Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[UX2.0] Adds Unified Policy Object Resource and Data Source #333

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

[UX2.0] Adds Unified Policy Object Resource and Data Source #333

wants to merge 10 commits into from

Conversation

seconroy
Copy link
Collaborator

@seconroy seconroy commented Sep 13, 2024
edited
Loading

Description

Adds Add the following resources and data sources:

  • Policy Object Unified Advanced Malware Protection
  • Policy Object Unified URL Filtering
  • Policy Object Unified TSL/SSL Profile
  • Policy Object Unified Intrusion Prevention
  • Policy Object Unified Advanced Inspection Profile
  • Policy Object Unified TSL/SSL Decryption
  • Policy Object Security Protocol List

Policy Object Unified TSL/SSL Decryption requires the Root CA to be configured.

Types of Changes

  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Build/CI change
  • Code quality improvement/refactoring/documentation (no functional changes)

Checklist

  • My code follows the code style of this project
  • I have added tests to cover my changes
  • All new and existing tests pass locally

@seconroy seconroy requested a review from tzarski0 October 3, 2024 10:14
tzarski0
tzarski0 requested changes Oct 4, 2024
View reviewed changes
Copy link
Collaborator

@tzarski0 tzarski0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On top of the comments included, we should also recheck which field should be marked as mandatory as I see in most objects we put everything as optional but in API in many cases those fields are mandatory.

gen/definitions/profile_parcels/policy_object_security_protocol_list.yaml
mandatory: true
attributes:
- model_name: protocolName
tf_name: protocol_names
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't that be just protocol_name? IF there are multiple protocols, the API looks like that:

{
   "name":"protocol_list",
   "data":{
      "entries":[
         {
            "protocolName":{
               "optionType":"global",
               "value":"802-11-iapp"
            }
         },
         {
            "protocolName":{
               "optionType":"global",
               "value":"ace-svr"
            }
         }
      ]
   }
}

gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml
description: Feature Profile ID
example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
test_value: sdwan_policy_object_feature_profile.test.id
- model_name: matchAllVpn
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is that in the UI? I can't find it.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be mandatory? It's mandatory in API. If it's not in UI, and in API is mandatory and always set to True, shouldn't we set it to true by default?

gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml
tf_name: alert_log_level
example: critical
- model_name: fileAnalysisEnabled
tf_name: file_analysis
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be mandatory? It's mandatory in API.

gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml
- model_name: fileReputationEstServer
tf_name: amp_cloud_region_est_server
example: nam
- model_name: fileReputationAlert
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be mandatory? It's mandatory in API.

gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml
- model_name: fileReputationCloudServer
tf_name: amp_cloud_region
example: nam
- model_name: fileReputationEstServer
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be mandatory? It's mandatory in API.

gen/definitions/profile_parcels/policy_object_unified_advanced_malware_protection.yaml
- model_name: matchAllVpn
tf_name: match_all_vpn
example: true
- model_name: fileReputationCloudServer
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't this be mandatory? It's mandatory in API.

gen/definitions/profile_parcels/policy_object_unified_intrusion_prevention.yaml
- model_name: inspectionMode
example: detection
- model_name: refId
tf_name: ips_signature_list_id
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ips_signature_allow_list_id

gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml
description: Feature Profile ID
example: f6dd22c8-0b4f-496c-9a0b-6813d1f8b8ac
test_value: sdwan_policy_object_feature_profile.test.id
- model_name: sslEnable
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not in UI but mandatory in API and always set to true, should we set it to true by default?

gen/definitions/profile_parcels/policy_object_unified_tls_ssl_decryption.yaml
tf_name: default_ca_certificate_bundle
data_path: [caCertBundle]
example: true
- model_name: fileName
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this work with file upload?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tzarski0 tzarski0 tzarski0 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seconroy @tzarski0