def add(isamAppliance, name, description="", accessPolicyName=None, grantTypes=["AUTHORIZATION_CODE"], tcmBehavior="NEVER_PROMPT", accessTokenLifetime=3600, accessTokenLength=20, enforceSingleUseAuthorizationGrant=False, authorizationCodeLifetime=300, authorizationCodeLength=30, issueRefreshToken=True, refreshTokenLength=40, maxAuthorizationGrantLifetime=604800, enforceSingleAccessTokenPerGrant=False, enableMultipleRefreshTokensForFaultTolerance=False, pinPolicyEnabled=False, pinLength=4, tokenCharSet="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", oidc=None, check_mode=False, force=False): """ Create an API protection definition """ if (isinstance(grantTypes, basestring)): import ast grantTypes = ast.literal_eval(grantTypes) ret_obj = search(isamAppliance, name=name, check_mode=check_mode, force=force) warnings = ret_obj["warnings"] if force is True or ret_obj["data"] == {}: if check_mode is True: return isamAppliance.create_return_object(changed=True, warnings=warnings) else: json_data = { "name": name, "description": description, "grantTypes": grantTypes, "tcmBehavior": tcmBehavior, "accessTokenLifetime": int(accessTokenLifetime), "accessTokenLength": int(accessTokenLength), "enforceSingleUseAuthorizationGrant": enforceSingleUseAuthorizationGrant, "authorizationCodeLifetime": int(authorizationCodeLifetime), "authorizationCodeLength": int(authorizationCodeLength), "issueRefreshToken": issueRefreshToken, "refreshTokenLength": int(refreshTokenLength), "maxAuthorizationGrantLifetime": int(maxAuthorizationGrantLifetime), "enforceSingleAccessTokenPerGrant": enforceSingleAccessTokenPerGrant, "enableMultipleRefreshTokensForFaultTolerance": enableMultipleRefreshTokensForFaultTolerance, "pinPolicyEnabled": pinPolicyEnabled, "pinLength": int(pinLength), "tokenCharSet": tokenCharSet } if accessPolicyName is not None: if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0: warnings.append( "Appliance at version: {0}, access policy: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring access policy for this call.".format( isamAppliance.facts["version"], oidc)) accessPolicyName = None else: ret_obj = access_policy.search(isamAppliance, accessPolicyName, check_mode=check_mode, force=force) if ret_obj['data'] == {}: warnings = ret_obj["warnings"] warnings.append( "Access Policy {0} is not found. Cannot add definition.".format(accessPolicyName)) return isamAppliance.create_return_object(warnings=warnings) else: json_data["accessPolicyId"] = int(ret_obj['data']) if oidc is not None: if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0: warnings.append( "Appliance at version: {0}, oidc: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring oidc for this call.".format( isamAppliance.facts["version"], oidc)) else: if 'attributeSources' in oidc: oidc['attributeSources'] = _map_oidc_attributeSources(isamAppliance, oidc['attributeSources'], check_mode, force) json_data["oidc"] = oidc if 'dynamicClients' in json_data['oidc']: if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0: warnings.append( "Appliance at version: {0}, dynamicClients: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring dynamicClients for this call.".format( isamAppliance.facts["version"], json_data['oidc']['dynamicClients'])) del json_data['oidc']['dynamicClients'] if 'issueSecret' in json_data['oidc']: if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0: warnings.append( "Appliance at version: {0}, issueSecret: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring issueSecret for this call.".format( isamAppliance.facts["version"], json_data['oidc']['issueSecret'])) del json_data['oidc']['issueSecret'] return isamAppliance.invoke_post( "Create an API protection definition", uri, json_data, requires_modules=requires_modules, requires_version=requires_version, warnings=warnings) return isamAppliance.create_return_object(warnings=warnings)
def update(isamAppliance, name, description="", accessPolicyName=None, grantTypes=["AUTHORIZATION_CODE"], tcmBehavior="NEVER_PROMPT", accessTokenLifetime=3600, accessTokenLength=20, enforceSingleUseAuthorizationGrant=False, authorizationCodeLifetime=300, authorizationCodeLength=30, issueRefreshToken=True, refreshTokenLength=40, maxAuthorizationGrantLifetime=604800, enforceSingleAccessTokenPerGrant=False, enableMultipleRefreshTokensForFaultTolerance=False, pinPolicyEnabled=False, pinLength=4, tokenCharSet="0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", oidc=None, check_mode=False, force=False): """ Update a specified API protection definition """ ret_obj = get(isamAppliance, name) warnings = ret_obj["warnings"] if ret_obj["data"] == {}: warnings.append("Definiton {0} not found, skipping update.".format(name)) return isamAppliance.create_return_object(warnings=warnings) else: defn_id = ret_obj["data"]["id"] needs_update = False json_data = { "name": name, "description": description, "grantTypes": grantTypes, "tcmBehavior": tcmBehavior, "accessTokenLifetime": int(accessTokenLifetime), "accessTokenLength": int(accessTokenLength), "enforceSingleUseAuthorizationGrant": enforceSingleUseAuthorizationGrant, "authorizationCodeLifetime": int(authorizationCodeLifetime), "authorizationCodeLength": int(authorizationCodeLength), "issueRefreshToken": issueRefreshToken, "refreshTokenLength": int(refreshTokenLength), "maxAuthorizationGrantLifetime": int(maxAuthorizationGrantLifetime), "enforceSingleAccessTokenPerGrant": enforceSingleAccessTokenPerGrant, "enableMultipleRefreshTokensForFaultTolerance": enableMultipleRefreshTokensForFaultTolerance, "pinPolicyEnabled": pinPolicyEnabled, "pinLength": int(pinLength), "tokenCharSet": tokenCharSet } if accessPolicyName is not None: if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0: warnings.append( "Appliance at version: {0}, access policy: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring access policy for this call.".format( isamAppliance.facts["version"], oidc)) accessPolicyName = None else: ret_obj = access_policy.search(isamAppliance, accessPolicyName, check_mode=check_mode, force=force) if ret_obj['data'] == {}: warnings = ret_obj["warnings"] warnings.append( "Access Policy {0} is not found. Cannot update definition.".format(accessPolicyName)) return isamAppliance.create_return_object(warnings=warnings) else: json_data["accessPolicyId"] = int(ret_obj['data']) if oidc is not None: if tools.version_compare(isamAppliance.facts["version"], "9.0.4.0") < 0: warnings.append( "Appliance at version: {0}, oidc: {1} is not supported. Needs 9.0.4.0 or higher. Ignoring oidc for this call.".format( isamAppliance.facts["version"], oidc)) oidc = None else: if 'attributeSources' in oidc: oidc['attributeSources'] = _map_oidc_attributeSources(isamAppliance, oidc['attributeSources'], check_mode, force) json_data["oidc"] = oidc if force is not True: if 'datecreated' in ret_obj['data']: del ret_obj['data']['datecreated'] if 'id' in ret_obj['data']: del ret_obj['data']['id'] if 'lastmodified' in ret_obj['data']: del ret_obj['data']['lastmodified'] if 'mappingRules' in ret_obj['data']: del ret_obj['data']['mappingRules'] # Inspecting oidcConfig and remove missing or None attributes in returned object if oidc is not None and 'oidc' in ret_obj['data']: if 'enabled' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['enabled'] is None: del ret_obj['data']['oidc']['enabled'] if 'iss' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['iss'] is None: del ret_obj['data']['oidc']['iss'] if 'poc' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['poc'] is None: del ret_obj['data']['oidc']['poc'] if 'lifetime' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['lifetime'] is None: del ret_obj['data']['oidc']['lifetime'] if 'alg' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['alg'] is None: del ret_obj['data']['oidc']['alg'] if 'db' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['db'] is None: del ret_obj['data']['oidc']['db'] if 'cert' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['cert'] is None: del ret_obj['data']['oidc']['cert'] if 'attributeSources' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['attributeSources'] is None: del ret_obj['data']['oidc']['attributeSources'] # Inspecting oidcEncConfig and remove missing or None attributes in returned object if 'enc' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['enc'] is not None: if 'enabled' in ret_obj['data']['oidc']['enc'] and ret_obj['data']['oidc']['enc']['enabled'] is None: del ret_obj['data']['oidc']['enc']['enabled'] if 'alg' in ret_obj['data']['oidc']['enc'] and ret_obj['data']['oidc']['enc']['alg'] is None: del ret_obj['data']['oidc']['enc']['alg'] if 'enc' in ret_obj['data']['oidc']['enc'] and ret_obj['data']['oidc']['enc']['enc'] is None: del ret_obj['data']['oidc']['enc']['enc'] # For dynamicClients & issueSecret parameters # # If the values for dynamicClients or issueSecret are missing, then they are # considered to be of the value "false" by the appliance, this allows for old # configuration to be forward compatible, without the function of the # definition being changed by the same payload. if 'dynamicClients' in json_data['oidc']: if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0: warnings.append( "Appliance at version: {0}, dynamicClients: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring dynamicClients for this call.".format( isamAppliance.facts["version"], json_data['oidc']['dynamicClients'])) del json_data['oidc']['dynamicClients'] else: if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") >= 0: if 'dynamicClients' in ret_obj['data']['oidc'] and ret_obj['data']['oidc'][ 'dynamicClients'] is False: del ret_obj['data']['oidc']['dynamicClients'] if 'issueSecret' in json_data['oidc']: if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") < 0: warnings.append( "Appliance at version: {0}, issueSecret: {1} is not supported. Needs 9.0.5.0 or higher. Ignoring issueSecret for this call.".format( isamAppliance.facts["version"], json_data['oidc']['issueSecret'])) del json_data['oidc']['issueSecret'] else: if tools.version_compare(isamAppliance.facts["version"], "9.0.5.0") >= 0: if 'issueSecret' in ret_obj['data']['oidc'] and ret_obj['data']['oidc']['issueSecret'] is False: del ret_obj['data']['oidc']['issueSecret'] sorted_ret_obj = tools.json_sort(ret_obj['data']) sorted_json_data = tools.json_sort(json_data) logger.debug("Sorted Existing Data:{0}".format(sorted_ret_obj)) logger.debug("Sorted Desired Data:{0}".format(sorted_json_data)) if sorted_ret_obj != sorted_json_data: needs_update = True if force is True or needs_update is True: if check_mode is True: return isamAppliance.create_return_object(changed=True, warnings=warnings) else: return isamAppliance.invoke_put( "Update a specified API protection definition", "{0}/{1}".format(uri, defn_id), json_data, requires_modules=requires_modules, requires_version=requires_version, warnings=warnings) return isamAppliance.create_return_object(warnings=warnings)