This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Policy API (UX1)
Policy API is implemented in PolicyAPI class in vmngclient/api/policy_api.py
After vManageSession is created PolicyAPI is also automatically instantiated in api container instance variable.
class PolicyAPI:
"""This is exposing 'UX 1.0' API"""
def __init__(self, session: vManageSession):
self._session = session
self.centralized = CentralizedPolicyAPI(session)
self.localized = LocalizedPolicyAPI(session)
self.security = SecurityPolicyAPI(session)
self.definitions = PolicyDefinitionsAPI(session)
self.lists = PolicyListsAPI(session)
...PolicyAPI aggregates all methods needed to create, get, edit, delete policies on remote - as well as for policy building blocks (Lists and Definitions)
Diagram below presents generalised relationships between policy configuration items.
Pydantic models which are used as payloads for creating configuration items on remote can be found in modules:
vmngclient.model.policy.centralized
vmngclient.model.policy.localized
vmngclient.model.policy.centralized
vmngclient.model.policy.definitions
vmngclient.model.policy.lists
Models are equipped with builder-like helper methods to add sub-components in sequential manner.
pip install vmngclient==0.20.0.dev0This example implements workflow based on Forwarding and QoS Configuration Guide for vEdge Routers, Cisco SD-WAN Release 20
Source code can be found in examples directory: examples/policy_forwarding_qos.py
To run example provide (url, port, username, password) to reachable vmanage instance as command line arguments:
python examples/policy_forwarding_qos.py 127.0.0.1 433 admin p4s$w0rDMake sure that each of examples below are inside with block after session is created, api variable contains PolicyAPI instance and protocol_map variable contains map obtained from remote:
from vmngclient.session import create_vManageSession
with create_vManageSession(url="127.0.0.1", username="admin", password="") as session:
api = session.api.policy
protocol_map = api.get_protocol_map() from vmngclient.model.policy.localized import LocalizedPolicy
from vmngclient.model.policy.definitions.qos_map import QoSMap
from vmngclient.model.policy.lists import ClassMapList
# define forwarding class
class_map = ClassMapList(name="ClassMapExample-1")
class_map.add_queue(5)
class_map_id = api.lists.create(class_map) # push on remote
# define QoSMap policy
qos_map = QoSMap(name="QoSMapPolicyExample-1")
qos_map.add_scheduler(queue=5, class_map_ref=class_map_id)
qos_map_id = api.definitions.create(qos_map) # push on remote
# create localized policy
loc_policy = LocalizedPolicy(policy_name="LocalizedPolicyExample-1")
loc_policy.add_qos_map(qos_map_id)
loc_policy_id = api.localized.create(loc_policy) # push on remote
# edit localized policy
loc_policy.policy_definition.settings.log_frequency = 1000
api.localized.edit(loc_policy_id, loc_policy) # push on remote
# obtain created policy info
print(api.localized.get(loc_policy_id)) # get from remote
input("\nCheck that Localized Policy was created. Press Enter to do cleanup...")
# delete created items or remote
api.localized.delete(loc_policy_id)
api.definitions.delete(QoSMap, qos_map_id)
api.lists.delete(ClassMapList, class_map_id) from ipaddress import IPv4Network
from vmngclient.model.policy.security import SecurityPolicy
from vmngclient.model.policy.definitions.zone_based_firewall import ZoneBasedFWPolicy
from vmngclient.model.policy.lists import ZoneList
# define zone list
zone_list = ZoneList(name="ZoneList-Example-1")
zone_list.assign_vpns({111, 112})
zone_list_id = api.lists.create(zone_list) # push on remote
# define zone based firewall
zone_based_fw = ZoneBasedFWPolicy(name="ZoneBasedFW-Example-1")
zone_based_fw.add_zone_pair("self", zone_list_id)
rule_1 = zone_based_fw.add_ipv4_rule(name="ExampleIPv4Rule-1", log=True)
rule_1.match_destination_ip([IPv4Network("10.66.0.0/16")])
rule_1.match_protocols({22, 130})
rule_2 = zone_based_fw.add_ipv4_rule(name="ExampleIPv4Rule-2")
rule_2.match_source_geo_location("FRA")
rule_2.match_source_port({1100, 1199})
rule_2.match_protocol_names({"tacacs", "ssh"}, protocol_map) # map is needed to add protocols by names
zone_based_fw_id = api.definitions.create(zone_based_fw) # push on remote
# define security policy
sec_pol = SecurityPolicy(policy_name="SecurityPolicy-1")
sec_pol.add_zone_based_fw(zone_based_fw_id)
sec_pol_id = api.security.create(sec_pol) # push on remote
# obtain created policy info
print(api.security.get(sec_pol_id)) # get from remote
input("\nCheck that Security Policy was created. Press Enter to do cleanup...")
# delete created items on remote
api.security.delete(sec_pol_id)
api.definitions.delete(ZoneBasedFWPolicy, zone_based_fw_id)
api.lists.delete(ZoneList, zone_list_id) from ipaddress import IPv4Network
from vmngclient.model.policy.centralized import CentralizedPolicy
from vmngclient.model.policy.definitions.traffic_data import TrafficDataPolicy
from vmngclient.model.policy.lists import SiteList, VPNList
# define site list
site_list = SiteList(name="SiteListExample-1")
site_list.add_sites([100, 101])
site_list_id = api.lists.create(site_list) # push on remote
# define vpn list
vpn_list = VPNList(name="VPNListExample-1")
vpn_list.add_vpn_range((95, 99))
vpn_list_id = api.lists.create(vpn_list) # push on remote
# define data traffic policy
traffic_policy = TrafficDataPolicy(name="TrafficDataPolicyExample-1")
seq_1 = traffic_policy.add_ipv4_sequence(name="SequenceExample-1")
seq_1.match_destination_ip([IPv4Network("10.73.0.0/16")])
seq_1.add_count_action("CounterExample")
traffic_policy_id = api.definitions.create(traffic_policy) # push on remote
# define centralized policy
cntrl_pol = CentralizedPolicy(policy_name="CentralizedPolicyExmaple-1")
app_1 = cntrl_pol.add_traffic_data_policy(traffic_policy_id)
app_1.apply([site_list_id], [vpn_list_id])
cntrl_pol_id = api.centralized.create(cntrl_pol) # push on remote
# obtain created policy info
print(api.centralized.get(cntrl_pol_id)) # get from remote
input("\nCheck that Centralized Policy was created. Press Enter to do cleanup...")
# delete created items on remote
api.centralized.delete(cntrl_pol_id)
api.definitions.delete(TrafficDataPolicy, traffic_policy_id)
api.lists.delete(SiteList, site_list_id)
api.lists.delete(VPNList, vpn_list_id)- CentralizedPolicy
- LocalizedPolicy
- SecurityPolicy
- AdvancedInspectionProfile
- AMP
- AccessList
- AppRoute
- Cflowd
- Control
- TrafficData
- DeviceAccess
- DialPeer
- FXOPort
- FXSDIDPort
- FXSPort
- HubAndSpoke
- IPv6Access
- IPv6DeviceAccess
- IntrusionPrevention
- LocalDomain
- Mesh
- PRIISDNPort
- QosMap
- RewriteRule
- URLFiltering
- VEdgeRoute
- VPNMembershipGroup
- VPNQosMap
- ZoneBasedFirewall
- RuleSet
- SSLDecryption
- SSLDecryptionUTDProfile
- SecurityGroup
- FQDNList
- ASPathList
- AppProbeClassList
- ApplicationList
- ColorList
- CommunityList
- DataIPV6PrefixList
- DataPrefixAllTypesOfLists
- DataPrefixAndFQDNAllTypesOfLists
- DataPrefixList
- ExpandedCommunityList
- ExtendedCommunityList
- FaxProtocolList
- ForwardingClassList
- GeoLocationList
- IPSSignatureList
- IPv6PrefixList
- IdentityList
- LocalDomainNameList
- MediaProfileList
- MirrorList
- ModemPassthroughList
- PolicerClassList
- PortList
- PrefixForAllTypesOfLists
- PrefixList
- ProtocolNameList
- RegionList
- SLAClassList
- ScalableGroupTagList
- SiteList
- SupervisoryDiscList
- TLOCList
- ThreatGridApiKeyList
- TranslationProfileList
- TranslationRulesList
- TrunkGroupList
- URLBlackList
- URLWhiteList
- UmbrellaDataList
- VPNList
- ZoneList
- PreferredColorGroupList