2022-07-05 19:22:37 +02:00
|
|
|
#!/usr/bin/env python3
|
|
|
|
#
|
|
|
|
# Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira.
|
|
|
|
# push-debug.py
|
|
|
|
# Version 0.1 - 20220617 - initial release
|
|
|
|
# Version 0.2 - 20220621 - simplified structure, generic
|
|
|
|
#
|
|
|
|
# Permission to use, copy, modify, and distribute this software for any
|
|
|
|
# purpose with or without fee is hereby granted, provided that the above
|
|
|
|
# copyright notice and this permission notice appear in all copies.
|
|
|
|
#
|
|
|
|
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
|
|
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
|
|
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
|
|
|
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
|
|
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
|
|
|
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
|
|
|
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
|
|
#
|
|
|
|
import os
|
|
|
|
import sys
|
|
|
|
import re
|
|
|
|
import json
|
|
|
|
import time
|
|
|
|
import logging
|
|
|
|
import requests
|
|
|
|
import configparser
|
|
|
|
import argparse
|
|
|
|
|
|
|
|
# Parse all arguments
|
|
|
|
parser = argparse.ArgumentParser(description="Push single JSON file to AlkiraAPI (debug)")
|
|
|
|
parser.add_argument("-t", "--tenant", type=str, default='alkira.cnf', help="location of alikira.cnf (default: alkira.cnfi)")
|
|
|
|
parser.add_argument("-f", "--file", type=str, help="location of the JSON connector file")
|
|
|
|
parser.add_argument("-p", "--pretty", help="make the JSON pretty!", action="store_true")
|
|
|
|
parser.add_argument("-v", "--verbose", type=int, default=0, help="Verbose level 0 or 1 (default: 0)")
|
|
|
|
|
|
|
|
if len(sys.argv)==1:
|
|
|
|
parser.print_help(sys.stderr)
|
|
|
|
sys.exit(1)
|
|
|
|
|
|
|
|
try:
|
|
|
|
args = parser.parse_args()
|
|
|
|
ALKIRA_CONFIG = args.tenant
|
|
|
|
connector = args.file
|
|
|
|
except argparse.ArgumentError as e:
|
|
|
|
print(str(e))
|
|
|
|
sys.exit()
|
|
|
|
|
|
|
|
try:
|
|
|
|
loglevel = {
|
|
|
|
0: logging.INFO,
|
|
|
|
1: logging.DEBUG
|
|
|
|
}[args.verbose]
|
|
|
|
except KeyError:
|
|
|
|
loglevel = logging.INFO
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
|
|
|
# Set loglevel (logging.INFO, logging.DEBUG)
|
|
|
|
logging.basicConfig(level=loglevel)
|
|
|
|
logging = logging.getLogger('AlkiraAPI')
|
|
|
|
|
|
|
|
# Tenant config
|
|
|
|
if not os.path.isfile(ALKIRA_CONFIG):
|
|
|
|
logging.error(f"The config file {ALKIRA_CONFIG} doesn't exist")
|
|
|
|
sys.exit(1)
|
|
|
|
alkira = configparser.RawConfigParser()
|
|
|
|
alkira.read(ALKIRA_CONFIG)
|
|
|
|
|
|
|
|
ALKIRA_TENANT = alkira.get('alkira', 'ALKIRA_TENANT')
|
|
|
|
ALKIRA_USERNAME = alkira.get('alkira', 'ALKIRA_USERNAME')
|
|
|
|
ALKIRA_PASSWORD = alkira.get('alkira', 'ALKIRA_PASSWORD')
|
|
|
|
ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
|
|
|
|
AWS_SERVICE_USERNAME = alkira.get('services', 'AWS_SERVICE_USERNAME')
|
|
|
|
SERVICE_PASSWORD = alkira.get('services', 'SERVICE_PASSWORD')
|
|
|
|
CIDR_NAME = alkira.get('globalcidr', 'CIDR_NAME')
|
|
|
|
CIDR_DESCR = alkira.get('globalcidr', 'CIDR_DESCR')
|
|
|
|
CIDR_PREFIX = alkira.get('globalcidr', 'CIDR_PREFIX')
|
|
|
|
CIDR_CXP = alkira.get('globalcidr', 'CIDR_CXP')
|
|
|
|
|
|
|
|
###############################################
|
|
|
|
|
|
|
|
# Set default headers
|
|
|
|
headers = {'Content-Type': "application/json"}
|
|
|
|
|
|
|
|
# URL Exceptions
|
|
|
|
url_exceptions = {
|
|
|
|
"saas": "internet",
|
|
|
|
"pan": "panfw",
|
|
|
|
"chkpfwservices": "chkp-fw-services",
|
|
|
|
"ftntfwservices": "ftnt-fw-services",
|
2022-07-08 22:16:16 +02:00
|
|
|
"ocivcnconnectors": "oci-vcn-connectors",
|
2022-07-05 19:22:37 +02:00
|
|
|
"remoteaccessconnectors": "alkira-remote-access-connector-templates"
|
|
|
|
}
|
|
|
|
|
|
|
|
# URL Exceptions creating credentials
|
|
|
|
service_credentials = {
|
2022-07-08 22:16:16 +02:00
|
|
|
"chkpfwservices": "chkp-fw",
|
2022-07-05 19:22:37 +02:00
|
|
|
"ftntfwservices": "ftntfw",
|
2022-07-08 22:16:16 +02:00
|
|
|
"panfwservices": "pan"
|
2022-07-05 19:22:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# URL Exceptions creating instance credentials
|
|
|
|
service_instance_credentials = {
|
2022-07-08 22:16:16 +02:00
|
|
|
"chkpfwservices": "chkp-fw-",
|
|
|
|
"ftntfwservices": "ftntfw-"
|
2022-07-05 19:22:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# Global CIDR
|
|
|
|
service_global_cidr = [
|
2022-07-08 22:16:16 +02:00
|
|
|
"chkpfwservices",
|
|
|
|
"ftntfwservices",
|
|
|
|
"panfwservices"
|
2022-07-05 19:22:37 +02:00
|
|
|
]
|
|
|
|
|
|
|
|
# Credential Types
|
|
|
|
credential_types = {
|
|
|
|
"awsvpc": "",
|
|
|
|
"azurevnet": "",
|
|
|
|
"gcpvpc": "",
|
|
|
|
"ocivcn": "",
|
|
|
|
}
|
|
|
|
|
|
|
|
# Authenticate
|
|
|
|
logging.info('=== Authenticating')
|
|
|
|
body = {'userName': ALKIRA_USERNAME,
|
|
|
|
'password': ALKIRA_PASSWORD}
|
|
|
|
url = f'{ALKIRA_BASE_URI}/login'
|
|
|
|
session = requests.session()
|
|
|
|
response = session.post(url, data=json.dumps(body), headers=headers)
|
|
|
|
|
|
|
|
# Get TenantID
|
|
|
|
logging.info('=== Fetching Tenant Info')
|
|
|
|
url = f'{ALKIRA_BASE_URI}/tenantnetworks'
|
|
|
|
response = session.get(url, headers=headers)
|
|
|
|
data = response.json()
|
|
|
|
tenantNetworkId = data[0]['id']
|
|
|
|
tenantName = data[0]['name']
|
|
|
|
logging.info(f'Tenant Name: {tenantName}')
|
|
|
|
logging.info(f'Tenant ID: {tenantNetworkId}')
|
|
|
|
|
|
|
|
# Get Credentials
|
|
|
|
logging.info('=== Fetching Credentials')
|
|
|
|
url = f'{ALKIRA_BASE_URI}/credentials'
|
|
|
|
response = session.get(url, headers=headers)
|
|
|
|
data = response.json()
|
|
|
|
logging.debug(json.dumps(data))
|
|
|
|
for key in data:
|
|
|
|
if key['credentialType'].lower() in credential_types:
|
|
|
|
logging.debug(f"CredentialType: {key['credentialType']} - CredentialId: {key['credentialId']}")
|
|
|
|
credential_types[key['credentialType'].lower()] = key['credentialId']
|
|
|
|
|
|
|
|
# Push connector
|
|
|
|
logging.info('=== Push Connector')
|
|
|
|
connector_result = re.match(r'(\w+\/)?(\w+)(connectors|services)(\d+)', connector)
|
|
|
|
if connector_result.group(1):
|
|
|
|
config_path = connector_result.group(1)
|
|
|
|
connector_type = connector_result.group(2)
|
|
|
|
connector_name = f'{connector_type}{connector_result.group(3)}'
|
|
|
|
connector_number = connector_result.group(4)
|
|
|
|
logging.info(f'Name: {connector_name} #{connector_number}')
|
|
|
|
|
|
|
|
if connector_name in service_credentials.keys():
|
|
|
|
print('=== Create Credentials')
|
|
|
|
credentials_url = service_credentials[connector_name]
|
|
|
|
fwcredential = f'fwcredentials-{time.time()}'
|
|
|
|
body = {
|
|
|
|
"credentials": {
|
|
|
|
"userName": AWS_SERVICE_USERNAME,
|
|
|
|
"password": SERVICE_PASSWORD
|
|
|
|
},
|
|
|
|
"name": fwcredential
|
|
|
|
}
|
|
|
|
if args.pretty:
|
|
|
|
print(json.dumps(body, indent=4))
|
|
|
|
else:
|
|
|
|
print(json.dumps(body))
|
|
|
|
|
|
|
|
url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}'
|
|
|
|
print(url)
|
|
|
|
response = session.post(url, data=json.dumps(body), headers=headers)
|
|
|
|
print(response.status_code)
|
|
|
|
print(response.content)
|
|
|
|
json_body = response.json()
|
|
|
|
if response.status_code == 200:
|
|
|
|
service_credentialid = json_body['id']
|
|
|
|
print(f'credentialId: {service_credentialid}')
|
|
|
|
|
|
|
|
if connector_name in service_instance_credentials.keys():
|
|
|
|
credentials_url = service_instance_credentials[connector_name]
|
|
|
|
|
|
|
|
print('=== Create Instance Credentials')
|
|
|
|
url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance'
|
|
|
|
print(url)
|
|
|
|
response = session.post(url, data=json.dumps(body), headers=headers)
|
|
|
|
print(response.status_code)
|
|
|
|
print(response.content)
|
|
|
|
json_body = response.json()
|
|
|
|
if response.status_code == 200:
|
|
|
|
service_instance_credentialid = json_body['id']
|
|
|
|
print(f'instance credentialId: {service_instance_credentialid}')
|
|
|
|
|
|
|
|
if connector_name in service_global_cidr:
|
|
|
|
print('=== Create Global CIDR')
|
|
|
|
body = {
|
|
|
|
"name": CIDR_NAME,
|
|
|
|
"description": CIDR_DESCR,
|
|
|
|
"values": [
|
|
|
|
CIDR_PREFIX
|
|
|
|
],
|
|
|
|
"cxp": CIDR_CXP
|
|
|
|
}
|
|
|
|
if args.pretty:
|
|
|
|
print(json.dumps(body, indent=4))
|
|
|
|
else:
|
|
|
|
print(json.dumps(body))
|
|
|
|
|
|
|
|
url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/global-cidr-lists'
|
|
|
|
print(url)
|
|
|
|
response = session.post(url, data=json.dumps(body), headers=headers)
|
|
|
|
print(response.status_code)
|
|
|
|
print(response.content)
|
|
|
|
json_body = response.json()
|
|
|
|
if response.status_code == 201:
|
|
|
|
global_cidr_id = json_body['id']
|
|
|
|
print(f'global cidr id: {global_cidr_id}')
|
|
|
|
|
|
|
|
with open (connector, 'r') as f:
|
|
|
|
body = json.load(f)
|
|
|
|
|
|
|
|
if 'connectors' in connector_name and connector_type in credential_types and credential_types[connector_type]:
|
|
|
|
if 'credentialId' in body:
|
|
|
|
logging.debug(f"JSON credentialid: {body['credentialId']}")
|
|
|
|
logging.debug(f'API credentialid: {credential_types[connector_type]}')
|
|
|
|
body['credentialId'] = credential_types[connector_type]
|
|
|
|
|
|
|
|
if 'services' in connector_name and 'credentialId' in body:
|
|
|
|
body['credentialId'] = service_credentialid
|
|
|
|
print(f'JSON credentialId: {service_credentialid}')
|
|
|
|
|
|
|
|
if 'services' in connector_name and 'instances' in body:
|
|
|
|
body['instances'][0]['credentialId'] = service_instance_credentialid
|
|
|
|
print(f'JSON credentialId: {service_instance_credentialid}')
|
|
|
|
|
|
|
|
if 'services' in connector_name and 'managementServer' in body:
|
|
|
|
body['managementServer']['globalCidrListId'] = global_cidr_id
|
|
|
|
print(f'JSON globalCidrListId: {global_cidr_id}')
|
|
|
|
|
|
|
|
if args.pretty:
|
|
|
|
print(json.dumps(body, indent=4))
|
|
|
|
else:
|
|
|
|
print(json.dumps(body))
|
|
|
|
|
|
|
|
if connector_name in url_exceptions.keys():
|
|
|
|
connector_name = url_exceptions[connector_name]
|
|
|
|
|
|
|
|
print(f'=== Create {connector_name}')
|
|
|
|
url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/{connector_name}'
|
|
|
|
response = session.post(url, data=json.dumps(body), headers=headers)
|
|
|
|
print(response.status_code)
|
|
|
|
print(response.content)
|