// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package com.cloud.network.resource;
import java.util.HashMap;
import java.util.Map;
import com.cloud.utils.exception.ExecutionException;
// http client handling
// for prettyFormat()
public class MockablePaloAltoResource extends PaloAltoResource {
private HashMap<String, String> context;
public void setMockContext(HashMap<String, String> context) {
this.context = context;
}
/* Fake the calls to the Palo Alto API */
@Override
protected String request(PaloAltoMethod method, Map<String, String> params) throws ExecutionException {
if (method != PaloAltoMethod.GET && method != PaloAltoMethod.POST) {
throw new ExecutionException("Invalid http method used to access the Palo Alto API.");
}
String response = "";
// 'keygen' request
if (params.containsKey("type") && params.get("type").equals("keygen")) {
response = "<response status = 'success'><result><key>LUFRPT14MW5xOEo1R09KVlBZNnpnemh0VHRBOWl6TGM9bXcwM3JHUGVhRlNiY0dCR0srNERUQT09</key></result></response>";
}
// 'config' requests
if (params.containsKey("type") && params.get("type").equals("config") && params.containsKey("action")) {
// action = 'get'
if (params.get("action").equals("get")) {
// get interface for type
// | public_using_ethernet
if (params.get("xpath").equals("/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/1']")) {
if (context.containsKey("public_using_ethernet") && context.get("public_using_ethernet").equals("true")) {
context.put("public_interface_type", "ethernet");
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\"><entry name=\"ethernet1/1\" admin=\"admin\" time=\"2013/06/18 "
+
"13:33:56\"><layer3 admin=\"admin\" time=\"2013/06/18 13:33:56\"><ipv6><neighbor-discovery><router-advertisement><enable>no</enable>"
+
"<min-interval>200</min-interval><max-interval>600</max-interval><hop-limit>64</hop-limit><reachable-time>unspecified</reachable-time>"
+
"<retransmission-timer>unspecified</retransmission-timer><lifetime>1800</lifetime><managed-flag>no</managed-flag>"
+
"<other-flag>no</other-flag><enable-consistency-check>no</enable-consistency-check><link-mtu>unspecified</link-mtu></router-advertisement>"
+
"<enable-dad>no</enable-dad><reachable-time>30</reachable-time><ns-interval>1</ns-interval><dad-attempts>1</dad-attempts></neighbor-discovery>"+
"<enabled>no</enabled><interface-id>EUI-64</interface-id></ipv6><untagged-sub-interface>no</untagged-sub-interface>"
+
"<units admin=\"admin\" time=\"2013/06/18 13:33:56\"><entry name=\"ethernet1/1.9999\" admin=\"admin\" time=\"2013/06/18 13:33:56\">"
+
"<ipv6><neighbor-discovery><router-advertisement><enable>no</enable><min-interval>200</min-interval><max-interval>600</max-interval>"
+
"<hop-limit>64</hop-limit><reachable-time>unspecified</reachable-time><retransmission-timer>unspecified</retransmission-timer><lifetime>"
+
"1800</lifetime><managed-flag>no</managed-flag><other-flag>no</other-flag><enable-consistency-check>no</enable-consistency-check>" +
"<link-mtu>unspecified</link-mtu></router-advertisement><enable-dad>no</enable-dad><reachable-time>30</reachable-time><ns-interval>" +
"1</ns-interval><dad-attempts>1</dad-attempts></neighbor-discovery><enabled>no</enabled><interface-id>EUI-64</interface-id></ipv6>" +
"<ip admin=\"admin\" time=\"2013/06/18 13:33:56\"><entry name=\"192.168.80.254/24\"/></ip><adjust-tcp-mss>no</adjust-tcp-mss>" +
"<tag>3033</tag></entry></units></layer3><link-speed>auto</link-speed><link-duplex>auto</link-duplex><link-state>auto</link-state>" +
"</entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
} // | private_using_ethernet
if (params.get("xpath").equals("/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/2']")) {
if (context.containsKey("private_using_ethernet") && context.get("private_using_ethernet").equals("true")) {
context.put("private_interface_type", "ethernet");
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\"><entry name=\"ethernet1/2\" admin=\"admin\" "
+ "time=\"2013/06/18 13:33:57\"><layer3 admin=\"admin\" time=\"2013/06/18 13:33:57\"><ipv6><neighbor-discovery><router-advertisement>"
+ "<enable>no</enable><min-interval>200</min-interval><max-interval>600</max-interval><hop-limit>64</hop-limit>"
+ "<reachable-time>unspecified</reachable-time><retransmission-timer>unspecified</retransmission-timer><lifetime>1800</lifetime>"
+ "<managed-flag>no</managed-flag><other-flag>no</other-flag><enable-consistency-check>no</enable-consistency-check>"
+ "<link-mtu>unspecified</link-mtu></router-advertisement><enable-dad>no</enable-dad><reachable-time>30</reachable-time>"
+ "<ns-interval>1</ns-interval><dad-attempts>1</dad-attempts></neighbor-discovery><enabled>no</enabled><interface-id>EUI-64</interface-id>"
+ "</ipv6><untagged-sub-interface>no</untagged-sub-interface><units admin=\"admin\" time=\"2013/06/18 13:33:57\"/></layer3>"
+ "<link-speed>auto</link-speed><link-duplex>auto</link-duplex><link-state>auto</link-state></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get management profile | has_management_profile
if (params.get("xpath").equals("/config/devices/entry/network/profiles/interface-management-profile/entry[@name='Ping']")) {
if (context.containsKey("has_management_profile") && context.get("has_management_profile").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\"><entry name=\"Ping\"><ping>yes</ping></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get public interface IP | has_public_interface
if (params.get("xpath").equals(
"/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/1']"
+ "/layer3/units/entry[@name='ethernet1/1.9999']/ip/entry[@name='192.168.80.102/32']")) {
if (context.containsKey("has_public_interface") && context.get("has_public_interface").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"192.168.80.102/32\" admin=\"admin\" time=\"2013/07/05 13:02:37\"/></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get private interface | has_private_interface
if (params.get("xpath")
.equals("/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/2']/layer3/units/entry[@name='ethernet1/2.3954']")) {
if (context.containsKey("has_private_interface") && context.get("has_private_interface").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"ethernet1/2.3954\" admin=\"admin\" time=\"2013/07/05 13:02:36\"><tag admin=\"admin\" time=\"2013/07/05 13:02:36\">3954</tag>"
+ "<ip><entry name=\"10.5.80.1/20\"/></ip><interface-management-profile>Ping</interface-management-profile></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get private interface ip
if (params.get("xpath").equals(
"/config/devices/entry/network/interface/ethernet/entry" + "[@name='ethernet1/2']/layer3/units/entry[@name='ethernet1/2.3954']/ip/entry")) {
response = "<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\"><entry name=\"10.3.96.1/20\"/></result></response>";
}
// get source nat | has_src_nat_rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='src_nat.3954']")) {
if (context.containsKey("has_src_nat_rule") && context.get("has_src_nat_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"src_nat.3954\" admin=\"admin\" time=\"2013/07/05 13:02:38\"><to admin=\"admin\" time=\"2013/07/05 13:02:38\">"
+ "<member admin=\"admin\" time=\"2013/07/05 13:02:38\">untrust</member></to><from><member>trust</member></from><source>"
+ "<member>10.5.80.1/20</member></source><destination><member>any</member></destination><service>any</service>"
+ "<nat-type>ipv4</nat-type><to-interface>ethernet1/1.9999</to-interface><source-translation><dynamic-ip-and-port>"
+ "<interface-address><ip>192.168.80.102/32</ip><interface>ethernet1/1.9999</interface></interface-address></dynamic-ip-and-port>"
+ "</source-translation></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get isolation firewall rule | has_isolation_fw_rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='isolate_3954']")) {
if (context.containsKey("has_isolation_fw_rule") && context.get("has_isolation_fw_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"isolate_3954\" admin=\"admin\" time=\"2013/07/05 13:02:38\"><from admin=\"admin\" time=\"2013/07/05 13:02:38\">"
+ "<member admin=\"admin\" time=\"2013/07/05 13:02:38\">trust</member></from><to><member>trust</member></to><source>"
+ "<member>10.5.80.0/20</member></source><destination><member>10.5.80.1</member></destination><application><member>any</member></application>"
+ "<service><member>any</member></service><action>deny</action><negate-source>no</negate-source><negate-destination>yes</negate-destination>"
+ "</entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get service | has_service
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/service/entry[@name='cs_tcp_80']")) {
if (context.containsKey("has_service_tcp_80") && context.get("has_service_tcp_80").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\"><entry name=\"cs_tcp_80\">"
+ "<protocol><tcp><port>80</port></tcp></protocol></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get egress firewall rule | has_egress_fw_rule | policy_0_3954
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_0_3954']")) {
if (context.containsKey("has_egress_fw_rule") && context.get("has_egress_fw_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"policy_0_3954\" admin=\"admin\" time=\"2013/07/03 12:43:30\"><from admin=\"admin\" time=\"2013/07/03 12:43:30\">"
+ "<member admin=\"admin\" time=\"2013/07/03 12:43:30\">trust</member></from><to><member>untrust</member></to><source><member>10.3.96.1/20</member>"
+ "</source><destination><member>any</member></destination><application><member>any</member></application><service><member>cs_tcp_80</member>"
+ "</service><action>allow</action><negate-source>no</negate-source><negate-destination>no</negate-destination></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get ingress firewall rule | has_ingress_fw_rule | policy_8
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_8']")) {
if (context.containsKey("has_ingress_fw_rule") && context.get("has_ingress_fw_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"policy_8\" admin=\"admin\" time=\"2013/07/03 13:26:27\"><from admin=\"admin\" time=\"2013/07/03 13:26:27\">"
+ "<member admin=\"admin\" time=\"2013/07/03 13:26:27\">untrust</member></from><to><member>trust</member></to><source><member>any</member>"
+ "</source><destination><member>192.168.80.103</member></destination><application><member>any</member></application><service>"
+ "<member>cs_tcp_80</member></service><action>allow</action><negate-source>no</negate-source><negate-destination>no</negate-destination>"
+ "</entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get default egress rule | policy_0_3954
if (params.get("xpath").equals(
"/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[contains(@name, 'policy') and contains(@name, '3954')]")) {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
// get destination nat rule (port forwarding) | has_dst_nat_rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='dst_nat.192-168-80-103_9']")) {
if (context.containsKey("has_dst_nat_rule") && context.get("has_dst_nat_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"dst_nat.192-168-80-103_9\" admin=\"admin\" time=\"2013/07/03 13:40:50\"><to admin=\"admin\" time=\"2013/07/03 13:40:50\">"
+ "<member admin=\"admin\" time=\"2013/07/03 13:40:50\">untrust</member></to><from><member>untrust</member></from><source><member>any</member>"
+ "</source><destination><member>192.168.80.103</member></destination><service>cs_tcp_80</service><nat-type>ipv4</nat-type>"
+ "<to-interface>ethernet1/1.9999</to-interface><destination-translation><translated-address>10.3.97.158</translated-address>"
+ "<translated-port>8080</translated-port></destination-translation></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get destination nat rules (returns all dst nat rules per ip)
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[destination/member[text()='192.168.80.103']]")) {
if (context.containsKey("has_dst_nat_rule") && context.get("has_dst_nat_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"dst_nat.192-168-80-103_9\" admin=\"admin\" time=\"2013/07/03 13:40:50\"><to admin=\"admin\" time=\"2013/07/03 13:40:50\">"
+ "<member admin=\"admin\" time=\"2013/07/03 13:40:50\">untrust</member></to><from><member>untrust</member></from><source><member>any</member>"
+ "</source><destination><member>192.168.80.103</member></destination><service>cs_tcp_80</service><nat-type>ipv4</nat-type>"
+ "<to-interface>ethernet1/1.9999</to-interface><destination-translation><translated-address>10.3.97.158</translated-address>"
+ "<translated-port>8080</translated-port></destination-translation></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
// get static nat rule | has_stc_nat_rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='stc_nat.192-168-80-103_0']")) {
if (context.containsKey("has_stc_nat_rule") && context.get("has_stc_nat_rule").equals("true")) {
response =
"<response status=\"success\" code=\"19\"><result total-count=\"1\" count=\"1\">"
+ "<entry name=\"stc_nat.192-168-80-103_0\" admin=\"admin\" time=\"2013/07/03 14:02:23\"><to admin=\"admin\" time=\"2013/07/03 14:02:23\">"
+ "<member admin=\"admin\" time=\"2013/07/03 14:02:23\">untrust</member></to><from><member>untrust</member></from><source><member>any</member>"
+ "</source><destination><member>192.168.80.103</member></destination><service>any</service><nat-type>ipv4</nat-type>"
+ "<to-interface>ethernet1/1.9999</to-interface><destination-translation><translated-address>10.3.97.158</translated-address>"
+ "</destination-translation></entry></result></response>";
} else {
response = "<response status=\"success\" code=\"19\"><result/></response>";
}
}
}
// action = 'set'
if (params.get("action").equals("set")) {
// set management profile
if (params.get("xpath").equals("/config/devices/entry/network/profiles/interface-management-profile/entry[@name='Ping']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_management_profile", "true");
}
// add private interface
if (params.get("xpath")
.equals("/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/2']/layer3/units/entry[@name='ethernet1/2.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_private_interface", "true");
}
// add public ip to public interface
if (params.get("xpath").equals(
"/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/1']/layer3/units/entry[@name='ethernet1/1.9999']/ip")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_public_interface", "true");
}
// add private interface to zone
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/zone/entry[@name='trust']/network/layer3")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// add public interface to zone
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/zone/entry[@name='untrust']/network/layer3")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// set virtual router (public | private)
if (params.get("xpath").equals("/config/devices/entry/network/virtual-router/entry[@name='default']/interface")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// add interface to network (public | private)
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/import/network/interface")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// add src nat rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='src_nat.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_src_nat_rule", "true");
}
// add isolation firewall rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='isolate_3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_isolation_fw_rule", "true");
}
// add egress firewall rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_0_3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_egress_fw_rule", "true");
}
// add ingress firewall rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_8']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_ingress_fw_rule", "true");
}
// add destination nat rule (port forwarding)
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='dst_nat.192-168-80-103_9']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_dst_nat_rule", "true");
}
// add static nat rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='stc_nat.192-168-80-103_0']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_stc_nat_rule", "true");
}
// add tcp 80 service
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/service/entry[@name='cs_tcp_80']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.put("has_service_tcp_80", "true");
}
}
// action = 'delete'
if (params.get("action").equals("delete")) {
// remove egress firewall rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_0_3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_egress_fw_rule");
}
// remove ingress firewall rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='policy_8']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_ingress_fw_rule");
}
// remove destination nat rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='dst_nat.192-168-80-103_9']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_dst_nat_rule");
}
// remove static nat rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='stc_nat.192-168-80-103_0']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_dst_nat_rule");
}
// remove public ip from interface (dst_nat | stc_nat)
if (params.get("xpath").equals(
"/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/1']/layer3/units/entry"
+ "[@name='ethernet1/1.9999']/ip/entry[@name='192.168.80.103/32']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// remove isolation firewall rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name='isolate_3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_isolation_fw_rule");
}
// remove source nat rule
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/rulebase/nat/rules/entry[@name='src_nat.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_src_nat_rule");
}
// remove public source nat ip
if (params.get("xpath").equals(
"/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/1']/layer3/units/entry"
+ "[@name='ethernet1/1.9999']/ip/entry[@name='192.168.80.102/32']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_public_interface");
}
// remove private interface from the zone
if (params.get("xpath").equals(
"/config/devices/entry/vsys/entry[@name='vsys1']/zone/entry[@name='trust']/network/layer3/member[text()='ethernet1/2.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// remove private interface from the virtual router
if (params.get("xpath").equals("/config/devices/entry/network/virtual-router/entry[@name='default']/interface/member[text()='ethernet1/2.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// remove private interface from network
if (params.get("xpath").equals("/config/devices/entry/vsys/entry[@name='vsys1']/import/network/interface/member[text()='ethernet1/2.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
}
// remove private interface
if (params.get("xpath")
.equals("/config/devices/entry/network/interface/ethernet/entry[@name='ethernet1/2']/layer3/units/entry[@name='ethernet1/2.3954']")) {
response = "<response status=\"success\" code=\"20\"><msg>command succeeded</msg></response>";
context.remove("has_private_interface");
}
}
} // end 'config'
// 'op' requests
if (params.containsKey("type") && params.get("type").equals("op")) {
// check if there are pending changes
if (params.get("cmd").equals("<check><pending-changes></pending-changes></check>")) {
if (context.containsKey("firewall_has_pending_changes") && context.get("firewall_has_pending_changes").equals("true")) {
response = "<response status=\"success\"><result>yes</result></response>";
} else {
response = "<response status=\"success\"><result>no</result></response>";
}
}
// add a config lock
if (params.get("cmd").equals("<request><config-lock><add></add></config-lock></request>")) {
response =
"<response status=\"success\"><result>Successfully acquired lock. Other administrators will not be able to modify configuration "
+ "for scope shared until lock is released</result></response>";
}
// check job status
if (params.get("cmd").equals("<show><jobs><id>1</id></jobs></show>")) {
if (context.containsKey("simulate_commit_failure") && context.get("simulate_commit_failure").equals("true")) {
response =
"<response status=\"success\"><result><job><tenq>2013/07/10 11:11:49</tenq><id>1</id><user>admin</user><type>Commit</type>"
+ "<status>FIN</status><stoppable>no</stoppable><result>FAIL</result><tfin>11:11:54</tfin><progress>11:11:54</progress><details>"
+ "<line>Bad config</line><line>Commit failed</line></details><warnings></warnings></job></result></response>";
} else {
response =
"<response status=\"success\"><result><job><tenq>2013/07/02 14:49:49</tenq><id>1</id><user>admin</user>"
+ "<type>Commit</type><status>FIN</status><stoppable>no</stoppable><result>OK</result><tfin>14:50:02</tfin><progress>14:50:02</progress>"
+ "<details><line>Configuration committed successfully</line></details><warnings></warnings></job></result></response>";
}
}
// load from running config
if (params.get("cmd").equals("<load><config><from>running-config.xml</from></config></load>")) {
response = "<response status=\"success\"><result><msg><line>Config loaded from running-config.xml</line></msg></result></response>";
}
// remove config lock
if (params.get("cmd").equals("<request><config-lock><remove></remove></config-lock></request>")) {
response = "<response status=\"success\"><result>Config lock released for scope shared</result></response>";
}
} // end 'op'
// 'commit' requests
if (params.containsKey("type") && params.get("type").equals("commit")) {
// cmd = '<commit></commit>'
if (params.get("cmd").equals("<commit></commit>")) {
response = "<response status=\"success\" code=\"19\"><result><msg><line>Commit job enqueued with jobid 1</line></msg><job>1</job></result></response>";
}
} // end 'commit'
// print out the details into the console
if (context.containsKey("enable_console_output") && context.get("enable_console_output") == "true") {
if (params.containsKey("xpath")) {
System.out.println("XPATH(" + params.get("action") + "): " + params.get("xpath"));
}
if (params.containsKey("type") && params.get("type").equals("op")) {
System.out.println("OP CMD: " + params.get("cmd"));
}
System.out.println(response + "\n");
}
return response;
}
}