alkira/push.py

284 lines
9.5 KiB
Python
Raw Normal View History

2022-06-14 21:56:02 +02:00
#!/usr/bin/env python3
#
# Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira.
# push.py
# Version 0.1 - 20220617 - initial release
2022-06-20 20:34:54 +02:00
# Version 0.2 - 20220620 - added collection of credentialId
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
2022-06-14 21:56:02 +02:00
import os
import sys
import re
import json
import time
import logging
import requests
import configparser
2022-06-17 12:45:57 +02:00
import argparse
# Parse all arguments
2022-06-17 16:16:41 +02:00
parser = argparse.ArgumentParser(description="Push JSON config to AlkiraAPI")
2022-06-17 16:01:23 +02:00
parser.add_argument("-t", "--tenant", type=str, default='alkira.cnf', help="location of alikira.cnf (default: alkira.cnf)")
parser.add_argument("-f", "--folder", type=str, default='config', help="location of the JSON connector files (default: config)")
parser.add_argument("-c", "--config", type=str, default='connectors.cnf', help="location of the connector config (default: config/connectors.cnf)")
parser.add_argument("-v", "--verbose", type=int, default=0, help="Verbose level 0 or 1 (default: 0)")
2022-06-17 12:45:57 +02:00
try:
args = parser.parse_args()
2022-06-17 15:21:03 +02:00
ALKIRA_CONFIG = args.tenant
connector_folder = args.folder
2022-06-17 12:45:57 +02:00
CONNECTOR_CONFIG = f'{args.folder}/{args.config}'
except argparse.ArgumentError as e:
print(str(e))
sys.exit()
try:
loglevel = {
0: logging.INFO,
1: logging.DEBUG
}[args.verbose]
except KeyError:
loglevel = logging.INFO
2022-06-14 21:56:02 +02:00
###############################################
2022-06-17 16:01:23 +02:00
# Set loglevel (logging.INFO, logging.DEBUG)
logging.basicConfig(level=loglevel)
logging = logging.getLogger('AlkiraAPI')
2022-06-17 12:45:57 +02:00
# Tenant config
if not os.path.isfile(ALKIRA_CONFIG):
logging.error(f"The config file {ALKIRA_CONFIG} doesn't exist")
sys.exit(1)
alkira = configparser.RawConfigParser()
alkira.read(ALKIRA_CONFIG)
ALKIRA_TENANT = alkira.get('alkira', 'ALKIRA_TENANT')
ALKIRA_USERNAME = alkira.get('alkira', 'ALKIRA_USERNAME')
ALKIRA_PASSWORD = alkira.get('alkira', 'ALKIRA_PASSWORD')
2022-06-14 21:56:02 +02:00
ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
SERVICE_USERNAME = alkira.get('services', 'SERVICE_USERNAME')
SERVICE_PASSWORD = alkira.get('services', 'SERVICE_PASSWORD')
2022-06-14 21:56:02 +02:00
2022-06-17 12:45:57 +02:00
# Connector config
if not os.path.isfile(CONNECTOR_CONFIG):
logging.error(f"The config file {CONNECTOR_CONFIG} doesn't exist")
sys.exit(1)
config = configparser.ConfigParser()
config.read(CONNECTOR_CONFIG)
2022-06-14 21:56:02 +02:00
###############################################
# Set default headers
headers = {'Content-Type': "application/json"}
# URL Exceptions
url_exceptions = {
2022-06-14 21:56:02 +02:00
"saas": "internet",
"pan": "panfw",
"ftntfw": "ftnt-fw-",
"chkpfw": "chkp-fw-",
"ocivcnconnectors": "oci-vcn-connectors",
"ftntfwservices": "ftnt-fw-services",
"chkpfwservices": "chkp-fw-services"
}
# URL Exceptions creating credentials
service_credentials = {
"panfwservices": "pan",
"ftntfwservices": "ftntfw",
"chkpfwservices": "chkp-fw"
}
# URL Exceptions creating instance credentials
service_instance_credentials = {
"ftntfwservices": "ftntfw-",
"chkpfwservices": "chkp-fw-"
2022-06-14 21:56:02 +02:00
}
2022-06-20 20:34:54 +02:00
# Credential Types
credential_types = {
"awsvpc": "",
"azurevnet": "",
"gcpvpc": "",
"ocivcn": "",
}
2022-06-14 21:56:02 +02:00
def alkira_login():
body = {'userName': ALKIRA_USERNAME,
'password': ALKIRA_PASSWORD}
session = requests.session()
response = alkira_post(session, '/login', body)
return session
def alkira_post(session, uri, body):
url = f'{ALKIRA_BASE_URI}{uri}'
try:
response = session.post(url, data=json.dumps(body), headers=headers)
if response.status_code == 400:
logging.debug(response.content)
2022-06-14 21:56:02 +02:00
response.raise_for_status()
except Exception as e:
logging.error(f'Error: {str(e)}')
sys.exit(1)
return response
def alkira_get(session, uri):
url = f'{ALKIRA_BASE_URI}{uri}'
try:
response = session.get(url, headers=headers)
response.raise_for_status()
except Exception as e:
2022-06-17 12:45:57 +02:00
logging.error(f'Error: {str(e)}')
sys.exit(1)
2022-06-14 21:56:02 +02:00
return response
def alkira_delete(session, uri):
url = f'{ALKIRA_BASE_URI}{uri}'
try:
response = session.delete(url, headers=headers)
response.raise_for_status()
except Exception as e:
2022-06-17 12:45:57 +02:00
logging.error(f'Error: {str(e)}')
sys.exit(1)
2022-06-14 21:56:02 +02:00
return response
def alkira_service(session, connector_name):
fwcredential = f'fwcredential-{time.time()}'
body = {
"credentials": {
"userName": SERVICE_USERNAME,
"password": SERVICE_PASSWORD
},
"name": fwcredential
}
logging.debug(f'Received Connector: {connector_name}')
logging.info('=== Create Credentials')
if connector_name in service_credentials.keys():
credentials_url = service_credentials[connector_name]
logging.debug(f'URL: {credentials_url}')
response = alkira_post(session, f'/credentials/{credentials_url}', body)
json_body = response.json()
if response.status_code == 200:
2022-06-20 18:54:20 +02:00
service_credentialid = json_body['id']
logging.debug(f'credentialId: {service_credentialid}')
logging.info('=== Create Instance Credentials')
if connector_name in service_instance_credentials.keys():
credentials_url = service_instance_credentials[connector_name]
logging.debug(f'URL: {credentials_url}')
response = alkira_post(session, f'/credentials/{credentials_url}instance', body)
json_body = response.json()
if response.status_code == 200:
2022-06-20 18:54:20 +02:00
service_instance_credentialid = json_body['id']
logging.debug(f'instance credentialId: {service_instance_credentialid}')
2022-06-20 18:54:20 +02:00
return service_credentialid, service_instance_credentialid
2022-06-14 21:56:02 +02:00
# Authenticate
2022-06-20 20:34:54 +02:00
logging.info('=== Authenticating')
2022-06-14 21:56:02 +02:00
s = alkira_login()
logging.debug(s)
# Get TenantID
2022-06-20 20:34:54 +02:00
logging.info('=== Fetching Tenant Info')
2022-06-14 21:56:02 +02:00
r = alkira_get(s, '/tenantnetworks')
data = r.json()
tenantNetworkId = data[0]['id']
tenantName = data[0]['name']
logging.info(f'Tenant Name: {tenantName}')
logging.info(f'Tenant ID: {tenantNetworkId}')
2022-06-20 20:34:54 +02:00
# Get Credentials
logging.info('=== Fetching Credentials')
r = alkira_get(s, '/credentials')
data = r.json()
logging.debug(json.dumps(data))
for key in data:
if key['credentialType'].lower() in credential_types:
logging.debug(f"CredentialType: {key['credentialType']} - CredentialId: {key['credentialId']}")
credential_types[key['credentialType'].lower()] = key['credentialId']
2022-06-14 21:56:02 +02:00
# Push connectors
logging.info('=== Push Connectors')
2022-06-17 12:45:57 +02:00
for connector in config.sections():
section = config[connector]
2022-06-20 20:34:54 +02:00
connector_result = re.match(r'(\w+)(connectors|services)(\d+)', connector)
connector_type = connector_result.group(1)
connector_name = f'{connector_type}{connector_result.group(2)}'
connector_number = connector_result.group(3)
2022-06-17 12:45:57 +02:00
logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt')
config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt')
if 'service' in connector_name:
2022-06-20 18:54:20 +02:00
service_credentialid, service_instance_credentialid = alkira_service(s, connector_name)
logging.debug(f'Got credentialId: {service_credentialid} AND {service_instance_credentialid}')
2022-06-17 12:45:57 +02:00
with open (config_path, 'r') as f:
body = json.load(f)
2022-06-20 20:34:54 +02:00
if 'connectors' in connector_name and connector_type in credential_types and credential_types[connector_type]:
if 'credentialId' in body:
logging.debug(f"JSON credentialid: {body['credentialId']}")
logging.debug(f'API credentialid: {credential_types[connector_type]}')
body['credentialId'] = credential_types[connector_type]
if 'cxp' in body:
2022-06-20 20:34:54 +02:00
logging.debug(f"JSON cxp: {body['cxp']}")
if 'cxp' in section:
2022-06-20 20:34:54 +02:00
logging.debug(f"CONFIG cxp: {section['cxp']}")
body['cxp'] = section['cxp']
if 'segments' in body:
2022-06-20 20:34:54 +02:00
logging.debug(f"JSON segments: {body['segments'][0]}")
if 'segments' in section:
2022-06-20 20:34:54 +02:00
logging.debug(f"CONFIG segments: {section['segments']}")
body['segments'][0] = section['segments']
if 'group' in body:
2022-06-20 20:34:54 +02:00
logging.debug(f"JSON group: {body['group']}")
if 'group' in section:
logging.debug(f"CONFIG group: {section['group']}")
body['group'] = section['group']
if 'billingTags' in body:
2022-06-20 20:34:54 +02:00
logging.debug(f"JSON billingtags: {body['billingTags'][0]}")
if 'billingtags' in section:
2022-06-20 20:34:54 +02:00
logging.debug(f"CONFIG billingtags: {section['billingtags']}")
body['billingTags'][0] = section['billingtags']
2022-06-17 12:45:57 +02:00
2022-06-17 18:35:46 +02:00
if 'size' in body:
2022-06-20 20:34:54 +02:00
logging.debug(f"JSON size: {body['size']}")
2022-06-17 18:35:46 +02:00
if 'size' in section:
2022-06-20 20:34:54 +02:00
logging.debug(f"CONFIG size: {section['size']}")
body['size'] = section['size']
2022-06-17 18:35:46 +02:00
2022-06-20 18:54:20 +02:00
if 'credentialId' in body and 'service_credentialid' in locals():
2022-06-20 20:34:54 +02:00
logging.debug(f'API credentialid: {service_credentialid}')
2022-06-20 18:54:20 +02:00
body['credentialId'] = service_credentialid
2022-06-20 20:34:54 +02:00
if 'instances' in body and'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals():
logging.debug(f'API instance credentialid: {service_instance_credentialid}')
body['instances'][0]['credentialId'] = service_instance_credentialid
2022-06-17 12:45:57 +02:00
logging.debug(json.dumps(body))
2022-06-20 20:34:54 +02:00
logging.info(f"=== Pushing {body['name'][:30]} ({connector_name}) to {body['cxp']} (size: {body['size']}; segment: {body['segments'][0]})")
2022-06-20 18:54:20 +02:00
logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}')
if connector_name in url_exceptions.keys():
connector_name = url_exceptions[connector_name]
logging.debug(f'CONNECTOR AFTER AGAIN: {connector_name}')
2022-06-17 12:45:57 +02:00
r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body)
logging.info(r.status_code)
logging.debug(r.content)