Merge pull request #20 from networktocode/develop

release 0.2.1

CHANGELOG.md

@@ -1,5 +1,15 @@
 # Changelog
 
+## v0.2.1 - 2021-06
+
+### Added
+
+- #16 Cisco ASA Parser.
+
+### Changed
+
+- #17 Update interface mapping for Sync, TenGig, Port-channel.
+
 ## v0.2.0 - 2021-06
 
 ### Fixed

netutils/__init__.py

@@ -1,3 +1,3 @@
 """Initialization file for library."""
 
-__version__ = "0.2.0"
+__version__ = "0.2.1"

netutils/config/compliance.py

@@ -10,6 +10,7 @@
     "linux": parser.LINUXConfigParser,
     "bigip_f5": parser.F5ConfigParser,
     "juniper_junos": parser.JunosConfigParser,
+    "cisco_asa": parser.ASAConfigParser,
 }
 
 default_feature = {

netutils/config/parser.py

@@ -603,3 +603,78 @@ class JunosConfigParser(BaseSpaceConfigParser):
 
     comment_chars = []
     banner_start = []
+
+
+class ASAConfigParser(CiscoConfigParser):
+    """Cisco ASA implementation of ConfigParser Class."""
+
+    comment_chars = ["!", ":"]
+
+    def __init__(self, config):
+        """Create ConfigParser Object.
+
+        Args:
+            config (str): The config text to parse.
+        """
+        self.unique_config_lines = set()
+        self.same_line_children = set()
+        super(ASAConfigParser, self).__init__(config)
+
+    def _update_config_lines(self, config_line):
+        """Add a ``ConfigLine`` object to ``self.config_lines``.
+
+        In addition to adding entries to config_lines, this also updates:
+          * self.same_line_children
+          * self.unique_config_lines
+
+        Args:
+            config_line (str): The current config line being evaluated.
+
+        Returns:
+            None
+        """
+        super(ASAConfigParser, self)._update_config_lines(config_line)
+        entry = self.config_lines[-1]
+        if entry in self.unique_config_lines:
+            self.same_line_children.add(entry)
+        self.unique_config_lines.add(entry)
+
+    def build_config_relationship(self):
+        r"""Parse text tree of config lines and their parents.
+
+        Example:
+            >>> config = '''
+            ... interface Management0/0
+            ...  management-only
+            ...  nameif Management
+            ...  security-level 100
+            ...  ip address 10.1.1.10 255.255.255.0'''
+            >>> config_tree = ASAConfigParser(str(config))
+            >>> config_tree.build_config_relationship() == \
+            ... [
+            ...     ConfigLine(config_line="interface Management0/0", parents=()),
+            ...     ConfigLine(config_line=" management-only", parents=("interface Management0/0",)),
+            ...     ConfigLine(config_line=" nameif Management", parents=("interface Management0/0",)),
+            ...     ConfigLine(config_line=" security-level 100", parents=("interface Management0/0",)),
+            ...     ConfigLine(config_line=" ip address 10.1.1.10 255.255.255.0", parents=("interface Management0/0",)),
+            ... ]
+            True
+        """
+        for line in self.generator_config:
+            if not line[0].isspace():
+                self._current_parents = ()
+            else:
+                previous_config = self.config_lines[-1]
+                self._current_parents = (previous_config.config_line,)
+                self.indent_level = self.get_leading_space_count(line)
+                if line is not None and line[0].isspace():
+                    line = self._build_nested_config(line)
+                else:
+                    self._current_parents = ()
+
+            if line is None:
+                break
+
+            self._update_config_lines(line)
+
+        return self.config_lines

netutils/constants.py

@@ -7,6 +7,7 @@
     "B": "Bdi",
     "Bd": "Bdi",
     "Bdi": "Bdi",
+    "Bridge-Aggregation": "Port-channel",
     "EOBC": "EOBC",
     "EO": "EOBC",
     "Ethernet": "Ethernet",
@@ -104,6 +105,9 @@
     "Serial": "Serial",
     "Se": "Serial",
     "S": "Serial",
+    "Sync": "Sync",
+    "Sy": "Sync",
+    "Ten-GigabitEthernet": "TenGigabitEthernet",
     "TenGigabitEthernet": "TenGigabitEthernet",
     "TenGigEthernet": "TenGigabitEthernet",
     "TenGigEth": "TenGigabitEthernet",
@@ -126,7 +130,10 @@
     "VLAN": "VLAN",
     "V": "VLAN",
     "Vl": "VLAN",
+    "Vlan-interface": "VLAN",
+    "vlan": "VLAN",
     "Wlan-GigabitEthernet": "Wlan-GigabitEthernet",
+    "XGE": "TenGigabitEthernet",
 }
 
 # The default mac format
@@ -173,6 +180,7 @@
     "Port-channel": "Po",
     "POS": "PO",
     "Serial": "Se",
+    "Sync": "Sy",
     "TenGigabitEthernet": "Te",
     "Tunnel": "Tu",
     "TwoGigabitEthernet": "Two",

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "netutils"
-version = "0.2.0"
+version = "0.2.1"
 description = "Common helper functions useful in network automation."
 authors = ["Network to Code, LLC <info@networktocode.com>"]
 

tests/unit/mock/config/compliance/compliance/cisco_asa/asa_basic_backup.txt

@@ -0,0 +1,108 @@
+: Saved
+
+:
+ASA Version 9.7(1)24
+!
+terminal width 511
+hostname jcy-fw-01
+enable password ntc123 encrypted
+xlate per-session deny tcp any4 any4
+xlate per-session deny tcp any4 any6
+xlate per-session deny tcp any6 any4
+xlate per-session deny tcp any6 any6
+xlate per-session deny udp any4 any4 eq domain
+xlate per-session deny udp any4 any6 eq domain
+xlate per-session deny udp any6 any4 eq domain
+xlate per-session deny udp any6 any6 eq domain
+passwd ntc123 encrypted
+names
+
+!
+interface Management0/0
+ management-only
+ nameif Management
+ security-level 100
+ ip address 10.1.1.10 255.255.255.0
+!
+banner motd ********************************************************************
+banner motd 
+banner motd                         This is a test banner.
+banner motd
+banner motd ********************************************************************
+pager lines 24
+logging enable
+logging timestamp
+logging standby
+logging buffer-size 1048576
+logging buffered informational
+logging trap informational
+logging asdm informational
+logging facility 21
+logging queue 0
+logging device-id hostname
+logging host Management 10.1.1.20
+no logging message 10101010
+mtu Management 1500
+ip verify reverse-path interface Management
+no monitor-interface service-module 
+icmp unreachable rate-limit 1 burst-size 1
+icmp permit 10.0.0.0 255.0.0.0 Management
+no asdm history enable
+arp timeout 14400
+route Management 0.0.0.0 0.0.0.0 10.1.1.1 1
+timeout xlate 3:00:00
+timeout pat-xlate 0:00:30
+timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
+timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
+timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
+timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
+timeout tcp-proxy-reassembly 0:01:00
+timeout floating-conn 0:00:00
+timeout conn-holddown 0:00:15
+timeout igp stale-route 0:01:10
+aaa-server TACACS+ protocol tacacs+
+ reactivation-mode timed
+ max-failed-attempts 5
+aaa-server TACACS+ (Management) host 10.1.1.100
+ key 10101010
+user-identity default-domain LOCAL
+aaa authentication serial console LOCAL 
+aaa authentication ssh console TACACS+ LOCAL
+aaa authentication enable console TACACS+ LOCAL
+aaa authentication http console TACACS+ LOCAL
+aaa accounting command TACACS+
+http server enable
+http 0.0.0.0 0.0.0.0 Management
+snmp-server host Management 10.1.1.50 community ***** version 2c
+no snmp-server contact
+snmp-server enable traps syslog
+sysopt noproxyarp Management
+crypto ipsec security-association pmtu-aging infinite
+telnet timeout 5
+ssh stricthostkeycheck
+ssh 0.0.0.0 0.0.0.0 Management
+ssh timeout 60
+ssh version 2
+ssh key-exchange group dh-group1-sha1
+no threat-detection statistics tcp-intercept
+dynamic-access-policy-record DfltAccessPolicy
+username ntc password ntc123 encrypted privilege 15
+!
+class-map inspection_default
+ match default-inspection-traffic
+!
+!
+policy-map type inspect dns preset_dns_map
+ parameters
+  message-length maximum client auto
+  message-length maximum 512
+  no tcp-inspection
+policy-map global_policy
+ class inspection_default
+  inspect dns preset_dns_map 
+  inspect ftp 
+  inspect tftp 
+  inspect ip-options 
+!
+service-policy global_policy global
+: end

tests/unit/mock/config/compliance/compliance/cisco_asa/asa_basic_feature.py

@@ -0,0 +1,5 @@
+features = [
+    {"name": "hostname", "ordered": False, "section": ["hostname"]},
+    {"name": "logging", "ordered": False, "section": ["logging", "no logging"]},
+    {"name": "aaa", "ordered": False, "section": ["aaa"]},
+]

tests/unit/mock/config/compliance/compliance/cisco_asa/asa_basic_intended.txt

@@ -0,0 +1,25 @@
+hostname jcy-fw-01
+!
+logging enable
+logging timestamp
+logging standby
+logging buffer-size 1048576
+logging buffered informational
+logging trap informational
+logging asdm informational
+logging facility 21
+logging queue 0
+logging device-id hostname
+logging host Management 10.1.1.200
+no logging message 20202020
+!
+aaa-server TACACS+ protocol tacacs+
+ reactivation-mode timed
+ max-failed-attempts 5
+aaa-server TACACS+ (Management) host 10.1.1.100
+ key 20202020
+aaa authentication serial console LOCAL 
+aaa authentication ssh console TACACS+ LOCAL
+aaa authentication enable console TACACS+ LOCAL
+aaa authentication http console TACACS+ LOCAL
+aaa accounting command TACACS+

tests/unit/mock/config/compliance/compliance/cisco_asa/asa_basic_received.json

@@ -0,0 +1,32 @@
+{
+    "hostname": {
+        "compliant": true,
+        "missing": "",
+        "extra": "",
+        "cannot_parse": true,
+        "unordered_compliant": true,
+        "ordered_compliant": true,
+        "actual": "hostname jcy-fw-01",
+        "intended": "hostname jcy-fw-01"
+    },
+    "logging": {
+        "actual": "logging enable\nlogging timestamp\nlogging standby\nlogging buffer-size 1048576\nlogging buffered informational\nlogging trap informational\nlogging asdm informational\nlogging facility 21\nlogging queue 0\nlogging device-id hostname\nlogging host Management 10.1.1.20\nno logging message 10101010",
+        "cannot_parse": true,
+        "compliant": false,
+        "extra": "logging host Management 10.1.1.20\nno logging message 10101010",
+        "intended": "logging enable\nlogging timestamp\nlogging standby\nlogging buffer-size 1048576\nlogging buffered informational\nlogging trap informational\nlogging asdm informational\nlogging facility 21\nlogging queue 0\nlogging device-id hostname\nlogging host Management 10.1.1.200\nno logging message 20202020",
+        "missing": "logging host Management 10.1.1.200\nno logging message 20202020",
+        "ordered_compliant": false,
+        "unordered_compliant": false
+    },
+    "aaa": {
+        "actual": "aaa-server TACACS+ protocol tacacs+\n reactivation-mode timed\n max-failed-attempts 5\naaa-server TACACS+ (Management) host 10.1.1.100\n key 10101010\naaa authentication serial console LOCAL\naaa authentication ssh console TACACS+ LOCAL\naaa authentication enable console TACACS+ LOCAL\naaa authentication http console TACACS+ LOCAL\naaa accounting command TACACS+",
+        "cannot_parse": true,
+        "compliant": false,
+        "extra": "aaa-server TACACS+ (Management) host 10.1.1.100\n key 10101010",
+        "intended": "aaa-server TACACS+ protocol tacacs+\n reactivation-mode timed\n max-failed-attempts 5\naaa-server TACACS+ (Management) host 10.1.1.100\n key 20202020\naaa authentication serial console LOCAL\naaa authentication ssh console TACACS+ LOCAL\naaa authentication enable console TACACS+ LOCAL\naaa authentication http console TACACS+ LOCAL\naaa accounting command TACACS+",
+        "missing": "aaa-server TACACS+ (Management) host 10.1.1.100\n key 20202020",
+        "ordered_compliant": false,
+        "unordered_compliant": false
+    }
+}

tests/unit/mock/config/compliance/config_section_not_parsed/cisco_asa/asa_basic_feature.py

@@ -0,0 +1,5 @@
+features = [
+    {"name": "hostname", "ordered": False, "section": ["hostname"]},
+    {"name": "logging", "ordered": False, "section": ["logging", "no logging"]},
+    {"name": "aaa", "ordered": False, "section": ["aaa"]},
+]

tests/unit/mock/config/compliance/config_section_not_parsed/cisco_asa/asa_basic_received.json

@@ -0,0 +1,6 @@
+{
+    "remaining_cfg": "!\n\n!\nroute Management 0.0.0.0 0.0.0.0 10.1.1.1 1",
+    "section_not_found": [
+        "aaa"
+    ]
+}

tests/unit/mock/config/compliance/config_section_not_parsed/cisco_asa/asa_basic_sent.txt

@@ -0,0 +1,16 @@
+hostname jcy-fw-01
+!
+logging enable
+logging timestamp
+logging standby
+logging buffer-size 1048576
+logging buffered informational
+logging trap informational
+logging asdm informational
+logging facility 21
+logging queue 0
+logging device-id hostname
+logging host Management 10.1.1.200
+no logging message 20202020
+!
+route Management 0.0.0.0 0.0.0.0 10.1.1.1 1

tests/unit/mock/config/compliance/diff_network_config/cisco_asa/asa_basic_base.txt

@@ -0,0 +1,16 @@
+hostname jcy-fw-01
+!
+logging enable
+logging timestamp
+logging standby
+logging buffer-size 1048576
+logging buffered informational
+logging trap informational
+logging asdm informational
+logging facility 21
+logging queue 0
+logging device-id hostname
+logging host Management 10.1.1.20
+no logging message 10101010
+!
+route Management 0.0.0.0 0.0.0.0 10.1.1.254 1

tests/unit/mock/config/compliance/diff_network_config/cisco_asa/asa_basic_intended.txt

@@ -0,0 +1,16 @@
+hostname jcy-fw-01
+!
+logging enable
+logging timestamp
+logging standby
+logging buffer-size 1048576
+logging buffered informational
+logging trap informational
+logging asdm informational
+logging facility 21
+logging queue 0
+logging device-id hostname
+logging host Management 10.1.1.200
+no logging message 20202020
+!
+route Management 0.0.0.0 0.0.0.0 10.1.1.1 1