High5! Code

Blob

Date:: Fri Jul 8 20:16:16 2022 UTC
Message:: added other FW exceptions to push-json.py, made panfwservices1.txt working (again)
Actions:: History | Blame | Raw File
1 #!/usr/bin/env python3
2 #
3 # Copyright 2022, Mischa Peters <mischa AT alkira DOT net>, Alkira.
4 # push-debug.py
5 # Version 0.1 - 20220617 - initial release
6 # Version 0.2 - 20220621 - simplified structure, generic
7 #
8 # Permission to use, copy, modify, and distribute this software for any
9 # purpose with or without fee is hereby granted, provided that the above
10 # copyright notice and this permission notice appear in all copies.
11 #
12 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #
20 import os
21 import sys
22 import re
23 import json
24 import time
25 import logging
26 import requests
27 import configparser
28 import argparse
29 
30 # Parse all arguments
31 parser = argparse.ArgumentParser(description="Push single JSON file to AlkiraAPI (debug)")
32 parser.add_argument("-t", "--tenant", type=str, default='alkira.cnf', help="location of alikira.cnf (default: alkira.cnfi)")
33 parser.add_argument("-f", "--file", type=str, help="location of the JSON connector file")
34 parser.add_argument("-p", "--pretty", help="make the JSON pretty!", action="store_true")
35 parser.add_argument("-v", "--verbose", type=int, default=0, help="Verbose level 0 or 1 (default: 0)")
36 
37 if len(sys.argv)==1:
38     parser.print_help(sys.stderr)
39     sys.exit(1)
40 
41 try:
42 	args = parser.parse_args()
43 	ALKIRA_CONFIG = args.tenant
44 	connector = args.file
45 except argparse.ArgumentError as e:
46 	print(str(e))
47 	sys.exit()
48 
49 try:
50 	loglevel = {
51 		0: logging.INFO,
52 		1: logging.DEBUG
53 	}[args.verbose]
54 except KeyError:
55 	loglevel = logging.INFO
56 
57 ###############################################
58 
59 # Set loglevel (logging.INFO, logging.DEBUG)
60 logging.basicConfig(level=loglevel)
61 logging = logging.getLogger('AlkiraAPI')
62 
63 # Tenant config
64 if not os.path.isfile(ALKIRA_CONFIG):
65         logging.error(f"The config file {ALKIRA_CONFIG} doesn't exist")
66         sys.exit(1)
67 alkira = configparser.RawConfigParser()
68 alkira.read(ALKIRA_CONFIG)
69 
70 ALKIRA_TENANT = alkira.get('alkira', 'ALKIRA_TENANT')
71 ALKIRA_USERNAME = alkira.get('alkira', 'ALKIRA_USERNAME')
72 ALKIRA_PASSWORD = alkira.get('alkira', 'ALKIRA_PASSWORD')
73 ALKIRA_BASE_URI = f'https://{ALKIRA_TENANT}/api'
74 AWS_SERVICE_USERNAME = alkira.get('services', 'AWS_SERVICE_USERNAME')
75 SERVICE_PASSWORD = alkira.get('services', 'SERVICE_PASSWORD')
76 CIDR_NAME = alkira.get('globalcidr', 'CIDR_NAME')
77 CIDR_DESCR = alkira.get('globalcidr', 'CIDR_DESCR')
78 CIDR_PREFIX = alkira.get('globalcidr', 'CIDR_PREFIX')
79 CIDR_CXP = alkira.get('globalcidr', 'CIDR_CXP')
80 
81 ###############################################
82 
83 # Set default headers
84 headers = {'Content-Type': "application/json"}
85 
86 # URL Exceptions
87 url_exceptions = {
88 	"saas": "internet",
89 	"pan": "panfw",
90 	"chkpfwservices": "chkp-fw-services",
91 	"ftntfwservices": "ftnt-fw-services",
92 	"ocivcnconnectors": "oci-vcn-connectors",
93 	"remoteaccessconnectors": "alkira-remote-access-connector-templates"
94 	}
95 
96 # URL Exceptions creating credentials
97 service_credentials = {
98 	"chkpfwservices": "chkp-fw",
99 	"ftntfwservices": "ftntfw",
100 	"panfwservices": "pan"
101 	}
102 
103 # URL Exceptions creating instance credentials
104 service_instance_credentials = {
105 	"chkpfwservices": "chkp-fw-",
106 	"ftntfwservices": "ftntfw-"
107 	}
108 
109 # Global CIDR
110 service_global_cidr = [
111 	"chkpfwservices",
112 	"ftntfwservices",
113 	"panfwservices"
114 	]
115 
116 # Credential Types
117 credential_types = {
118 	"awsvpc": "",
119 	"azurevnet": "",
120 	"gcpvpc": "",
121 	"ocivcn": "",
122 	}
123 
124 # Authenticate
125 logging.info('=== Authenticating')
126 body = {'userName': ALKIRA_USERNAME,
127 	'password': ALKIRA_PASSWORD}
128 url = f'{ALKIRA_BASE_URI}/login'
129 session = requests.session()
130 response = session.post(url, data=json.dumps(body), headers=headers)
131 
132 # Get TenantID
133 logging.info('=== Fetching Tenant Info')
134 url = f'{ALKIRA_BASE_URI}/tenantnetworks'
135 response = session.get(url, headers=headers)
136 data = response.json()
137 tenantNetworkId = data[0]['id']
138 tenantName = data[0]['name']
139 logging.info(f'Tenant Name: {tenantName}')
140 logging.info(f'Tenant ID: {tenantNetworkId}')
141 
142 # Get Credentials
143 logging.info('=== Fetching Credentials')
144 url = f'{ALKIRA_BASE_URI}/credentials'
145 response = session.get(url, headers=headers)
146 data = response.json()
147 logging.debug(json.dumps(data))
148 for key in data:
149         if key['credentialType'].lower() in credential_types:
150                 logging.debug(f"CredentialType: {key['credentialType']} - CredentialId: {key['credentialId']}")
151                 credential_types[key['credentialType'].lower()] = key['credentialId']
152 
153 # Push connector
154 logging.info('=== Push Connector')
155 connector_result = re.match(r'(\w+\/)?(\w+)(connectors|services)(\d+)', connector)
156 if connector_result.group(1):
157 	config_path = connector_result.group(1)
158 connector_type = connector_result.group(2)
159 connector_name = f'{connector_type}{connector_result.group(3)}'
160 connector_number = connector_result.group(4)
161 logging.info(f'Name: {connector_name} #{connector_number}')
162 
163 if connector_name in service_credentials.keys():
164 	print('=== Create Credentials')
165 	credentials_url = service_credentials[connector_name]
166 	fwcredential = f'fwcredentials-{time.time()}'
167 	body = {
168 		"credentials": {
169 			"userName": AWS_SERVICE_USERNAME,
170 			"password": SERVICE_PASSWORD
171 		},
172 		"name": fwcredential
173 	}
174 	if args.pretty:
175 		print(json.dumps(body, indent=4))
176 	else:
177 		print(json.dumps(body))
178 
179 	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}'
180 	print(url)
181 	response = session.post(url, data=json.dumps(body), headers=headers)
182 	print(response.status_code)
183 	print(response.content)
184 	json_body = response.json()
185 	if response.status_code == 200:
186 		service_credentialid = json_body['id']
187 		print(f'credentialId: {service_credentialid}')
188 
189 	if connector_name in service_instance_credentials.keys():
190 		credentials_url = service_instance_credentials[connector_name]
191 
192 	print('=== Create Instance Credentials')
193 	url = f'{ALKIRA_BASE_URI}/credentials/{credentials_url}instance'
194 	print(url)
195 	response = session.post(url, data=json.dumps(body), headers=headers)
196 	print(response.status_code)
197 	print(response.content)
198 	json_body = response.json()
199 	if response.status_code == 200:
200 		service_instance_credentialid = json_body['id']
201 		print(f'instance credentialId: {service_instance_credentialid}')
202 
203 if connector_name in service_global_cidr:
204 	print('=== Create Global CIDR')
205 	body = {
206 		"name": CIDR_NAME,
207 		"description": CIDR_DESCR,
208 		"values": [
209 			CIDR_PREFIX
210 		],
211 		"cxp": CIDR_CXP
212 	}
213 	if args.pretty:
214 		print(json.dumps(body, indent=4))
215 	else:
216 		print(json.dumps(body))
217 
218 	url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/global-cidr-lists'
219 	print(url)
220 	response = session.post(url, data=json.dumps(body), headers=headers)
221 	print(response.status_code)
222 	print(response.content)
223 	json_body = response.json()
224 	if response.status_code == 201:
225 		global_cidr_id = json_body['id']
226 		print(f'global cidr id: {global_cidr_id}')
227 
228 with open (connector, 'r') as f:
229 	body = json.load(f)
230 
231 if 'connectors' in connector_name and connector_type in credential_types and credential_types[connector_type]:
232 	if 'credentialId' in body:
233 		logging.debug(f"JSON credentialid: {body['credentialId']}")
234 		logging.debug(f'API credentialid: {credential_types[connector_type]}')
235 		body['credentialId'] = credential_types[connector_type]
236 
237 if 'services' in connector_name and 'credentialId' in body:
238 	body['credentialId'] = service_credentialid
239 	print(f'JSON credentialId: {service_credentialid}')
240 
241 if 'services' in connector_name and 'instances' in body:
242 	body['instances'][0]['credentialId'] = service_instance_credentialid
243 	print(f'JSON credentialId: {service_instance_credentialid}')
244 
245 if 'services' in connector_name and 'managementServer' in body:
246 	body['managementServer']['globalCidrListId'] = global_cidr_id
247 	print(f'JSON globalCidrListId: {global_cidr_id}')
248 
249 if args.pretty:
250 	print(json.dumps(body, indent=4))
251 else:
252 	print(json.dumps(body))
253 
254 if connector_name in url_exceptions.keys():
255 	connector_name = url_exceptions[connector_name]
256 
257 print(f'=== Create {connector_name}')
258 url = f'{ALKIRA_BASE_URI}/tenantnetworks/{tenantNetworkId}/{connector_name}'
259 response = session.post(url, data=json.dumps(body), headers=headers)
260 print(response.status_code)
261 print(response.content)