From 70298d36670a2e9975ade476ece0839ce45a9aa2 Mon Sep 17 00:00:00 2001
From: Glen Harmon <glencharmon@gmail.com>
Date: Wed, 22 Apr 2020 13:15:14 +0200
Subject: [PATCH] updates

---
 README.md                                     |  2 +-
 cisco-asa.sublime-syntax                      | 66 +++++++++++++++++++
 .../asa/asa.group_policy.sublime-completions  | 35 ++++++++++
 cisco/asa/asa.sublime-completions             | 12 ++++
 messages.json                                 |  3 +-
 messages/2.38.0.md                            |  9 +++
 tests/syntax_test_cisco_asa.cisco-asa         |  8 ++-
 7 files changed, 131 insertions(+), 4 deletions(-)
 create mode 100644 cisco/asa/asa.group_policy.sublime-completions
 create mode 100644 messages/2.38.0.md

diff --git a/README.md b/README.md
index 7e27f68..b2a5dd1 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ Cisco syntax highlighting and completions for Sublime Text 3.
 
 😎
 
-[Documentation](http://network-tech.readthedocs.io/en/stable/)
+[📘 Documentation](http://network-tech.readthedocs.io/en/stable/)
 
 [SubReddit](https://www.reddit.com/r/SublimeNetworkTech/)
 
diff --git a/cisco-asa.sublime-syntax b/cisco-asa.sublime-syntax
index 78517b6..d107ebc 100644
--- a/cisco-asa.sublime-syntax
+++ b/cisco-asa.sublime-syntax
@@ -25,6 +25,13 @@ variables:
   command_end: '(?:\s|{{comment}}|$)'
   line_number: '^\s*\d+'
   ip: '(?:(?:(?:[0-2]?\d?\d)\.){3}(?:[0-2]?\d?\d))'
+  group_policy_name: |
+    (?xi)
+    (?:
+      (?:"[^"]{1,64}")|
+      (?:'[^']{1,64}')|
+      (?:\S{1,64})
+    )
   configure_terminal_ctx_words: |
     (?xi)
     \s*
@@ -39,6 +46,7 @@ variables:
       (?:class-map)|
       (?:crypto)|
       (?:enable)|
+      (?:group-policy)|
       (?:hostname)|
       (?:http)|
       (?:icmp)|
@@ -122,6 +130,15 @@ variables:
       (?:tacacs\+)|
       (?:radius)
     )
+  vpn_tunnel_protocols: |
+    (?xi)
+    (?:
+      (?:ikev[1-2])|
+      (?:l2tp-ipsec)|
+      (?:webvpn)|
+      (?:IPsec)|
+      (?:ssl-client(?:less)?)
+    )
   ikev1_transform_sets: |
     (?xi)
     (?:
@@ -511,6 +528,7 @@ contexts:
     - include: reverse_path
     - include: access_group
     - include: object_group
+    - include: group_policy
     - include: interface_mtu
     - include: user_identity
     - include: service_policy
@@ -929,6 +947,54 @@ contexts:
       captures:
         1: comment.line
 
+  group_policy:
+    - match: |
+        (?xi)
+        ^\s*
+        (group-policy)\s+
+        ({{group_policy_name}})\s+
+        (?:
+          (?:(internal)(?:\s+(from)\s+({{group_policy_name}}))?)|
+          (?:(external\s+server-group)\s+(\S+)\s+(password)\s+(\S{1,128}))
+        )
+      captures:
+        1: support.constant
+        2: string.unquoted
+        3: support.constant
+        4: support.constant
+        5: string.unquoted
+        6: support.constant
+        7: string.unquoted
+        8: support.constant
+        9: string.unquoted
+    - include: group_policy_attributes
+
+  group_policy_attributes:
+    - match: |
+        (?xi)
+        ^\s*
+        (group-policy)\s+
+        ({{group_policy_name}})\s+(attributes)
+      captures:
+        0: cisco.scope
+        1: variable.parameter
+        2: string.unquoted
+        3: support.constant
+      push:
+        - meta_content_scope: text.network.cisco.asa.group-policy-attributes
+        - include: group_policy_vpn_tunnel_protocol
+        - include: pop_on_configure_terminal_context
+
+  group_policy_vpn_tunnel_protocol:
+    - match: |
+        (?xi)
+        ^\s*
+        (vpn-tunnel-protocol)\s+
+        ({{vpn_tunnel_protocols}})
+      captures:
+        1: support.constant
+        2: entity.other.attribute-name
+
   object_group:
     - include: object_group_incomplete
     - include: object_group_network
diff --git a/cisco/asa/asa.group_policy.sublime-completions b/cisco/asa/asa.group_policy.sublime-completions
new file mode 100644
index 0000000..0a4611f
--- /dev/null
+++ b/cisco/asa/asa.group_policy.sublime-completions
@@ -0,0 +1,35 @@
+{
+    "scope": "text.network.cisco.asa.group-policy-attributes",
+    "completions": [
+        { 
+            "trigger": "vpn-tunnel-protocol\tikev1",
+            "contents": "vpn-tunnel-protocol ${1:ikev1}"
+        },
+        { 
+            "trigger": "vpn-tunnel-protocol\tikev2",
+            "contents": "vpn-tunnel-protocol ${1:ikev2}"
+        },
+        { 
+            "trigger": "vpn-tunnel-protocol\tl2tp-ipsec",
+            "contents": "vpn-tunnel-protocol ${1:l2tp-ipsec}"
+        },
+        { 
+            "trigger": "vpn-tunnel-protocol\twebvpn",
+            "contents": "vpn-tunnel-protocol ${1:webvpn}"
+        },
+        { 
+            "trigger": "vpn-tunnel-protocol\tIPsec",
+            "contents": "vpn-tunnel-protocol ${1:IPsec}"
+        },
+        { 
+            "trigger": "vpn-tunnel-protocol\tssl-client",
+            "contents": "vpn-tunnel-protocol ${1:ssl-client}"
+        },
+        { 
+            "trigger": "vpn-tunnel-protocol\tssl-clientless",
+            "contents": "vpn-tunnel-protocol ${1:ssl-clientless}"
+        },
+
+    ]
+}
+
diff --git a/cisco/asa/asa.sublime-completions b/cisco/asa/asa.sublime-completions
index c4ba093..7ea26c2 100644
--- a/cisco/asa/asa.sublime-completions
+++ b/cisco/asa/asa.sublime-completions
@@ -9,6 +9,18 @@
             "trigger": "changeto\tcontext",
             "contents": "changeto context ${1:CONTEXT_NAME}"
         },
+        { 
+            "trigger": "group-policy\tinternal",
+            "contents": "group-policy ${1:NAME} internal"
+        },
+        { 
+            "trigger": "group-policy\tinternal from",
+            "contents": "group-policy ${1:NAME} internal from ${2:NAME}"
+        },
+        { 
+            "trigger": "group-policy\tattributes",
+            "contents": "group-policy ${1:NAME} attributes\n\t"
+        },
     ]
 }
 
diff --git a/messages.json b/messages.json
index b62b53e..0981500 100644
--- a/messages.json
+++ b/messages.json
@@ -38,5 +38,6 @@
     "2.34.0": "messages/2.34.0.md",
     "2.35.0": "messages/2.35.0.md",
     "2.36.0": "messages/2.36.0.md",
-    "2.37.0": "messages/2.37.0.md"
+    "2.37.0": "messages/2.37.0.md",
+    "2.38.0": "messages/2.38.0.md"
 }
diff --git a/messages/2.38.0.md b/messages/2.38.0.md
new file mode 100644
index 0000000..578afd5
--- /dev/null
+++ b/messages/2.38.0.md
@@ -0,0 +1,9 @@
+# [2.38.0] - 2020.04.22
+
+## Added
+
+* Cisco ASA
+    
+  * Group Policy
+
+    * vpn-tunnel-protocol
diff --git a/tests/syntax_test_cisco_asa.cisco-asa b/tests/syntax_test_cisco_asa.cisco-asa
index 7090887..eb06627 100644
--- a/tests/syntax_test_cisco_asa.cisco-asa
+++ b/tests/syntax_test_cisco_asa.cisco-asa
@@ -121,8 +121,6 @@ object-group network NAME
  group-object group_name
  exit
 
-
-
 object-group service NAME tcp-udp
  description blah
  port-object eq 42
@@ -231,6 +229,12 @@ nat (real,mapped) source static any any service real mapped net-to-net dns no-pr
 nat (real,mapped) source static any any service real mapped net-to-net dns no-proxy-arp route-lookup inactive
 nat (real,mapped) source static any any service real mapped net-to-net dns unidirectional inactive description whatever
 
+group-policy NAME internal
+group-policy NAME internal from NAME
+group-policy NAME external server-group NAME password PASSWORD
+group-policy NAME attributes
+ vpn-tunnel-protocol ikev1
+  
 
 mtu outside 1500
 fragment chain 1 outside