nautobot-app-firewall-models icon indicating copy to clipboard operation
nautobot-app-firewall-models copied to clipboard

Published 20 hours ago verified publisher icon nautobot

Expose possibility to find existing policies for a given set of parameters

Open Kircheneer opened this issue 1 year ago • 2 comments

Environment

  • Nautobot version: 1.3.3
  • nautobot-plugin-firewall-model version: 0.1.0-beta.3

Proposed Functionality

Given a set of address objects for source/destination and/or a set of services, find any policies that apply to exactly these fields.

Use Case

Trying to find if there is an existing policy that covers a new firewall request.

Quick mockup

I have implemented something similar to this in a job I've been building. This takes in a variable called address_objects whose values are explained below and returns all PolicyRule objects that have exactly those sources and destinations in them. It currently looks like this:

PolicyRule.objects.all().annotate(
    source_matches=Count("source_address", filter=Q(source_address__in=address_objects["source"])),
    destination_matches=Count(
        "destination_address", filter=Q(destination_address__in=address_objects["destination"])
    ),
).filter(
    source_matches=len(address_objects["source"]),
    destination_matches=len(address_objects["destination"]),
).filter(
    source_matches=Count("source_address"),
    destination_matches=Count("destination_address"),
)

where

address_objects = {"source": {AddressObject<10.0.0.0/24>}, "destination": {AddressObject<192.168.0.0/24>}}

Kircheneer avatar Jul 27 '22 13:07 Kircheneer