diff --git a/clean.py b/clean.py index 6c99bf5..b8fd388 100755 --- a/clean.py +++ b/clean.py @@ -118,10 +118,12 @@ def alkira_delete(session, uri): return response # Authenticate +logging.info('=== Authenticating') s = alkira_login() logging.debug(s) # Get TenantID +logging.info('=== Fetching Credentials') r = alkira_get(s, '/tenantnetworks') data = r.json() tenantNetworkId = data[0]['id'] @@ -130,7 +132,7 @@ logging.info(f'Tenant Name: {tenantName}') logging.info(f'Tenant ID: {tenantNetworkId}') # Clean connectors -logging.info('Checking Connectors') +logging.info('=== Checking Connectors') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors') data = r.json() if args.pretty: @@ -145,12 +147,12 @@ for item in data: if type in url_exceptions.keys(): type = url_exceptions[type] logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}') - logging.info(f'Removing {name} ({type})') + logging.info(f'=== Removing {name} ({type})') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}') logging.info(r.status_code) # Clean services -logging.info('Checking services') +logging.info('=== Checking services') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/services') data = r.json() if args.pretty: @@ -165,12 +167,12 @@ for item in data: if type in url_exceptions.keys(): type = url_exceptions[type] logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}') - logging.info(f'Removing {name} ({type})') + logging.info(f'=== Removing {name} ({type})') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}') logging.info(r.status_code) # Clean Global CIDR -logging.info('Checking Global CIDR') +logging.info('=== Checking Global CIDR') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists') data = r.json() if args.pretty: @@ -182,7 +184,7 @@ for item in data: name = item.get('name') GlobalCidrListId = item.get('id') logging.debug(f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}') - logging.info(f'Removing {name} ({type})') + logging.info(f'=== Removing {name} ({type})') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}') logging.info(r.status_code) diff --git a/config/connectors.cnf b/config/connectors.cnf index 3449ac3..3e0e8e3 100644 --- a/config/connectors.cnf +++ b/config/connectors.cnf @@ -134,9 +134,12 @@ group = Users billingtags = 333 size = MEDIUM -[ocivcnconnectoris2] +[ocivcnconnectors2] cxp = GERMANYWESTCENTRAL-AZURE-1 segments = Prod group = Development billingtags = 343 size = MEDIUM + +[ftntfwservices1.txt] +cxp = US-EAST-2 diff --git a/config/demo-small.cnf b/config/demo-small.cnf index 2883690..4fca971 100644 --- a/config/demo-small.cnf +++ b/config/demo-small.cnf @@ -95,3 +95,6 @@ segments = Corporate group = Users billingtags = 333 size = MEDIUM + +[ftntfwservices1.txt] +cxp = US-EAST-2 diff --git a/config/empty.cnf b/config/empty.cnf new file mode 100644 index 0000000..e69de29 diff --git a/config/ftnt.cnf b/config/ftntfw.cnf similarity index 100% rename from config/ftnt.cnf rename to config/ftntfw.cnf diff --git a/config/minimal.cnf b/config/minimal.cnf new file mode 100644 index 0000000..b537779 --- /dev/null +++ b/config/minimal.cnf @@ -0,0 +1,44 @@ +[ipsecconnectors1] +cxp = US-EAST-2 +segments = Corporate +group = Users +billingtags = 333 +size = MEDIUM + +[internetconnectors1] +cxp = US-EAST-2 +segments = Corporate +group = Users +billingtags = 333 +size = MEDIUM + +[awsvpcconnectors1] +cxp = US-EAST-2 +segments = Prod +group = Development +billingtags = 343 +size = LARGE + +[azurevnetconnectors1] +cxp = US-EAST-2 +segments = Corporate +group = Users +billingtags = 343 +size = MEDIUM + +[gcpvpcconnectors1] +cxp = US-EAST-2 +segments = Prod +group = Development +billingtags = 343 +size = LARGE + +[ocivcnconnectors1] +cxp = GERMANYWESTCENTRAL-AZURE-1 +segments = Corporate +group = Users +billingtags = 333 +size = MEDIUM + +[ftntfwservices1.txt] +cxp = US-EAST-2 diff --git a/config/panfwservices1.txt-old b/config/panfwservices1.txt-old new file mode 100644 index 0000000..881d8e2 --- /dev/null +++ b/config/panfwservices1.txt-old @@ -0,0 +1,30 @@ +{ + "name": "PAN-US", + "cxp": "US-EAST-2", + "segments": [ + "1636", + "1673", + "1638" + ], + "panoramaEnabled": false, + "managementSegment": "Corporate", + "maxInstanceCount": "1", + "minInstanceCount": "1", + "licenseType": "PAY_AS_YOU_GO", + "bundle": "PAN_VM_300_BUNDLE_2", + "version": "9.1.3", + "tunnelProtocol": "IPSEC", + "type": "VM-300", + "credentialId": "871e234c-050d-4815-8432-76b70884a1ea", + "globalProtectEnabled": false, + "instances": [ + { + "name": "PAN-US-instance-1", + "credentialId": "3ab9f3ac-6e22-4d3c-8a37-9c8dad469ee5" + } + ], + "size": "LARGE", + "billingTags": [ + "333" + ] +} diff --git a/push.py b/push.py index 80df1e6..aaea0ae 100755 --- a/push.py +++ b/push.py @@ -3,6 +3,7 @@ # Copyright 2022, Mischa Peters , Alkira. # push.py # Version 0.1 - 20220617 - initial release +# Version 0.2 - 20220620 - added collection of credentialId # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -101,6 +102,14 @@ service_instance_credentials = { "ftntfwservices": "ftntfw-" } +# Credential Types +credential_types = { + "awsvpc": "", + "azurevnet": "", + "gcpvpc": "", + "ocivcn": "", + } + def alkira_login(): body = {'userName': ALKIRA_USERNAME, 'password': ALKIRA_PASSWORD} @@ -170,10 +179,12 @@ def alkira_service(session, connector_name): return service_credentialid, service_instance_credentialid # Authenticate +logging.info('=== Authenticating') s = alkira_login() logging.debug(s) # Get TenantID +logging.info('=== Fetching Tenant Info') r = alkira_get(s, '/tenantnetworks') data = r.json() tenantNetworkId = data[0]['id'] @@ -181,14 +192,24 @@ tenantName = data[0]['name'] logging.info(f'Tenant Name: {tenantName}') logging.info(f'Tenant ID: {tenantNetworkId}') +# Get Credentials +logging.info('=== Fetching Credentials') +r = alkira_get(s, '/credentials') +data = r.json() +logging.debug(json.dumps(data)) +for key in data: + if key['credentialType'].lower() in credential_types: + logging.debug(f"CredentialType: {key['credentialType']} - CredentialId: {key['credentialId']}") + credential_types[key['credentialType'].lower()] = key['credentialId'] + # Push connectors logging.info('=== Push Connectors') - for connector in config.sections(): section = config[connector] - connector_result = re.match(r'(\w+)(\d+)', connector) - connector_name = connector_result.group(1) - connector_number = connector_result.group(2) + connector_result = re.match(r'(\w+)(connectors|services)(\d+)', connector) + connector_type = connector_result.group(1) + connector_name = f'{connector_type}{connector_result.group(2)}' + connector_number = connector_result.group(3) logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt') config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt') @@ -199,58 +220,52 @@ for connector in config.sections(): with open (config_path, 'r') as f: body = json.load(f) + if 'connectors' in connector_name and connector_type in credential_types and credential_types[connector_type]: + if 'credentialId' in body: + logging.debug(f"JSON credentialid: {body['credentialId']}") + logging.debug(f'API credentialid: {credential_types[connector_type]}') + body['credentialId'] = credential_types[connector_type] + if 'cxp' in body: - cxp = body['cxp'] - logging.debug(f'JSON cxp: {cxp}') + logging.debug(f"JSON cxp: {body['cxp']}") if 'cxp' in section: - cxp = section['cxp'] - logging.debug(f'CONFIG cxp: {cxp}') - body['cxp'] = cxp + logging.debug(f"CONFIG cxp: {section['cxp']}") + body['cxp'] = section['cxp'] if 'segments' in body: - segments = body['segments'][0] - logging.debug(f'JSON segments: {segments}') + logging.debug(f"JSON segments: {body['segments'][0]}") if 'segments' in section: - segments = section['segments'] - logging.debug(f'CONFIG segments: {segments}') - body['segments'][0] = segments + logging.debug(f"CONFIG segments: {section['segments']}") + body['segments'][0] = section['segments'] if 'group' in body: - group = body['group'] - logging.debug(f'JSON group: {group}') - if 'group' in section: - group = section['group'] - logging.debug(f'CONFIG group: {group}') - body['group'] = group + logging.debug(f"JSON group: {body['group']}") + if 'group' in section: + logging.debug(f"CONFIG group: {section['group']}") + body['group'] = section['group'] if 'billingTags' in body: - billingtags = body['billingTags'][0] - logging.debug(f'JSON billingtags: {billingtags}') + logging.debug(f"JSON billingtags: {body['billingTags'][0]}") if 'billingtags' in section: - billingtags = section['billingtags'] - logging.debug(f'CONFIG billingtags: {billingtags}') - body['billingTags'][0] = billingtags + logging.debug(f"CONFIG billingtags: {section['billingtags']}") + body['billingTags'][0] = section['billingtags'] if 'size' in body: - size = body['size'] - logging.debug(f'JSON size: {size}') + logging.debug(f"JSON size: {body['size']}") if 'size' in section: - size = section['size'] - logging.debug(f'CONFIG size: {size}') - body['size'] = size + logging.debug(f"CONFIG size: {section['size']}") + body['size'] = section['size'] if 'credentialId' in body and 'service_credentialid' in locals(): - logging.debug(f'Set credentialId: {service_credentialid}') + logging.debug(f'API credentialid: {service_credentialid}') body['credentialId'] = service_credentialid - if 'instances' in body: - if 'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals(): - logging.debug(f'Set instance credentialId: {service_instance_credentialid}') - body['instances'][0]['credentialId'] = service_instance_credentialid + if 'instances' in body and'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals(): + logging.debug(f'API instance credentialid: {service_instance_credentialid}') + body['instances'][0]['credentialId'] = service_instance_credentialid - print(json.dumps(body)) logging.debug(json.dumps(body)) - logging.info(f'=== Pushing {connector_name} to {cxp} (size: {size}; segment: {segments})') + logging.info(f"=== Pushing {body['name'][:30]} ({connector_name}) to {body['cxp']} (size: {body['size']}; segment: {body['segments'][0]})") logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}') if connector_name in url_exceptions.keys(): connector_name = url_exceptions[connector_name] @@ -258,6 +273,3 @@ for connector in config.sections(): r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body) logging.info(r.status_code) logging.debug(r.content) - - -