fetching credentials
This commit is contained in:
parent
2bcb69b951
commit
e6a37a113c
14
clean.py
14
clean.py
@ -118,10 +118,12 @@ def alkira_delete(session, uri):
|
|||||||
return response
|
return response
|
||||||
|
|
||||||
# Authenticate
|
# Authenticate
|
||||||
|
logging.info('=== Authenticating')
|
||||||
s = alkira_login()
|
s = alkira_login()
|
||||||
logging.debug(s)
|
logging.debug(s)
|
||||||
|
|
||||||
# Get TenantID
|
# Get TenantID
|
||||||
|
logging.info('=== Fetching Credentials')
|
||||||
r = alkira_get(s, '/tenantnetworks')
|
r = alkira_get(s, '/tenantnetworks')
|
||||||
data = r.json()
|
data = r.json()
|
||||||
tenantNetworkId = data[0]['id']
|
tenantNetworkId = data[0]['id']
|
||||||
@ -130,7 +132,7 @@ logging.info(f'Tenant Name: {tenantName}')
|
|||||||
logging.info(f'Tenant ID: {tenantNetworkId}')
|
logging.info(f'Tenant ID: {tenantNetworkId}')
|
||||||
|
|
||||||
# Clean connectors
|
# Clean connectors
|
||||||
logging.info('Checking Connectors')
|
logging.info('=== Checking Connectors')
|
||||||
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors')
|
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/connectors')
|
||||||
data = r.json()
|
data = r.json()
|
||||||
if args.pretty:
|
if args.pretty:
|
||||||
@ -145,12 +147,12 @@ for item in data:
|
|||||||
if type in url_exceptions.keys():
|
if type in url_exceptions.keys():
|
||||||
type = url_exceptions[type]
|
type = url_exceptions[type]
|
||||||
logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
|
logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
|
||||||
logging.info(f'Removing {name} ({type})')
|
logging.info(f'=== Removing {name} ({type})')
|
||||||
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
|
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}connectors/{connectorId}')
|
||||||
logging.info(r.status_code)
|
logging.info(r.status_code)
|
||||||
|
|
||||||
# Clean services
|
# Clean services
|
||||||
logging.info('Checking services')
|
logging.info('=== Checking services')
|
||||||
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/services')
|
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/services')
|
||||||
data = r.json()
|
data = r.json()
|
||||||
if args.pretty:
|
if args.pretty:
|
||||||
@ -165,12 +167,12 @@ for item in data:
|
|||||||
if type in url_exceptions.keys():
|
if type in url_exceptions.keys():
|
||||||
type = url_exceptions[type]
|
type = url_exceptions[type]
|
||||||
logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
|
logging.debug(f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
|
||||||
logging.info(f'Removing {name} ({type})')
|
logging.info(f'=== Removing {name} ({type})')
|
||||||
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
|
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/{type}services/{serviceId}')
|
||||||
logging.info(r.status_code)
|
logging.info(r.status_code)
|
||||||
|
|
||||||
# Clean Global CIDR
|
# Clean Global CIDR
|
||||||
logging.info('Checking Global CIDR')
|
logging.info('=== Checking Global CIDR')
|
||||||
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists')
|
r = alkira_get(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists')
|
||||||
data = r.json()
|
data = r.json()
|
||||||
if args.pretty:
|
if args.pretty:
|
||||||
@ -182,7 +184,7 @@ for item in data:
|
|||||||
name = item.get('name')
|
name = item.get('name')
|
||||||
GlobalCidrListId = item.get('id')
|
GlobalCidrListId = item.get('id')
|
||||||
logging.debug(f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}')
|
logging.debug(f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}')
|
||||||
logging.info(f'Removing {name} ({type})')
|
logging.info(f'=== Removing {name} ({type})')
|
||||||
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}')
|
r = alkira_delete(s, f'/tenantnetworks/{tenantNetworkId}/global-cidr-lists/{GlobalCidrListId}')
|
||||||
logging.info(r.status_code)
|
logging.info(r.status_code)
|
||||||
|
|
||||||
|
@ -134,9 +134,12 @@ group = Users
|
|||||||
billingtags = 333
|
billingtags = 333
|
||||||
size = MEDIUM
|
size = MEDIUM
|
||||||
|
|
||||||
[ocivcnconnectoris2]
|
[ocivcnconnectors2]
|
||||||
cxp = GERMANYWESTCENTRAL-AZURE-1
|
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||||
segments = Prod
|
segments = Prod
|
||||||
group = Development
|
group = Development
|
||||||
billingtags = 343
|
billingtags = 343
|
||||||
size = MEDIUM
|
size = MEDIUM
|
||||||
|
|
||||||
|
[ftntfwservices1.txt]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
@ -95,3 +95,6 @@ segments = Corporate
|
|||||||
group = Users
|
group = Users
|
||||||
billingtags = 333
|
billingtags = 333
|
||||||
size = MEDIUM
|
size = MEDIUM
|
||||||
|
|
||||||
|
[ftntfwservices1.txt]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
0
config/empty.cnf
Normal file
0
config/empty.cnf
Normal file
44
config/minimal.cnf
Normal file
44
config/minimal.cnf
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
[ipsecconnectors1]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
segments = Corporate
|
||||||
|
group = Users
|
||||||
|
billingtags = 333
|
||||||
|
size = MEDIUM
|
||||||
|
|
||||||
|
[internetconnectors1]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
segments = Corporate
|
||||||
|
group = Users
|
||||||
|
billingtags = 333
|
||||||
|
size = MEDIUM
|
||||||
|
|
||||||
|
[awsvpcconnectors1]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
segments = Prod
|
||||||
|
group = Development
|
||||||
|
billingtags = 343
|
||||||
|
size = LARGE
|
||||||
|
|
||||||
|
[azurevnetconnectors1]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
segments = Corporate
|
||||||
|
group = Users
|
||||||
|
billingtags = 343
|
||||||
|
size = MEDIUM
|
||||||
|
|
||||||
|
[gcpvpcconnectors1]
|
||||||
|
cxp = US-EAST-2
|
||||||
|
segments = Prod
|
||||||
|
group = Development
|
||||||
|
billingtags = 343
|
||||||
|
size = LARGE
|
||||||
|
|
||||||
|
[ocivcnconnectors1]
|
||||||
|
cxp = GERMANYWESTCENTRAL-AZURE-1
|
||||||
|
segments = Corporate
|
||||||
|
group = Users
|
||||||
|
billingtags = 333
|
||||||
|
size = MEDIUM
|
||||||
|
|
||||||
|
[ftntfwservices1.txt]
|
||||||
|
cxp = US-EAST-2
|
30
config/panfwservices1.txt-old
Normal file
30
config/panfwservices1.txt-old
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
{
|
||||||
|
"name": "PAN-US",
|
||||||
|
"cxp": "US-EAST-2",
|
||||||
|
"segments": [
|
||||||
|
"1636",
|
||||||
|
"1673",
|
||||||
|
"1638"
|
||||||
|
],
|
||||||
|
"panoramaEnabled": false,
|
||||||
|
"managementSegment": "Corporate",
|
||||||
|
"maxInstanceCount": "1",
|
||||||
|
"minInstanceCount": "1",
|
||||||
|
"licenseType": "PAY_AS_YOU_GO",
|
||||||
|
"bundle": "PAN_VM_300_BUNDLE_2",
|
||||||
|
"version": "9.1.3",
|
||||||
|
"tunnelProtocol": "IPSEC",
|
||||||
|
"type": "VM-300",
|
||||||
|
"credentialId": "871e234c-050d-4815-8432-76b70884a1ea",
|
||||||
|
"globalProtectEnabled": false,
|
||||||
|
"instances": [
|
||||||
|
{
|
||||||
|
"name": "PAN-US-instance-1",
|
||||||
|
"credentialId": "3ab9f3ac-6e22-4d3c-8a37-9c8dad469ee5"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"size": "LARGE",
|
||||||
|
"billingTags": [
|
||||||
|
"333"
|
||||||
|
]
|
||||||
|
}
|
92
push.py
92
push.py
@ -3,6 +3,7 @@
|
|||||||
# Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira.
|
# Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira.
|
||||||
# push.py
|
# push.py
|
||||||
# Version 0.1 - 20220617 - initial release
|
# Version 0.1 - 20220617 - initial release
|
||||||
|
# Version 0.2 - 20220620 - added collection of credentialId
|
||||||
#
|
#
|
||||||
# Permission to use, copy, modify, and distribute this software for any
|
# Permission to use, copy, modify, and distribute this software for any
|
||||||
# purpose with or without fee is hereby granted, provided that the above
|
# purpose with or without fee is hereby granted, provided that the above
|
||||||
@ -101,6 +102,14 @@ service_instance_credentials = {
|
|||||||
"ftntfwservices": "ftntfw-"
|
"ftntfwservices": "ftntfw-"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Credential Types
|
||||||
|
credential_types = {
|
||||||
|
"awsvpc": "",
|
||||||
|
"azurevnet": "",
|
||||||
|
"gcpvpc": "",
|
||||||
|
"ocivcn": "",
|
||||||
|
}
|
||||||
|
|
||||||
def alkira_login():
|
def alkira_login():
|
||||||
body = {'userName': ALKIRA_USERNAME,
|
body = {'userName': ALKIRA_USERNAME,
|
||||||
'password': ALKIRA_PASSWORD}
|
'password': ALKIRA_PASSWORD}
|
||||||
@ -170,10 +179,12 @@ def alkira_service(session, connector_name):
|
|||||||
return service_credentialid, service_instance_credentialid
|
return service_credentialid, service_instance_credentialid
|
||||||
|
|
||||||
# Authenticate
|
# Authenticate
|
||||||
|
logging.info('=== Authenticating')
|
||||||
s = alkira_login()
|
s = alkira_login()
|
||||||
logging.debug(s)
|
logging.debug(s)
|
||||||
|
|
||||||
# Get TenantID
|
# Get TenantID
|
||||||
|
logging.info('=== Fetching Tenant Info')
|
||||||
r = alkira_get(s, '/tenantnetworks')
|
r = alkira_get(s, '/tenantnetworks')
|
||||||
data = r.json()
|
data = r.json()
|
||||||
tenantNetworkId = data[0]['id']
|
tenantNetworkId = data[0]['id']
|
||||||
@ -181,14 +192,24 @@ tenantName = data[0]['name']
|
|||||||
logging.info(f'Tenant Name: {tenantName}')
|
logging.info(f'Tenant Name: {tenantName}')
|
||||||
logging.info(f'Tenant ID: {tenantNetworkId}')
|
logging.info(f'Tenant ID: {tenantNetworkId}')
|
||||||
|
|
||||||
|
# Get Credentials
|
||||||
|
logging.info('=== Fetching Credentials')
|
||||||
|
r = alkira_get(s, '/credentials')
|
||||||
|
data = r.json()
|
||||||
|
logging.debug(json.dumps(data))
|
||||||
|
for key in data:
|
||||||
|
if key['credentialType'].lower() in credential_types:
|
||||||
|
logging.debug(f"CredentialType: {key['credentialType']} - CredentialId: {key['credentialId']}")
|
||||||
|
credential_types[key['credentialType'].lower()] = key['credentialId']
|
||||||
|
|
||||||
# Push connectors
|
# Push connectors
|
||||||
logging.info('=== Push Connectors')
|
logging.info('=== Push Connectors')
|
||||||
|
|
||||||
for connector in config.sections():
|
for connector in config.sections():
|
||||||
section = config[connector]
|
section = config[connector]
|
||||||
connector_result = re.match(r'(\w+)(\d+)', connector)
|
connector_result = re.match(r'(\w+)(connectors|services)(\d+)', connector)
|
||||||
connector_name = connector_result.group(1)
|
connector_type = connector_result.group(1)
|
||||||
connector_number = connector_result.group(2)
|
connector_name = f'{connector_type}{connector_result.group(2)}'
|
||||||
|
connector_number = connector_result.group(3)
|
||||||
logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt')
|
logging.debug(f'{connector_folder}/{connector_name}{connector_number}.txt')
|
||||||
config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt')
|
config_path = (f'{connector_folder}/{connector_name}{connector_number}.txt')
|
||||||
|
|
||||||
@ -199,58 +220,52 @@ for connector in config.sections():
|
|||||||
with open (config_path, 'r') as f:
|
with open (config_path, 'r') as f:
|
||||||
body = json.load(f)
|
body = json.load(f)
|
||||||
|
|
||||||
|
if 'connectors' in connector_name and connector_type in credential_types and credential_types[connector_type]:
|
||||||
|
if 'credentialId' in body:
|
||||||
|
logging.debug(f"JSON credentialid: {body['credentialId']}")
|
||||||
|
logging.debug(f'API credentialid: {credential_types[connector_type]}')
|
||||||
|
body['credentialId'] = credential_types[connector_type]
|
||||||
|
|
||||||
if 'cxp' in body:
|
if 'cxp' in body:
|
||||||
cxp = body['cxp']
|
logging.debug(f"JSON cxp: {body['cxp']}")
|
||||||
logging.debug(f'JSON cxp: {cxp}')
|
|
||||||
if 'cxp' in section:
|
if 'cxp' in section:
|
||||||
cxp = section['cxp']
|
logging.debug(f"CONFIG cxp: {section['cxp']}")
|
||||||
logging.debug(f'CONFIG cxp: {cxp}')
|
body['cxp'] = section['cxp']
|
||||||
body['cxp'] = cxp
|
|
||||||
|
|
||||||
if 'segments' in body:
|
if 'segments' in body:
|
||||||
segments = body['segments'][0]
|
logging.debug(f"JSON segments: {body['segments'][0]}")
|
||||||
logging.debug(f'JSON segments: {segments}')
|
|
||||||
if 'segments' in section:
|
if 'segments' in section:
|
||||||
segments = section['segments']
|
logging.debug(f"CONFIG segments: {section['segments']}")
|
||||||
logging.debug(f'CONFIG segments: {segments}')
|
body['segments'][0] = section['segments']
|
||||||
body['segments'][0] = segments
|
|
||||||
|
|
||||||
if 'group' in body:
|
if 'group' in body:
|
||||||
group = body['group']
|
logging.debug(f"JSON group: {body['group']}")
|
||||||
logging.debug(f'JSON group: {group}')
|
if 'group' in section:
|
||||||
if 'group' in section:
|
logging.debug(f"CONFIG group: {section['group']}")
|
||||||
group = section['group']
|
body['group'] = section['group']
|
||||||
logging.debug(f'CONFIG group: {group}')
|
|
||||||
body['group'] = group
|
|
||||||
|
|
||||||
if 'billingTags' in body:
|
if 'billingTags' in body:
|
||||||
billingtags = body['billingTags'][0]
|
logging.debug(f"JSON billingtags: {body['billingTags'][0]}")
|
||||||
logging.debug(f'JSON billingtags: {billingtags}')
|
|
||||||
if 'billingtags' in section:
|
if 'billingtags' in section:
|
||||||
billingtags = section['billingtags']
|
logging.debug(f"CONFIG billingtags: {section['billingtags']}")
|
||||||
logging.debug(f'CONFIG billingtags: {billingtags}')
|
body['billingTags'][0] = section['billingtags']
|
||||||
body['billingTags'][0] = billingtags
|
|
||||||
|
|
||||||
if 'size' in body:
|
if 'size' in body:
|
||||||
size = body['size']
|
logging.debug(f"JSON size: {body['size']}")
|
||||||
logging.debug(f'JSON size: {size}')
|
|
||||||
if 'size' in section:
|
if 'size' in section:
|
||||||
size = section['size']
|
logging.debug(f"CONFIG size: {section['size']}")
|
||||||
logging.debug(f'CONFIG size: {size}')
|
body['size'] = section['size']
|
||||||
body['size'] = size
|
|
||||||
|
|
||||||
if 'credentialId' in body and 'service_credentialid' in locals():
|
if 'credentialId' in body and 'service_credentialid' in locals():
|
||||||
logging.debug(f'Set credentialId: {service_credentialid}')
|
logging.debug(f'API credentialid: {service_credentialid}')
|
||||||
body['credentialId'] = service_credentialid
|
body['credentialId'] = service_credentialid
|
||||||
|
|
||||||
if 'instances' in body:
|
if 'instances' in body and'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals():
|
||||||
if 'credentialId' in body['instances'][0] and 'service_instance_credentialid' in locals():
|
logging.debug(f'API instance credentialid: {service_instance_credentialid}')
|
||||||
logging.debug(f'Set instance credentialId: {service_instance_credentialid}')
|
body['instances'][0]['credentialId'] = service_instance_credentialid
|
||||||
body['instances'][0]['credentialId'] = service_instance_credentialid
|
|
||||||
|
|
||||||
print(json.dumps(body))
|
|
||||||
logging.debug(json.dumps(body))
|
logging.debug(json.dumps(body))
|
||||||
logging.info(f'=== Pushing {connector_name} to {cxp} (size: {size}; segment: {segments})')
|
logging.info(f"=== Pushing {body['name'][:30]} ({connector_name}) to {body['cxp']} (size: {body['size']}; segment: {body['segments'][0]})")
|
||||||
logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}')
|
logging.debug(f'CONNECTOR BEFORE AGAIN: {connector_name}')
|
||||||
if connector_name in url_exceptions.keys():
|
if connector_name in url_exceptions.keys():
|
||||||
connector_name = url_exceptions[connector_name]
|
connector_name = url_exceptions[connector_name]
|
||||||
@ -258,6 +273,3 @@ for connector in config.sections():
|
|||||||
r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body)
|
r = alkira_post(s, f'/tenantnetworks/{tenantNetworkId}/{connector_name}', body)
|
||||||
logging.info(r.status_code)
|
logging.info(r.status_code)
|
||||||
logging.debug(r.content)
|
logging.debug(r.content)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user