extra config options

config/chkpfwservices1.txt

@@ -1,14 +1,16 @@
 {
-    "name": "FW1",
+    "name": "FW1-1",
     "cxp": "US-EAST-2",
     "segments": [
         "Corporate"
     ],
     "segmentOptions": {
         "Corporate": {
-            "DEFAULT": [
+            "zonesToGroups" : {
-                "Users"
+                "DEFAULT": [
-            ]
+                    "Users"
+                ]
+            }
         }
     },
     "size": "LARGE",
@@ -27,7 +29,7 @@
         "domain": "",
         "segment": "Corporate",
         "segmentId": 1636,
-        "globalCidrListId": "58"
+        "globalCidrListId": ""
     },
     "tunnelProtocol": "IPSEC",
     "instances": [

config/chkpfwservices2.txt

@@ -0,0 +1,46 @@
+{
+    "name": "FW1-2",
+    "cxp": "US-EAST-2",
+    "segments": [
+        "Prod"
+    ],
+    "segmentOptions": {
+        "Prod": {
+            "zonesToGroups" : {
+                "DEFAULT": [
+                    "Development"
+                ]
+            }
+        }
+    },
+    "size": "LARGE",
+    "version": "R81",
+    "credentialId": "",
+    "autoScale": "OFF",
+    "maxInstanceCount": 1,
+    "minInstanceCount": 1,
+    "managementServer": {
+        "configurationMode": "MANUAL",
+        "type": "SMS",
+        "reachability": "PUBLIC",
+        "ips": [
+            "10.1.1.1"
+        ],
+        "domain": "",
+        "segment": "Prod",
+        "segmentId": 1637,
+        "globalCidrListId": ""
+    },
+    "tunnelProtocol": "IPSEC",
+    "instances": [
+        {
+            "name": "FW1-instance-1",
+            "credentialId": "",
+            "cxp": "US-EAST-2"
+        }
+    ],
+    "licenseType": "PAY_AS_YOU_GO",
+    "billingTags": [
+        "343"
+    ]
+}

config/chkpfwservices3.txt

@@ -0,0 +1,46 @@
+{
+    "name": "FW1-3",
+    "cxp": "US-EAST-2",
+    "segments": [
+        "Pre Prod"
+    ],
+    "segmentOptions": {
+        "Pre Prod": {
+            "zonesToGroups" : {
+                "DEFAULT": [
+                    "Development"
+                ]
+            }
+        }
+    },
+    "size": "LARGE",
+    "version": "R81",
+    "credentialId": "",
+    "autoScale": "OFF",
+    "maxInstanceCount": 1,
+    "minInstanceCount": 1,
+    "managementServer": {
+        "configurationMode": "MANUAL",
+        "type": "SMS",
+        "reachability": "PUBLIC",
+        "ips": [
+            "10.1.1.1"
+        ],
+        "domain": "",
+        "segment": "Pre Prod",
+        "segmentId": 1638,
+        "globalCidrListId": ""
+    },
+    "tunnelProtocol": "IPSEC",
+    "instances": [
+        {
+            "name": "FW1-instance-1",
+            "credentialId": "",
+            "cxp": "US-EAST-2"
+        }
+    ],
+    "licenseType": "PAY_AS_YOU_GO",
+    "billingTags": [
+        "343"
+    ]
+}

config/demo-chkp.cnf

@@ -0,0 +1,148 @@
+[ipsecconnectors1]
+cxp = US-EAST-2
+segments = Corporate
+group = Users
+billingtags = 333
+size = MEDIUM
+
+[ipsecconnectors2]
+cxp = US-EAST-2
+segments = Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[ipsecconnectors3]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Corporate
+group = Users
+billingtags = 333
+size = MEDIUM
+
+[ipsecconnectors4]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[internetconnectors1]
+cxp = US-EAST-2
+segments = Corporate
+group = Users
+billingtags = 333
+size = MEDIUM
+
+[internetconnectors2]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[awsvpcconnectors1]
+cxp = US-EAST-2
+segments = Pre Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[awsvpcconnectors2]
+cxp = US-EAST-2
+segments = Prod
+group = Development
+billingtags = 333
+size = LARGE
+
+[awsvpcconnectors3]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[awsvpcconnectors4]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Prod
+group = Development
+billingtags = 333
+size = LARGE
+
+[azurevnetconnectors1]
+cxp = US-EAST-2
+segments = Corporate
+group = Users
+billingtags = 343
+size = MEDIUM
+
+[azurevnetconnectors2]
+cxp = US-EAST-2
+segments = Corporate
+group = Users
+billingtags = 333
+size = MEDIUM
+
+[azurevnetconnectors3]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Corporate
+group = Users
+billingtags = 343
+size = MEDIUM
+
+[azurevnetconnectors4]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Corporate
+group = Users
+billingtags = 333
+size = MEDIUM
+
+[gcpvpcconnectors1]
+cxp = US-EAST-2
+segments = Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[gcpvpcconnectors2]
+cxp = US-EAST-2
+segments = Prod
+group = Development
+billingtags = 333
+size = LARGE
+
+[gcpvpcconnectors3]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Corporate
+group = Users
+billingtags = 343
+size = MEDIUM
+
+[gcpvpcconnectors4]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Corporate
+group = Users
+billingtags = 343
+size = MEDIUM
+
+[ocivcnconnectors1]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Corporate
+group = Users
+billingtags = 333
+size = MEDIUM
+
+[ocivcnconnectors2]
+cxp = GERMANYWESTCENTRAL-AZURE-1
+segments = Prod
+group = Development
+billingtags = 343
+size = LARGE
+
+[chkpfwservices1.txt]
+cxp = US-EAST-2
+
+[chkpfwservices2.txt]
+cxp = US-EAST-2
+
+[chkpfwservices3.txt]
+cxp = US-EAST-2

config/single.cnf

@@ -1,2 +1,2 @@
-[chkpfwservices1.txt]
+[chkpfwservices3.txt]
 cxp = US-EAST-2

example.cnf

@@ -5,3 +5,8 @@ ALKIRA_PASSWORD = <password>
 [services]
 SERVICE_USERNAME = admin
 SERVICE_PASSWORD = Blabla123
+[globalcidr]
+CIDR_NAME = Global CIDR
+CIDR_DESCR = Demo Prefix
+CIDR_PREFIX = 100.64.0.0/24
+CIDR_CXP = US-EAST-2

push-debug.py

@@ -41,7 +41,6 @@ try:
 	args = parser.parse_args()
 	ALKIRA_CONFIG = args.tenant
 	json_file = args.file
-
 except argparse.ArgumentError as e:
 	print(str(e))
 	sys.exit()
@@ -71,33 +70,48 @@ ALKIRA_TENANT = alkira.get('alkira', 'ALKIRA_TENANT')
 ALKIRA_USERNAME = alkira.get('alkira', 'ALKIRA_USERNAME')
 ALKIRA_PASSWORD = alkira.get('alkira', 'ALKIRA_PASSWORD')
 ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
+SERVICE_USERNAME = alkira.get('services', 'SERVICE_USERNAME')
+SERVICE_PASSWORD = alkira.get('services', 'SERVICE_PASSWORD')
+CIDR_NAME = alkira.get('globalcidr', 'CIDR_NAME')
+CIDR_DESCR = alkira.get('globalcidr', 'CIDR_DESCR')
+CIDR_PREFIX = alkira.get('globalcidr', 'CIDR_PREFIX')
+CIDR_CXP = alkira.get('globalcidr', 'CIDR_CXP')
 
 ###############################################
 
 # Set default headers
 headers = {'Content-Type': "application/json"}
 
-# Naming exceptions
+# URL Exceptions
 url_exceptions = {
 	"saas": "internet",
 	"pan": "panfw",
-	"ftntfw": "ftnt-fw-",
 	"ftntfwservices": "ftnt-fw-services",
-	"chkpfw": "chkp-fw-",
+	"chkpfwservices": "chkp-fw-services",
 	"ocivcnconnectors": "oci-vcn-connectors",
 	"ftntfwservices": "ftnt-fw-services"
 	}
 
+# URL Exceptions creating credentials
 service_credentials = {
 	"panfwservices": "pan",
-	"ftntfwservices": "ftntfw"
+	"ftntfwservices": "ftntfw",
+	"chkpfwservices": "chkp-fw"
 	}
 
+# URL Exceptions creating instance credentials
 service_instance_credentials = {
-	"ftntfwservices": "ftntfw-"
+	"ftntfwservices": "ftntfw-",
+	"chkpfwservices": "chkp-fw-"
 	}
 
+# Global CIDR
+service_global_cidr = [
+	"chkpfwservices"
+	]
+
 # Authenticate
+logging.info('=== Authenticating')
 body = {'userName': ALKIRA_USERNAME,
 	'password': ALKIRA_PASSWORD}
 url = f'{ALKIRA_BASE_URI}/login'
@@ -105,6 +119,7 @@ session = requests.session()
 response = session.post(url, data=json.dumps(body), headers=headers)
 
 # Get TenantID
+logging.info('=== Fetching Tenant Info')
 url = f'{ALKIRA_BASE_URI}/tenantnetworks'
 response = session.get(url, headers=headers)
 data = response.json()
@@ -113,49 +128,77 @@ tenantName = data[0]['name']
 logging.info(f'Tenant Name: {tenantName}')
 logging.info(f'Tenant ID: {tenantNetworkId}')
 
-# Do Things
+# Push connector
+logging.info('=== Push Connector')
 connector_result = re.match(r'(\w+)(\d+)', json_file)
 connector_name = connector_result.group(1)
 connector_number = connector_result.group(2)
 logging.debug(f'Connector Name: {connector_name} - Number: {connector_number}')
 
 if connector_name in service_credentials.keys():
+	print('=== Create Credentials')
 	credentials_url = service_credentials[connector_name]
+	fwcredential = f'fwcredentials-{time.time()}'
 	body = {
 		"credentials": {
-			"userName": "admin",
+			"userName": SERVICE_USERNAME,
-			"password": "Blabla123"
+			"password": SERVICE_PASSWORD
 		},
-		"name": "fwcredentials14"
+		"name": fwcredential
 	}
-
 	if args.pretty:
 		print(json.dumps(body, indent=4))
 	else:
 		print(json.dumps(body))
 
-	print('=== Create Credentials')
 	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}'
+	print(url)
 	response = session.post(url, data=json.dumps(body), headers=headers)
 	print(response.status_code)
 	print(response.content)
 	json_body = response.json()
 	if response.status_code == 200:
-		fw_id = json_body['id']
+		service_credentialid = json_body['id']
-		print(f'credentialId: {fw_id}')
+		print(f'credentialId: {service_credentialid}')
 
 	if connector_name in service_instance_credentials.keys():
 		credentials_url = service_instance_credentials[connector_name]
 
 	print('=== Create Instance Credentials')
 	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance'
+	print(url)
 	response = session.post(url, data=json.dumps(body), headers=headers)
 	print(response.status_code)
 	print(response.content)
 	json_body = response.json()
 	if response.status_code == 200:
-		instance_id = json_body['id']
+		service_instance_credentialid = json_body['id']
-		print(f'instance credentialId: {instance_id}')
+		print(f'instance credentialId: {service_instance_credentialid}')
+
+if connector_name in service_global_cidr:
+	print('=== Create Global CIDR')
+	body = {
+		"name": CIDR_NAME,
+		"description": CIDR_DESCR,
+		"values": [
+			CIDR_PREFIX
+		],
+		"cxp": CIDR_CXP
+	}
+	if args.pretty:
+		print(json.dumps(body, indent=4))
+	else:
+		print(json.dumps(body))
+
+	url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/global-cidr-lists'
+	print(url)
+	response = session.post(url, data=json.dumps(body), headers=headers)
+	print(response.status_code)
+	print(response.content)
+	json_body = response.json()
+	if response.status_code == 201:
+		global_cidr_id = json_body['id']
+		print(f'global cidr id: {global_cidr_id}')
 
 with open (json_file, 'r') as f:
 	body = json.load(f)
@@ -164,12 +207,16 @@ if connector_name in url_exceptions.keys():
 	connector_name = url_exceptions[connector_name]
 
 if 'credentialId' in body:
-	body['credentialId'] = fw_id
+	body['credentialId'] = service_credentialid
-	print(f'JSON credentialId: {fw_id}')
+	print(f'JSON credentialId: {service_credentialid}')
 
 if 'instances' in body:
-	body['instances'][0]['credentialId'] = instance_id
+	body['instances'][0]['credentialId'] = service_instance_credentialid
-	print(f'JSON credentialId: {instance_id}')
+	print(f'JSON credentialId: {service_instance_credentialid}')
+
+if 'managementServer' in body:
+	body['managementServer']['globalCidrListId'] = global_cidr_id
+	print(f'JSON globalCidrListId: {global_cidr_id}')
 
 if args.pretty:
 	print(json.dumps(body, indent=4))
@@ -181,20 +228,3 @@ url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/{connector_name}'
 response = session.post(url, data=json.dumps(body), headers=headers)
 print(response.status_code)
 print(response.content)
-
-if response.status_code == 400:
-	print(f'=== Remove credential {fw_id}')
-	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}/{fw_id}'
-	response = session.delete(url, headers=headers)
-	print(response.status_code)
-	print(response.content)
-
-	if connector_name in service_instance_credentials.keys():
-		credential_url = service_instance_credentials[connector_name]
-
-	print(f'=== Remove instance credential {instance_id}')
-	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance/{instance_id}'
-	response = session.delete(url, headers=headers)
-	print(response.status_code)
-	print(response.content)
-