-
Notifications
You must be signed in to change notification settings - Fork 2
/
NUEgressACLTemplate.j
199 lines (179 loc) · 9.4 KB
/
NUEgressACLTemplate.j
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
/*
Copyright (c) 2015, Alcatel-Lucent Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
@import <Foundation/Foundation.j>
@import <AppKit/CPArrayController.j>
@import <Bambou/NURESTObject.j>
@import "Fetchers/NUPermissionsFetcher.j"
@import "Fetchers/NUMetadatasFetcher.j"
@import "Fetchers/NUEgressACLEntryTemplatesFetcher.j"
@import "Fetchers/NUGlobalMetadatasFetcher.j"
@import "Fetchers/NUVMsFetcher.j"
@import "Fetchers/NUJobsFetcher.j"
@import "Fetchers/NUContainersFetcher.j"
@import "Fetchers/NUEventLogsFetcher.j"
NUEgressACLTemplateEntityScope_ENTERPRISE = @"ENTERPRISE";
NUEgressACLTemplateEntityScope_GLOBAL = @"GLOBAL";
NUEgressACLTemplatePolicyState_DRAFT = @"DRAFT";
NUEgressACLTemplatePolicyState_LIVE = @"LIVE";
NUEgressACLTemplatePriorityType_BOTTOM = @"BOTTOM";
NUEgressACLTemplatePriorityType_BOTTOM_FIREWALL = @"BOTTOM_FIREWALL";
NUEgressACLTemplatePriorityType_MIDDLE_FIREWALL = @"MIDDLE_FIREWALL";
NUEgressACLTemplatePriorityType_NONE = @"NONE";
NUEgressACLTemplatePriorityType_TOP = @"TOP";
NUEgressACLTemplatePriorityType_TOP_FIREWALL = @"TOP_FIREWALL";
/*!
An egress security policy is a set of rules defining how network traffic is treated within a domain. Egress Security Policies control traffic flowing out of the network.
*/
@implementation NUEgressACLTemplate : NURESTObject
{
/*!
The name of the entity
*/
CPString _name @accessors(property=name);
/*!
ID of the user who last updated the object.
*/
CPString _lastUpdatedBy @accessors(property=lastUpdatedBy);
/*!
Time stamp when this object was last updated.
*/
CPString _lastUpdatedDate @accessors(property=lastUpdatedDate);
/*!
If enabled, it means that this ACL or QOS entry is active
*/
BOOL _active @accessors(property=active);
/*!
If enabled a default ACL of Allow All is added as the last entry in the list of ACL entries
*/
BOOL _defaultAllowIP @accessors(property=defaultAllowIP);
/*!
If enabled, non ip traffic will be dropped
*/
BOOL _defaultAllowNonIP @accessors(property=defaultAllowNonIP);
/*!
If enabled, implicit rule will allow intra domain traffic by default
*/
BOOL _defaultInstallACLImplicitRules @accessors(property=defaultInstallACLImplicitRules);
/*!
A description of the entity
*/
CPString _description @accessors(property=description);
/*!
Metadata objects associated with this entity. This will contain a list of Metadata objects if the API request is made using the special flag to enable the embedded Metadata feature. Only a maximum of Metadata objects is returned based on the value set in the system configuration.
*/
CPArrayController _embeddedMetadata @accessors(property=embeddedMetadata);
/*!
Specify if scope of entity is Data center or Enterprise level
*/
CPString _entityScope @accessors(property=entityScope);
/*!
None
*/
CPString _policyState @accessors(property=policyState);
/*!
Time stamp when this object was created.
*/
CPString _creationDate @accessors(property=creationDate);
/*!
The priority of the ACL entry that determines the order of entries
*/
CPNumber _priority @accessors(property=priority);
/*!
Possible values: TOP, BOTTOM, TOP_FIREWALL, BOTTOM_FIREWALL, MIDDLE_FIREWALL or NONE. TOP and BOTTOM ACL policies can only be defined and managed on the template level, NONE can be used on both the template and instantiated level. TOP_FIREWALL, BOTTOM_FIREWALL, MIDDLE_FIREWALL are used to represent acls dirived from Virtual Firewall Policies. These allow for careful control of ACL priority handling.
*/
CPString _priorityType @accessors(property=priorityType);
/*!
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
*/
CPString _associatedLiveEntityID @accessors(property=associatedLiveEntityID);
/*!
The ID of the Virtual Firewall Policy, if this was created as part of the Virtual Firewall Policy creation
*/
CPString _associatedVirtualFirewallPolicyID @accessors(property=associatedVirtualFirewallPolicyID);
/*!
This option only affects how the children ACL entry priorities of this template/policy are generated when the priority is not specified. If 'false', the priority is generated by incrementing the current highest ACL Entry priority by 100. If 'true', a random priority will be generated, which is advised when creating many entries concurrently without specifying the priority. This will cause the new child ACL entry to get a random, non-predictable, priority. Therefore it is advised to only enable this when allow rules are being created. If any type of ACL entry order is required, keep this value to 'false' and use your own defined priorities, this will make sure there is a clear set of priorities and how traffic is validated against the ACL entries.
*/
BOOL _autoGeneratePriority @accessors(property=autoGeneratePriority);
/*!
Identifies the user that has created this object.
*/
CPString _owner @accessors(property=owner);
/*!
External object ID. Used for integration with third party systems
*/
CPString _externalID @accessors(property=externalID);
NUPermissionsFetcher _childrenPermissions @accessors(property=childrenPermissions);
NUMetadatasFetcher _childrenMetadatas @accessors(property=childrenMetadatas);
NUEgressACLEntryTemplatesFetcher _childrenEgressACLEntryTemplates @accessors(property=childrenEgressACLEntryTemplates);
NUGlobalMetadatasFetcher _childrenGlobalMetadatas @accessors(property=childrenGlobalMetadatas);
NUVMsFetcher _childrenVMs @accessors(property=childrenVMs);
NUJobsFetcher _childrenJobs @accessors(property=childrenJobs);
NUContainersFetcher _childrenContainers @accessors(property=childrenContainers);
NUEventLogsFetcher _childrenEventLogs @accessors(property=childrenEventLogs);
}
#pragma mark -
#pragma mark Class Method
+ (CPString)RESTName
{
return @"egressacltemplate";
}
#pragma mark -
#pragma mark Initialization
- (id)init
{
if (self = [super init])
{
[self exposeLocalKeyPathToREST:@"name"];
[self exposeLocalKeyPathToREST:@"lastUpdatedBy"];
[self exposeLocalKeyPathToREST:@"lastUpdatedDate"];
[self exposeLocalKeyPathToREST:@"active"];
[self exposeLocalKeyPathToREST:@"defaultAllowIP"];
[self exposeLocalKeyPathToREST:@"defaultAllowNonIP"];
[self exposeLocalKeyPathToREST:@"defaultInstallACLImplicitRules"];
[self exposeLocalKeyPathToREST:@"description"];
[self exposeLocalKeyPathToREST:@"embeddedMetadata"];
[self exposeLocalKeyPathToREST:@"entityScope"];
[self exposeLocalKeyPathToREST:@"policyState"];
[self exposeLocalKeyPathToREST:@"creationDate"];
[self exposeLocalKeyPathToREST:@"priority"];
[self exposeLocalKeyPathToREST:@"priorityType"];
[self exposeLocalKeyPathToREST:@"associatedLiveEntityID"];
[self exposeLocalKeyPathToREST:@"associatedVirtualFirewallPolicyID"];
[self exposeLocalKeyPathToREST:@"autoGeneratePriority"];
[self exposeLocalKeyPathToREST:@"owner"];
[self exposeLocalKeyPathToREST:@"externalID"];
_childrenPermissions = [NUPermissionsFetcher fetcherWithParentObject:self];
_childrenMetadatas = [NUMetadatasFetcher fetcherWithParentObject:self];
_childrenEgressACLEntryTemplates = [NUEgressACLEntryTemplatesFetcher fetcherWithParentObject:self];
_childrenGlobalMetadatas = [NUGlobalMetadatasFetcher fetcherWithParentObject:self];
_childrenVMs = [NUVMsFetcher fetcherWithParentObject:self];
_childrenJobs = [NUJobsFetcher fetcherWithParentObject:self];
_childrenContainers = [NUContainersFetcher fetcherWithParentObject:self];
_childrenEventLogs = [NUEventLogsFetcher fetcherWithParentObject:self];
_defaultInstallACLImplicitRules = YES;
}
return self;
}
@end