add parent object to Service Group class

[bvilajol]

Environment

• Nautobot version:
• nautobot-plugin-firewall-model version:

When you define a tenant group, you can select another object as parent. That leads to the ability to anidate this object.

Service Group would need same approach. This way amount of objects decreases as well as different levels of anidation of Services could be implemented.

Proposed Functionality

SERVICE1
SERVICE2
SERVICE3
SERVICE4
SERVICE5
SERVICE6

GROUP1 = SERVICE1+SERVICE2
GROUP2 = SERVICE3+SERVICE4
GROUP3= SERVICE4+SERVICE5

GROUP4, parent from GROUP3 + SERVICE4

[bvilajol]

Attached serialization of a custom class 'Service Catalog'. Service Catalog can contain Service Groups, Services and Packets (as builing block for upper objects).

    {
    	"name": "PGR_ITIST07_AVD",
    	"description": "A Service Catalog Containing 2 complex Service Groups",
    	"packets": [
    		"PGR_ITIST07_UDP_53",
    		"PGR_ITIST07_TCP_700-750",
    		"PGR_ITIST07_TCP_22",
    		"PGR_ITIST07_TCP_5000-6000",
    		"PGR_ITIST07_TCP_21",
    		"PGR_ITIST07_ICMP_6",
    		"PGR_ITIST07_UDP_7000-8000",
    		"PGR_ITIST07_TCP_2000",
    		"PGR_ITIST07_ICMP_7",
    		"PGR_ITIST07_TCP_3000",
    		"PGR_ITIST07_ICMP_8",
    		"PGR_ITIST07_UDP_67",
    		"PGR_ITIST07_TCP_9000-10000",
    		"PGR_ITIST07_IP_51"
    	],
    	"inner_packets": [{
    			"name": "PGR_ITIST07_UDP_53",
    			"protocol": 17,
    			"protocol_name": "UDP",
    			"description": "UDP 53 for DNS",
    			"icon": "static/PGR_ITIST07_UDP_53.png",
    			"ports": [
    				53
    			]
    		},
    		{
    			"name": "PGR_ITIST07_TCP_700-750",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": null,
    			"icon": "static/PGR_ITIST07_TCP_700-750.png",
    			"ports": [
    				700,
    				750
    			]
    		},
    		{
    			"name": "PGR_ITIST07_TCP_22",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": "SSH",
    			"icon": "static/PGR_ITIST07_TCP_22.png",
    			"ports": [
    				22
    			]
    		},
    		{
    			"name": "PGR_ITIST07_TCP_5000-6000",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": "SFTP Data Ports",
    			"icon": "static/PGR_ITIST07_TCP_5000-6000.png",
    			"ports": [
    				5000,
    				6000
    			]
    		},
    		{
    			"name": "PGR_ITIST07_TCP_21",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": "SFTP Control Port",
    			"icon": "static/PGR_ITIST07_TCP_21.png",
    			"ports": [
    				21
    			]
    		},
    		{
    			"name": "PGR_ITIST07_ICMP_6",
    			"protocol": 1,
    			"protocol_name": "Destination network unknown",
    			"description": "ICMP",
    			"icon": "static/PGR_ITIST07_ICMP_6.png",
    			"icmp_code": 6
    		},
    		{
    			"name": "PGR_ITIST07_UDP_7000-8000",
    			"protocol": 17,
    			"protocol_name": "UDP",
    			"description": null,
    			"icon": "static/PGR_ITIST07_UDP_7000-8000.png",
    			"ports": [
    				7000,
    				8000
    			]
    		},
    		{
    			"name": "PGR_ITIST07_TCP_2000",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": "A random port for testing",
    			"icon": "static/PGR_ITIST07_TCP_2000.png",
    			"ports": [
    				2000
    			]
    		},
    		{
    			"name": "PGR_ITIST07_ICMP_7",
    			"protocol": 1,
    			"protocol_name": "Destination host unknown",
    			"description": "ICMP",
    			"icon": "static/PGR_ITIST07_ICMP_7.png",
    			"icmp_code": 7
    		},
    		{
    			"name": "PGR_ITIST07_TCP_3000",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": "A random port for testing",
    			"icon": "static/PGR_ITIST07_TCP_3000.png",
    			"ports": [
    				3000
    			]
    		},
    		{
    			"name": "PGR_ITIST07_ICMP_8",
    			"protocol": 1,
    			"protocol_name": "Source host isolated error (military use only)",
    			"description": "ICMP",
    			"icon": "static/PGR_ITIST07_ICMP_8.png",
    			"icmp_code": 8
    		},
    		{
    			"name": "PGR_ITIST07_UDP_67",
    			"protocol": 17,
    			"protocol_name": "UDP",
    			"description": "UDP 67 for",
    			"icon": "static/PGR_ITIST07_UDP_67.png",
    			"ports": [
    				67
    			]
    		},
    		{
    			"name": "PGR_ITIST07_TCP_9000-10000",
    			"protocol": 6,
    			"protocol_name": "TCP",
    			"description": "A random port for testing",
    			"icon": "static/PGR_ITIST07_TCP_9000-10000.png",
    			"ports": [
    				9000,
    				10000
    			]
    		},
    		{
    			"name": "PGR_ITIST07_IP_51",
    			"protocol": 51,
    			"protocol_name": "AH Header",
    			"description": "VPN",
    			"icon": "static/PGR_ITIST07_IP_51.png"
    		}
    	],
    	"services": [
    		"PGR_ITIST07_AVDT02RWDC",
    		"PGR_ITIST07_AVDT12RWDC",
    		"PGR_ITIST07_AVDT22RWDC",
    		"PGR_ITIST07_AVD2SCCM",
    		"PGR_ITIST07_BOGUS"
    	],
    	"inner_services": [{
    			"name": "PGR_ITIST07_AVDT02RWDC",
    			"description": "Protocols and ports from AVD T0 to RWDC",
    			"packets": [
    				"PGR_ITIST07_UDP_53",
    				"PGR_ITIST07_TCP_700-750",
    				"PGR_ITIST07_TCP_22",
    				"PGR_ITIST07_TCP_5000-6000",
    				"PGR_ITIST07_TCP_21",
    				"PGR_ITIST07_ICMP_6"
    			]
    		},
    		{
    			"name": "PGR_ITIST07_AVDT12RWDC",
    			"description": "Protocols and ports from AVD T1 to RWDC",
    			"packets": [
    				"PGR_ITIST07_UDP_53",
    				"PGR_ITIST07_UDP_7000-8000",
    				"PGR_ITIST07_TCP_2000",
    				"PGR_ITIST07_ICMP_7"
    			]
    		},
    		{
    			"name": "PGR_ITIST07_AVDT22RWDC",
    			"description": "Protocols and ports from AVD T2 to RWDC",
    			"packets": [
    				"PGR_ITIST07_UDP_7000-8000",
    				"PGR_ITIST07_TCP_3000",
    				"PGR_ITIST07_ICMP_8"
    			]
    		},
    		{
    			"name": "PGR_ITIST07_AVD2SCCM",
    			"description": "Protocols and ports from AVD to SCCM",
    			"packets": [
    				"PGR_ITIST07_UDP_7000-8000",
    				"PGR_ITIST07_UDP_67",
    				"PGR_ITIST07_TCP_9000-10000",
    				"PGR_ITIST07_IP_51"
    			]
    		},
    		{
    			"name": "PGR_ITIST07_BOGUS",
    			"description": null,
    			"packets": [
    				"PGR_ITIST07_UDP_7000-8000",
    				"PGR_ITIST07_UDP_67"
    			]
    		}
    	],
    	"groups": [
    		"PGR_ITIST07_GROUP1",
    		"PGR_ITIST07_GROUP2"
    	],
    	"inner_groups": [{
    			"name": "PGR_ITIST07_GROUP1",
    			"parent": null,
    			"description": "PGR_ITIST07_GROUP1",
    			"services": [
    				"PGR_ITIST07_AVD2SCCM",
    				"PGR_ITIST07_AVDT22RWDC"
    			],
    			"packets": [
    				"PGR_ITIST07_TCP_21",
    				"PGR_ITIST07_ICMP_6"
    			]
    		},
    		{
    			"name": "PGR_ITIST07_GROUP2",
    			"parent": "PGR_ITIST07_GROUP1",
    			"description": "PGR_ITIST07_GROUP2",
    			"services": [ ],
    			"packets": [
    				"PGR_ITIST07_TCP_3000"
    			]
    		}
    	]
    }

[whitej6]

Great idea, will need to review internally on introducing nested groups and what level of sanity validation would be needed from the Django ORM perspective.

[bvilajol]

Hi there, as per now I went deep into two different and quite opposite firewall manufacturer API's. Main focus is to serialize custom objects yet extending a base one (service, address, etc up to ruleset). Implemented. For both cases I could say (testing alternatives) to achive "infinite" levels of inheretance between service and service group is to use same serializer object towards foreign API endpoint: the existance of "members" or similar key within the returned object is the only difference between a service and a service group. Altough this code is not yet into own dev-lab for nauto (azure extension for secrets procider is) there is no problem to share. Btw: what an evolution in 6 month, nice to see!