extra config options
This commit is contained in:
parent
81ceb8dccd
commit
aece863458
@ -1,14 +1,16 @@
|
||||
{
|
||||
"name": "FW1",
|
||||
"name": "FW1-1",
|
||||
"cxp": "US-EAST-2",
|
||||
"segments": [
|
||||
"Corporate"
|
||||
],
|
||||
"segmentOptions": {
|
||||
"Corporate": {
|
||||
"DEFAULT": [
|
||||
"Users"
|
||||
]
|
||||
"zonesToGroups" : {
|
||||
"DEFAULT": [
|
||||
"Users"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"size": "LARGE",
|
||||
@ -27,7 +29,7 @@
|
||||
"domain": "",
|
||||
"segment": "Corporate",
|
||||
"segmentId": 1636,
|
||||
"globalCidrListId": "58"
|
||||
"globalCidrListId": ""
|
||||
},
|
||||
"tunnelProtocol": "IPSEC",
|
||||
"instances": [
|
||||
|
46
config/chkpfwservices2.txt
Normal file
46
config/chkpfwservices2.txt
Normal file
@ -0,0 +1,46 @@
|
||||
{
|
||||
"name": "FW1-2",
|
||||
"cxp": "US-EAST-2",
|
||||
"segments": [
|
||||
"Prod"
|
||||
],
|
||||
"segmentOptions": {
|
||||
"Prod": {
|
||||
"zonesToGroups" : {
|
||||
"DEFAULT": [
|
||||
"Development"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"size": "LARGE",
|
||||
"version": "R81",
|
||||
"credentialId": "",
|
||||
"autoScale": "OFF",
|
||||
"maxInstanceCount": 1,
|
||||
"minInstanceCount": 1,
|
||||
"managementServer": {
|
||||
"configurationMode": "MANUAL",
|
||||
"type": "SMS",
|
||||
"reachability": "PUBLIC",
|
||||
"ips": [
|
||||
"10.1.1.1"
|
||||
],
|
||||
"domain": "",
|
||||
"segment": "Prod",
|
||||
"segmentId": 1637,
|
||||
"globalCidrListId": ""
|
||||
},
|
||||
"tunnelProtocol": "IPSEC",
|
||||
"instances": [
|
||||
{
|
||||
"name": "FW1-instance-1",
|
||||
"credentialId": "",
|
||||
"cxp": "US-EAST-2"
|
||||
}
|
||||
],
|
||||
"licenseType": "PAY_AS_YOU_GO",
|
||||
"billingTags": [
|
||||
"343"
|
||||
]
|
||||
}
|
46
config/chkpfwservices3.txt
Normal file
46
config/chkpfwservices3.txt
Normal file
@ -0,0 +1,46 @@
|
||||
{
|
||||
"name": "FW1-3",
|
||||
"cxp": "US-EAST-2",
|
||||
"segments": [
|
||||
"Pre Prod"
|
||||
],
|
||||
"segmentOptions": {
|
||||
"Pre Prod": {
|
||||
"zonesToGroups" : {
|
||||
"DEFAULT": [
|
||||
"Development"
|
||||
]
|
||||
}
|
||||
}
|
||||
},
|
||||
"size": "LARGE",
|
||||
"version": "R81",
|
||||
"credentialId": "",
|
||||
"autoScale": "OFF",
|
||||
"maxInstanceCount": 1,
|
||||
"minInstanceCount": 1,
|
||||
"managementServer": {
|
||||
"configurationMode": "MANUAL",
|
||||
"type": "SMS",
|
||||
"reachability": "PUBLIC",
|
||||
"ips": [
|
||||
"10.1.1.1"
|
||||
],
|
||||
"domain": "",
|
||||
"segment": "Pre Prod",
|
||||
"segmentId": 1638,
|
||||
"globalCidrListId": ""
|
||||
},
|
||||
"tunnelProtocol": "IPSEC",
|
||||
"instances": [
|
||||
{
|
||||
"name": "FW1-instance-1",
|
||||
"credentialId": "",
|
||||
"cxp": "US-EAST-2"
|
||||
}
|
||||
],
|
||||
"licenseType": "PAY_AS_YOU_GO",
|
||||
"billingTags": [
|
||||
"343"
|
||||
]
|
||||
}
|
148
config/demo-chkp.cnf
Normal file
148
config/demo-chkp.cnf
Normal file
@ -0,0 +1,148 @@
|
||||
[ipsecconnectors1]
|
||||
cxp = US-EAST-2
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 333
|
||||
size = MEDIUM
|
||||
|
||||
[ipsecconnectors2]
|
||||
cxp = US-EAST-2
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[ipsecconnectors3]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 333
|
||||
size = MEDIUM
|
||||
|
||||
[ipsecconnectors4]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[internetconnectors1]
|
||||
cxp = US-EAST-2
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 333
|
||||
size = MEDIUM
|
||||
|
||||
[internetconnectors2]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[awsvpcconnectors1]
|
||||
cxp = US-EAST-2
|
||||
segments = Pre Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[awsvpcconnectors2]
|
||||
cxp = US-EAST-2
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 333
|
||||
size = LARGE
|
||||
|
||||
[awsvpcconnectors3]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[awsvpcconnectors4]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 333
|
||||
size = LARGE
|
||||
|
||||
[azurevnetconnectors1]
|
||||
cxp = US-EAST-2
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 343
|
||||
size = MEDIUM
|
||||
|
||||
[azurevnetconnectors2]
|
||||
cxp = US-EAST-2
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 333
|
||||
size = MEDIUM
|
||||
|
||||
[azurevnetconnectors3]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 343
|
||||
size = MEDIUM
|
||||
|
||||
[azurevnetconnectors4]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 333
|
||||
size = MEDIUM
|
||||
|
||||
[gcpvpcconnectors1]
|
||||
cxp = US-EAST-2
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[gcpvpcconnectors2]
|
||||
cxp = US-EAST-2
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 333
|
||||
size = LARGE
|
||||
|
||||
[gcpvpcconnectors3]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 343
|
||||
size = MEDIUM
|
||||
|
||||
[gcpvpcconnectors4]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 343
|
||||
size = MEDIUM
|
||||
|
||||
[ocivcnconnectors1]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Corporate
|
||||
group = Users
|
||||
billingtags = 333
|
||||
size = MEDIUM
|
||||
|
||||
[ocivcnconnectors2]
|
||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||
segments = Prod
|
||||
group = Development
|
||||
billingtags = 343
|
||||
size = LARGE
|
||||
|
||||
[chkpfwservices1.txt]
|
||||
cxp = US-EAST-2
|
||||
|
||||
[chkpfwservices2.txt]
|
||||
cxp = US-EAST-2
|
||||
|
||||
[chkpfwservices3.txt]
|
||||
cxp = US-EAST-2
|
@ -1,2 +1,2 @@
|
||||
[chkpfwservices1.txt]
|
||||
[chkpfwservices3.txt]
|
||||
cxp = US-EAST-2
|
||||
|
@ -5,3 +5,8 @@ ALKIRA_PASSWORD = <password>
|
||||
[services]
|
||||
SERVICE_USERNAME = admin
|
||||
SERVICE_PASSWORD = Blabla123
|
||||
[globalcidr]
|
||||
CIDR_NAME = Global CIDR
|
||||
CIDR_DESCR = Demo Prefix
|
||||
CIDR_PREFIX = 100.64.0.0/24
|
||||
CIDR_CXP = US-EAST-2
|
||||
|
104
push-debug.py
104
push-debug.py
@ -41,7 +41,6 @@ try:
|
||||
args = parser.parse_args()
|
||||
ALKIRA_CONFIG = args.tenant
|
||||
json_file = args.file
|
||||
|
||||
except argparse.ArgumentError as e:
|
||||
print(str(e))
|
||||
sys.exit()
|
||||
@ -71,33 +70,48 @@ ALKIRA_TENANT = alkira.get('alkira', 'ALKIRA_TENANT')
|
||||
ALKIRA_USERNAME = alkira.get('alkira', 'ALKIRA_USERNAME')
|
||||
ALKIRA_PASSWORD = alkira.get('alkira', 'ALKIRA_PASSWORD')
|
||||
ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
|
||||
SERVICE_USERNAME = alkira.get('services', 'SERVICE_USERNAME')
|
||||
SERVICE_PASSWORD = alkira.get('services', 'SERVICE_PASSWORD')
|
||||
CIDR_NAME = alkira.get('globalcidr', 'CIDR_NAME')
|
||||
CIDR_DESCR = alkira.get('globalcidr', 'CIDR_DESCR')
|
||||
CIDR_PREFIX = alkira.get('globalcidr', 'CIDR_PREFIX')
|
||||
CIDR_CXP = alkira.get('globalcidr', 'CIDR_CXP')
|
||||
|
||||
###############################################
|
||||
|
||||
# Set default headers
|
||||
headers = {'Content-Type': "application/json"}
|
||||
|
||||
# Naming exceptions
|
||||
# URL Exceptions
|
||||
url_exceptions = {
|
||||
"saas": "internet",
|
||||
"pan": "panfw",
|
||||
"ftntfw": "ftnt-fw-",
|
||||
"ftntfwservices": "ftnt-fw-services",
|
||||
"chkpfw": "chkp-fw-",
|
||||
"chkpfwservices": "chkp-fw-services",
|
||||
"ocivcnconnectors": "oci-vcn-connectors",
|
||||
"ftntfwservices": "ftnt-fw-services"
|
||||
}
|
||||
|
||||
# URL Exceptions creating credentials
|
||||
service_credentials = {
|
||||
"panfwservices": "pan",
|
||||
"ftntfwservices": "ftntfw"
|
||||
"ftntfwservices": "ftntfw",
|
||||
"chkpfwservices": "chkp-fw"
|
||||
}
|
||||
|
||||
# URL Exceptions creating instance credentials
|
||||
service_instance_credentials = {
|
||||
"ftntfwservices": "ftntfw-"
|
||||
"ftntfwservices": "ftntfw-",
|
||||
"chkpfwservices": "chkp-fw-"
|
||||
}
|
||||
|
||||
# Global CIDR
|
||||
service_global_cidr = [
|
||||
"chkpfwservices"
|
||||
]
|
||||
|
||||
# Authenticate
|
||||
logging.info('=== Authenticating')
|
||||
body = {'userName': ALKIRA_USERNAME,
|
||||
'password': ALKIRA_PASSWORD}
|
||||
url = f'{ALKIRA_BASE_URI}/login'
|
||||
@ -105,6 +119,7 @@ session = requests.session()
|
||||
response = session.post(url, data=json.dumps(body), headers=headers)
|
||||
|
||||
# Get TenantID
|
||||
logging.info('=== Fetching Tenant Info')
|
||||
url = f'{ALKIRA_BASE_URI}/tenantnetworks'
|
||||
response = session.get(url, headers=headers)
|
||||
data = response.json()
|
||||
@ -113,49 +128,77 @@ tenantName = data[0]['name']
|
||||
logging.info(f'Tenant Name: {tenantName}')
|
||||
logging.info(f'Tenant ID: {tenantNetworkId}')
|
||||
|
||||
# Do Things
|
||||
# Push connector
|
||||
logging.info('=== Push Connector')
|
||||
connector_result = re.match(r'(\w+)(\d+)', json_file)
|
||||
connector_name = connector_result.group(1)
|
||||
connector_number = connector_result.group(2)
|
||||
logging.debug(f'Connector Name: {connector_name} - Number: {connector_number}')
|
||||
|
||||
if connector_name in service_credentials.keys():
|
||||
print('=== Create Credentials')
|
||||
credentials_url = service_credentials[connector_name]
|
||||
fwcredential = f'fwcredentials-{time.time()}'
|
||||
body = {
|
||||
"credentials": {
|
||||
"userName": "admin",
|
||||
"password": "Blabla123"
|
||||
"userName": SERVICE_USERNAME,
|
||||
"password": SERVICE_PASSWORD
|
||||
},
|
||||
"name": "fwcredentials14"
|
||||
"name": fwcredential
|
||||
}
|
||||
|
||||
if args.pretty:
|
||||
print(json.dumps(body, indent=4))
|
||||
else:
|
||||
print(json.dumps(body))
|
||||
|
||||
print('=== Create Credentials')
|
||||
url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}'
|
||||
print(url)
|
||||
response = session.post(url, data=json.dumps(body), headers=headers)
|
||||
print(response.status_code)
|
||||
print(response.content)
|
||||
json_body = response.json()
|
||||
if response.status_code == 200:
|
||||
fw_id = json_body['id']
|
||||
print(f'credentialId: {fw_id}')
|
||||
service_credentialid = json_body['id']
|
||||
print(f'credentialId: {service_credentialid}')
|
||||
|
||||
if connector_name in service_instance_credentials.keys():
|
||||
credentials_url = service_instance_credentials[connector_name]
|
||||
|
||||
print('=== Create Instance Credentials')
|
||||
url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance'
|
||||
print(url)
|
||||
response = session.post(url, data=json.dumps(body), headers=headers)
|
||||
print(response.status_code)
|
||||
print(response.content)
|
||||
json_body = response.json()
|
||||
if response.status_code == 200:
|
||||
instance_id = json_body['id']
|
||||
print(f'instance credentialId: {instance_id}')
|
||||
service_instance_credentialid = json_body['id']
|
||||
print(f'instance credentialId: {service_instance_credentialid}')
|
||||
|
||||
if connector_name in service_global_cidr:
|
||||
print('=== Create Global CIDR')
|
||||
body = {
|
||||
"name": CIDR_NAME,
|
||||
"description": CIDR_DESCR,
|
||||
"values": [
|
||||
CIDR_PREFIX
|
||||
],
|
||||
"cxp": CIDR_CXP
|
||||
}
|
||||
if args.pretty:
|
||||
print(json.dumps(body, indent=4))
|
||||
else:
|
||||
print(json.dumps(body))
|
||||
|
||||
url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/global-cidr-lists'
|
||||
print(url)
|
||||
response = session.post(url, data=json.dumps(body), headers=headers)
|
||||
print(response.status_code)
|
||||
print(response.content)
|
||||
json_body = response.json()
|
||||
if response.status_code == 201:
|
||||
global_cidr_id = json_body['id']
|
||||
print(f'global cidr id: {global_cidr_id}')
|
||||
|
||||
with open (json_file, 'r') as f:
|
||||
body = json.load(f)
|
||||
@ -164,12 +207,16 @@ if connector_name in url_exceptions.keys():
|
||||
connector_name = url_exceptions[connector_name]
|
||||
|
||||
if 'credentialId' in body:
|
||||
body['credentialId'] = fw_id
|
||||
print(f'JSON credentialId: {fw_id}')
|
||||
body['credentialId'] = service_credentialid
|
||||
print(f'JSON credentialId: {service_credentialid}')
|
||||
|
||||
if 'instances' in body:
|
||||
body['instances'][0]['credentialId'] = instance_id
|
||||
print(f'JSON credentialId: {instance_id}')
|
||||
body['instances'][0]['credentialId'] = service_instance_credentialid
|
||||
print(f'JSON credentialId: {service_instance_credentialid}')
|
||||
|
||||
if 'managementServer' in body:
|
||||
body['managementServer']['globalCidrListId'] = global_cidr_id
|
||||
print(f'JSON globalCidrListId: {global_cidr_id}')
|
||||
|
||||
if args.pretty:
|
||||
print(json.dumps(body, indent=4))
|
||||
@ -181,20 +228,3 @@ url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/{connector_name}'
|
||||
response = session.post(url, data=json.dumps(body), headers=headers)
|
||||
print(response.status_code)
|
||||
print(response.content)
|
||||
|
||||
if response.status_code == 400:
|
||||
print(f'=== Remove credential {fw_id}')
|
||||
url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}/{fw_id}'
|
||||
response = session.delete(url, headers=headers)
|
||||
print(response.status_code)
|
||||
print(response.content)
|
||||
|
||||
if connector_name in service_instance_credentials.keys():
|
||||
credential_url = service_instance_credentials[connector_name]
|
||||
|
||||
print(f'=== Remove instance credential {instance_id}')
|
||||
url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance/{instance_id}'
|
||||
response = session.delete(url, headers=headers)
|
||||
print(response.status_code)
|
||||
print(response.content)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user