]>
git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/plugins/vici/python/vici/command_wrappers.py
1 class CommandWrappers(object):
3 """Retrieve daemon and system specific version information.
5 :return: daemon and system specific version information
8 return self
.request("version")
11 """Retrieve IKE daemon statistics and load information.
13 :return: IKE daemon statistics and load information
16 return self
.request("stats")
18 def reload_settings(self
):
19 """Reload strongswan.conf settings and any plugins supporting reload.
21 self
.request("reload-settings")
23 def initiate(self
, sa
):
26 :param sa: the SA to initiate
28 :return: generator for logs emitted as dict
31 return self
.streamed_request("initiate", "control-log", sa
)
33 def terminate(self
, sa
):
36 :param sa: the SA to terminate
38 :return: generator for logs emitted as dict
41 return self
.streamed_request("terminate", "control-log", sa
)
44 """Initiate the rekeying of an SA.
46 .. versionadded:: 5.5.2
48 :param sa: the SA to rekey
50 :return: number of matched SAs
53 return self
.request("rekey", sa
)
55 def redirect(self
, sa
):
56 """Redirect an IKE_SA.
58 .. versionchanged:: 5.5.2
59 The number of matched SAs is returned.
61 :param sa: the SA to redirect
63 :return: number of matched SAs
66 return self
.request("redirect", sa
)
68 def install(self
, policy
):
69 """Install a trap, drop or bypass policy defined by a CHILD_SA config.
71 :param policy: policy to install
74 self
.request("install", policy
)
76 def uninstall(self
, policy
):
77 """Uninstall a trap, drop or bypass policy defined by a CHILD_SA config.
79 :param policy: policy to uninstall
82 self
.request("uninstall", policy
)
84 def list_sas(self
, filters
=None):
85 """Retrieve active IKE_SAs and associated CHILD_SAs.
87 :param filters: retrieve only matching IKE_SAs (optional)
89 :return: generator for active IKE_SAs and associated CHILD_SAs as dict
92 return self
.streamed_request("list-sas", "list-sa", filters
)
94 def list_policies(self
, filters
=None):
95 """Retrieve installed trap, drop and bypass policies.
97 :param filters: retrieve only matching policies (optional)
99 :return: generator for installed trap, drop and bypass policies as dict
102 return self
.streamed_request("list-policies", "list-policy",
105 def list_conns(self
, filters
=None):
106 """Retrieve loaded connections.
108 :param filters: retrieve only matching configuration names (optional)
110 :return: generator for loaded connections as dict
113 return self
.streamed_request("list-conns", "list-conn",
117 """Retrieve connection names loaded exclusively over vici.
119 :return: connection names
122 return self
.request("get-conns")
124 def list_certs(self
, filters
=None):
125 """Retrieve loaded certificates.
127 :param filters: retrieve only matching certificates (optional)
129 :return: generator for loaded certificates as dict
132 return self
.streamed_request("list-certs", "list-cert", filters
)
134 def list_authorities(self
, filters
=None):
135 """Retrieve loaded certification authority information.
137 .. versionadded:: 5.3.3
139 :param filters: retrieve only matching CAs (optional)
141 :return: generator for loaded CAs as dict
144 return self
.streamed_request("list-authorities", "list-authority",
147 def get_authorities(self
):
148 """Retrieve certification authority names loaded exclusively over vici.
153 return self
.request("get-authorities")
155 def load_conn(self
, connection
):
156 """Load a connection definition into the daemon.
158 :param connection: connection definition
159 :type connection: dict
161 self
.request("load-conn", connection
)
163 def unload_conn(self
, name
):
164 """Unload a connection definition.
166 :param name: connection definition name
169 self
.request("unload-conn", name
)
171 def load_cert(self
, certificate
):
172 """Load a certificate into the daemon.
174 :param certificate: PEM or DER encoded certificate
175 :type certificate: dict
177 self
.request("load-cert", certificate
)
179 def load_key(self
, private_key
):
180 """Load a private key into the daemon.
182 .. versionchanged:: 5.5.3
183 The key identifier of the loaded key is returned.
185 :param private_key: PEM or DER encoded key
186 :type private_key: dict
187 :return: key identifier
190 return self
.request("load-key", private_key
)
192 def unload_key(self
, key_id
):
193 """Unload the private key with the given key identifier.
195 .. versionadded:: 5.5.2
197 :param key_id: key identifier
200 self
.request("unload-key", key_id
)
203 """Retrieve identifiers of private keys loaded exclusively over vici.
205 .. versionadded:: 5.5.2
207 :return: key identifiers
210 return self
.request("get-keys")
212 def load_token(self
, token
):
213 """Load a private key located on a token into the daemon.
215 .. versionadded:: 5.5.2
217 :param token: token details
219 :return: key identifier
222 return self
.request("load-token", token
)
224 def load_shared(self
, secret
):
225 """Load a shared IKE PSK, EAP or XAuth secret into the daemon.
227 .. versionchanged:: 5.5.2
228 A unique identifier may be associated with the secret.
230 :param secret: shared IKE PSK, EAP or XAuth secret
233 self
.request("load-shared", secret
)
236 def unload_shared(self
, identifier
):
237 """Unload a previously loaded shared secret by its unique identifier.
239 .. versionadded:: 5.5.2
241 :param identifier: unique identifier
244 self
.request("unload-shared", identifier
)
246 def get_shared(self
):
247 """Retrieve identifiers of shared keys loaded exclusively over vici.
249 .. versionadded:: 5.5.2
254 return self
.request("get-shared")
256 def flush_certs(self
, filter=None):
257 """Flush the volatile certificate cache.
259 Flush the certificate stored temporarily in the cache. The filter
260 allows to flush only a certain type of certificates, e.g. CRLs.
262 :param filter: flush only certificates of a given type (optional)
265 self
.request("flush-certs", filter)
267 def clear_creds(self
):
268 """Clear credentials loaded over vici.
270 Clear all loaded certificate, private key and shared key credentials.
271 This affects only credentials loaded over vici, but additionally
272 flushes the credential cache.
274 self
.request("clear-creds")
276 def load_authority(self
, ca
):
277 """Load a certification authority definition into the daemon.
279 :param ca: certification authority definition
282 self
.request("load-authority", ca
)
284 def unload_authority(self
, ca
):
285 """Unload a previously loaded certification authority by name.
287 :param ca: certification authority name
290 self
.request("unload-authority", ca
)
292 def load_pool(self
, pool
):
293 """Load a virtual IP pool.
295 Load an in-memory virtual IP and configuration attribute pool.
296 Existing pools with the same name get updated, if possible.
298 :param pool: virtual IP and configuration attribute pool
301 return self
.request("load-pool", pool
)
303 def unload_pool(self
, pool_name
):
304 """Unload a virtual IP pool.
306 Unload a previously loaded virtual IP and configuration attribute pool.
307 Unloading fails for pools with leases currently online.
309 :param pool_name: pool by name
310 :type pool_name: dict
312 self
.request("unload-pool", pool_name
)
314 def get_pools(self
, options
):
315 """Retrieve loaded pools.
317 :param options: filter by name and/or retrieve leases (optional)
319 :return: loaded pools
322 return self
.request("get-pools", options
)
324 def get_algorithms(self
):
325 """List of currently loaded algorithms and their implementation.
327 .. versionadded:: 5.4.0
332 return self
.request("get-algorithms")
334 def get_counters(self
, options
=None):
335 """List global or connection-specific counters for several IKE events.
337 .. versionadded:: 5.6.1
339 :param options: get global counters or those of all or one connection
344 return self
.request("get-counters", options
)
346 def reset_counters(self
, options
=None):
347 """Reset global or connection-specific IKE event counters.
349 .. versionadded:: 5.6.1
351 :param options: reset global counters or those of all or one connection
354 self
.request("reset-counters", options
)