Protocol Inspection - Profile, Compliance, Signature (#1359)

* Protocol Inspection - Profile, Signature, Compliance

* Protocol Inspection

* Protocol Inspection

* securiy__init__.py flake changes

* Revert "securiy__init__.py flake changes"

This reverts commit 01d31e7.

* securiy__init__.py flake changes

* version support

Author: hemantsk

f5/bigip/tm/security/__init__.py

@@ -31,11 +31,12 @@
 from f5.bigip.tm.security.analytics import Analytics
 from f5.bigip.tm.security.dos import Dos
 from f5.bigip.tm.security.firewall import Firewall
+from f5.bigip.tm.security.protocol_inspection import Protocol_Inspection
 
 
 class Security(OrganizingCollection):
     """BIG-IP® Security organizing collection."""
 
     def __init__(self, tm):
         super(Security, self).__init__(tm)
-        self._meta_data['allowed_lazy_attributes'] = [Dos, Firewall, Analytics]
+        self._meta_data['allowed_lazy_attributes'] = [Dos, Firewall, Analytics, Protocol_Inspection]

f5/bigip/tm/security/protocol_inspection.py

@@ -0,0 +1,118 @@
+# coding=utf-8
+#
+#  Copyright 2017 F5 Networks Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+"""BIG-IP® Advanced Firewall Manager™ (AFM®) module.
+
+REST URI
+    ``http://localhost/mgmt/tm/security/protocol-inspection``
+
+GUI Path
+    ``Security --> Protocol Security --> Inspection_Profiles
+      Security --> Protocol Security --> Inspection_List
+    ``
+
+REST Kind
+    ``tm:security:protocol-inspection*``
+"""
+
+from f5.bigip.resource import Collection
+from f5.bigip.resource import OrganizingCollection
+from f5.bigip.resource import Resource
+from f5.sdk_exception import UnsupportedMethod
+
+
+class Protocol_Inspection(OrganizingCollection):
+    """BIG-IP® Protocol Inspection Organizing collection"""
+    def __init__(self, security):
+        super(Protocol_Inspection, self).__init__(security)
+        self._meta_data['allowed_lazy_attributes'] = [
+            Profiles,
+            Compliances,
+            Signatures,
+        ]
+
+
+class Profiles(Collection):
+    """"BIG-IP® Protocol Inspection Profile collection"""
+    def __init__(self, protocol_inspection):
+        super(Profiles, self).__init__(protocol_inspection)
+        self._meta_data['allowed_lazy_attributes'] = [Profile]
+        self._meta_data['attribute_registry'] = \
+            {'tm:security:protocol-inspection:profile:profilestate':
+                Profile}
+
+
+class Profile(Resource):
+    """BIG-IP® Protocol Inspection Profile resource"""
+    def __init__(self, profiles):
+        super(Profile, self).__init__(profiles)
+        self._meta_data['required_json_kind'] = \
+            'tm:security:protocol-inspection:profile:profilestate'
+        self._meta_data['required_creation_parameters'].update(('partition',))
+
+
+class Compliances(Collection):
+    def __init__(self, protocol_inspection):
+        super(Compliances, self).__init__(protocol_inspection)
+        self._meta_data['allowed_lazy_attributes'] = [Compliance]
+        self._meta_data['attribute_registry'] = \
+            {'tm:security:protocol-inspection:compliance:compliancestate':
+                Compliance}
+
+
+class Compliance(Resource):
+    """BIG-IP® Protocol Inspection Compliance resource"""
+    def __init__(self, compliances):
+        super(Compliance, self).__init__(compliances)
+        self._meta_data['required_json_kind'] = \
+            'tm:security:protocol-inspection:compliance:compliancestate'
+        self._meta_data['required_load_parameters'] = set()
+
+    def create(self, **kwargs):
+        raise UnsupportedMethod(
+            "%s does not support the create method" % self.__class__.__name__
+        )
+
+    def delete(self, **kwargs):
+        raise UnsupportedMethod(
+            "%s does not support the delete method" % self.__class__.__name__
+        )
+
+    def modify(self, **kwargs):
+        raise UnsupportedMethod(
+            "%s does not support the delete method" % self.__class__.__name__
+        )
+
+
+class Signatures(Collection):
+    """BIG-IP® Protocol Inspection Signature collection"""
+    def __init__(self, protocol_inspection):
+        super(Signatures, self).__init__(protocol_inspection)
+        self._meta_data['allowed_lazy_attributes'] = [Signature]
+        self._meta_data['attribute_registry'] = \
+            {'tm:security:protocol-inspection:signature:signaturestate':
+                Signature}
+
+
+class Signature(Resource):
+    """BIG-IP® Protocol Inspection Signature resource"""
+    def __init__(self, signatures):
+        super(Signature, self).__init__(signatures)
+        self._meta_data['required_json_kind'] = \
+            'tm:security:protocol-inspection:signature:signaturestate'
+        self._meta_data['required_creation_parameters'].update((
+            'partition', 'sig', 'description'))

f5/bigip/tm/security/test/functional/test_protocol_inspection.py

@@ -0,0 +1,209 @@
+# Copyright 2017 F5 Networks Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import pytest
+from requests.exceptions import HTTPError
+
+from distutils.version import LooseVersion
+from f5.bigip.tm.security.protocol_inspection import Compliance
+from f5.bigip.tm.security.protocol_inspection import Profile
+from f5.bigip.tm.security.protocol_inspection import Signature
+
+DESC = 'TEST DESCRIPTION'
+
+
+@pytest.fixture(scope='function')
+def profile(mgmt_root):
+    r1 = mgmt_root.tm.security.protocol_inspection.profiles.profile.create(
+        name='fake_prof', partition='Common')
+    yield r1
+    r1.delete()
+
+
+@pytest.fixture(scope='function')
+def signature(mgmt_root):
+    param_set = {'name': 'fake_signature', 'description': DESC,
+                 'sig': 'content:\"hello\";', 'partition': 'Common'}
+    r1 = mgmt_root.tm.security.protocol_inspection.\
+        signatures.signature.create(**param_set)
+    yield r1
+    r1.delete()
+
+
+@pytest.mark.skipif(
+    LooseVersion(pytest.config.getoption('--release')) < LooseVersion('13.1.0'),
+    reason='This collection is fully implemented on 13.1.0 or greater.'
+)
+class TestProfile(object):
+    """Profile functional tests"""
+
+    def test_create_req_args(self, profile):
+        URI = 'https://localhost/mgmt/tm/security/' \
+              'protocol-inspection/profile/~Common~fake_prof'
+        assert profile.name == 'fake_prof'
+        assert profile.partition == 'Common'
+        assert profile.selfLink.startswith(URI)
+        assert not hasattr(profile, 'description')
+
+    def test_create_opt_args(self, mgmt_root):
+        prof = mgmt_root.tm.security.\
+            protocol_inspection.profiles.profile.create(
+                name='fake_prof', partition='Common',
+                defaultsFrom='/Common/protocol_inspection_http',
+                description=DESC)
+        URI = 'https://localhost/mgmt/tm/security/' \
+              'protocol-inspection/profile/~Common~fake_prof'
+        assert prof.name == 'fake_prof'
+        assert prof.partition == 'Common'
+        assert prof.selfLink.startswith(URI)
+        assert hasattr(prof, 'description')
+        assert hasattr(prof, 'defaultsFrom')
+        assert prof.description == DESC
+        prof.delete()
+
+    def test_refresh(self, mgmt_root, profile):
+        profc = mgmt_root.tm.security.protocol_inspection.profiles
+        prof = profc.profile.load(name='fake_prof', partition='Common')
+        assert profile.name == prof.name
+        assert profile.kind == prof.kind
+        assert profile.selfLink == prof.selfLink
+        assert not hasattr(profile, 'description')
+        assert not hasattr(prof, 'description')
+        prof.modify(description=DESC)
+        assert hasattr(prof, 'description')
+        assert prof.description == DESC
+        profile.refresh()
+        assert profile.selfLink == prof.selfLink
+        assert hasattr(profile, 'description')
+        assert profile.description == prof.description
+
+    def test_delete(self, mgmt_root):
+        rc = mgmt_root.tm.security.protocol_inspection.profiles
+        r1 = rc.profile.create(name='fake_prof', partition='Common')
+        r1.delete()
+        with pytest.raises(HTTPError) as err:
+            rc.profile.load(name='fake_prof', partition='Common')
+        assert err.value.response.status_code == 404
+
+    def test_load_no_object(self, mgmt_root):
+        rc = mgmt_root.tm.security.protocol_inspection.profiles
+        with pytest.raises(HTTPError) as err:
+            rc.profile.load(name='fake_prof', partition='Common')
+        assert err.value.response.status_code == 404
+
+    def test_profile_collection(self, mgmt_root, profile):
+        r1 = profile
+        URI = 'https://localhost/mgmt/tm/security/' \
+              'protocol-inspection/profile/~Common~fake_prof'
+        assert r1.name == 'fake_prof'
+        assert r1.partition == 'Common'
+        assert r1.selfLink.startswith(URI)
+        rc = mgmt_root.tm.security.protocol_inspection.\
+            profiles.get_collection()
+        assert isinstance(rc, list)
+        assert len(rc)
+        assert isinstance(rc[0], Profile)
+
+
+@pytest.mark.skipif(
+    LooseVersion(pytest.config.getoption('--release')) < LooseVersion('13.1.0'),
+    reason='This collection is fully implemented on 13.1.0 or greater.'
+)
+class TestSignature(object):
+    """Signature functional tests"""
+
+    def test_create_req_args(self, signature):
+        r1 = signature
+        URI = 'https://localhost/mgmt/tm/security/' \
+              'protocol-inspection/signature/~Common~fake_signature'
+        assert r1.name == 'fake_signature'
+        assert r1.partition == 'Common'
+        assert r1.description == DESC
+        assert r1.selfLink.startswith(URI)
+
+    def test_create_opt_args(self, mgmt_root):
+        prof = mgmt_root.tm.security.protocol_inspection.signatures.\
+            signature.create(name='fake_signature',
+                             partition='Common', sig='content:"abc";',
+                             service='http', description=DESC)
+        URI = 'https://localhost/mgmt/tm/security/' \
+              'protocol-inspection/signature/~Common~fake_signature'
+        assert prof.name == 'fake_signature'
+        assert prof.partition == 'Common'
+        assert prof.selfLink.startswith(URI)
+        assert hasattr(prof, 'description')
+        assert hasattr(prof, 'service')
+        assert prof.description == DESC
+        prof.delete()
+
+    def test_refresh(self, mgmt_root, signature):
+        sigc = mgmt_root.tm.security.protocol_inspection.signatures
+        sig = sigc.signature.load(name='fake_signature', partition='Common')
+        assert signature.name == sig.name
+        assert signature.kind == sig.kind
+        assert signature.selfLink == sig.selfLink
+        assert not hasattr(signature, 'documentation')
+        assert not hasattr(sig, 'documentation')
+        sig.modify(documentation='custom doc')
+        assert hasattr(sig, 'documentation')
+        assert sig.documentation == 'custom doc'
+        signature.refresh()
+        assert signature.selfLink == sig.selfLink
+        assert hasattr(signature, 'documentation')
+        assert signature.documentation == sig.documentation
+
+    def test_delete(self, mgmt_root):
+        sigc = mgmt_root.tm.security.protocol_inspection.signatures
+        sig = sigc.signature.create(name='fake_signature',
+                                    partition='Common', sig='content:"abc";',
+                                    description=DESC)
+        sig.delete()
+        with pytest.raises(HTTPError) as err:
+            sigc.signature.load(name='fake_signature', partition='Common')
+        assert err.value.response.status_code == 404
+
+    def test_load_no_object(self, mgmt_root):
+        sigc = mgmt_root.tm.security.protocol_inspection.signatures
+        with pytest.raises(HTTPError) as err:
+            sigc.signature.load(name='fake_signature', partition='Common')
+        assert err.value.response.status_code == 404
+
+    def test_signature_collection(self, mgmt_root, signature):
+        s1 = signature
+        URI = 'https://localhost/mgmt/tm/security/' \
+              'protocol-inspection/signature/~Common~fake_signature'
+        assert s1.name == 'fake_signature'
+        assert s1.partition == 'Common'
+        assert s1.selfLink.startswith(URI)
+        sigc = mgmt_root.tm.security.protocol_inspection.\
+            signatures.get_collection()
+        assert isinstance(sigc, list)
+        assert len(sigc)
+        assert isinstance(sigc[0], Signature)
+
+
+@pytest.mark.skipif(
+    LooseVersion(pytest.config.getoption('--release')) < LooseVersion('13.1.0'),
+    reason='This collection is fully implemented on 13.1.0 or greater.'
+)
+class TestCompliance(object):
+    """Compliance functional tests"""
+
+    def test_compliance_collection(self, mgmt_root):
+        compc = mgmt_root.tm.security.protocol_inspection.\
+            compliances.get_collection()
+        assert isinstance(compc, list)
+        assert len(compc)
+        assert isinstance(compc[0], Compliance)