Missing tags for insert points in `print rule`

[stdedos]

On the FirewallTemplatePolicy docstring, there is the example:

policy = FirewallPolicy('Amazon Cloud')
for rule in policy.template.fw_ipv4_access_rules.all():
    print rule

I tried to print from a policy template in-the-making, which had only 2 insert points; the latter of which was manually filled. My output was:

IPv4Rule(name=Insert Point 2)
IPv4Rule(name=Insert Point 3)

I couldn't see the inherited Insert Point place; neither did I know how to add "Insert Points" to replace the latter insert point. Also, simply from that output, I didn't know how to add rules "before/after" said insert points. I agree I could use the strings ... but I would guess using the tags would be better.

I would propose:

IPv4Rule(name=Insert Point 2, tag=203.0)
IPv4Rule(name=Insert Point 3, tag=204.0)

Note that:

   IPv4Rule(name=Insert Point 3, tag=204.0)
This is actually a string, not a float ^

[gabstopper]

This would be possible, the primary reason it isn't done that way by default is that the 'tag' field is part of the rule payload and using that in the REPR will require an additional fetch per rule. Realistically that is probably not a big deal since printing would be assumed to be a debug operation anyways.

Just to iterate my point, take this example:

from smc.policy.layer3 import FirewallPolicy

for rule in FirewallPolicy('testpolicy').fw_ipv4_access_rules:
    print(rule, vars(rule))

(IPv4Rule(name=myvpnrule), {'_meta': Meta(name=u'myvpnrule', href=u'https://172.18.1.151:8082/6.5/elements/fw_policy/18/fw_ipv4_access_rule/117', type=u'fw_ipv4_access_rule')})
(IPv4Rule(name=myvpnrule), {'_meta': Meta(name=u'myvpnrule', href=u'https://172.18.1.151:8082/6.5/elements/fw_policy/18/fw_ipv4_access_rule/116', type=u'fw_ipv4_access_rule')})

By default the SMC api will return meta data about the element on the fetch (in this case a collection). Exposing the tag in the repr will just require an additional fetch per rule. It was originally suppressed by default for that reason. I think your suggestion is reasonable and makes sense based on how it's used.

[stdedos]

Maybe SMC should've returned the human-equivalent of "uniquely identifiable information"? I mean, href is fine for machines, but I guess "humanizing" it wouldn't overload the payload returned.

It is also "interesting" that guessing the tag of the fw_ipv4_access_rule/117 rule to be 117.0 is most likely correct for simple use cases. However, I assume that "there is no guarantee on that"

[gabstopper]

I agree, but I do suspect this is already being done by using the 'name' field that correlates to the rule itself. If the rule does not have a name, then the rule tag is used. Similar to what you see in the SMC. For example:

from smc.policy.layer3 import FirewallPolicy
for rule in FirewallPolicy('management').fw_ipv4_access_rules:
    print(rule)

IPv4Rule(name=Rule @109.0)
IPv4Rule(name=Rule @110.0)
IPv4Rule(name=test geo)

The SMC UI shows:

Also note if you are just iterating through the rules and want tags, you can always get them by printing them, just like the repr would:

from smc.policy.layer3 import FirewallPolicy
for rule in FirewallPolicy('management').fw_ipv4_access_rules:
    print(rule, rule.tag)

(IPv4Rule(name=Rule @109.0), u'109.0')
(IPv4Rule(name=Rule @110.0), u'110.0')
(IPv4Rule(name=test geo), u'116.0')

[gabstopper]

Just an addendum - some of the comments above might be more relevant to normal rules but the same sort of logic applies to templates with respects to printing out with the tag:

from smc.policy.layer3 import FirewallTemplatePolicy
for rule in FirewallTemplatePolicy('FWTemplate').fw_ipv4_access_rules:
    print(rule, rule.tag)

(IPv4Rule(name=Rule @122.0), u'122.0')
(IPv4Rule(name=Access rule : insert point), u'123.0')
(IPv4Rule(name=Insert Point), u'124.0')