Alkira/alkira
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fetching credentials

Browse Source
This commit is contained in:
mischa 2022-06-20 20:34:54 +02:00
parent 2bcb69b951
commit e6a37a113c
8 changed files with 141 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
clean.py
View File

@ -118,10 +118,12 @@ def alkira_delete(session, uri):
return response return response
# Authenticate # Authenticate
logging.info('=== Authenticating')
s = alkira_login() s = alkira_login()
logging.debug(s) logging.debug(s)
# Get TenantID # Get TenantID
logging.info('=== Fetching Credentials')
r = alkira_get(s, '/tenantnetworks') r = alkira_get(s, '/tenantnetworks')
data = r.json() data = r.json()
tenantNetworkId = data[0]['id'] tenantNetworkId = data[0]['id']
@ -130,7 +132,7 @@ logging.info(f'Tenant Name: {tenantName}')
logging.info(f'Tenant ID: {tenantNetworkId}') logging.info(f'Tenant ID: {tenantNetworkId}')
# Clean connectors # Clean connectors
logging.info('Checking Connectors') logging.info('=== Checking Connectors')
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors')
data = r.json() data = r.json()
if args.pretty: if args.pretty:
@ -145,12 +147,12 @@ for item in data:
if type in url_exceptions.keys(): if type in url_exceptions.keys():
type = url_exceptions[type] type = url_exceptions[type]
logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}') logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
logging.info(f'Removing {name} ({type})') logging.info(f'=== Removing {name} ({type})')
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
logging.info(r.status_code) logging.info(r.status_code)
# Clean services # Clean services
logging.info('Checking services') logging.info('=== Checking services')
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/services') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/services')
data = r.json() data = r.json()
if args.pretty: if args.pretty:
@ -165,12 +167,12 @@ for item in data:
if type in url_exceptions.keys(): if type in url_exceptions.keys():
type = url_exceptions[type] type = url_exceptions[type]
logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}') logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
logging.info(f'Removing {name} ({type})') logging.info(f'=== Removing {name} ({type})')
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
logging.info(r.status_code) logging.info(r.status_code)
# Clean Global CIDR # Clean Global CIDR
logging.info('Checking Global CIDR') logging.info('=== Checking Global CIDR')
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists') r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists')
data = r.json() data = r.json()
if args.pretty: if args.pretty:
@ -182,7 +184,7 @@ for item in data:
name = item.get('name') name = item.get('name')
GlobalCidrListId = item.get('id') GlobalCidrListId = item.get('id')
logging.debug(f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}') logging.debug(f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}')
logging.info(f'Removing {name} ({type})') logging.info(f'=== Removing {name} ({type})')
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}') r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}')
logging.info(r.status_code) logging.info(r.status_code)

5
config/connectors.cnf
View File

@ -134,9 +134,12 @@ group = Users
billingtags = 333 billingtags = 333
size = MEDIUM size = MEDIUM
[ocivcnconnectoris2] [ocivcnconnectors2]
cxp = GERMANYWESTCENTRAL-AZURE-1 cxp = GERMANYWESTCENTRAL-AZURE-1
segments = Prod segments = Prod
group = Development group = Development
billingtags = 343 billingtags = 343
size = MEDIUM size = MEDIUM
[ftntfwservices1.txt]
cxp = US-EAST-2

3
config/demo-small.cnf
View File

@ -95,3 +95,6 @@ segments = Corporate
group = Users group = Users
billingtags = 333 billingtags = 333
size = MEDIUM size = MEDIUM
[ftntfwservices1.txt]
cxp = US-EAST-2

0
config/empty.cnf Normal file
View File

0
config/ftnt.cnf → config/ftntfw.cnf
View File

44
config/minimal.cnf Normal file
View File

@ -0,0 +1,44 @@
[ipsecconnectors1]
cxp = US-EAST-2
segments = Corporate
group = Users
billingtags = 333
size = MEDIUM
[internetconnectors1]
cxp = US-EAST-2
segments = Corporate
group = Users
billingtags = 333
size = MEDIUM
[awsvpcconnectors1]
cxp = US-EAST-2
segments = Prod
group = Development
billingtags = 343
size = LARGE
[azurevnetconnectors1]
cxp = US-EAST-2
segments = Corporate
group = Users
billingtags = 343
size = MEDIUM
[gcpvpcconnectors1]
cxp = US-EAST-2
segments = Prod
group = Development
billingtags = 343
size = LARGE
[ocivcnconnectors1]
cxp = GERMANYWESTCENTRAL-AZURE-1
segments = Corporate
group = Users
billingtags = 333
size = MEDIUM
[ftntfwservices1.txt]
cxp = US-EAST-2

30
config/panfwservices1.txt-old Normal file
View File

@ -0,0 +1,30 @@
{
"name": "PAN-US",
"cxp": "US-EAST-2",
"segments": [
"1636",
"1673",
"1638"
],
"panoramaEnabled": false,
"managementSegment": "Corporate",
"maxInstanceCount": "1",
"minInstanceCount": "1",
"licenseType": "PAY_AS_YOU_GO",
"bundle": "PAN_VM_300_BUNDLE_2",
"version": "9.1.3",
"tunnelProtocol": "IPSEC",
"type": "VM-300",
"credentialId": "871e234c-050d-4815-8432-76b70884a1ea",
"globalProtectEnabled": false,
"instances": [
{
"name": "PAN-US-instance-1",
"credentialId": "3ab9f3ac-6e22-4d3c-8a37-9c8dad469ee5"
}
],
"size": "LARGE",
"billingTags": [
"333"
]
}

92
push.py
View File

@ -3,6 +3,7 @@
# Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira. # Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira.
# push.py # push.py
# Version 0.1 - 20220617 - initial release # Version 0.1 - 20220617 - initial release
# Version 0.2 - 20220620 - added collection of credentialId
# #
# Permission to use, copy, modify, and distribute this software for any # Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above # purpose with or without fee is hereby granted, provided that the above
@ -101,6 +102,14 @@ service_instance_credentials = {
"ftntfwservices": "ftntfw-" "ftntfwservices": "ftntfw-"
} }
# Credential Types
credential_types = {
"awsvpc": "",
"azurevnet": "",
"gcpvpc": "",
"ocivcn": "",
}
def alkira_login(): def alkira_login():
body = {'userName': ALKIRA_USERNAME, body = {'userName': ALKIRA_USERNAME,
'password': ALKIRA_PASSWORD} 'password': ALKIRA_PASSWORD}
@ -170,10 +179,12 @@ def alkira_service(session, connector_name):
return service_credentialid, service_instance_credentialid return service_credentialid, service_instance_credentialid
# Authenticate # Authenticate
logging.info('=== Authenticating')
s = alkira_login() s = alkira_login()
logging.debug(s) logging.debug(s)
# Get TenantID # Get TenantID
logging.info('=== Fetching Tenant Info')
r = alkira_get(s, '/tenantnetworks') r = alkira_get(s, '/tenantnetworks')
data = r.json() data = r.json()
tenantNetworkId = data[0]['id'] tenantNetworkId = data[0]['id']
@ -181,14 +192,24 @@ tenantName = data[0]['name']
logging.info(f'Tenant Name: {tenantName}') logging.info(f'Tenant Name: {tenantName}')
logging.info(f'Tenant ID: {tenantNetworkId}') logging.info(f'Tenant ID: {tenantNetworkId}')
# Get Credentials
logging.info('=== Fetching Credentials')
r = alkira_get(s, '/credentials')
data = r.json()
logging.debug(json.dumps(data))
for key in data:
if key['credentialType'].lower() in credential_types:
logging.debug(f"CredentialType: {key['credentialType']} - CredentialId: {key['credentialId']}")
credential_types[key['credentialType'].lower()] = key['credentialId']
# Push connectors # Push connectors
logging.info('=== Push Connectors') logging.info('=== Push Connectors')
for connector in config.sections(): for connector in config.sections():
section = config[connector] section = config[connector]
connector_result = re.match(r'(\w+)(\d+)', connector) connector_result = re.match(r'(\w+)(connectors|services)(\d+)', connector)
connector_name = connector_result.group(1) connector_type = connector_result.group(1)
connector_number = connector_result.group(2) connector_name = f'{connector_type}{connector_result.group(2)}'
connector_number = connector_result.group(3)
logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt') logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt')
config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt') config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt')
@ -199,58 +220,52 @@ for connector in config.sections():
with open (config_path, 'r') as f: with open (config_path, 'r') as f:
body = json.load(f) body = json.load(f)
if 'connectors' in connector_name and connector_type in credential_types and credential_types[connector_type]:
if 'credentialId' in body:
logging.debug(f"JSON credentialid: {body['credentialId']}")
logging.debug(f'API credentialid: {credential_types[connector_type]}')
body['credentialId'] = credential_types[connector_type]
if 'cxp' in body: if 'cxp' in body:
cxp = body['cxp'] logging.debug(f"JSON cxp: {body['cxp']}")
logging.debug(f'JSON cxp: {cxp}')
if 'cxp' in section: if 'cxp' in section:
cxp = section['cxp'] logging.debug(f"CONFIG cxp: {section['cxp']}")
logging.debug(f'CONFIG cxp: {cxp}') body['cxp'] = section['cxp']
body['cxp'] = cxp
if 'segments' in body: if 'segments' in body:
segments = body['segments'][0] logging.debug(f"JSON segments: {body['segments'][0]}")
logging.debug(f'JSON segments: {segments}')
if 'segments' in section: if 'segments' in section:
segments = section['segments'] logging.debug(f"CONFIG segments: {section['segments']}")
logging.debug(f'CONFIG segments: {segments}') body['segments'][0] = section['segments']
body['segments'][0] = segments
if 'group' in body: if 'group' in body:
group = body['group'] logging.debug(f"JSON group: {body['group']}")
logging.debug(f'JSON group: {group}') if 'group' in section:
if 'group' in section: logging.debug(f"CONFIG group: {section['group']}")
group = section['group'] body['group'] = section['group']
logging.debug(f'CONFIG group: {group}')
body['group'] = group
if 'billingTags' in body: if 'billingTags' in body:
billingtags = body['billingTags'][0] logging.debug(f"JSON billingtags: {body['billingTags'][0]}")
logging.debug(f'JSON billingtags: {billingtags}')
if 'billingtags' in section: if 'billingtags' in section:
billingtags = section['billingtags'] logging.debug(f"CONFIG billingtags: {section['billingtags']}")
logging.debug(f'CONFIG billingtags: {billingtags}') body['billingTags'][0] = section['billingtags']
body['billingTags'][0] = billingtags
if 'size' in body: if 'size' in body:
size = body['size'] logging.debug(f"JSON size: {body['size']}")
logging.debug(f'JSON size: {size}')
if 'size' in section: if 'size' in section:
size = section['size'] logging.debug(f"CONFIG size: {section['size']}")
logging.debug(f'CONFIG size: {size}') body['size'] = section['size']
body['size'] = size
if 'credentialId' in body and 'service_credentialid' in locals(): if 'credentialId' in body and 'service_credentialid' in locals():
logging.debug(f'Set credentialId: {service_credentialid}') logging.debug(f'API credentialid: {service_credentialid}')
body['credentialId'] = service_credentialid body['credentialId'] = service_credentialid
if 'instances' in body: if 'instances' in body and'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals():
if 'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals(): logging.debug(f'API instance credentialid: {service_instance_credentialid}')
logging.debug(f'Set instance credentialId: {service_instance_credentialid}') body['instances'][0]['credentialId'] = service_instance_credentialid
body['instances'][0]['credentialId'] = service_instance_credentialid
print(json.dumps(body))
logging.debug(json.dumps(body)) logging.debug(json.dumps(body))
logging.info(f'=== Pushing {connector_name} to {cxp} (size: {size}; segment: {segments})') logging.info(f"=== Pushing {body['name'][:30]} ({connector_name}) to {body['cxp']} (size: {body['size']}; segment: {body['segments'][0]})")
logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}') logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}')
if connector_name in url_exceptions.keys(): if connector_name in url_exceptions.keys():
connector_name = url_exceptions[connector_name] connector_name = url_exceptions[connector_name]
@ -258,6 +273,3 @@ for connector in config.sections():
r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body) r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body)
logging.info(r.status_code) logging.info(r.status_code)
logging.debug(r.content) logging.debug(r.content)