adding services logic and more snowflakes for FWs

2022-06-20 15:37:13 +02:00 · 2022-06-20 15:37:13 +02:00 · bc169d8359
parent d0405d05c8
commit bc169d8359
8 changed files with 205 additions and 24 deletions
--- a/clean.py
+++ b/clean.py
@ -72,7 +72,7 @@ ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
 headers = {'Content-Type': "application/json"}

 # Naming exceptions
-service_exceptions = {
+url_exceptions = {
 	"ocivcn": "oci-vcn-",
 	"saas": "internet",
 	"pan": "panfw",
@ -142,8 +142,8 @@ for item in data:
 	name = item.get('name')
 	connectorId = item.get('id')
 	type = item.get('type').lower().replace('_', '')
-	if type in service_exceptions.keys():
-		type = service_exceptions[type]
+	if type in url_exceptions.keys():
+		type = url_exceptions[type]
 	logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
 	logging.info(f'Removing {name} ({type})')
 	r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
@ -162,8 +162,8 @@ for item in data:
 	name = item.get('name')
 	serviceId = item.get('id')
 	type = item.get('type').lower()
-	if type in service_exceptions.keys():
-		type = service_exceptions[type]
+	if type in url_exceptions.keys():
+		type = url_exceptions[type]
 	logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
 	logging.info(f'Removing {name} ({type})')
 	r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
--- a/config/demo.cnf
+++ b/config/demo.cnf
@ -137,3 +137,6 @@ segments = Prod
 group = Development
 billingtags = 343
 size = LARGE
+
+[ftntfwservices1.txt]
+cxp = US-EAST-2
--- a/config/ftnt.cnf
+++ b/config/ftnt.cnf
@ -0,0 +1,2 @@
+[ftntfwservices1.txt]
+cxp = US-EAST-2
--- a/config/ftntfwservices1.txt
+++ b/config/ftntfwservices1.txt
@ -0,0 +1,30 @@
+{
+    "name": "FTNT-US",
+    "size": "LARGE",
+    "cxp": "US-EAST-2",
+    "version": "7.0.3",
+    "credentialId": "set_new",
+    "managementServer": {
+        "ipAddress": "10.0.1.1",
+        "segment": "Corporate"
+    },
+    "licenseType": "PAY_AS_YOU_GO",
+    "instances": [
+        {
+            "name": "FTNT-US-instance-1",
+            "hostName": "FTNT-US-instance-1",
+            "credentialId": "set_new"
+        }
+    ],
+    "maxInstanceCount": "1",
+    "minInstanceCount": "1",
+    "segments": [
+        "Corporate",
+        "Prod",
+        "Pre Prod"
+    ],
+    "tunnelProtocol": "IPSEC",
+    "billingTags": [
+        "333"
+    ]
+}
--- a/config/panfwservices1.txt
+++ b/config/panfwservices1.txt
@ -14,13 +14,13 @@
    "version": "9.1.3",
    "tunnelProtocol": "IPSEC",
    "type": "VM-300",
-    "bundle": "PAN_VM_300_BUNDLE_2",
-    "globalProtectEnabled": false,
-    "credentialId": "871e234c-050d-4815-8432-76b70884a1ea",
+    "credentialId": "set_new",
+    "bundle": "PAN_VM_300_BUNDLE_1",
    "instances": [
        {
            "name": "PAN-US-instance-1",
-	    "credentialId": "3ab9f3ac-6e22-4d3c-8a37-9c8dad469ee5"
+            "hostName": "PAN-US-instance-1",
+            "credentialId": "set_new"
        }
    ],
    "size": "LARGE",
--- a/get.py
+++ b/get.py
@ -126,6 +126,13 @@ tenantName = data[0]['name']
 logging.info(f'Tenant Name: {tenantName}')
 logging.info(f'Tenant ID: {tenantNetworkId}')

+# Get credentials
+logging.info('Checking Credentials')
+r = alkira_get(s, f'/credentials')
+data = r.json()
+print('# Credentials')
+print(json.dumps(data, indent=4))
+
 # Get connectors
 logging.info('Checking Connectors')
 r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors')
--- a/push-debug.py
+++ b/push-debug.py
@ -78,12 +78,23 @@ ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
 headers = {'Content-Type': "application/json"}

 # Naming exceptions
-service_exceptions = {
+url_exceptions = {
 	"saas": "internet",
 	"pan": "panfw",
 	"ftntfw": "ftnt-fw-",
+	"ftntfwservices": "ftnt-fw-services",
 	"chkpfw": "chkp-fw-",
-	"ocivcnconnectors": "oci-vcn-connectors"
+	"ocivcnconnectors": "oci-vcn-connectors",
+	"ftntfwservices": "ftnt-fw-services"
+	}
+
+service_credentials = {
+	"panfwservices": "pan",
+	"ftntfwservices": "ftntfw"
+	}
+
+service_instance_credentials = {
+	"ftntfwservices": "ftntfw-"
 	}

 # Authenticate
@ -102,23 +113,88 @@ tenantName = data[0]['name']
 logging.info(f'Tenant Name: {tenantName}')
 logging.info(f'Tenant ID: {tenantNetworkId}')

-print(json_file)
-
 # Do Things
 connector_result = re.match(r'(\w+)(\d+)', json_file)
 connector_name = connector_result.group(1)
 connector_number = connector_result.group(2)
 logging.debug(f'Connector Name: {connector_name} - Number: {connector_number}')
-with open (json_file, 'r') as f:
-	body = json.load(f)
+
+if connector_name in service_credentials.keys():
+	credentials_url = service_credentials[connector_name]
+	body = {
+		"credentials": {
+			"userName": "admin",
+			"password": "Blabla123"
+		},
+		"name": "fwcredentials14"
+	}
+
 	if args.pretty:
 		print(json.dumps(body, indent=4))
 	else:
 		print(json.dumps(body))

-if connector_name in service_exceptions.keys():
-	connector_name = service_exceptions[connector_name]
+	print('=== Create Credentials')
+	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}'
+	response = session.post(url, data=json.dumps(body), headers=headers)
+	print(response.status_code)
+	print(response.content)
+	json_body = response.json()
+	if response.status_code == 200:
+		fw_id = json_body['id']
+		print(f'credentialId: {fw_id}')
+
+	if connector_name in service_instance_credentials.keys():
+		credentials_url = service_instance_credentials[connector_name]
+
+	print('=== Create Instance Credentials')
+	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance'
+	response = session.post(url, data=json.dumps(body), headers=headers)
+	print(response.status_code)
+	print(response.content)
+	json_body = response.json()
+	if response.status_code == 200:
+		instance_id = json_body['id']
+		print(f'instance credentialId: {instance_id}')
+
+with open (json_file, 'r') as f:
+	body = json.load(f)
+
+if connector_name in url_exceptions.keys():
+	connector_name = url_exceptions[connector_name]
+
+if 'credentialId' in body:
+	body['credentialId'] = fw_id
+	print(f'JSON credentialId: {fw_id}')
+
+if 'instances' in body:
+	body['instances'][0]['credentialId'] = instance_id
+	print(f'JSON credentialId: {instance_id}')
+
+if args.pretty:
+	print(json.dumps(body, indent=4))
+else:
+	print(json.dumps(body))
+
+print('=== Create FW Instance')
 url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/{connector_name}'
 response = session.post(url, data=json.dumps(body), headers=headers)
 print(response.status_code)
 print(response.content)
+
+if response.status_code == 400:
+	print(f'=== Remove credential {fw_id}')
+	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}/{fw_id}'
+	response = session.delete(url, headers=headers)
+	print(response.status_code)
+	print(response.content)
+
+	if connector_name in service_instance_credentials.keys():
+		credential_url = service_instance_credentials[connector_name]
+
+	print(f'=== Remove instance credential {instance_id}')
+	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance/{instance_id}'
+	response = session.delete(url, headers=headers)
+	print(response.status_code)
+	print(response.content)
+
--- a/push.py
+++ b/push.py
@ -80,13 +80,25 @@ config.read(CONNECTOR_CONFIG)
 # Set default headers
 headers = {'Content-Type': "application/json"}

-# Naming exceptions
-service_exceptions = {
+# URL Exceptions
+url_exceptions = {
 	"saas": "internet",
 	"pan": "panfw",
 	"ftntfw": "ftnt-fw-",
 	"chkpfw": "chkp-fw-",
-	"ocivcnconnectors": "oci-vcn-connectors"
+	"ocivcnconnectors": "oci-vcn-connectors",
+	"ftntfwservices": "ftnt-fw-services"
+	}
+
+# URL Exceptions creating credentials
+service_credentials = {
+	"panfwservices": "pan",
+	"ftntfwservices": "ftntfw"
+	}
+
+# URL Exceptions creating instance credentials
+service_instance_credentials = {
+	"ftntfwservices": "ftntfw-"
 	}

 def alkira_login():
@ -126,6 +138,37 @@ def alkira_delete(session, uri):
 		sys.exit(1)
 	return response

+def alkira_service(session, connector_name):
+	body = {
+		"credentials": {
+			"userName": "admin",
+			"password": "Blabla123"
+		},
+		"name": "fwcredentials01"
+	}
+	logging.debug(f'Received Connector: {connector_name}')
+	logging.info('=== Create Credentials')
+	if connector_name in service_credentials.keys():
+		credentials_url = service_credentials[connector_name]
+		logging.debug(f'URL: {credentials_url}')
+	response = alkira_post(session, f'/credentials/{credentials_url}', body)
+	json_body = response.json()
+	if response.status_code == 200:
+		fw_id = json_body['id']
+		logging.debug(f'credentialId: {fw_id}')
+
+	logging.info('=== Create Instance Credentials')
+	if connector_name in service_instance_credentials.keys():
+		credentials_url = service_instance_credentials[connector_name]
+		logging.debug(f'URL: {credentials_url}')
+	response = alkira_post(session, f'/credentials/{credentials_url}instance', body)
+	json_body = response.json()
+	if response.status_code == 200:
+		instance_id = json_body['id']
+		logging.debug(f'instance credentialId: {instance_id}')
+
+	return fw_id, instance_id 
+
 # Authenticate
 s = alkira_login()
 logging.debug(s)
@ -139,7 +182,7 @@ logging.info(f'Tenant Name: {tenantName}')
 logging.info(f'Tenant ID: {tenantNetworkId}')

 # Push connectors
-logging.info('Push Connectors')
+logging.info('=== Push Connectors')

 for connector in config.sections():
 	section = config[connector]
@ -148,6 +191,11 @@ for connector in config.sections():
 	connector_number = connector_result.group(2)
 	logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt')
 	config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt')
+
+	if 'service' in connector_name:
+		fw_id, instance_id = alkira_service(s, connector_name)
+		logging.debug(f'Got credentialId: {fw_id} AND {instance_id}')
+
 	with open (config_path, 'r') as f:
 		body = json.load(f)

@ -191,10 +239,25 @@ for connector in config.sections():
 				logging.debug(f'CONFIG size: {size}')
 				body['size'] = size

+		if 'credentialId' in body and 'fw_id' in locals():
+			logging.debug(f'Set credentialId: {fw_id}')
+			body['credentialId'] = fw_id
+
+		if 'instances' in body:
+			if 'credentialId' in body['instances'][0] and 'instance_id' in locals():
+				logging.debug(f'Set instance credentialId: {instance_id}')
+				body['instances'][0]['credentialId'] = instance_id
+
+		print(json.dumps(body))
 		logging.debug(json.dumps(body))
-		logging.info(f'Pushing {connector_name} to {cxp} (size: {size}; segment: {segments}; group: {group})')
-		if connector_name in service_exceptions.keys():
-			connector_name = service_exceptions[connector_name]
+		logging.info(f'=== Pushing {connector_name} to {cxp} (size: {size}; segment: {segments})')
+		logging.debug(f'CONNECTOR BEFORE  AGAIN: {connector_name}')
+		if connector_name in url_exceptions.keys():
+			connector_name = url_exceptions[connector_name]
+		logging.debug(f'CONNECTOR AFTER AGAIN: {connector_name}')
 		r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body)
 		logging.info(r.status_code)
 		logging.debug(r.content)
+
+
+