Metadata-Version: 2.1
Name: fortios-xutils
Version: 0.3.2
Summary: Very experimental miscellaneous and extra utilities for fortios
Home-page: https://github.com/ssato/fortios-xutils
Author: Satoru SATOH
Author-email: satoru.satoh@gmail.com
Maintainer: Satoru SATOH
Maintainer-email: satoru.satoh@gmail.com
License: MIT
Project-URL: CI: Travis, https://travis-ci.org/ssato/fortios-xutils
Project-URL: Download, https://pypi.org/project/anyconfig-fortios-backend/
Project-URL: Download RPMs, https://copr.fedoraproject.org/coprs/ssato/extras/
Project-URL: Bug Tracker, https://github.com/ssato/fortios-xutils/issues
Project-URL: Source, https://github.com/ssato/fortios-xutils
Platform: any
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Operating System :: OS Independent
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: Topic :: Utilities
Classifier: License :: OSI Approved :: MIT License
Requires-Dist: PyYAML
Requires-Dist: anyconfig
Requires-Dist: anyconfig-fortios-backend
Requires-Dist: click
Requires-Dist: jmespath
Requires-Dist: netaddr
Requires-Dist: networkx
Requires-Dist: pandas

fortios-xutils
================

.. image:: https://img.shields.io/pypi/v/fortios-xutils.svg
   :target: https://pypi.python.org/pypi/fortios-xutils/
   :alt: [Latest Version]

.. image:: https://img.shields.io/pypi/pyversions/fortios-xutils.svg
   :target: https://pypi.python.org/pypi/fortios-xutils/
   :alt: [Python versions]

.. image:: https://img.shields.io/pypi/l/fortios-xutils.svg
   :target: https://pypi.python.org/pypi/fortios-xutils/
   :alt: MIT License

.. image:: https://img.shields.io/travis/ssato/fortios-xutils.svg
   :target: https://travis-ci.org/ssato/fortios-xutils
   :alt: Test status

.. .. image:: https://img.shields.io/coveralls/ssato/fortios-xutils.svg
      :target: https://coveralls.io/r/ssato/fortios-xutils
      :alt: Coverage Status

.. image:: https://img.shields.io/lgtm/grade/python/g/ssato/fortios-xutils.svg
   :target: https://lgtm.com/projects/g/ssato/fortios-xutils/context:python
   :alt: [Code Quality by LGTM]

Very experimental miscellaneous and extra utilities for fortios (fortigate).

Features
==========

- Parse and dump a structured JSON file from fortios CLI's "show
  \*configuration" outputs
- Search an item or items from JSON files generated as a parsed result from
  fortios CLI's "show \*configuration" outputs, using JMESPath query
- Collect nework information from the JSON files and generate a structured JSON
  files gives that network information
- Compose multiple network JSON files into a network file
- Analyze and dump firewall policy table as a pandas data for further analysis
- Search firewall policy matches given ip address
- Find the network paths from network JSON file by ip address (src and dst) to
  figure out which firewall nodes to configure

CLI Usage
============

See `fortios_xutils --help`.

.. code-block:: console

    ssato@x1-carbon-gen6% PYTHONPATH=src python3 ./src/fortios_xutils/cli.py --help
    Usage: cli.py [OPTIONS] COMMAND [ARGS]...

      CLI frontend entrypoint.

    Options:
      -v, --verbose
      --help         Show this message and exit.

    Commands:
      firewall-policy-save    Make and save firewall policy table...
      firewall-policy-search  Search firewall policy table generated by...
      network-collect         Make and save network data collected from the
                              JSON...

      network-compose         Compose network files collected from the
                              fortigate...

      network-find-paths      Search paths from the source `src_ip` to the...
      parse                   Parse fortigate CLI's "show *configuration*...
      search                  Search an item or items from JSON file generated...
    ssato@x1-carbon-gen6% for sc in parse search network-collect network-compose firewall-policy-save firewall-policy-search; do echo "# $sc"; PYTHONPATH=src python3 ./src/fortios_xutils/cli.py $sc --help; done
    # parse
    Usage: cli.py parse [OPTIONS] [FILEPATHS]...

      Parse fortigate CLI's "show *configuration* outputs and generate a
      structured JSON file. FILEPATHS is a list of file paths or a glob pattern
      gives that.

      Examples:

          $ fortios_xutils parse -O /tmp/0 \
          > tests/res/show_configs/fortigate_cli_show_sample_*.txt
          $ ls /tmp/0
          fortigate-01  fortigate-02
          $ ls /tmp/0/fortigate-01:
          all.json                         firewall_address.json
          firewall_addrgrp.json            firewall_policy.json
          firewall_service_category.json   firewall_service_custom.json
          firewall_service_group.json      metadata.json
          system_global.json               system_interface.json
          system_object-tagging.json       system_replacemsg-group.json
          system_settings.json
          $ jq '.' /tmp/0/fortigate-01/system_interface.json
          [
            {
              "edit": "dmz",
              "vdom": "root",
              "status": "down",
              "type": "physical",
              "role": "dmz",
              "snmp-index": "1"
            },
            {
              "edit": "port1",
              "vdom": "root",
              "ip": [
                "192.168.122.10",
                "255.255.255.0"
              ],
                  ... (snip) ...

    Options:
      -O, --outdir TEXT  Output dir to save parsed results [out/ relative to input
                         filepath]

      --help             Show this message and exit.
    # search
    Usage: cli.py search [OPTIONS] [FILEPATHS]...

      Search an item or items from JSON file generated previously by 'parse' sub
      command. FILEPATHS is a list of file paths or a glob pattern gives that.

      Examples:

          $ # List ip addresses of system interfaces.
          $ fortios_xutils search \
          > -P "configs[?config=='system interface'].edits[].ip" \
          > tests/res/parsed/fortigate-01/all.json
          [
              [
                  "192.168.122.10",
                  "255.255.255.0"
              ],
              [
                  "192.168.1.10",
                  "255.255.255.0"
              ]
          ]
          $

    Options:
      -P, --path TEXT  JMESPath expression to query
      --help           Show this message and exit.
    # network-collect
    Usage: cli.py network-collect [OPTIONS] [FILEPATHS]...

      Collect and save network data from the parsed and structured fortigate's
      configuration files in JSON formats. FILEPATHS is a list of path of the
      JSON file, the parsed results of fortigate CLI's "show \*configuration"
      outputs.

      Examples:

          $ fortios_xutils network-collect tests/res/parsed/*/all.json
          $ head -n 10 tests/res/parsed/fortigate-01/networks.yml
          metadata:
            type: metadata
            input: tests/res/parsed/fortigate-01/all.json
            prefix: 24
            timestamp: 2020-05-12_04_58_57
            version: '1.0'
          nodes:
          - id: fortigate-01
            name: fortigate-01
            type: firewall
          $

    Options:
      -O, --outdir TEXT  Dir to save results
      -P, --prefix TEXT  Max network prefix [24]
      --help             Show this message and exit.
    # network-compose
    Usage: cli.py network-compose [OPTIONS] [FILEPATHS]...

      Compose network files collected from the fortigate CLI's configurations
      from multiple fortigate hosts using the preivous network-collect command,
      into a network file.

      Examples:

          $ fortios_xutils network-compose \
          > tests/res/parsed/fortigate-0*/networks.yml \
          > -o tests/res/networks/all.yml
          $ head -n 10 tests/res/networks/all.yml
          metadata:
            inputs:
            - tests/res/parsed/fortigate-01/all.json
            - tests/res/parsed/fortigate-02/all.json
            timestamp: 2020-05-12_05_02_49
            version: '1.0'
          nodes:
          - id: fortigate-01
            name: fortigate-01
            type: firewall
          $

    Options:
      -o, --outpath TEXT  Path of the outpath file to save network JSON data
      --help              Show this message and exit.
    # firewall-policy-save
    Usage: cli.py firewall-policy-save [OPTIONS] [FILEPATHS]...

      Make and save firewall policy table (:class:`pandas.DataFrame` object).

      Examples:

          $ fortios_xutils firewall-policy-save \
          > -o /tmp/0/test.pickle.gz \
          > tests/res/parsed/fortigate-01/all.json
          $ file /tmp/0/test.pickle.gz
          /tmp/0/test.pickle.gz: gzip compressed data, was "test.pickle"  ...
          $

    Options:
      -O, --outdir TEXT  Dir to save results [same dir input files exist]
      --help             Show this message and exit.
    # firewall-policy-search
    Usage: cli.py firewall-policy-search [OPTIONS] FILEPATH

      Search firewall policy table generated by 'firewall-policy-save' command,
      by ip address. FILEPATH is a file path to the pandas dataframe file
      generated by 'firewall-policy-save' command.

      Examples:

          $ fortios_xutils firewall-policy-search \
          > --ip 192.168.122.3 /tmp/0/test.pickle.gz
          [
            {
              "edit": "20",
              "name": "Monitor_Servers_02",
              "uuid": "3da73baa-dacb-48cb-852c-c4be245b4609",
              "srcintf": "port1",
              "dstintf": "",
              "srcaddr": "host_192.168.122.1",
              "dstaddr": "network_192.168.122.0/24",
              "action": "accept",
              "schedule": "always",
              "service": [
                "HTTPS",
                "HTTP"
              ],
              "inspection-mode": "",
              "nat": "",
              "srcaddrs": [
                "192.168.122.1/32"
              ],
              "dstaddrs": [
                "192.168.122.0/24"
              ],
              "comments": ""
            }
          ]

    Options:
      -i, --ip TEXT  Specify an IP address to search
      --help         Show this message and exit.
    ssato@x1-carbon-gen6%

.. vim:sw=4:ts=4:et:


