done allow add more than one network per network-group #69

vycontrol/firewall/templates/firewall/addrule.html

@@ -94,11 +94,7 @@
         </div>       
     </div>
 
-    <style>
-        .matching_criteria { 
-            padding: 3px;
-        }
-    </style>
+
     <h3 class="matching_criteria"><input type="checkbox" name="criteria_protocol" value="1" id="criteria_protocol"> <label for="criteria_protocol" class="label_for_h3">Matching criteria - protocol</label></h3>
     <div class="container" id="criteria_protocol_block" style="display: none">
 
@@ -277,7 +273,7 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="sdaddressgroup_source">select at max one source address-group</label><br>
+                    <label for="sdaddressgroup_source">select at most one source address-group</label><br>
                     <select name="sdaddressgroup_source" size="10"  style="width: 200px;">
                         {% for f in firewall_addressgroup %}
                         <option>{{ f }}</option>
@@ -289,7 +285,7 @@
 
             <div class="col">
                 <p>
-                    <label for="sdaddressgroup_destination">select at max one destination address-group</label><br>
+                    <label for="sdaddressgroup_destination">select at most one destination address-group</label><br>
                     <select name="sdaddressgroup_destination" size="10" style="width: 200px;">
                         {% for f in firewall_addressgroup %}
                         <option>{{ f }}</option>
@@ -308,7 +304,7 @@
         <div class="row">
             <div class="col">
                 <p>
-                    <label for="sdnetworkgroup_source">select at max one source network-group</label><br>
+                    <label for="sdnetworkgroup_source">select at most one source network-group</label><br>
                     <select name="sdnetworkgroup_source" size="10" style="width: 200px;">
                         {% for f in firewall_networkgroup %}
                         <option>{{ f }}</option>
@@ -320,7 +316,7 @@
 
             <div class="col">
                 <p>
-                    <label for="sdnetworkgroup_destination">select at max one destination network-group</label><br>
+                    <label for="sdnetworkgroup_destination">select at most one destination network-group</label><br>
                     <select name="sdnetworkgroup_destination" size="10" style="width: 200px;">
                         {% for f in firewall_networkgroup %}
                         <option>{{ f }}</option>

vycontrol/firewall/templates/firewall/networkgroup-add.html

@@ -20,7 +20,7 @@
 <p class="submenu2"></p>
 
 
-<form action="{% url 'firewall:firewall-networkgroup-add' %}" method="post">
+<form action="{% url 'firewall:firewall-networkgroup-add' %}" method="post" id="formng">
     {% csrf_token %}
 
 
@@ -36,16 +36,79 @@
     
     <p>
         <label for="network">network (CIDR notation):</label><br>
-        <input type="input" name="network" value=""/> (eg 10.10.10.0/24)
+        <input type="input" name="network" id="network" value=""/> (eg 10.10.10.0/24) 
+        <input type="button" value="add" id="networkgroup_add">
     </p>
 
+    <p>
+        <label for="networkgroup">networks (click to remove)</label><br>
+        <select name="networkgroup" id="networkgroup" size="10" style="width: 200px;">
+        </select>
+
+
+        <input type="hidden" name="networkgroup_json" id="networkgroup_json" value="" >
+    </p>
+
+
     <input type="submit" value="Add Group">
 </form>
 
 
+<script>
+$(document).ready(function () {
+    $("#networkgroup_add").click(function () {
+        network = $("#network").val();
+
+        if (network !=  "") {
+            if ($("#networkgroup option[value='" + network + "']").length == 0) {
+                $('#networkgroup').append($('<option>', {
+                    value: network,
+                    text: network
+                }));
+            }
+        }
+    });
+
+
+    $('#networkgroup').click(function() {
+            $(this).find('option:selected').remove();
+    });
+
+    // form basic validations
+    $("#formng").submit(function(e){
+        size = $("#networkgroup option").length
+        if (size < 1) {
+            alert('Minimum networks is 1');
+            e.preventDefault();
+            return false;
+        }
+        
+        groupname = $("#name").val()
+        if (groupname.length > 31) {
+            alert('Maximum group name 31 characters or less');
+            e.preventDefault();
+            return false;
+        }
+
+
+
+        var groupa = []
+        $("#networkgroup option").each(function() {
+            groupa.push($(this).val());
+        });
+
+        var groupa_json = JSON.stringify(groupa);
+        $("#networkgroup_json").val(groupa_json);
+
+        console.log(groupa_json)
+    });
+
+})
+
 
 
 
+</script>
 
 
 {% endblock %}

vycontrol/firewall/templates/firewall/networkgroup-desc.html

@@ -12,6 +12,12 @@
 
 {% block content %}
 
+
+<script type="text/javascript">
+    var networkgroup_data = JSON.parse('{{networks_json|safe}}');
+    console.log(networkgroup_data);
+</script>
+
 <p class="submenu1">
     <a href="{% url 'firewall:firewall-list' %}">Firewall List</a> | 
     <a href="{% url 'firewall:firewall-create' %}">Create new firewall</a> | 
@@ -23,17 +29,95 @@
     <a href="{% url 'firewall:firewall-networkgroup-add' %}">Add network Group</a>
 </p>
 
-<form action="{% url 'firewall:firewall-networkgroup-desc' groupname %}" method="post">
+
+
+
+
+<form action="{% url 'firewall:firewall-networkgroup-desc' groupname %}" method="post" id="formng">
     {% csrf_token %}
-    
+
     <p>
-        <label for="alias">description</label><br>
-        <input type="text" name="description" id="description" value="{{ firewall_networkgroup.description }}" size="60">
-    </p>    
-    
+        <label for="name">description:</label><br>
+        <input type="input" name="description" id="description" value="{{ groupinfo.description }}" size="100" />
+    </p>
     
+    <p>
+        <label for="network">network (CIDR notation):</label><br>
+        <input type="input" name="network" id="network" value=""/> (eg 10.10.10.0/24) 
+        <input type="button" value="add" id="networkgroup_add">
+    </p>
+
+    <p>
+        <label for="networkgroup">networks (click to remove)</label><br>
+        <select name="networkgroup" id="networkgroup" size="10" style="width: 200px;">
+        </select>
+
+
+        <input type="hidden" name="networkgroup_json" id="networkgroup_json" value="" >
+    </p>
+
+
     <input type="submit" value="Edit Group">
-    </form>
+</form>
+
+
+<script>
+$(document).ready(function () {
+
+    for (network in networkgroup_data) {
+        $('#networkgroup').append($('<option>', {
+            value: networkgroup_data[network],
+            text: networkgroup_data[network]
+        }));
+    }
+
+    $("#networkgroup_add").click(function () {
+        network = $("#network").val();
+
+        if (network !=  "") {
+            if ($("#networkgroup option[value='" + network + "']").length == 0) {
+                $('#networkgroup').append($('<option>', {
+                    value: network,
+                    text: network
+                }));
+            }
+        }
+    });
+
+
+    $('#networkgroup').click(function() {
+            $(this).find('option:selected').remove();
+    });
+
+    // form basic validations
+    $("#formng").submit(function(e){
+        size = $("#networkgroup option").length
+        if (size < 1) {
+            alert('Minimum networks is 1');
+            e.preventDefault();
+            return false;
+        }
+        
+        var groupa = []
+        $("#networkgroup option").each(function() {
+            groupa.push($(this).val());
+        });
+
+        var groupa_json = JSON.stringify(groupa);
+        $("#networkgroup_json").val(groupa_json);
+
+        console.log(groupa_json)
+        //e.preventDefault();
+        //return false;
+
+    });
+
+})
+
+
+
+
+</script>
 
     
 

vycontrol/firewall/templates/firewall/networkgroup-list.html

@@ -23,13 +23,17 @@
 
 {% if firewall_networkgroup %}
     <table border="1" width="100%">
-        <tr><th width="25%">name</th><th width="20%">address</th><th width="30%">description</th><th width="25%">actions</th></tr>
+        <tr>
+            <th width="25%">name</th>
+            <th width="30%">description</th>
+            <th width="25%">actions</th>
+        </tr>
 
     {% for key, value in firewall_networkgroup.items %}       
         {% for ifkey, ifvalue in value.items %}
             <tr>
-                <td>{{ ifkey }}</a></td>
-                <td>{{ ifvalue.network }}</td>
+                <td><a href="{% url 'firewall:firewall-networkgroup-desc' ifkey %}">{{ ifkey }}</a></td>
+                {% comment %}<td>{{ ifvalue.network }}</td>{% endcomment %}
                 <td>{{ ifvalue.description }}</td>
                 <td>
                     <a href="{% url 'firewall:firewall-networkgroup-desc' ifkey %}">Edit</a> | 

vycontrol/firewall/views.py

@@ -12,6 +12,9 @@ import perms
 import network
 import json
 import pprint
+import types
+
+
 
 from filters.vycontrol_filters import get_item
 from filters.vycontrol_filters import get_item_port
@@ -580,7 +583,6 @@ def firewall_portgroup_edit(request, groupname):
     }   
     return HttpResponse(template.render(context, request))
 
-
 @is_authenticated
 def firewall_networkgroup_list(request):
         
@@ -605,7 +607,44 @@ def firewall_networkgroup_add(request):
     all_instances = vyos.instance_getall_by_group(request)
     is_superuser = perms.get_is_superuser(request.user)
 
-    if request.POST.get('name', None) != None and request.POST.get('network', None) != None:
+    if (    request.POST.get('name', None) != None 
+        and request.POST.get('networkgroup_json', None) != None):
+
+        group =         request.POST.get('name', None)
+        description =   request.POST.get('description', None)
+        try:
+            networks = json.loads(request.POST.get('networkgroup_json'))
+        except ValueError:
+            networks = {}
+
+
+        changed = False
+
+        vyos2.log('networks', networks)
+
+        for network in networks:
+            v = vyos2.api (
+                hostname=   hostname_default,
+                api =       "post",
+                op =        "set",
+                cmd =       ["firewall", "group", "network-group", group, "network", network],
+                description = "add network-group network",
+            )
+            if v.success and changed == False:
+                changed = True
+            
+        # set network description if it was created
+            if changed == True:
+                v = vyos2.api (
+                    hostname=   hostname_default,
+                    api =       "post",
+                    op =        "set",
+                    cmd =       ["firewall", "group", "network-group", group, "description", description],
+                    description = "set network-group description",
+                )
+
+
+
         vyos.set_firewall_networkgroup_add(hostname_default, request.POST.get('name'), request.POST.get('network'))
 
         if request.POST.get('description', None) != None:
@@ -713,24 +752,98 @@ def firewall_addressgroup_desc(request, groupname):
 @is_authenticated
 def firewall_networkgroup_desc(request, groupname):
     hostname_default = vyos.get_hostname_prefered(request)
-    firewall_networkgroup = vyos.get_firewall_networkgroup_one(hostname_default, groupname)
     all_instances = vyos.instance_getall_by_group(request)
     is_superuser = perms.get_is_superuser(request.user)
 
-    if request.POST.get('description', None) != None:
-        vyos.set_firewall_networkgroup_description(hostname_default, groupname, request.POST.get('description'))
-        return redirect('firewall:firewall-networkgroup-list')
 
-    template = loader.get_template('firewall/networkgroup-desc.html')
-    context = { 
-        'firewall_networkgroup': firewall_networkgroup,
-        'hostname_default': hostname_default,
-        'username': request.user,        
-        'instances': all_instances,
-        'is_superuser' : is_superuser,
-        'groupname': groupname,
-    }   
-    return HttpResponse(template.render(context, request))
+    v = vyos2.api (
+        hostname=   hostname_default,
+        api =       "get",
+        op =        "showConfig",
+        cmd =       ["firewall", "group", "network-group", groupname],
+        description = "show network-group config",
+    )
+    groupinfo = v.data
+    if 'network' not in groupinfo:
+        networks_original = []
+    else:
+        networks_original = groupinfo['network']
+
+        if type(networks_original) is str:
+            vyos2.log("tipo", type(networks_original))
+            networks_original = [groupinfo['network']]
+        else:
+            networks_original = groupinfo['network']
+
+    vyos2.log("networks_original", networks_original)
+
+    networks_json = json.dumps(networks_original)
+
+
+    changed = False
+
+    if v.success:
+        if request.POST.get('description', None) != None:
+            v = vyos2.api (
+                hostname=   hostname_default,
+                api =       "post",
+                op =        "set",
+                cmd =       ["firewall", "group", "network-group", groupname, "description", request.POST.get('description')],
+                description = "set network-group description",
+            )
+            changed = True
+
+
+        if request.POST.get('networkgroup_json', None) != None:
+            try:
+                networks_new = json.loads(request.POST.get('networkgroup_json'))
+            except ValueError:
+                networks_new = {}
+
+            vyos2.log('networks new', networks_new)
+
+            for network in networks_new:
+                v = vyos2.api (
+                    hostname=   hostname_default,
+                    api =       "post",
+                    op =        "set",
+                    cmd =       ["firewall", "group", "network-group", groupname, "network", network],
+                    description = "edit network-group network",
+                )
+                if v.success and changed == False:
+                    changed = True
+            
+            vyos2.log('networks original', networks_original)
+
+            for network in networks_original:
+                if network not in networks_new:
+                    v = vyos2.api (
+                        hostname=   hostname_default,
+                        api =       "post",
+                        op =        "delete",
+                        cmd =       ["firewall", "group", "network-group", groupname, "network", network],
+                        description = "delete network-group network",
+                    )
+                    if v.success and changed == False:
+                        changed = True
+
+        if changed == True:
+            return redirect('firewall:firewall-networkgroup-list')
+
+
+        template = loader.get_template('firewall/networkgroup-desc.html')
+        context = { 
+            'groupinfo': groupinfo,
+            'hostname_default': hostname_default,
+            'username': request.user,        
+            'instances': all_instances,
+            'is_superuser' : is_superuser,
+            'groupname': groupname,
+            'networks_json' : networks_json,
+        }   
+        return HttpResponse(template.render(context, request))
+    else:
+        return redirect('firewall:firewall-networkgroup-list')
 
 @is_authenticated
 def firewall_config(request, firewall_name):  

vycontrol/s/main.css

@@ -157,4 +157,8 @@ input[type=submit] {
 
 .label_for_h3 {
   margin-bottom: 0;
+}
+
+.matching_criteria { 
+  padding: 3px;
 }

vycontrol/vyos.py

@@ -76,7 +76,7 @@ def api(type, hostname, cmd):
     print(post)   
 
     try:
-        resp = requests.post(url, verify=False, data=post, timeout=5)
+        resp = requests.post(url, verify=False, data=post, timeout=10)
     except requests.exceptions.ConnectionError:
         return False
 

vycontrol/vyos2.py

@@ -45,7 +45,8 @@ API_LIST = {}
 API_LIST["get"] = {}
 API_LIST["get"]["description"]              = 'Show config'
 API_LIST["get"]["path"]                     = 'retrieve'
-API_LIST["get"]["showConfig"]               = 'path'
+API_LIST["get"]["op"] = {}
+API_LIST["get"]["op"]["showConfig"]         = 'path'
 
 API_LIST["post"] = {}
 API_LIST["post"]["description"]              = 'Configuration mode requests'
@@ -142,12 +143,14 @@ def api(hostname, api, op, cmd, description = ""):
     }
 
     try:
-        resp = requests.post(api_data['api_url'], verify=False, data=post, timeout=5)
+        resp = requests.post(api_data['api_url'], verify=False, data=post, timeout=10)
     except requests.exceptions.ConnectionError:
         v = vyapi(result = False, reason= {
             'exception'     : 'requests.exceptions.ConnectionError',
             'respcode'      : resp.status_code
         })
+        log("failed to post url", api_data['api_url'])
+
         return v
 
 
@@ -165,7 +168,7 @@ def api(hostname, api, op, cmd, description = ""):
 
     log("api resp", [v.result, v.reason, v.data])
 
-    return v
+
 
 
     log_vars = {
@@ -181,4 +184,6 @@ def api(hostname, api, op, cmd, description = ""):
 
     log("api " + description, log_vars)
 
+    return v
+