class TestDomains(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_domains(self):
self.mock_get_uri.return_value.content = fake_request_response(
"domains")
domains = self.helper.get_domains()
self.assertIsInstance(domains, Domains)
@patch('pytos.securetrack.helpers.Domain.from_xml_string')
def test_02_get_domain_by_id(self, mock_domain):
mock_domain.return_value = Domain(1, 'default')
with patch(
'pytos.common.rest_requests.requests.Request') as mock_get_uri:
self.helper.get_domain_by_id(1)
mock_get_uri.assert_called_with(
'GET',
'https://localhost/securetrack/api/domains/1',
auth=('username', 'password'),
headers={},
params=None)
def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
class TestTopology(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_03_get_topology_interfaces(self):
self.mock_get_uri.return_value.content = fake_request_response(
"interfaces")
topology_interfaces_list = self.helper.get_topology_interfaces(173)
self.assertIsInstance(topology_interfaces_list,
Topology_Interfaces_List)
def test_03_failed_to_get_topology_interfaces(self):
self.mock_get_uri.return_value.content = fake_request_response(
"bad_request_error")
self.mock_get_uri.return_value.status_code = 400
with self.assertRaises(REST_Bad_Request_Error):
self.helper.get_topology_interfaces(173)
class TestServices(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_services_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"services")
services = self.helper.get_services_for_device(158)
self.assertIsInstance(services, Services_List)
def test_02_get_service_for_device_by_name(self):
self.mock_get_uri.return_value.content = fake_request_response(
"services")
with patch(
'pytos.common.rest_requests.requests.Request') as mock_get_uri:
service = self.helper.get_service_for_device_by_name(
158, 'service1')
mock_get_uri.assert_called_with(
'GET',
'https://localhost/securetrack/api/devices/158/services?name=service1',
auth=('username', 'password'),
headers={},
params=None)
def test_03_get_service_by_device_and_object_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"services")
with patch(
'pytos.common.rest_requests.requests.Request') as mock_get_uri:
service = self.helper.get_service_by_device_and_object_id(
158, 17973529)
mock_get_uri.assert_called_with(
'GET',
'https://localhost/securetrack/api/devices/158/services/17973529',
auth=('username', 'password'),
headers={},
params=None)
def test_04_get_member_services_for_group_service(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects")
g_network_object = self.helper.get_network_objects_for_device(158)[-1]
self.mock_get_uri.return_value.content = fake_request_response(
"services")
members = self.helper.get_member_network_objects_for_group_network_object(
g_network_object, 158)
self.assertIsInstance(members, list)
class TestGeneralSettings(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("localhost", ("username", "password"))
self.patcher = patch('pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_03_get_change_authorization_status(self):
self.mock_get_uri.return_value.content = fake_request_response("revisions")
revisions = self.helper.get_device_revisions_by_id(device_id=158)
self.assertIsInstance(revisions, Device_Revisions_List)
class TestNetworkObjects(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_network_objects_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects")
network_objects = self.helper.get_network_objects_for_device(158)
self.assertIsInstance(network_objects, Network_Objects_List)
def test_02_network_object_text_search(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects")
with patch(
'pytos.common.rest_requests.requests.Request') as mock_get_uri:
network_objects = self.helper.network_object_text_search(
"192.168", "any_field")
mock_get_uri.assert_called_with(
'GET',
'https://localhost/securetrack/api/network_objects/search?filter=text&any_field=192.168',
auth=('username', 'password'),
headers={},
params=None)
self.assertIsInstance(network_objects, Network_Objects_List)
def test_03_network_object_subnet_search(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects")
with patch(
'pytos.common.rest_requests.requests.Request') as mock_get_uri:
network_objects = self.helper.network_object_subnet_search(
"192.168.0.0", "contained_in")
mock_get_uri.assert_called_with(
'GET',
'https://localhost/securetrack/api/network_objects/search?filter=subnet&contained_in=192.168.0.0',
auth=('username', 'password'),
headers={},
params=None)
# def test_04_get_network_objects(self):
# network_objects = self.helper.get_network_objects()
# self.assertIsInstance(network_objects, dict)
# self.assertTrue(len(network_objects) > 0)
#
def test_04_get_network_object_by_device_and_object_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects")
with patch(
'pytos.common.rest_requests.requests.Request') as mock_get_uri:
network_object = self.helper.get_network_object_by_device_and_object_id(
158, 3418214)
mock_get_uri.assert_called_with(
'GET',
'https://localhost/securetrack/api/devices/158/network_objects/3418214',
auth=('username', 'password'),
headers={},
params=None)
def test_05_get_member_network_objects_for_group_network_object(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects")
g_network_object = self.helper.get_network_objects_for_device(158)[-1]
members = self.helper.get_member_network_objects_for_group_network_object(
g_network_object, 158)
self.assertIsInstance(members, list)
class TestDevices(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("127.0.0.1",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_by_id")
device_by_id = self.helper.get_device_by_id(159)
self.assertIsInstance(device_by_id, Device)
def test_02_get_devices_list(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_list")
devices_list = self.helper.get_devices_list()
self.assertIsInstance(devices_list, Devices_List)
self.assertTrue(len(devices_list) == devices_list.count)
self.assertTrue(devices_list.count > 0)
def test_03_get_devices_list_with_custom_param(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_list")
devices_list = self.helper.get_devices_list(
custom_params={'vendor': 'cisco'})
self.assertIsInstance(devices_list, Devices_List)
self.assertEqual(len(devices_list), devices_list.count)
self.assertTrue(devices_list.count > 0)
def test_04_get_device_id_by_name(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_list")
device_id = self.helper.get_device_id_by_name(
device_name="Router 2801")
self.assertTrue(device_id, 155)
# assert invalid request - 2 devices with same name
with self.assertRaises(IndexError):
self.helper.get_device_id_by_name(device_name="ASA FireWall")
# assert invalid request - Non existing device
with self.assertRaises(ValueError):
self.helper.get_device_id_by_name(
device_name="NonExistingDeviceName")
def test_05_get_cleanups_for_device_by_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"cleanups_by_device_id")
cleanups = self.helper.get_cleanups_for_device_by_id(155)
self.assertIsInstance(cleanups, Generic_Cleanup_List)
self.assertTrue(len(cleanups) > 0)
def test_06_failed_to_get_cleanups_for_device_by_id(self):
self.mock_get_uri.return_value.status_code = 404
self.mock_get_uri.return_value.content = fake_request_response(
"no_found_error")
with self.assertRaises(ValueError):
self.helper.get_cleanups_for_device_by_id(5555)
def test_07_get_bindings_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_bindings")
binding = self.helper.get_bindings_for_device(155)
self.assertIsInstance(binding, Bindings_List)
self.assertTrue(len(binding) > 0)
def test_08_get_interfaces_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_interfaces")
interfaces = self.helper.get_interfaces_for_device(155)
self.assertIsInstance(interfaces, Interfaces_List)
self.assertTrue(len(interfaces) > 0)
def test_09_get_device_config(self):
self.assertEqual(self.helper.get_device_config_by_id(159), b'\x00')
def test_10_add_offline_device(self):
global added_offline_device_id
self.mock_get_uri.return_value.status_code = 201
self.mock_get_uri.return_value.headers = {'location': '1'}
added_offline_device_id = self.helper.add_offline_device(
"TEST_DEVICE_123", "Cisco", "router")
self.assertIsInstance(added_offline_device_id, int)
class TestZonesPoliciesAndRevisions(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_zones(self):
self.mock_get_uri.return_value.content = fake_request_response("zones")
zones = self.helper.get_zones()
self.assertIsInstance(zones, Zone_List)
def test_02_post_zone(self):
src_xml = fake_request_response("post_zone")
src_tree = lxml.etree.fromstring(src_xml)
src_b = io.BytesIO()
src_tree.getroottree().write_c14n(src_b)
comment = 'Name: {}, Created at: {}'.format("New Zone",
"2017-04-22 10:09:18")
zone_obj = Zone(None, "New Zone", comment)
dst_tree = lxml.etree.fromstring(zone_obj.to_xml_string())
dst_b = io.BytesIO()
dst_tree.getroottree().write_c14n(dst_b)
self.assertEqual(src_b.getvalue(), dst_b.getvalue())
def test_03_post_security_policy_matrix(self):
self.mock_get_uri.return_value.headers = {'location': '1'}
self.mock_get_uri.return_value.content = fake_request_response("zones")
security_policy_name = 'Some Policy Name'
security_policy = {
'internal': {
'external': {
'severity': 'critical',
'access_type': 'ignored',
'allowed_services': ''
}
},
'external': {
'internal': {
'severity': 'high',
'access_type': 'restricted',
'allowed_services': 'https;Other 53;AOL;udp 88'
}
},
'dmz': {
'internal': {
'severity': 'critical',
'access_type': 'blocked',
'allowed_services': ''
},
'dmz': {
'severity': 'low',
'access_type': 'ignored',
'allowed_services': ''
}
}
}
policy_id = self.helper.post_security_policy_matrix(
security_policy_name, security_policy)
self.assertEqual(policy_id, 1)
def test_04_post_zone_entry(self):
self.mock_get_uri.return_value.headers = {'location': '1'}
self.mock_get_uri.return_value.status_code = 201
zone_entry = Zone_Entry(1234, "Description", "1.1.1.1", 0,
'255.255.255.255', 36)
with patch('pytos.common.rest_requests.requests.Request'
) as mock_post_uri:
entry_id = self.helper.post_zone_entry(zone_entry.zoneId,
zone_entry)
self.assertEqual(entry_id, 1)
mock_post_uri.assert_called_with(
'POST',
'https://localhost/securetrack/api/zones/36/entries?context=1',
auth=('username', 'password'),
data=
'<zone_entry>\n <comment>Description</comment>\n <id>1234</id>\n <ip>1.1.1.1</ip>\n <netmask>255.255.255.255</netmask>\n <zoneId>36</zoneId>\n</zone_entry>',
headers={'Content-Type': 'application/xml'})
def test_05_delete_zone_entry(self):
with patch('pytos.common.rest_requests.requests.Request'
) as mock_post_uri:
result = self.helper.delete_zone_entry_by_zone_and_entry_id(1, 1)
self.assertTrue(result)
mock_post_uri.assert_called_with(
'DELETE',
'https://localhost/securetrack/api/zones/1/entries/1?context=1',
auth=('username', 'password'),
headers={'Content-Type': 'application/xml'})
def test_06_modify_zone_entry(self):
self.mock_get_uri.return_value.content = fake_request_response(
"zone_entries")
zone_entries = self.helper.get_entries_for_zone_id(13)
zone_entry = zone_entries[0]
zone_entry.comment = "Modified entry"
zone_entry.ip = '101.101.101.101'
zone_entry.negate = 0
zone_entry.netmask = '255.255.255.255'
with patch('pytos.common.rest_requests.requests.Request'
) as mock_post_uri:
result = self.helper.put_zone_entry(13, zone_entry)
self.assertTrue(result)
mock_post_uri.assert_called_with(
'PUT',
'https://localhost/securetrack/api/zones/13/entries/54?context=1',
auth=('username', 'password'),
data=
'<zone_entry>\n <comment>Modified entry</comment>\n <id>54</id>\n <ip>101.101.101.101</ip>\n <negate>0</negate>\n <netmask>255.255.255.255</netmask>\n <zoneId>13</zoneId>\n</zone_entry>',
headers={'Content-Type': 'application/xml'})
def test_07_get_zone_by_name(self):
self.mock_get_uri.return_value.content = fake_request_response("zones")
zone = self.helper.get_zone_by_name("dmz")
self.assertIsInstance(zone, Zone)
self.assertEqual(zone.name, "dmz")
def test_08_get_device_revisions_by_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"revisions")
revisions = self.helper.get_device_revisions_by_id(device_id=155)
self.assertIsInstance(revisions, Device_Revisions_List)
self.assertTrue(len(revisions) > 0)
def test_09_get_policy_analysis(self):
self.mock_get_uri.return_value.content = fake_request_response(
"policy_analysis_query_result")
policy_analysis = self.helper.get_policy_analysis(155)
self.assertIsInstance(policy_analysis, Policy_Analysis_Query_Result)
def test_10_get_security_policies(self):
self.mock_get_uri.return_value.content = fake_request_response(
"securitypolicylist")
policies = self.helper.get_security_policies()
self.assertIsInstance(policies, Security_Policies_List)
def test_11_get_security_policy_by_name(self):
self.mock_get_uri.return_value.content = fake_request_response(
"securitypolicylist")
policy = self.helper.get_security_policy_by_name("policy")
self.assertIsInstance(policy, Security_Policy)
self.assertEqual(policy.name, "policy")
def test_12_get_security_policy_by_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"securitypolicylist")
policy = self.helper.get_security_policy_by_id(3)
self.assertEqual(policy.id, 3)
def test_13_delete_security_policy_matrix(self):
with patch('pytos.common.rest_requests.requests.Request'
) as mock_post_uri:
result = self.helper.delete_security_policy_matrix(3)
self.assertTrue(result)
mock_post_uri.assert_called_with(
'DELETE',
'https://localhost/securetrack/api/security_policies/3',
auth=('username', 'password'),
headers={'Content-Type': 'application/xml'})
def test_14_get_revision_by_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"revision")
revision = self.helper.get_revision_by_id(5685)
self.assertIsInstance(revision, Device_Revision)
self.assertTrue(revision.id, 5685)
def test_15_get_security_policy_device_violations_by_severity(self):
self.mock_get_uri.return_value.content = fake_request_response(
"security_policy_device_violations")
violations = self.helper.get_security_policy_device_violations_by_severity(
159, "CRITICAL", "SECURITY_POLICY")
self.assertIsInstance(violations, SecurityPolicyDeviceViolations)
def test_16_get_policies_for_revision(self):
self.mock_get_uri.return_value.content = fake_request_response(
"policies")
policies = self.helper.get_policies_for_revision(1)
self.assertIsInstance(policies, Policy_List)
def test_17_post_security_policy_exception(self):
self.mock_get_uri.return_value.headers = {'location': '1'}
self.mock_get_uri.return_value.status_code = 201
xml = fake_request_response("exception")
policy_exception = security_policy.Security_Policy_Exception.from_xml_string(
xml.decode("utf-8"))
with patch('pytos.common.rest_requests.requests.Request'
) as mock_post_uri:
self.helper.post_security_policy_exception(policy_exception)
mock_post_uri.assert_called_with(
'POST',
'https://localhost/securetrack/api/security_policies/exceptions/?context=1',
auth=('username', 'password'),
data=policy_exception.to_xml_string(),
headers={'Content-Type': 'application/xml'})
def test_18_delete_zone_by_zone_id(self):
with patch('pytos.common.rest_requests.requests.Request'
) as mock_delete_uri:
self.helper.delete_zone_by_zone_id(1, True)
mock_delete_uri.assert_called_with(
'DELETE',
'https://localhost/securetrack/api/zones/1',
auth=('username', 'password'),
headers={'Content-Type': 'application/xml'})
def test_19_get_zone_descendants(self):
self.mock_get_uri.return_value.content = fake_request_response(
"zone_descendants")
zone_descendants_list = self.helper.get_zone_descendants("16")
self.assertIsInstance(zone_descendants_list, ZoneDescendantsList)
def test_20_delete_security_policy_exception(self):
with patch('pytos.common.rest_requests.requests.Request'
) as mock_delete_uri:
self.helper.delete_security_policy_exception(1)
mock_delete_uri.assert_called_with(
'DELETE',
'https://localhost/securetrack/api/security_policies/exceptions/1',
auth=('username', 'password'),
headers={'Content-Type': 'application/xml'})
class TestRules(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("127.0.0.1",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_shadowed_rules(self):
self.mock_get_uri.return_value.content = fake_request_response(
"cleanup_set")
cleanup = self.helper.get_shadowed_rules_for_device_by_id(155)
self.assertIsInstance(cleanup, Cleanup_Set)
def test_02_get_rule_by_device_and_rule_id(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.get_rule_by_device_and_rule_id(155, 1318013)
self.assertEqual(rules[0].id, 1318013)
def test_03_get_rules_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.get_rules_for_device(155)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) > 0)
def test_04_failed_to_get_rules_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"empty_rules")
rules = self.helper.get_rules_for_device(155)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) == 0)
def test_05_get_shadowing_rules_for_device_id_and_rule_uids(self):
self.mock_get_uri.return_value.content = fake_request_response(
"cleanup_set")
uid = "{53b95431-73ee-43de-a153-d299f4eb4804}"
shadowing_rules = self.helper.get_shadowing_rules_for_device_id_and_rule_uids(
155, uid)
self.assertIsInstance(shadowing_rules, Cleanup_Set)
def test_06_failed_get_shadowing_rules_for_device_id_and_rule_uids(self):
self.mock_get_uri.return_value.content = fake_request_response(
"bad_request_error")
self.mock_get_uri.return_value.status_code = 400
with self.assertRaises(REST_Bad_Request_Error):
self.helper.get_shadowing_rules_for_device_id_and_rule_uids(
155, [])
def test_07_get_devices_by_rule_search(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_list_by_rule_search")
devices = self.helper.get_devices_by_rule_search()
self.assertIsInstance(devices, RuleSearchDeviceList)
def test_08_rule_search_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.rule_search_for_device(155)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) > 0)
def test_09_get_rules_for_revision(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.get_rules_for_revision(1, True)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) > 0)
def test_10_rule_documentation_format(self):
src_xml = fake_request_response("rule_documentation")
src_tree = lxml.etree.fromstring(src_xml)
src_b = io.BytesIO()
src_tree.getroottree().write_c14n(src_b)
# create a new record set fot the rule documentation
record_sets = [
Record_Set("*****@*****.**", "admin",
"2019-01-08T00:00:00+02:00", 1235, "this is a comment",
"")
]
rd = Rule_Documentation("admin", 'Comment for unittest suit',
record_sets, '', True)
dst_tree = lxml.etree.fromstring(rd.to_xml_string())
dst_b = io.BytesIO()
dst_tree.getroottree().write_c14n(dst_b)
self.assertEqual(src_b.getvalue(), dst_b.getvalue())
def test_11_get_rule_documentation_by_device_id_and_rule_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"rule_documentation")
rd = self.helper.get_rule_documentation_by_device_id_and_rule_id(
155, 1330304)
self.assertIsInstance(rd, Rule_Documentation)
def test_12_failed_to_get_rule_documentation_by_device_id_and_rule_id(
self):
self.mock_get_uri.return_value.content = fake_request_response(
"not_found_error")
self.mock_get_uri.return_value.status_code = 404
with self.assertRaises(ValueError):
self.helper.get_rule_documentation_by_device_id_and_rule_id(
155, 1330303)
def test_13_get_network_objects(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects_search")
network_objects = self.helper.network_object_text_search(
"81.81.81.5", "any_field")
self.assertIsInstance(network_objects, Network_Objects_List)
from pytos.securechange.xml_objects.rest import Ticket, Group_Change_Node, Elements, XML_List, \
Group_Change_Member_Object, TYPE_HOST
from common.secret_store import SecretDb
logger = logging.getLogger(COMMON_LOGGER_NAME)
conf = Secure_Config_Parser(
config_file_path="/usr/local/orca/conf/custom.conf")
secret_helper = SecretDb()
st_cred = (secret_helper.get_username('securetrack'),
secret_helper.get_password('securetrack'))
sc_cred = (secret_helper.get_username('securechange'),
secret_helper.get_password('securechange'))
sc_host = conf.get("securechange", "host")
st_host = conf.get("securetrack", "host")
sc_helper = Secure_Change_Helper(sc_host, sc_cred)
st_helper = Secure_Track_Helper(st_host, st_cred)
orca_host = conf.get("integration setup", "hostname")
ticket_template_path = conf.get("integration setup",
"change_group_ticket_template_path")
group_path_url = conf.get("integration setup", "group_path_url")
orca_update_task_url = conf.get("integration setup", "orca_update_task_url")
PID_FILE = '/var/run/orca_group_change.pid'
CHANGE_ADDED_STATUS = "ADDED"
CHANGE_CREATE_STATUS = "CREATE"
NOT_CHANGE_STATUS = "NOT_CHANGED"
AUTH_TOKEN_KEY = 'auth_header_integration'
SUPPORTED_MODELS = [
'Panorama_device_group', 'cp_domain_r80plus', 'asa', 'junos', 'fmg_adom'
]
def setUpClass(cls):
cls.helper = Secure_Track_Helper("localhost", ("username", "password"))
cls.patcher = patch('pytos.common.rest_requests.requests.Session.send')
cls.mock_get_uri = cls.patcher.start()
cls.mock_get_uri.return_value.status_code = 200
def main():
cli_args = get_cli_args()
device = cli_args.device or input('Enter device ID or name: ')
hostname = cli_args.hostname or input('Enter SecureTrack hostname or IP: ')
username = cli_args.username or input('Enter SecureTrack username: '******'Enter SecureTrack password: '******'.', end='')
sys.stdout.flush()
rules = {
cleanup.rule.uid: cleanup.rule.rule_text
for cleanup in st_helper.get_shadowed_rules_for_device_by_id(
device.id).shadowed_rules_cleanup.shadowed_rules
}
print('.', end='')
sys.stdout.flush()
shadowed_rules = st_helper.\
get_shadowing_rules_for_device_id_and_rule_uids(device.id,
[u for u in rules]).shadowed_rules_cleanup.shadowed_rules
print('.')
sys.stdout.flush()
print('Rules to remove for device: {}'.format(device.name))
shadowing_warning = {
cleanup.rule.uid: [
shadowing_rule.rule_text
for shadowing_rule in cleanup.shadowing_rules
]
for cleanup in shadowed_rules if any([
shadowing_rule.src_services
for shadowing_rule in cleanup.shadowing_rules
])
}
shadowed_warning = {
cleanup.rule.uid: [
shadowing_rule.rule_text
for shadowing_rule in cleanup.shadowing_rules
]
for cleanup in shadowed_rules if cleanup.rule.src_services
}
print('no {}'.format('\nno '.join([
rules[uid]
for uid in set(rules) - set(shadowed_warning) - set(shadowing_warning)
])))
print(
'***THE BELOW SHADOWING RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***'
)
print('\n'.join([
'{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid])
for uid, shadowed_rules in shadowing_warning.items()
]))
print(
'***THE BELOW SHADOWED RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***'
)
print('\n'.join([
'{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid])
for uid, shadowed_rules in shadowed_warning.items()
]))
#!/usr/bin/python3.4
import os
from pytos.securetrack.helpers import Secure_Track_Helper
#Files go here
confbackdir = '/tmp/tufin/'
t_ip = '<IP>'
t_user = '******'
t_pass = '******'
# No edit past here...
st_helper = Secure_Track_Helper(t_ip, (t_user, t_pass))
print("Fetching Devices...")
try:
devices = st_helper.get_devices_list()
except:
print("Error reading devices")
exit()
if (not os.path.exists(confbackdir)):
os.makedirs(confbackdir)
# print(devices)
for d in devices:
filename = d.name + '-' + str(d.id)
print("Getting config for {}".format(filename))
try:
c = st_helper.get_device_config_by_id(d.id)
except:
print("Config failed for {}".format(filename))
continue
