This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Policy API (UX1)
Policy API is implemented in PolicyAPI class in catalystwan/api/policy_api.py
After ManagerSession is created PolicyAPI is also automatically instantiated in api container instance variable.
class PolicyAPI:
"""This is exposing 'UX 1.0' API"""
def __init__(self, session: vManageSession):
self._session = session
self.centralized = CentralizedPolicyAPI(session)
self.localized = LocalizedPolicyAPI(session)
self.security = SecurityPolicyAPI(session)
self.definitions = PolicyDefinitionsAPI(session)
self.lists = PolicyListsAPI(session)
...PolicyAPI aggregates all methods needed to create, get, edit, delete policies on remote - as well as for policy building blocks (Lists and Definitions)
Diagram below presents generalised relationships between policy configuration items.
Pydantic models which are used as payloads for creating configuration items on remote can be found in modules:
catalystwan.models.policy
Models are equipped with builder-like helper methods to add sub-components in sequential manner.
To run all examples below catalystwan version 0.30.0dev0 or greater is required
pip install "catalystwan>=0.30.0dev0"This example implements workflow based on Forwarding and QoS Configuration Guide for vEdge Routers, Cisco SD-WAN Release 20
Source code can be found in examples directory: examples/policy_forwarding_qos.py
To run example provide (url, port, username, password) to reachable vmanage instance as command line arguments:
python examples/policy_forwarding_qos.py 127.0.0.1 433 admin p4s$w0rDMake sure that each of examples below are inside with block after session is created, api variable contains PolicyAPI instance and protocol_map variable contains map obtained from remote:
from catalystwan.session import create_manager_session
with create_manager_session(url="127.0.0.1", username="admin", password="") as session:
api = session.api.policy
protocol_map = api.get_protocol_map() from catalystwan.models.policy import LocalizedPolicy, QoSMap, ClassMapList
# define forwarding class
class_map = ClassMapList(name="ClassMapExample-1")
class_map.add_queue(5)
class_map_id = api.lists.create(class_map) # push on remote
# define QoSMap policy
qos_map = QoSMap(name="QoSMapPolicyExample-1")
qos_map.add_scheduler(queue=5, class_map_ref=class_map_id)
qos_map_id = api.definitions.create(qos_map) # push on remote
# create localized policy
loc_policy = LocalizedPolicy(policy_name="LocalizedPolicyExample-1")
loc_policy.add_qos_map(qos_map_id)
loc_policy_id = api.localized.create(loc_policy) # push on remote
# edit localized policy
loc_policy.policy_definition.settings.log_frequency = 1000
api.localized.edit(loc_policy_id, loc_policy) # push on remote
# obtain created policy info
print(api.localized.get(loc_policy_id)) # get from remote
input("\nCheck that Localized Policy was created. Press Enter to do cleanup...")
# delete created items or remote
api.localized.delete(loc_policy_id)
api.definitions.delete(QoSMap, qos_map_id)
api.lists.delete(ClassMapList, class_map_id) from ipaddress import IPv4Network
from catalystwan.models.policy import SecurityPolicy, ZoneBasedFWPolicy, ZoneList
# define zone list
zone_list = ZoneList(name="ZoneList-Example-1")
zone_list.assign_vpns({111, 112})
zone_list_id = api.lists.create(zone_list) # push on remote
# define zone based firewall
zone_based_fw = ZoneBasedFWPolicy(name="ZoneBasedFW-Example-1")
zone_based_fw.add_zone_pair("self", zone_list_id)
rule_1 = zone_based_fw.add_ipv4_rule(name="ExampleIPv4Rule-1", log=True)
rule_1.match_destination_ip([IPv4Network("10.66.0.0/16")])
rule_1.match_protocols({22, 130})
rule_2 = zone_based_fw.add_ipv4_rule(name="ExampleIPv4Rule-2")
rule_2.match_source_geo_location("FRA")
rule_2.match_source_port({1100, 1199})
rule_2.match_protocol_names({"tacacs", "ssh"}, protocol_map) # map is needed to add protocols by names
zone_based_fw_id = api.definitions.create(zone_based_fw) # push on remote
# define security policy
sec_pol = SecurityPolicy(policy_name="SecurityPolicy-1")
sec_pol.add_zone_based_fw(zone_based_fw_id)
sec_pol_id = api.security.create(sec_pol) # push on remote
# obtain created policy info
print(api.security.get(sec_pol_id)) # get from remote
input("\nCheck that Security Policy was created. Press Enter to do cleanup...")
# delete created items on remote
api.security.delete(sec_pol_id)
api.definitions.delete(ZoneBasedFWPolicy, zone_based_fw_id)
api.lists.delete(ZoneList, zone_list_id) from ipaddress import IPv4Network
from catalystwan.models.policy import CentralizedPolicy, TrafficDataPolicy, SiteList, VPNList
# define site list
site_list = SiteList(name="SiteListExample-1")
site_list.add_sites([100, 101])
site_list_id = api.lists.create(site_list) # push on remote
# define vpn list
vpn_list = VPNList(name="VPNListExample-1")
vpn_list.add_vpn_range((95, 99))
vpn_list_id = api.lists.create(vpn_list) # push on remote
# define data traffic policy
traffic_policy = TrafficDataPolicy(name="TrafficDataPolicyExample-1")
seq_1 = traffic_policy.add_ipv4_sequence(name="SequenceExample-1")
seq_1.match_destination_ip([IPv4Network("10.73.0.0/16")])
seq_1.associate_count_action("CounterExample")
traffic_policy_id = api.definitions.create(traffic_policy) # push on remote
# define centralized policy
cntrl_pol = CentralizedPolicy(policy_name="CentralizedPolicyExmaple-1")
app_1 = cntrl_pol.add_traffic_data_policy(traffic_policy_id)
app_1.assign_to([vpn_list_id], "all", site_lists=[site_list_id])
cntrl_pol_id = api.centralized.create(cntrl_pol) # push on remote
# obtain created policy info
print(api.centralized.get(cntrl_pol_id)) # get from remote
input("\nCheck that Centralized Policy was created. Press Enter to do cleanup...")
# delete created items on remote
api.centralized.delete(cntrl_pol_id)
api.definitions.delete(TrafficDataPolicy, traffic_policy_id)
api.lists.delete(SiteList, site_list_id)
api.lists.delete(VPNList, vpn_list_id) cli_config = "<...>"
cli_policy = CentralizedPolicy(policy_name="my-policy-cli", policy_type="cli", policy_definition=cli_config)
api.centralized.create(cli_policy) # push on remote- CentralizedPolicy
- LocalizedPolicy
- SecurityPolicy
- AdvancedInspectionProfile
- AMP
- AccessList
- AppRoute
- Cflowd
- Control
- TrafficData
- DeviceAccess
- DialPeer
- FXOPort
- FXSDIDPort
- FXSPort
- HubAndSpoke
- IPv6Access
- IPv6DeviceAccess
- IntrusionPrevention
- LocalDomain
- Mesh
- PRIISDNPort
- QosMap
- RewriteRule
- URLFiltering
- VEdgeRoute
- VPNMembershipGroup
- VPNQosMap
- ZoneBasedFirewall
- RuleSet
- SSLDecryption
- SSLDecryptionUTDProfile
- SecurityGroup
- FQDNList
- ASPathList
- AppProbeClassList
- ApplicationList
- ColorList
- CommunityList
- DataIPV6PrefixList
- DataPrefixAllTypesOfLists
- DataPrefixAndFQDNAllTypesOfLists
- DataPrefixList
- ExpandedCommunityList
- ExtendedCommunityList
- FaxProtocolList
- ForwardingClassList
- GeoLocationList
- IPSSignatureList
- IPv6PrefixList
- IdentityList
- LocalDomainNameList
- MediaProfileList
- MirrorList
- ModemPassthroughList
- PolicerClassList
- PortList
- PrefixForAllTypesOfLists
- PrefixList
- ProtocolNameList
- RegionList
- SLAClassList
- ScalableGroupTagList
- SiteList
- SupervisoryDiscList
- TLOCList
- ThreatGridApiKeyList
- TranslationProfileList
- TranslationRulesList
- TrunkGroupList
- URLBlackList
- URLWhiteList
- UmbrellaDataList
- VPNList
- ZoneList
- PreferredColorGroupList