def add(isamAppliance, name, description="", accessPolicyName=None, grantTypes=["AUTHORIZATION_CODE"],
tcmBehavior="NEVER_PROMPT",
accessTokenLifetime=3600, accessTokenLength=20, enforceSingleUseAuthorizationGrant=False,
authorizationCodeLifetime=300, authorizationCodeLength=30, issueRefreshToken=True, refreshTokenLength=40,
maxAuthorizationGrantLifetime=604800, enforceSingleAccessTokenPerGrant=False,
enableMultipleRefreshTokensForFaultTolerance=False, pinPolicyEnabled=False, pinLength=4,
tokenCharSet="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", oidc=None, check_mode=False,
force=False):
"""
Create an API protection definition
"""
if (isinstance(grantTypes, basestring)):
import ast
grantTypes = ast.literal_eval(grantTypes)
ret_obj = search(isamAppliance, name=name, check_mode=check_mode, force=force)
warnings = ret_obj["warnings"]
if force is True or ret_obj["data"] == {}:
if check_mode is True:
return isamAppliance.create_return_object(changed=True, warnings=warnings)
else:
json_data = {
"name": name,
"description": description,
"grantTypes": grantTypes,
"tcmBehavior": tcmBehavior,
"accessTokenLifetime": int(accessTokenLifetime),
"accessTokenLength": int(accessTokenLength),
"enforceSingleUseAuthorizationGrant": enforceSingleUseAuthorizationGrant,
"authorizationCodeLifetime": int(authorizationCodeLifetime),
"authorizationCodeLength": int(authorizationCodeLength),
"issueRefreshToken": issueRefreshToken,
"refreshTokenLength": int(refreshTokenLength),
"maxAuthorizationGrantLifetime": int(maxAuthorizationGrantLifetime),
"enforceSingleAccessTokenPerGrant": enforceSingleAccessTokenPerGrant,
"enableMultipleRefreshTokensForFaultTolerance": enableMultipleRefreshTokensForFaultTolerance,
"pinPolicyEnabled": pinPolicyEnabled,
"pinLength": int(pinLength),
"tokenCharSet": tokenCharSet
}
if accessPolicyName is not None:
if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0:
warnings.append(
"Appliance at version: {0}, access policy: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring access policy for this call.".format(
isamAppliance.facts["version"], oidc))
accessPolicyName = None
else:
ret_obj = access_policy.search(isamAppliance, accessPolicyName, check_mode=check_mode, force=force)
if ret_obj['data'] == {}:
warnings = ret_obj["warnings"]
warnings.append(
"Access Policy {0} is not found. Cannot add definition.".format(accessPolicyName))
return isamAppliance.create_return_object(warnings=warnings)
else:
json_data["accessPolicyId"] = int(ret_obj['data'])
if oidc is not None:
if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0:
warnings.append(
"Appliance at version: {0}, oidc: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring oidc for this call.".format(
isamAppliance.facts["version"], oidc))
else:
if 'attributeSources' in oidc:
oidc['attributeSources'] = _map_oidc_attributeSources(isamAppliance, oidc['attributeSources'], check_mode, force)
json_data["oidc"] = oidc
if 'dynamicClients' in json_data['oidc']:
if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0:
warnings.append(
"Appliance at version: {0}, dynamicClients: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring dynamicClients for this call.".format(
isamAppliance.facts["version"], json_data['oidc']['dynamicClients']))
del json_data['oidc']['dynamicClients']
if 'issueSecret' in json_data['oidc']:
if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0:
warnings.append(
"Appliance at version: {0}, issueSecret: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring issueSecret for this call.".format(
isamAppliance.facts["version"], json_data['oidc']['issueSecret']))
del json_data['oidc']['issueSecret']
return isamAppliance.invoke_post(
"Create an API protection definition", uri,
json_data, requires_modules=requires_modules, requires_version=requires_version, warnings=warnings)
return isamAppliance.create_return_object(warnings=warnings)
def update(isamAppliance, name, description="", accessPolicyName=None, grantTypes=["AUTHORIZATION_CODE"],
tcmBehavior="NEVER_PROMPT",
accessTokenLifetime=3600, accessTokenLength=20, enforceSingleUseAuthorizationGrant=False,
authorizationCodeLifetime=300, authorizationCodeLength=30, issueRefreshToken=True, refreshTokenLength=40,
maxAuthorizationGrantLifetime=604800, enforceSingleAccessTokenPerGrant=False,
enableMultipleRefreshTokensForFaultTolerance=False, pinPolicyEnabled=False, pinLength=4,
tokenCharSet="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", oidc=None, check_mode=False,
force=False):
"""
Update a specified API protection definition
"""
ret_obj = get(isamAppliance, name)
warnings = ret_obj["warnings"]
if ret_obj["data"] == {}:
warnings.append("Definiton {0} not found, skipping update.".format(name))
return isamAppliance.create_return_object(warnings=warnings)
else:
defn_id = ret_obj["data"]["id"]
needs_update = False
json_data = {
"name": name,
"description": description,
"grantTypes": grantTypes,
"tcmBehavior": tcmBehavior,
"accessTokenLifetime": int(accessTokenLifetime),
"accessTokenLength": int(accessTokenLength),
"enforceSingleUseAuthorizationGrant": enforceSingleUseAuthorizationGrant,
"authorizationCodeLifetime": int(authorizationCodeLifetime),
"authorizationCodeLength": int(authorizationCodeLength),
"issueRefreshToken": issueRefreshToken,
"refreshTokenLength": int(refreshTokenLength),
"maxAuthorizationGrantLifetime": int(maxAuthorizationGrantLifetime),
"enforceSingleAccessTokenPerGrant": enforceSingleAccessTokenPerGrant,
"enableMultipleRefreshTokensForFaultTolerance": enableMultipleRefreshTokensForFaultTolerance,
"pinPolicyEnabled": pinPolicyEnabled,
"pinLength": int(pinLength),
"tokenCharSet": tokenCharSet
}
if accessPolicyName is not None:
if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0:
warnings.append(
"Appliance at version: {0}, access policy: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring access policy for this call.".format(
isamAppliance.facts["version"], oidc))
accessPolicyName = None
else:
ret_obj = access_policy.search(isamAppliance, accessPolicyName, check_mode=check_mode, force=force)
if ret_obj['data'] == {}:
warnings = ret_obj["warnings"]
warnings.append(
"Access Policy {0} is not found. Cannot update definition.".format(accessPolicyName))
return isamAppliance.create_return_object(warnings=warnings)
else:
json_data["accessPolicyId"] = int(ret_obj['data'])
if oidc is not None:
if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0:
warnings.append(
"Appliance at version: {0}, oidc: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring oidc for this call.".format(
isamAppliance.facts["version"], oidc))
oidc = None
else:
if 'attributeSources' in oidc:
oidc['attributeSources'] = _map_oidc_attributeSources(isamAppliance, oidc['attributeSources'], check_mode, force)
json_data["oidc"] = oidc
if force is not True:
if 'datecreated' in ret_obj['data']:
del ret_obj['data']['datecreated']
if 'id' in ret_obj['data']:
del ret_obj['data']['id']
if 'lastmodified' in ret_obj['data']:
del ret_obj['data']['lastmodified']
if 'mappingRules' in ret_obj['data']:
del ret_obj['data']['mappingRules']
# Inspecting oidcConfig and remove missing or None attributes in returned object
if oidc is not None and 'oidc' in ret_obj['data']:
if 'enabled' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['enabled'] is None:
del ret_obj['data']['oidc']['enabled']
if 'iss' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['iss'] is None:
del ret_obj['data']['oidc']['iss']
if 'poc' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['poc'] is None:
del ret_obj['data']['oidc']['poc']
if 'lifetime' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['lifetime'] is None:
del ret_obj['data']['oidc']['lifetime']
if 'alg' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['alg'] is None:
del ret_obj['data']['oidc']['alg']
if 'db' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['db'] is None:
del ret_obj['data']['oidc']['db']
if 'cert' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['cert'] is None:
del ret_obj['data']['oidc']['cert']
if 'attributeSources' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['attributeSources'] is None:
del ret_obj['data']['oidc']['attributeSources']
# Inspecting oidcEncConfig and remove missing or None attributes in returned object
if 'enc' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['enc'] is not None:
if 'enabled' in ret_obj['data']['oidc']['enc'] and ret_obj['data']['oidc']['enc']['enabled'] is None:
del ret_obj['data']['oidc']['enc']['enabled']
if 'alg' in ret_obj['data']['oidc']['enc'] and ret_obj['data']['oidc']['enc']['alg'] is None:
del ret_obj['data']['oidc']['enc']['alg']
if 'enc' in ret_obj['data']['oidc']['enc'] and ret_obj['data']['oidc']['enc']['enc'] is None:
del ret_obj['data']['oidc']['enc']['enc']
# For dynamicClients & issueSecret parameters
#
# If the values for dynamicClients or issueSecret are missing, then they are
# considered to be of the value "false" by the appliance, this allows for old
# configuration to be forward compatible, without the function of the
# definition being changed by the same payload.
if 'dynamicClients' in json_data['oidc']:
if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0:
warnings.append(
"Appliance at version: {0}, dynamicClients: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring dynamicClients for this call.".format(
isamAppliance.facts["version"], json_data['oidc']['dynamicClients']))
del json_data['oidc']['dynamicClients']
else:
if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") >= 0:
if 'dynamicClients' in ret_obj['data']['oidc'] and ret_obj['data']['oidc'][
'dynamicClients'] is False:
del ret_obj['data']['oidc']['dynamicClients']
if 'issueSecret' in json_data['oidc']:
if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0:
warnings.append(
"Appliance at version: {0}, issueSecret: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring issueSecret for this call.".format(
isamAppliance.facts["version"], json_data['oidc']['issueSecret']))
del json_data['oidc']['issueSecret']
else:
if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") >= 0:
if 'issueSecret' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['issueSecret'] is False:
del ret_obj['data']['oidc']['issueSecret']
sorted_ret_obj = tools.json_sort(ret_obj['data'])
sorted_json_data = tools.json_sort(json_data)
logger.debug("Sorted Existing Data:{0}".format(sorted_ret_obj))
logger.debug("Sorted Desired Data:{0}".format(sorted_json_data))
if sorted_ret_obj != sorted_json_data:
needs_update = True
if force is True or needs_update is True:
if check_mode is True:
return isamAppliance.create_return_object(changed=True, warnings=warnings)
else:
return isamAppliance.invoke_put(
"Update a specified API protection definition",
"{0}/{1}".format(uri, defn_id), json_data, requires_modules=requires_modules,
requires_version=requires_version, warnings=warnings)
return isamAppliance.create_return_object(warnings=warnings)
