: /lan/vpn
- name: service_lan_vpn_interface_gre
endpoint: /lan/vpn/%s/interface/gre
- name: service_tracker
endpoint: /tracker
- name: service_lan_vpn_interface_svi
endpoint: /lan/vpn/%s/interface/svi
- name: application_priority_feature_profile
endpoint: /v1/feature-profile/sdwan/application-priority
children:
- name: application_priority_qos_policy
endpoint: /qos-policy
- name: cli_feature_profile
endpoint: /v1/feature-profile/sdwan/cli
children:
- name: cli_config_profile_parcel
endpoint: /config/
12 changes: 10 additions & 2 deletions nac_collector/cisco_client_sdwan.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -415,9 +415,17 @@ def extract_feature_parcel(
children_endpoint_type = (
parcel_type + "/" + self.strip_backslash(children_endpoint["endpoint"])
)
children_endpoint_type = self.strip_backslash(children_endpoint_type)
children_endpoint_type1 = self.strip_backslash(children_endpoint_type)
children_endpoint_type2 = self.strip_backslash(children_endpoint_type)
if children_endpoint_type.startswith(parcel_type):
children_endpoint_type2 = children_endpoint_type1[
len(parcel_type) :
].lstrip("/")
for subparcel in parcel.get("subparcels", []):
if subparcel["parcelType"] == children_endpoint_type:
if subparcel["parcelType"] in [
children_endpoint_type1,
children_endpoint_type2,
]:
children_entries.append(
self.extract_feature_parcel(
new_endpoint,
Expand Down
Loading
Loading