Expose possibility to find existing policies for a given set of parameters

Question

Expose possibility to find existing policies for a given set of parameters

Kircheneer opened this issue 2 years ago · comments

Environment

Nautobot version: 1.3.3
nautobot-plugin-firewall-model version: 0.1.0-beta.3

Proposed Functionality

Given a set of address objects for source/destination and/or a set of services, find any policies that apply to exactly these fields.

Use Case

Trying to find if there is an existing policy that covers a new firewall request.

Quick mockup

I have implemented something similar to this in a job I've been building. This takes in a variable called address_objects whose values are explained below and returns all PolicyRule objects that have exactly those sources and destinations in them. It currently looks like this:

PolicyRule.objects.all().annotate(
    source_matches=Count("source_address", filter=Q(source_address__in=address_objects["source"])),
    destination_matches=Count(
        "destination_address", filter=Q(destination_address__in=address_objects["destination"])
    ),
).filter(
    source_matches=len(address_objects["source"]),
    destination_matches=len(address_objects["destination"]),
).filter(
    source_matches=Count("source_address"),
    destination_matches=Count("destination_address"),
)

where

address_objects = {"source": {AddressObject<10.0.0.0/24>}, "destination": {AddressObject<192.168.0.0/24>}}

Ken Celenza · Answer 1 · Thu Jul 28 2022 06:11:37 GMT+0800 (China Standard Time)

I think adding this as a convenience method on the model would be great.

Leo Kirchner · Answer 2 · Thu Jul 28 2022 19:50:49 GMT+0800 (China Standard Time)

Cool! I will look into contributing this in a couple of weeks time.