add policy distribution point to generated code if present

hknutzen · Jul 24, 2023 · f5cdb86 · f5cdb86
1 parent 3b20c6e
commit f5cdb86
Show file tree

Hide file tree

Showing 7 changed files with 229 additions and 6 deletions.
diff --git a/go/pkg/pass1/print-code.go b/go/pkg/pass1/print-code.go
@@ -2372,17 +2372,21 @@ func (c *spoc) printPanOS(fd *os.File, l []*router) {
 		hostnames += ", " + backup.deviceName
 		ipList += ", " + backup.interfaces[0].ip.String()
 	}
+	pdP := ""
+	if mgmt.policyDistributionPoint != nil {
+		pdP = "\n[ Policy_distribution_point = " + mgmt.policyDistributionPoint.ip.String() + " ]"
+	}
 	fmt.Fprintf(fd,
 		`<?xml version = "1.0" ?>
 <!--
 Generated by %s, version %s
 
 [ BEGIN %s ]
 [ Model = %s ]
-[ IP = %s ]
+[ IP = %s ]%s
 -->
 `,
-		program, version, hostnames, r.model.class, ipList)
+		program, version, hostnames, r.model.class, ipList, pdP)
 
 	fmt.Fprintln(fd, "<config><devices><entry><vsys>")
 	for _, r := range l {
@@ -2400,14 +2404,18 @@ func (c *spoc) printNSX(fd *os.File, l []*router) {
 		hostnames += ", " + backup.deviceName
 		ipList += ", " + backup.interfaces[0].ip.String()
 	}
+	pdP := ""
+	if mgmt.policyDistributionPoint != nil {
+		pdP = "\n#[ Policy_distribution_point = " + mgmt.policyDistributionPoint.ip.String() + " ]"
+	}
 	fmt.Fprintf(fd,
 		`#Generated by %s, version %s
 #
 #[ BEGIN %s ]
 #[ Model = %s ]
-#[ IP = %s ]
+#[ IP = %s ]%s
 `,
-		program, version, hostnames, r.model.class, ipList)
+		program, version, hostnames, r.model.class, ipList, pdP)
 	fmt.Fprintln(fd, "#insert JSON")
 }
 
@@ -2471,6 +2479,10 @@ func (c *spoc) printRouter(r *router, dir string) string {
 			header("IP =", strings.Join(ips, ","))
 		}
 
+		if r.policyDistributionPoint != nil {
+			header("Policy_distribution_point =", r.policyDistributionPoint.ip.String())
+		}
+
 		for _, vrouter := range vrfMembers {
 			c.printRoutes(fd, vrouter)
 			if vrouter.managed == "" {

diff --git a/go/testdata/ipv6/nsx_ipv6.t b/go/testdata/ipv6/nsx_ipv6.t
@@ -2130,3 +2130,43 @@ service:s1 = {
  ]
 }
 =END=
+
+############################################################
+=TITLE=Add Policy Distribution Point To Header
+=PARAMS=--ipv6
+=INPUT=
+network:n1 = { ip = ::a01:100/120; }
+network:n2 = { ip = ::a01:200/120; }
+network:n3 = { ip = ::a01:300/120;
+ host:netspoc = { ip = ::a01:309; }
+}
+router:r1@vrf = {
+ managed;
+ model = NSX,T0;
+ interface:n1 = { ip = ::a01:10b; hardware = IN; }
+ interface:n2 = { ip = ::a01:201; hardware = OUT; }
+}
+router:r1 = {
+ management_instance;
+ policy_distribution_point = host:netspoc;
+ model = NSX;
+ interface:n1 = { ip = ::a01:101; hardware = device; }
+}
+router:r2 = {
+ managed;
+ model = IOS;
+ interface:n1 = { ip = ::a01:102; hardware = n1; }
+ interface:n3 = { ip = ::a01:302; hardware = n3; }
+}
+service:admin = {
+ user = interface:r1.n1;
+ permit src = host:netspoc; dst = user; prt = tcp 22;
+}
+=OUTPUT=
+-- ipv6/r1
+#[ IP = ::a01:101 ]
+--
+#[ Policy_distribution_point = ::a01:309 ]
+=END=
+
+############################################################
diff --git a/go/testdata/ipv6/pan-os_ipv6.t b/go/testdata/ipv6/pan-os_ipv6.t
@@ -1404,4 +1404,47 @@ service:s1 = {
 <entry name="tcp 80"><protocol><tcp><port>80</port></tcp></protocol></entry>
 </service>
 </entry>
-=END=
+=END=
+
+############################################################
+=TITLE=Add Policy Distribution Point To Header
+=PARAMS=--ipv6
+=INPUT=
+network:n1 = { ip = ::a01:100/120; }
+network:n2 = { ip = ::a01:200/120; }
+network:n3 = { ip = ::a01:300/120;
+ host:netspoc = { ip = ::a01:309; }
+}
+router:r1@vrf = {
+ managed;
+ model = PAN-OS;
+ interface:n1 = { ip = ::a01:10b; hardware = IN; }
+ interface:n2 = { ip = ::a01:201; hardware = OUT; }
+}
+router:r1 = {
+ management_instance;
+ policy_distribution_point = host:netspoc;
+ model = PAN-OS;
+ interface:n1 = { ip = ::a01:101; hardware = device; }
+}
+router:r2 = {
+ managed;
+ model = IOS;
+ interface:n1 = { ip = ::a01:102; hardware = n1; }
+ interface:n3 = { ip = ::a01:302; hardware = n3; }
+}
+service:admin = {
+ user = interface:r1.n1;
+ permit src = host:netspoc; dst = user; prt = tcp 22;
+}
+=OUTPUT=
+-- ipv6/r1
+[ BEGIN r1 ]
+[ Model = PAN-OS ]
+[ IP = ::a01:101 ]
+[ Policy_distribution_point = ::a01:309 ]
+-->
+<config><devices><entry><vsys>
+=END=
+
+############################################################
diff --git a/go/testdata/ipv6/vrf_ipv6.t b/go/testdata/ipv6/vrf_ipv6.t
@@ -430,3 +430,27 @@ Error: Must not use VRF at router:r1@v2 of model ASA
 =END=
 
 ############################################################
+=TITLE=Add Policy Distribution Point To Header
+=PARAMS=--ipv6
+=INPUT=
+network:n1 = { ip = ::a01:100/120;
+ host:netspoc = { ip = ::a01:109; }
+}
+router:r1 = {
+ managed;
+ policy_distribution_point = host:netspoc;
+ model = NX-OS;
+ interface:n1 = { ip = ::a01:101; hardware = v1; }
+}
+service:admin = {
+ user = interface:r1.n1;
+ permit src = host:netspoc; dst = user; prt = tcp 22;
+}
+=OUTPUT=
+-- ipv6/r1
+! [ IP = ::a01:101 ]
+--
+! [ Policy_distribution_point = ::a01:109 ]
+=END=
+
+############################################################
diff --git a/go/testdata/nsx.t b/go/testdata/nsx.t
@@ -2113,3 +2113,42 @@ service:s1 = {
  ]
 }
 =END=
+
+############################################################
+=TITLE=Add Policy Distribution Point To Header
+=INPUT=
+network:n1 = { ip = 10.1.1.0/24; }
+network:n2 = { ip = 10.1.2.0/24; }
+network:n3 = { ip = 10.1.3.0/24;
+ host:netspoc = { ip = 10.1.3.9; }
+}
+router:r1@vrf = {
+ managed;
+ model = NSX,T0;
+ interface:n1 = { ip = 10.1.1.11; hardware = IN; }
+ interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
+}
+router:r1 = {
+ management_instance;
+ policy_distribution_point = host:netspoc;
+ model = NSX;
+ interface:n1 = { ip = 10.1.1.1; hardware = device; }
+}
+router:r2 = {
+ managed;
+ model = IOS;
+ interface:n1 = { ip = 10.1.1.2; hardware = n1; }
+ interface:n3 = { ip = 10.1.3.2; hardware = n3; }
+}
+service:admin = {
+ user = interface:r1.n1;
+ permit src = host:netspoc; dst = user; prt = tcp 22;
+}
+=OUTPUT=
+-- r1
+#[ IP = 10.1.1.1 ]
+--
+#[ Policy_distribution_point = 10.1.3.9 ]
+=END=
+
+############################################################
diff --git a/go/testdata/pan-os.t b/go/testdata/pan-os.t
@@ -1373,4 +1373,46 @@ service:s1 = {
 <entry name="tcp 80"><protocol><tcp><port>80</port></tcp></protocol></entry>
 </service>
 </entry>
-=END=
+=END=
+
+############################################################
+=TITLE=Add Policy Distribution Point To Header
+=INPUT=
+network:n1 = { ip = 10.1.1.0/24; }
+network:n2 = { ip = 10.1.2.0/24; }
+network:n3 = { ip = 10.1.3.0/24;
+ host:netspoc = { ip = 10.1.3.9; }
+}
+router:r1@vrf = {
+ managed;
+ model = PAN-OS;
+ interface:n1 = { ip = 10.1.1.11; hardware = IN; }
+ interface:n2 = { ip = 10.1.2.1; hardware = OUT; }
+}
+router:r1 = {
+ management_instance;
+ policy_distribution_point = host:netspoc;
+ model = PAN-OS;
+ interface:n1 = { ip = 10.1.1.1; hardware = device; }
+}
+router:r2 = {
+ managed;
+ model = IOS;
+ interface:n1 = { ip = 10.1.1.2; hardware = n1; }
+ interface:n3 = { ip = 10.1.3.2; hardware = n3; }
+}
+service:admin = {
+ user = interface:r1.n1;
+ permit src = host:netspoc; dst = user; prt = tcp 22;
+}
+=OUTPUT=
+-- r1
+[ BEGIN r1 ]
+[ Model = PAN-OS ]
+[ IP = 10.1.1.1 ]
+[ Policy_distribution_point = 10.1.3.9 ]
+-->
+<config><devices><entry><vsys>
+=END=
+
+############################################################
diff --git a/go/testdata/vrf.t b/go/testdata/vrf.t
@@ -417,3 +417,26 @@ Error: Must not use VRF at router:r1@v2 of model ASA
 =END=
 
 ############################################################
+=TITLE=Add Policy Distribution Point To Header
+=INPUT=
+network:n1 = { ip = 10.1.1.0/24;
+ host:netspoc = { ip = 10.1.1.9; }
+}
+router:r1 = {
+ managed;
+ policy_distribution_point = host:netspoc;
+ model = NX-OS;
+ interface:n1 = { ip = 10.1.1.1; hardware = v1; }
+}
+service:admin = {
+ user = interface:r1.n1;
+ permit src = host:netspoc; dst = user; prt = tcp 22;
+}
+=OUTPUT=
+-- r1
+! [ IP = 10.1.1.1 ]
+--
+! [ Policy_distribution_point = 10.1.1.9 ]
+=END=
+
+############################################################