From bc169d83590e49ed441a8cd2d7983741c4084ef7 Mon Sep 17 00:00:00 2001 From: mischa Date: Mon, 20 Jun 2022 15:37:13 +0200 Subject: [PATCH] adding services logic and more snowflakes for FWs --- clean.py | 10 ++--- config/demo.cnf | 3 ++ config/ftnt.cnf | 2 + config/ftntfwservices1.txt | 30 +++++++++++++ config/panfwservices1.txt | 8 ++-- get.py | 7 +++ push-debug.py | 92 ++++++++++++++++++++++++++++++++++---- push.py | 77 ++++++++++++++++++++++++++++--- 8 files changed, 205 insertions(+), 24 deletions(-) create mode 100644 config/ftnt.cnf create mode 100644 config/ftntfwservices1.txt diff --git a/clean.py b/clean.py index 5975348..6c99bf5 100755 --- a/clean.py +++ b/clean.py @@ -72,7 +72,7 @@ ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api' headers = {'Content-Type': "application/json"} # Naming exceptions -service_exceptions = { +url_exceptions = { "ocivcn": "oci-vcn-", "saas": "internet", "pan": "panfw", @@ -142,8 +142,8 @@ for item in data: name = item.get('name') connectorId = item.get('id') type = item.get('type').lower().replace('_', '') - if type in service_exceptions.keys(): - type = service_exceptions[type] + if type in url_exceptions.keys(): + type = url_exceptions[type] logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}') logging.info(f'Removing {name} ({type})') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}') @@ -162,8 +162,8 @@ for item in data: name = item.get('name') serviceId = item.get('id') type = item.get('type').lower() - if type in service_exceptions.keys(): - type = service_exceptions[type] + if type in url_exceptions.keys(): + type = url_exceptions[type] logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}') logging.info(f'Removing {name} ({type})') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}') diff --git a/config/demo.cnf b/config/demo.cnf index 59f648f..01a798f 100644 --- a/config/demo.cnf +++ b/config/demo.cnf @@ -137,3 +137,6 @@ segments = Prod group = Development billingtags = 343 size = LARGE + +[ftntfwservices1.txt] +cxp = US-EAST-2 diff --git a/config/ftnt.cnf b/config/ftnt.cnf new file mode 100644 index 0000000..0349259 --- /dev/null +++ b/config/ftnt.cnf @@ -0,0 +1,2 @@ +[ftntfwservices1.txt] +cxp = US-EAST-2 diff --git a/config/ftntfwservices1.txt b/config/ftntfwservices1.txt new file mode 100644 index 0000000..61284af --- /dev/null +++ b/config/ftntfwservices1.txt @@ -0,0 +1,30 @@ +{ + "name": "FTNT-US", + "size": "LARGE", + "cxp": "US-EAST-2", + "version": "7.0.3", + "credentialId": "set_new", + "managementServer": { + "ipAddress": "10.0.1.1", + "segment": "Corporate" + }, + "licenseType": "PAY_AS_YOU_GO", + "instances": [ + { + "name": "FTNT-US-instance-1", + "hostName": "FTNT-US-instance-1", + "credentialId": "set_new" + } + ], + "maxInstanceCount": "1", + "minInstanceCount": "1", + "segments": [ + "Corporate", + "Prod", + "Pre Prod" + ], + "tunnelProtocol": "IPSEC", + "billingTags": [ + "333" + ] +} diff --git a/config/panfwservices1.txt b/config/panfwservices1.txt index 0232910..a09616c 100644 --- a/config/panfwservices1.txt +++ b/config/panfwservices1.txt @@ -14,13 +14,13 @@ "version": "9.1.3", "tunnelProtocol": "IPSEC", "type": "VM-300", - "bundle": "PAN_VM_300_BUNDLE_2", - "globalProtectEnabled": false, - "credentialId": "871e234c-050d-4815-8432-76b70884a1ea", + "credentialId": "set_new", + "bundle": "PAN_VM_300_BUNDLE_1", "instances": [ { "name": "PAN-US-instance-1", - "credentialId": "3ab9f3ac-6e22-4d3c-8a37-9c8dad469ee5" + "hostName": "PAN-US-instance-1", + "credentialId": "set_new" } ], "size": "LARGE", diff --git a/get.py b/get.py index 86cb054..bf3b7af 100755 --- a/get.py +++ b/get.py @@ -126,6 +126,13 @@ tenantName = data[0]['name'] logging.info(f'Tenant Name: {tenantName}') logging.info(f'Tenant ID: {tenantNetworkId}') +# Get credentials +logging.info('Checking Credentials') +r = alkira_get(s, f'/credentials') +data = r.json() +print('# Credentials') +print(json.dumps(data, indent=4)) + # Get connectors logging.info('Checking Connectors') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors') diff --git a/push-debug.py b/push-debug.py index e6d06c1..cdd5898 100755 --- a/push-debug.py +++ b/push-debug.py @@ -78,12 +78,23 @@ ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api' headers = {'Content-Type': "application/json"} # Naming exceptions -service_exceptions = { +url_exceptions = { "saas": "internet", "pan": "panfw", "ftntfw": "ftnt-fw-", + "ftntfwservices": "ftnt-fw-services", "chkpfw": "chkp-fw-", - "ocivcnconnectors": "oci-vcn-connectors" + "ocivcnconnectors": "oci-vcn-connectors", + "ftntfwservices": "ftnt-fw-services" + } + +service_credentials = { + "panfwservices": "pan", + "ftntfwservices": "ftntfw" + } + +service_instance_credentials = { + "ftntfwservices": "ftntfw-" } # Authenticate @@ -102,23 +113,88 @@ tenantName = data[0]['name'] logging.info(f'Tenant Name: {tenantName}') logging.info(f'Tenant ID: {tenantNetworkId}') -print(json_file) - # Do Things connector_result = re.match(r'(\w+)(\d+)', json_file) connector_name = connector_result.group(1) connector_number = connector_result.group(2) logging.debug(f'Connector Name: {connector_name} - Number: {connector_number}') -with open (json_file, 'r') as f: - body = json.load(f) + +if connector_name in service_credentials.keys(): + credentials_url = service_credentials[connector_name] + body = { + "credentials": { + "userName": "admin", + "password": "Blabla123" + }, + "name": "fwcredentials14" + } + if args.pretty: print(json.dumps(body, indent=4)) else: print(json.dumps(body)) -if connector_name in service_exceptions.keys(): - connector_name = service_exceptions[connector_name] + print('=== Create Credentials') + url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}' + response = session.post(url, data=json.dumps(body), headers=headers) + print(response.status_code) + print(response.content) + json_body = response.json() + if response.status_code == 200: + fw_id = json_body['id'] + print(f'credentialId: {fw_id}') + + if connector_name in service_instance_credentials.keys(): + credentials_url = service_instance_credentials[connector_name] + + print('=== Create Instance Credentials') + url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance' + response = session.post(url, data=json.dumps(body), headers=headers) + print(response.status_code) + print(response.content) + json_body = response.json() + if response.status_code == 200: + instance_id = json_body['id'] + print(f'instance credentialId: {instance_id}') + +with open (json_file, 'r') as f: + body = json.load(f) + +if connector_name in url_exceptions.keys(): + connector_name = url_exceptions[connector_name] + +if 'credentialId' in body: + body['credentialId'] = fw_id + print(f'JSON credentialId: {fw_id}') + +if 'instances' in body: + body['instances'][0]['credentialId'] = instance_id + print(f'JSON credentialId: {instance_id}') + +if args.pretty: + print(json.dumps(body, indent=4)) +else: + print(json.dumps(body)) + +print('=== Create FW Instance') url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/{connector_name}' response = session.post(url, data=json.dumps(body), headers=headers) print(response.status_code) print(response.content) + +if response.status_code == 400: + print(f'=== Remove credential {fw_id}') + url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}/{fw_id}' + response = session.delete(url, headers=headers) + print(response.status_code) + print(response.content) + + if connector_name in service_instance_credentials.keys(): + credential_url = service_instance_credentials[connector_name] + + print(f'=== Remove instance credential {instance_id}') + url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance/{instance_id}' + response = session.delete(url, headers=headers) + print(response.status_code) + print(response.content) + diff --git a/push.py b/push.py index f689726..01d5dc4 100755 --- a/push.py +++ b/push.py @@ -80,13 +80,25 @@ config.read(CONNECTOR_CONFIG) # Set default headers headers = {'Content-Type': "application/json"} -# Naming exceptions -service_exceptions = { +# URL Exceptions +url_exceptions = { "saas": "internet", "pan": "panfw", "ftntfw": "ftnt-fw-", "chkpfw": "chkp-fw-", - "ocivcnconnectors": "oci-vcn-connectors" + "ocivcnconnectors": "oci-vcn-connectors", + "ftntfwservices": "ftnt-fw-services" + } + +# URL Exceptions creating credentials +service_credentials = { + "panfwservices": "pan", + "ftntfwservices": "ftntfw" + } + +# URL Exceptions creating instance credentials +service_instance_credentials = { + "ftntfwservices": "ftntfw-" } def alkira_login(): @@ -126,6 +138,37 @@ def alkira_delete(session, uri): sys.exit(1) return response +def alkira_service(session, connector_name): + body = { + "credentials": { + "userName": "admin", + "password": "Blabla123" + }, + "name": "fwcredentials01" + } + logging.debug(f'Received Connector: {connector_name}') + logging.info('=== Create Credentials') + if connector_name in service_credentials.keys(): + credentials_url = service_credentials[connector_name] + logging.debug(f'URL: {credentials_url}') + response = alkira_post(session, f'/credentials/{credentials_url}', body) + json_body = response.json() + if response.status_code == 200: + fw_id = json_body['id'] + logging.debug(f'credentialId: {fw_id}') + + logging.info('=== Create Instance Credentials') + if connector_name in service_instance_credentials.keys(): + credentials_url = service_instance_credentials[connector_name] + logging.debug(f'URL: {credentials_url}') + response = alkira_post(session, f'/credentials/{credentials_url}instance', body) + json_body = response.json() + if response.status_code == 200: + instance_id = json_body['id'] + logging.debug(f'instance credentialId: {instance_id}') + + return fw_id, instance_id + # Authenticate s = alkira_login() logging.debug(s) @@ -139,7 +182,7 @@ logging.info(f'Tenant Name: {tenantName}') logging.info(f'Tenant ID: {tenantNetworkId}') # Push connectors -logging.info('Push Connectors') +logging.info('=== Push Connectors') for connector in config.sections(): section = config[connector] @@ -148,6 +191,11 @@ for connector in config.sections(): connector_number = connector_result.group(2) logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt') config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt') + + if 'service' in connector_name: + fw_id, instance_id = alkira_service(s, connector_name) + logging.debug(f'Got credentialId: {fw_id} AND {instance_id}') + with open (config_path, 'r') as f: body = json.load(f) @@ -191,10 +239,25 @@ for connector in config.sections(): logging.debug(f'CONFIG size: {size}') body['size'] = size + if 'credentialId' in body and 'fw_id' in locals(): + logging.debug(f'Set credentialId: {fw_id}') + body['credentialId'] = fw_id + + if 'instances' in body: + if 'credentialId' in body['instances'][0] and 'instance_id' in locals(): + logging.debug(f'Set instance credentialId: {instance_id}') + body['instances'][0]['credentialId'] = instance_id + + print(json.dumps(body)) logging.debug(json.dumps(body)) - logging.info(f'Pushing {connector_name} to {cxp} (size: {size}; segment: {segments}; group: {group})') - if connector_name in service_exceptions.keys(): - connector_name = service_exceptions[connector_name] + logging.info(f'=== Pushing {connector_name} to {cxp} (size: {size}; segment: {segments})') + logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}') + if connector_name in url_exceptions.keys(): + connector_name = url_exceptions[connector_name] + logging.debug(f'CONNECTOR AFTER AGAIN: {connector_name}') r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body) logging.info(r.status_code) logging.debug(r.content) + + +