[j-nsp] PyEZ list SRX firewall policies

Wojciech Janiszewski wojciech.janiszewski at gmail.com
Mon Jul 22 07:34:36 EDT 2019 

Hi Floris,

I'm not Python programmer, but it seems that "secpol.app" (or "src" or
"dst") is sometimes string and sometimes it's a list of strings.
If it's a single string, then it's being split into characters by []
operator.
If's it's a list, then [] gives you a string (which is what you're looking
for) with the name of application, which you can strip and print.

    print("Application: ", end=" ")
    for x in range(len(secpol.app)):
        print(secpol.app[x].strip(), end=" "),                 <<< here you
get characters or strings
    print('')


isinstance(secpol.app, list) can help you choosing right way of printing
variable, by example:

    print("Application: ", end=" ")
    if isinstance(secpol.app, list):
        print(', '.join(x.strip() for x in secpol.app))
    else
        print(secpol.app.strip())

Perhaps there are other, more proper ways of doing that in Python.

HTH,

Regards,
Wojciech

pon., 22 lip 2019 o 08:51 Floris Termorshuizen <floris at nedcomp.nl>
napisał(a):

> Hello!
>
> Currently playing around with PyEZ to retrieve the firewall policies from
> a SRX, and I have some issues with formatting/printing the source/dest/app
> names. I've created a custom YAML in Python for the Table/View combination
> and can run it against a SRX:
>
> === CODE ===
> myYAML = '''
> ---
> SecurityPolicyTable:
>     rpc: get-firewall-policies
>     args:
>         from-zone: untrust
>         to-zone: hq-lan
>     item: //policy-information
>     key: policy-name
>     view: SecurityPolicyView
>
> SecurityPolicyView:
>     fields:
>         name: policy-name
>         state: policy-state
>         src: source-addresses/source-address/address-name
>         dst: destination-addresses/destination-address/address-name
>         app: applications/application/application-name
> '''
>
> globals().update(FactoryLoader().load(yaml.load(myYAML,
> Loader=yaml.FullLoader)))
>
> secpols = SecurityPolicyTable(dev)
> secpols.get()
> === ===
>
> This results (I believe) in a list/array containing every security
> policies, and a nested list/array containing the
> source/destination/applications, When I dump the output to XML with the
> command secpols.savexml(path='datadump.xml') I see all the data I would
> like to have (see attached for a sanitized example).
>
> When I loop through it I also see all the data, like policy name, and the
> source and destination addresses and so on. Problem is the formatting of
> the source and destination addresses, it looks like the addressbook item is
> sometimes 'split' per character into separate fields in the list.
>
> === CODE ===
> for secpol in secpols:
>     print("Policy: " + secpol.name + ' ' + secpol.state)
>
>     print("Source: ", end=" ")
>     for x in range(len(secpol.src)):
>         print(secpol.src[x].strip(), end=" "),
>     print('')
>
>     print("Destination: ", end=" ")
>     for x in range(len(secpol.dst)):
>         print(secpol.dst[x].strip(), end=" "),
>     print('')
>
>     print("Application: ", end=" ")
>     for x in range(len(secpol.app)):
>         print(secpol.app[x].strip(), end=" "),
>     print('')
>     print('----------------------------------------------')
> === ===
>
> So I loop through the policies, print every Secpol name and
> enabled/disabled, and then print the array/list containing the
> source/destination/application seperated by a space instead of a newline.
>
> This results in the following output:
> === OUTPUT ===
> > python getSecPolicies.py
> Password: ******
>
> Policy: rdp-to-clients enabled
> Source:  home nedcomp-sdc
> Destination:  a n y
> Application:  m s - r d p
> ----------------------------------------------
> Policy: mailserver enabled
> Source:  a n y
> Destination:  m a i l s e r v e r
> Application:  junos-smtp junos-imaps junos-https
> ----------------------------------------------
> Policy: http-to-dev enabled
> Source:  h o m e
> Destination:  dev-33 dev-90 dev-125
> Application:  j u n o s - h t t p
> ----------------------------------------------
> Policy: buckaroo-to-dev enabled
> Source:  a n y
> Destination:  d e v - 9 0
> Application:  j u n o s - h t t p
> ----------------------------------------------
> Policy: vpn-sstp enabled
> Source:  a n y
> Destination:  p e r f o r c e
> Application:  junos-https junos-ping
> ----------------------------------------------
> === ===
>
> So it prints spaces in a addressbook item (Or newlines when omitting end="
> " in the print command), but strangely only when there is a single entry,
> when there are multiple entries is prints the list correctly.
>
> Does anyone know why this is happening? Should I look to Python or
> NETCONF/PyEZ as the source cause?
>
> Best regards,
> Floris Termorshuizen
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list