class Replaycenter:
def __init__(self, interface=None):
# singleton logger
self.logger = CustomLogger().get_logger()
# error codes
self.codes = DotMap()
self.codes.ok = 0
self.codes.error = -1
self.codes.missing_iface = -2
self.codes.missing_pcap = -3
if interface is not None:
self.interface = interface
else:
pass
def replay(self, bundle, interface="eth1", inter_pkt_delay=0):
replay_status = None
# Check if interface is provided
if self.interface is None:
self.logger.error("Replay interface must be provided.")
return self.codes.missing_iface
else:
pass
# Check if pcaps are provided
if "pcaps" not in bundle:
self.logger.warning("Pcaps not found, skipping.")
return self.codes.missing_pcap
else:
pass
# Replay pcap after done with checks
pcaps = bundle["pcaps"]
for pcap in pcaps:
self.logger.info("Replay Pcap: {}".format(pcap))
if os.path.isfile(pcap):
try:
pkts = rdpcap(pcap)
for pkt in pkts:
sendp(pkt,
verbose=False,
iface=interface,
inter=inter_pkt_delay)
except Exception as e:
self.logger.error(e)
replay_status = self.codes.error
# Done replaying pcaps without error
replay_status = self.codes.ok
return replay_status
class StandaloneTool(object):
def __init__(self):
# Logger
self.logger = CustomLogger().get_logger()
def show_system_info(self, ip=None, username=None, password=None):
if all([ip, username, password]):
self.logger.info("Get system info.")
# REST Session
sx_session = SxSession(ip=ip, username=username, password=password)
# Login
sx_session.login()
# System Management
sys_mgmt = SysMgmt(sx_session)
sys_info = sys_mgmt.get_system_info()
self.logger.info("System Info: {}".format(sys_info))
# Logout
sx_session.logout()
else:
self.logger.error("Missing parameters.")
class JobsApis(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# fetched data
self.data = None
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URLs specific to Jobs API
self.jobs_url = "jobs/"
def get_jobs(self):
# Jobs
jobs = []
# Craft the URL
url = self.rest_session.base_url + self.jobs_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
jobs = list(response.json())
return jobs
def get_job_by_id(self, job_id):
# Job
job = None
# Craft the URL
url = self.rest_session.base_url + self.jobs_url + str(job_id)
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
job = dict(response.json())
return job
def wait_on_job_by_id(self, job_id):
job_completed = False
try:
# Craft the URL
url = self.rest_session.base_url + self.jobs_url + str(
job_id) + "/wait"
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
if response.status_code == requests.codes.ok:
job_completed = True
self.logger.info("Job completed successfully")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return job_completed
def get_tasks_by_job_id(self, job_id):
# Tasks
tasks = []
# Craft the URL
url = self.rest_session.base_url + self.jobs_url + str(
job_id) + "/tasks"
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
tasks = list(response.json())
return tasks
def abort_job_by_id(self, job_id):
is_job_aborted = False
try:
# Craft the URL
url = self.rest_session.base_url + self.jobs_url + str(
job_id) + "/abort"
# Headers
headers = self.rest_session.headers
# Call REST - POST
response = self.rest_call.post_query(url=url,
verify=False,
headers=headers)
if response.status_code == requests.codes.ok:
is_job_aborted = True
self.logger.info("Job aborted successfully")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return is_job_aborted
password = "******"
action = args["action"]
# Initialize logger
logger = CustomLogger().get_logger()
if username is None or password is None:
logger.warning("Please set username and password as environment variables.")
sys.exit()
# Establish REST connection
sx_session = SxSession(ip=ip, username=username, password=password)
sx_session.login()
try:
virtual_patch_rg = VirtualPatchRG(sx_session, logger, ip_list)
except KeyboardInterrupt as e:
logger.info("Task done. Goodbye.")
except Exception as e:
logger.error(e)
# Logout
sx_session.logout()
# Sample Run
# python create_resourcegroup.py -i 172.16.27.73 -f hosts_cves.json
# Payload
#{"infraIDs":[],"dynamic":false,"id":0,"name":"b","regex":null,"resourceType":"CIDR","description":"b","purpose":"POLICY","memberList":[{"id":0,"cidr":"192.168.131.5/32"},{"id":0,"cidr":"192.168.131.51/32"}]}
class GroupandInsert(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# fetched data
self.data = None
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URLs specific to Resource group and Network set
self.resource_group_create_url = "infras/resourcegroup"
self.network_set_create_url = "infras/networkset"
def rgany_vmname_noinsertion(self, rname, regexpr, descrip):
rg_created = False
rgid = None
payload = [{
"infraIDs": [0],
"dynamic": True,
"id": 0,
"name": "RG-WL-2",
"regex": "name='tony-frog-WL-4';",
"resourceType": "VM",
"description": "RG-2",
"purpose": "INSERTION_AND_POLICY"
}]
for i in payload:
if i["infraIDs"] == [0]:
i["name"] = rname
i["regex"] = regexpr
i["description"] = descrip
data = json.dumps(payload)
data = str(data)[1:-1]
try:
# Craft the URL
url = self.rest_session.base_url + self.resource_group_create_url
# Headers
headers = self.rest_session.headers
# Call REST - POST
response = self.rest_call.post_query(url=url,
headers=headers,
verify=False,
data=data)
if response.status_code == requests.codes.ok:
rgid = list(response.json())
rgid = rgid[0]
rg_created = True
self.logger.info("New resource group added")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return rgid
def nset_create_noinsertion(self, rname, regexpr, descrip):
ns_created = False
nsid = None
payload = [{
"cloudId": 1,
"id": 0,
"name": "NSET-1-PG63-2",
"regex": "ic='1';.*name='tony-PG63-2';",
"description": "NSET-1-PG63-2",
"isExclusion": False
}]
for i in payload:
if i["cloudId"] == 1:
i["name"] = rname
i["regex"] = regexpr
i["description"] = descrip
data = json.dumps(payload)
data = str(data)[1:-1]
try:
# Craft the URL
url = self.rest_session.base_url + self.network_set_create_url
# Headers
headers = self.rest_session.headers
# Call REST - POST
response = self.rest_call.post_query(url=url,
headers=headers,
verify=False,
data=data)
if response.status_code == requests.codes.ok:
nsid = list(response.json())
nsid = nsid[0]
ns_created = True
self.logger.info("New network set added")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return nsid
class SystemUnderTest(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# Aspects of system under test
self.acl_mgmt = ACL_Mgmt(rest_session)
self.audit_log_mgmt = AuditLog(rest_session)
self.jobs_mgmt = JobsMgmt(rest_session)
self.sps_mgmt = SPS_Mgmt(rest_session)
self.sys_mgmt = SysMgmt(rest_session)
def assign_sps(self, acl_container, policy_name):
is_updated = False
if policy_name is not None:
# SPS - map name to ID
sps_id = None
# Get SPS by name
sps = self.sps_mgmt.get_sps_by_name(policy_name)
if sps is not None:
sps_id = sps["id"]
else:
pass
else:
# SPS is Null
policy_name = "null"
sps_id = "null"
# Resolve ACL container
acl_policy = self.acl_mgmt.get_acl_by_name(acl_container)
if acl_policy is not None:
self.logger.info(
"Update ACL with SPS Name: {}".format(policy_name))
self.logger.info("Update ACL with SPS ID: {}".format(sps_id))
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = sps_id
acl_policy["aclRules"][0]["spsId"] = sps_id
# Update the ACL
self.logger.info("Update ACL: {}".format(acl_policy))
is_updated = self.acl_mgmt.update_acl(acl_policy)
else:
# ACL Container not found
pass
return is_updated
def get_sps(self, acl_container, acl_rule_order_num=0):
policy_name = None
# Resolve ACL container
acl_policy = self.acl_mgmt.get_acl_by_name(acl_container)
# Get ACL Rules
acl_rules = acl_policy.get("aclRules", [])
self.logger.info("ACL Rules: {}".format(acl_rules))
# Get SPS of specified ACL Rule
sps_id = acl_rules[acl_rule_order_num]["spsId"]
sps = self.sps_mgmt.get_sps_by_id(sps_id)
self.logger.info("SPS: {}".format(sps))
if sps is not None:
# Get SPS Name
policy_name = sps.get("name", None)
else:
pass
return policy_name
def get_system_info(self):
system_info = {}
# Get the software and content versions
versions = self.sys_mgmt.get_system_info()
system_info["software_version"] = versions["version"]
system_info["content_version"] = versions["contentVersion"]
# Get the license info
license_info = self.sys_mgmt.get_license()
system_info["capacity"] = license_info["expected_capacity"]
return system_info
def get_audit_log_by_action(self, start_time, end_time, action):
# Craft query
query = json.dumps({
"eventType": "AUDIT_LOG",
"gte": start_time,
"lte": end_time,
"queryType": "TABLE",
"size": 100
})
# Get Audit Log
audit_log_entries = self.audit_log_mgmt.get_audit_log(query=query)
# Filter logs by action
filtered_logs = [
entry for entry in audit_log_entries
if action in entry["log"]["action"]
]
return filtered_logs
def get_last_completed_job(self):
# Check last completed job
jobs = self.jobs_mgmt.get_jobs()
completed_jobs = [job for job in jobs if job["state"] == "COMPLETED"]
# Get Job ID
job_id = completed_jobs[0]["id"]
# Fetch and return job based on job ID
return self.jobs_mgmt.get_job_by_id(job_id)
def update_content_by_file(self, filename):
# Update content
is_content_update_initiated = self.sys_mgmt.file_based_update_content(
filename)
# Return status
return is_content_update_initiated
class SxDemo(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# fetched data
self.data = None
# REST Session
self.rest_session = rest_session
# URL specific to this Module
self.license_url = "manage/license/"
def get_capacity1(self):
# Dummy should not be needed for this call!
license = "dummy"
# Expected Capacity
capacity = None
try:
url = self.rest_session.base_url + self.license_url + license
self.logger.info("URL: {}".format(url))
self.logger.info("REST Session Headers: {}".format(self.rest_session.headers))
self.logger.info("Payload: {}".format(license))
with closing(
requests.get(
url,
headers = self.rest_session.headers,
timeout = self.rest_session.timeout,
verify=False
)
) as response:
self.logger.info("Response Code: {}".format(response.status_code))
if response.status_code == requests.codes.ok:
# Fetch capacity from license call.
for license_key, license_value in response.json().items():
if license_key == "expected_capacity":
capacity = license_value
break
else:
pass
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return capacity
def get_capacity2(self):
# Dummy should not be needed for this call!
license = "dummy"
# Expected Capacity
capacity = None
try:
url = self.rest_session.base_url + self.license_url + license
self.logger.info("URL: {}".format(url))
self.logger.info("REST Session Headers: {}".format(self.rest_session.headers))
self.logger.info("Payload: {}".format(license))
with closing(
requests.get(
url,
headers = self.rest_session.headers,
timeout = self.rest_session.timeout,
verify = False
)
) as response:
self.logger.info("Response Code: {}".format(response.status_code))
if response.status_code == requests.codes.ok:
# Fetch capacity from license call.
license_dict = dict(response.json())
if "expected_capacity" in license_dict:
capacity = license_dict["expected_capacity"]
else:
pass
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return capacity
def get_capacity3(self):
# Dummy should not be needed for this call!
license = "dummy"
# Expected Capacity
capacity = None
try:
url = self.rest_session.base_url + self.license_url + license
self.logger.info("URL: {}".format(url))
self.logger.info("REST Session Headers: {}".format(self.rest_session.headers))
self.logger.info("Payload: {}".format(license))
with closing(
requests.get(
url,
headers = self.rest_session.headers,
timeout = self.rest_session.timeout,
verify = False
)
) as response:
self.logger.info("Response Code: {}".format(response.status_code))
if response.status_code == requests.codes.ok:
license_dict = json.loads(response.text)
if "expected_capacity" in license_dict:
capacity = license_dict["expected_capacity"]
else:
pass
else:
# debugging
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return capacity
class RestSession(object):
""" IXIA REST Session """
def __init__(self, protocol=None, ip=None, username=None, password=None):
# Default Parameters, manual location redirection
if protocol is None:
protocol = "https"
else:
pass
# Account
self.username = username
self.password = password
# Singleton Logger
self.logger = CustomLogger().get_logger()
# Timeout
self.timeout = 60
# Header
self.headers = {
"content-type": "application/json;charset=utf-8",
}
# Base URL + API Version
self.proto_ip_url = "{protocol}://{ip}/".format(protocol=protocol,
ip=ip)
self.api_version = "bps/api/v1/"
# Login/Logout - Session URL
self.session_url = "auth/session"
# This is a base URL
self.base_url = self.proto_ip_url + self.api_version
def login(self):
# Basic Auth
data = json.dumps({
"username": self.username,
"password": self.password
})
# Disable warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
requests.packages.urllib3.disable_warnings(InsecurePlatformWarning)
requests.packages.urllib3.disable_warnings(SNIMissingWarning)
url = self.base_url + self.session_url
self.logger.info("URL: {url}".format(url=url))
self.logger.info(
"Login Headers: {headers}".format(headers=self.headers))
# Timeout
self.timeout = 60
# Login: POST - establish connection
response = requests.post(url,
headers=self.headers,
data=data,
timeout=self.timeout,
verify=False)
if response.status_code == requests.codes.ok:
# Session Info
session_info = dict(response.json())
self.api_key = session_info["apiKey"]
self.session_name = session_info["sessionName"]
self.session_id = session_info["sessionId"]
self.user_account_url = session_info["userAccountUrl"]
# Create Cookie
self.cookie = "{}={}".format(self.session_name, self.session_id)
# Login is successful
self.logger.info("Login OK - {username}/{password}".format(
username=self.username, password=self.password))
self.logger.info("API Key - {}".format(self.api_key))
self.logger.info("Cookie - {}".format(self.cookie))
self.logger.info("User Acct URL - {}".format(
self.user_account_url))
else:
self.logger.error("Logged Fail - {username}/{password}".format(
username=self.username, password=self.password))
def logout(self):
url = self.base_url + self.session_url
self.logger.info("URL: {url}".format(url=url))
self.logger.info(
"Login Headers: {headers}".format(headers=self.headers))
# Headers
self.headers = {"Cookie": self.cookie}
# Timeout
self.timeout = 60
# Logout: DELETE - close connection
response = requests.delete(url,
headers=self.headers,
timeout=self.timeout,
verify=False)
if response.status_code == requests.codes.no_content:
self.logger.info("Response Text: {}".format(response.text))
self.logger.info("Logout successful.")
else:
self.logger.error("Unable to logout.")
class SystemManagement(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URL specific to this Module
self.license_url = "manage/license"
self.activate_license_url = "manage/license/activate"
self.system_info_url = "manage/systeminfo"
self.staged_software_url = "manage/software/stagedversion"
self.deployed_software_url = "manage/software/deployed"
self.latest_software_url = "manage/software/latest"
self.update_content_url = "manage/updatecontent"
self.update_software_url = "manage/software/update"
self.update_hotfix_url = "manage/software/update/hotfix"
self.file_based_update_content_url = "manage/filebasedupdatecontent"
self.users_url = "manage/users"
# URL separator
self.sep_url = "/"
def get_system_info(self):
# System Info
system_info = {}
# This is a special variable, license, showing the license used for this library
# self.logger.info("Test Infra License: {}".format(license))
# Craft the URL
url = self.rest_session.base_url + self.system_info_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
system_info = dict(response.json())
return system_info
def set_license(self, license=None):
# Action
is_license_set = False
# No license to activate
if license == None:
# No-op, just get out
return is_license_set
else:
# Proceed in activating license
pass
# Craft the URL
url = self.rest_session.base_url + self.activate_license_url
# Headers
headers = self.rest_session.headers
# Call REST - POST
response = self.rest_call.post_query(url=url,
verify=False,
headers=headers,
data=license)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_license_set = True
else:
is_license_set = False
return is_license_set
def get_license(self, license=None):
# License Info
license_info = {}
# Craft the URL
if license == None:
# Get whatever license is currently applied
url = self.rest_session.base_url + self.license_url + self.sep_url + "dummy"
else:
# Get the specific license applied
url = self.rest_session.base_url + self.license_url + self.sep_url + license
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
license_info = dict(response.json())
self.logger.info("License: {}".format(license_info))
return license_info
def create_user(self, user_info):
is_user_created = False
# Craft the URL
url = self.rest_session.base_url + self.users_url
# Headers
headers = self.rest_session.headers
# Craft the payload
data = json.dumps(user_info)
# Call REST - POST
response = self.rest_call.post_query(url=url,
headers=headers,
verify=False,
data=data)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_user_created = True
else:
is_user_created = False
return is_user_created
def update_user(self, user_info):
is_user_updated = False
# Craft the URL
url = self.rest_session.base_url + self.users_url
# Headers
headers = self.rest_session.headers
# Craft the payload
data = json.dumps(user_info)
# Call REST - PUT
response = self.rest_call.put_query(url=url,
headers=headers,
verify=False,
data=data)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_user_updated = True
else:
is_user_updated = False
return is_user_updated
def get_user(self, user_login):
# Info for specific user
user_info = {}
# Craft the URL
url = self.rest_session.base_url + self.users_url + self.sep_url + user_login
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
user_info = dict(response.json())
return user_info
def get_users(self):
# List of users
users = {}
# Craft the URL
url = self.rest_session.base_url + self.users_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
users = list(response.json())
return users
def delete_user(self, user_login):
# Action
is_user_deleted = False
# Craft the URL
url = self.rest_session.base_url + self.users_url + self.sep_url + user_login
# Headers
headers = self.rest_session.headers
# Call REST - DELETE
response = self.rest_call.delete_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_user_deleted = True
else:
is_user_deleted = False
return is_user_deleted
def update_content(self):
# Action
is_content_update_initiated = False
# Craft the URL
url = self.rest_session.base_url + self.update_content_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_content_update_initiated = True
else:
is_content_update_initiated = False
return is_content_update_initiated
def file_based_update_content(self, filename):
# Action
is_content_update_initiated = False
try:
# Craft the URL
url = self.rest_session.base_url + self.file_based_update_content_url
# File to import
files = {
"file": (filename, open(filename,
"rb"), "application/x-compressed")
}
# Customize header, remove "content-type".
headers = dict(**self.rest_session.headers)
headers.pop("content-type")
# Call REST - POST
response = self.rest_call.post_query(url=url,
files=files,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_content_update_initiated = True
else:
pass
except Exception as e:
self.logger.error(e)
return is_content_update_initiated
def update_hotfix(self, microservice, swversion, hotfix):
# Action
is_update_initiated = False
try:
# Craft the URL
url = self.rest_session.base_url + self.update_hotfix_url
# Payload
data = {
"microservice": microservice,
"swversion": swversion,
"hotfixbuild": hotfix
}
# Headers
headers = self.rest_session.headers
# Call REST - POST
response = self.rest_call.post_query(url=url,
data=data,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_update_initiated = True
else:
pass
except Exception as e:
self.logger.error(e)
return is_update_initiated
def get_staged_version(self):
# Staged Version
staged_version = []
# Craft the URL
url = self.rest_session.base_url + self.staged_software_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
staged_version = list(response.json())
else:
pass
return staged_version
def get_latest_version(self):
# Latest Version
latest_version = []
# Craft the URL
url = self.rest_session.base_url + self.latest_software_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
latest_version = list(response.json())
else:
pass
return latest_version
def apply_staged_software(self):
# Staged Version
is_update_initiated = False
# Craft the URL
url = self.rest_session.base_url + self.update_software_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_update_initiated = True
else:
pass
return is_update_initiated
class Blacklist(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URLs specific to IP Blacklist
self.blacklist_url = "accesscontrol/ipblacklist"
self.disable_blacklist_url = "accesscontrol/ipblacklist/disable"
self.import_by_file_url = "accesscontrol/importlistedip"
self.import_by_feed_url = "accesscontrol/urlfeed/blacklistedips"
self.export_listed_ip_url = "accesscontrol/export/blacklist"
self.response_action_url = "accesscontrol/ipblacklist/action"
self.global_settings_url = "accesscontrol/ipblacklist/globalsettings"
def get_ip_blacklist(self):
# Blacklists
blacklists = None
# Craft the URL
url = self.rest_session.base_url + self.blacklist_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify = False,
headers = headers
)
# Convert response to expected data
blacklists = list(response.json())
return blacklists
def disable_ip_blacklist(self):
# Action
is_disabled = False
# Craft the URL
url = self.rest_session.base_url + self.disable_blacklist_url
# Headers
headers = self.rest_session.headers
# Call REST - DELETE
response = self.rest_call.delete_query(
url = url,
verify = False,
headers = headers
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_disabled = True
else:
is_disabled = False
return is_disabled
def import_listed_ip(self, filename):
# Action
is_imported = False
try:
# Craft the URL
url = self.rest_session.base_url + self.import_by_file_url
# File to import, opened
files = {"file": (filename, open(filename), "text/plain")}
# Use file name and exclude full path
_, file_name = os.path.split(filename)
# Customize header, remove "content-type".
headers = dict(**self.rest_session.headers)
headers.pop("content-type")
# "param" is the name of the imported file
data = {
"param": file_name,
}
# Call REST - POST
response = self.rest_call.post_query(
url = url,
files = files,
headers = headers,
verify = False,
data = data
)
except Exception as e:
self.logger.error(e)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_imported = True
else:
is_imported = False
return is_imported
def import_listed_feed(self, urlfeed):
# Action
is_imported = False
try:
# Craft the URL
url = self.rest_session.base_url + self.import_by_feed_url
# Fetch the resource name
feed_name = urlfeed.split("/")[-1]
# Payload
data = json.dumps({
"enable" : "false",
"tenantId" : 1,
"tenants" : [{"id": 1, "name": "default-tenant"}],
"name" : feed_name,
"type" : "2",
"url" : urlfeed,
"urlmd5" : ""
})
# Headers
headers = self.rest_session.headers
# Call REST - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
verify = False,
data = data
)
except Exception as e:
self.logger.error(e)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_imported = True
else:
is_imported = False
return is_imported
def export_listed_ip(self, export_file = None):
# Action
is_exported = False
# Blacklist
ip_blacklist = None
try:
# Craft the URL
url = self.rest_session.base_url + self.export_listed_ip_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify = False,
headers = headers
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
# IP Blacklist Count
self.logger.info("IP Blacklist Count: {}".format(len(response.text.split())))
ip_blacklist = response.text
is_exported = True
else:
self.logger.error(response.status_code)
self.logger.error(response.content)
except Exception as e:
self.logger.error(e)
try:
if export_file is not None:
with open(export_file, "w") as txt_file:
txt_file.write(ip_blacklist)
else:
pass
except Exception as e:
self.logger.error(e)
return is_exported
def get_ip_blacklist_global_settings(self):
# Global settings
ip_blacklist_globalsettings = {}
try:
# Craft the URL
url = self.rest_session.base_url + self.global_settings_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify = False,
headers = headers
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
ip_blacklist_globalsettings = dict(response.json())
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return ip_blacklist_globalsettings
def set_ip_blacklist_action(self, action, frequency=30):
# Action
is_action_set = False
# Blacklist - Response Action
# 1 - Alert Only
# 2 - Block and Alert
# Blacklist - Frequency
# Currently not used
data = json.dumps({
"action" : action,
"frequency" : frequency
})
try:
# Craft the URL
url = self.rest_session.base_url + self.response_action_url
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url = url,
headers = headers,
verify = False,
data = data
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_action_set = True
self.logger.info("Blacklist Action Set.")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return is_action_set
class AccessControl(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# fetched data
self.data = None
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URLs specific to ACL's
self.accesscontrol_policy_url = "policy/accesscontrolpolicy"
self.accesscontrol_policy_ruleadd = "policy/accesscontrolpolicy"
self.accesscontrol_policy_nondefaultacl = "policy/accesscontrolpolicy"
self.accesscontrol_policy_nondefaultacl_del = "policy/accesscontrolpolicy/"
self.accesscontrol_policy_byruleid = "policy/accesscontrolpolicy/rules/"
self.accesscontrol_policy_bychassisid = "policy/accesscontrolpolicy/chassis/"
self.accesscontrol_policy_byinfraid = "policy/accesscontrolpolicy/infra/"
self.accesscontrol_policy_byaclid = "policy/accesscontrolpolicy/"
self.accesscontrol_policy_bytenantid = "policy/accesscontrolpolicy/tenant/"
self.accesscontrol_policy_ruleadd_policyid = "policy/accesscontrolpolicy/rule"
def get_access_controllist(self):
accesscontrol = None
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrol = list(response.json())
return accesscontrol
def add_access_control_rule(self):
rule_added = False
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrollist = list(response.json())
for aid in accesscontrollist:
if aid["name"] == 'Default ACL Policy':
aclpolicyid = int(aid['id'])
break
data = json.dumps({
"id": aclpolicyid,
"name": "Default ACL Policy",
"tenantId": None,
"aclRules": [
{
"action": "PERMIT",
"description": "",
"destinationApps": "",
"destinationCidrs": "",
"destinationPortRanges": "",
"name": "rule-51",
"destinationResourceGroupList": [
],
"enableTLSInspection": False,
"enabled": True,
"orderNum": 1,
"resourcegroupNames": [
],
"sourceResourceGroupList": [
],
"destinationProtocol": None,
"spsId": 5,
"tcpSessionTimeout": 1800,
"hitStats": None,
"tlsInspection": "DISABLED",
"serviceList": [
]
},
{
"id": 4,
"name": "Default",
"description": None,
"orderNum": 2,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": "DISABLED",
"spsId": 5,
"action": "PERMIT",
"destinationProtocol": None,
"destinationPortRanges": None,
"userType": "HUMAN",
"user": "******",
"mapOfChangeLogPerTS": None,
"gmId": None
}
],
"infraMap": {
"2": "tonyinf"
},
"rgNameMap": None,
"spsNameMap": None,
"serviceNameMap": None
})
try:
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_ruleadd
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url=url,
headers=headers,
verify=False,
data=data
)
if response.status_code == requests.codes.ok:
rule_added = True
self.logger.info("New rule added to Default ACL.")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return rule_added
def add_srcdst_access_control_rule(self, dstrg_id, srcrg_id, rule_nm):
rules_added = False
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrollist = list(response.json())
for aid in accesscontrollist:
if aid["name"] == 'Default ACL Policy':
aclpolicyid = int(aid['id'])
break
group_handle = GroupandInsert(self.rest_session)
rgid1 = str(dstrg_id)
rgid2 = str(srcrg_id)
newacl_add = [{
"id": aclpolicyid,
"name": "Default ACL Policy",
"tenantId": None,
"aclRules": [
{
"action": "PERMIT",
"description": "",
"destinationApps": "",
"destinationCidrs": "",
"destinationPortRanges": "",
"name": "RG-1 to RG-2",
"destinationResourceGroupList": [
15
],
"enableTLSInspection": False,
"enabled": True,
"orderNum": 1,
"resourcegroupNames": [
],
"sourceResourceGroupList": [
14
],
"destinationProtocol": None,
"spsId": 5,
"tcpSessionTimeout": 1800,
"hitStats": None,
"tlsInspection": "DISABLED",
"serviceList": [
215
]
},
{
"id": 4,
"name": "Default",
"description": None,
"orderNum": 2,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": "DISABLED",
"spsId": 5,
"action": "PERMIT",
"destinationProtocol": None,
"destinationPortRanges": None,
"userType": "HUMAN",
"user": "******",
"mapOfChangeLogPerTS": None,
"gmId": None
}
],
"infraMap": {
"2": "tonyinf-test2"
},
"rgNameMap": None,
"spsNameMap": None,
"serviceNameMap": None
}]
for srcdstid in newacl_add:
if srcdstid["name"] == "Default ACL Policy":
srcdstid["aclRules"][0]["name"] = rule_nm
srcdstid["aclRules"][0]["destinationResourceGroupList"] = [rgid1]
srcdstid["aclRules"][0]["sourceResourceGroupList"] = [rgid2]
data = json.dumps(newacl_add)
data = str(data)[1:-1]
try:
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_ruleadd
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url=url,
headers=headers,
verify=False,
data=data
)
if response.status_code == requests.codes.ok:
rules_added = True
self.logger.info("New rules added with src and dst.")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return rules_added
def add_nondefault_acl_policy(self):
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_nondefaultacl
# Headers
headers = self.rest_session.headers
# Payload-1
data1 = json.dumps({
"id": 0,
"name": "nondefault_acl_policy",
"tenantId": 1,
"aclRules": [
{
"action": "PERMIT",
"description": "Default rule",
"destinationApps": "",
"destinationCidrs": "",
"destinationPortRanges": "",
"name": "Default",
"destinationResourceGroupList": [
],
"enableTLSInspection": False,
"enabled": True,
"id": 0,
"orderNum": 1,
"resourcegroupNames": [
],
"sourceResourceGroupList": [
],
"destinationProtocol": None,
"spsId": 5,
"tcpSessionTimeout": 1800,
"hitStats": None,
"tlsInspection": "DISABLED"
}
]
})
# Call REST - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
verify=False,
data = data1
)
nondefault_acl_id = int(response.json())
# Payload-2
payload = [{
"id": 0,
"name": "nondefault_acl_policy",
"tenantId": 1,
"aclRules": [
{
"id": 0,
"name": "Default",
"description": "Default rule",
"orderNum": 1,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": None,
"spsId": 5,
"action": "PERMIT",
"destinationProtocol": None,
"destinationPortRanges": "",
"userType": "HUMAN",
"user": None,
"mapOfChangeLogPerTS": None,
"gmId": None
}
],
"infraMap": {
},
"rgNameMap": None,
"spsNameMap": None,
"serviceNameMap": None
}]
for aid in payload:
if aid["id"] == 0:
aid["id"] = nondefault_acl_id
aid["aclRules"][0]["id"] = nondefault_acl_id+1
data2 = json.dumps(payload)
data2 = str(data2)[1:-1]
# Call REST - PUT
response = self.rest_call.put_query(
url=url,
headers=headers,
verify=False,
data=data2
)
if response.status_code == requests.codes.ok:
print("Non Default ACL policy created successfully")
else:
print("Non default ACL creation not successful")
return nondefault_acl_id
def add_tls_rule(self):
tls_rule_added = False
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrollist = list(response.json())
for aid in accesscontrollist:
if aid["name"] == 'Default ACL Policy':
aclpolicyid = int(aid['id'])
break
data = json.dumps({
"id": aclpolicyid,
"name": "Default ACL Policy",
"tenantId": None,
"aclRules": [
{
"action": "PERMIT",
"description": "",
"destinationApps": "",
"destinationCidrs": "",
"destinationPortRanges": "",
"name": "Enable_TLS",
"destinationResourceGroupList": [
],
"enableTLSInspection": True,
"enabled": True,
"orderNum": 1,
"resourcegroupNames": [
],
"sourceResourceGroupList": [
],
"destinationProtocol": None,
"spsId": 5,
"tcpSessionTimeout": 1800,
"hitStats": None,
"tlsInspection": "INBOUND",
"serviceList": [
92
],
"syslog": False,
"packetCapture": "DISABLED"
},
{
"id": 4,
"name": "Default",
"description": None,
"orderNum": 2,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": "DISABLED",
"spsId": 5,
"action": "PERMIT",
"destinationProtocol": None,
"destinationPortRanges": None,
"userType": "HUMAN",
"user": "******",
"mapOfChangeLogPerTS": None,
"gmId": None
}
],
"infraMap": {
"2": "tonyinf"
},
"rgNameMap": None,
"spsNameMap": None,
"serviceNameMap": None
})
try:
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_ruleadd
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url=url,
headers=headers,
verify=False,
data=data
)
if response.status_code == requests.codes.ok:
tls_rule_added = True
self.logger.info("TLS policy enabled successfully.")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return tls_rule_added
def add_multirule_httpping_service(self):
multi_rule_added = False
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrollist = list(response.json())
for aid in accesscontrollist:
if aid["name"] == 'Default ACL Policy':
aclpolicyid = int(aid['id'])
break
data = json.dumps({
"id": aclpolicyid,
"name": "Default ACL Policy",
"tenantId": None,
"aclRules": [
{
"action": "DENY",
"description": "",
"destinationApps": "",
"destinationCidrs": "",
"destinationPortRanges": "",
"name": "rule-2",
"destinationResourceGroupList": [
],
"enableTLSInspection": False,
"enabled": True,
"orderNum": 1,
"resourcegroupNames": [
],
"sourceResourceGroupList": [
],
"destinationProtocol": None,
"spsId": 5,
"tcpSessionTimeout": 1800,
"hitStats": None,
"tlsInspection": "DISABLED",
"serviceList": [
215
]
},
{
"id": 165,
"name": "rule-1",
"description": "",
"orderNum": 2,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
25
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": None,
"spsId": 5,
"action": "PERMIT",
"hitStats": {
"ruleId": 165,
"hitCount": 0
},
"destinationProtocol": None,
"destinationPortRanges": "",
"userType": "HUMAN",
"user": None,
"mapOfChangeLogPerTS": None,
"gmId": None,
"enableTLSInspection": True
},
{
"id": 4,
"name": "Default",
"description": None,
"orderNum": 3,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": "DISABLED",
"spsId": 5,
"action": "PERMIT",
"destinationProtocol": None,
"destinationPortRanges": None,
"userType": "HUMAN",
"user": "******",
"mapOfChangeLogPerTS": None,
"gmId": None
}
],
"infraMap": {
"2": "tonyinf"
},
"rgNameMap": None,
"spsNameMap": None,
"serviceNameMap": None
})
try:
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_ruleadd
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url=url,
headers=headers,
verify=False,
data=data
)
if response.status_code == requests.codes.ok:
multi_rule_added = True
self.logger.info("ACL rules with HTTP and Ping services added")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return multi_rule_added
def del_all_defaultacl_rules(self):
all_rule_del = False
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrollist = list(response.json())
for aid in accesscontrollist:
if aid["name"] == 'Default ACL Policy':
aclpolicyid = int(aid['id'])
break
data = json.dumps({
"id": aclpolicyid,
"name": "Default ACL Policy",
"tenantId": None,
"aclRules": [
{
"id": 4,
"name": "Default",
"description": None,
"orderNum": 1,
"enabled": True,
"destinationResourceGroupList": [
],
"sourceResourceGroupList": [
],
"serviceList": [
],
"destinationApps": "",
"syslog": False,
"tcpSessionTimeout": 1800,
"tlsInspection": "DISABLED",
"packetCapture": "DISABLED",
"spsId": 5,
"action": "PERMIT",
"destinationProtocol": None,
"destinationPortRanges": None,
"userType": "HUMAN",
"user": "******",
"mapOfChangeLogPerTS": None,
"gmId": None
}
],
"infraMap": {
"2": "tonyinf"
},
"rgNameMap": None,
"spsNameMap": None,
"serviceNameMap": None
})
try:
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_ruleadd
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url=url,
headers=headers,
verify=False,
data=data
)
if response.status_code == requests.codes.ok:
all_rule_del = True
self.logger.info("All rules deleted from the default ACL policy")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return all_rule_del
def del_nondefaultacl_policy(self):
del_nondefault_acl = False
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
accesscontrollist = list(response.json())
for aid in accesscontrollist:
if aid["name"] == 'nondefault_acl_policy':
aclpolicyid = str(aid['id'])
break
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_nondefaultacl_del + aclpolicyid
# Headers
headers = self.rest_session.headers
# Call REST - DELETE
response = self.rest_call.delete_query(
url = url,
verify=False,
headers = headers
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
del_nondefault_acl = True
else:
del_nondefault_acl = False
return del_nondefault_acl
def del_aclpolicy_aclid(self,acl_policy_id):
del_aclpolicy_aclid = False
aclid_policy = str(acl_policy_id)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_byaclid + aclid_policy
# Headers
headers = self.rest_session.headers
# Call REST - DELETE
response = self.rest_call.delete_query(
url = url,
verify=False,
headers = headers
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
del_aclpolicy_aclid = True
else:
del_aclpolicy_aclid = False
return del_aclpolicy_aclid
def get_aclrule_ruleid(self,aclruleid):
obtain_aclrule_byid = False
aclruleid = str(aclruleid)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_byruleid + aclruleid
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
if response.status_code == requests.codes.ok:
accesscontrollist = response.content
obtain_aclrule_byid = True
else:
obtain_aclrule_byid = False
return accesscontrollist
def get_aclpolicy_chassisid(self,aclpolicychassisid):
obtain_aclpolicy_bychassisid = False
aclpolicychassisid = str(aclpolicychassisid)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_bychassisid + aclpolicychassisid
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
if response.status_code == requests.codes.ok:
accesscontrol_list = response.content
obtain_aclpolicy_bychassisid = True
else:
obtain_aclpolicy_bychassisid = False
return accesscontrol_list
def get_aclpolicy_infraid(self,aclpolicyinfraid):
obtain_aclpolicy_byinfraid = False
aclpolicyinfraid = str(aclpolicyinfraid)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_byinfraid + aclpolicyinfraid
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
if response.status_code == requests.codes.ok:
ac_list = response.content
obtain_aclpolicy_byinfraid = True
else:
obtain_aclpolicy_byinfraid = False
return ac_list
def get_aclpolicy_aclid(self,aclpolicyid):
obtain_aclpolicy_byaclid = False
aclpolicyid = str(aclpolicyid)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_byaclid + aclpolicyid
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
if response.status_code == requests.codes.ok:
accesscontrolpolicy = response.content
obtain_aclpolicy_byaclid = True
else:
obtain_aclpolicy_byaclid = False
return accesscontrolpolicy
def get_aclpolicy_tenantid(self,aclpolicytenantid):
obtain_aclpolicy_bytenantid = False
aclpolicytenantid = str(aclpolicytenantid)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_bytenantid + aclpolicytenantid
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(
url = url,
verify=False,
headers = headers
)
if response.status_code == requests.codes.ok:
accesscontrol_policy = response.content
obtain_aclpolicy_bytenantid = True
else:
obtain_aclpolicy_bytenantid = False
return accesscontrol_policy
def add_aclrule_aclpolicyid(self,aclrule,aclpolicy_id):
aclrule_addbypolicyid = False
data = json.dumps(aclrule)
aclpolid = "?aclPolicyId={0}".format(aclpolicy_id)
# Craft the URL
url = self.rest_session.base_url + self.accesscontrol_policy_ruleadd_policyid + aclpolid
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(
url = url,
verify=False,
headers = headers,
data = data
)
if response.status_code == requests.codes.ok:
aclrule_addbypolicyid = True
else:
aclrule_addbypolicyid = False
return aclrule_addbypolicyid
class CloudManagement(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URL specific to this Module
self.infras_url = "infras"
self.resource_group_url = "infras/resourcegroup"
self.resource_groups_url = "infras/resourcegroups"
self.ip_pool_url = "ippool"
# URL separator
self.sep_url = "/"
def create_cloud(self, cloud_info):
# Cloud ID
cloud_id = None
# Craft the URL
url = self.rest_session.base_url + self.infras_url
# Headers
headers = self.rest_session.headers
# Data
data = json.dumps(cloud_info)
# Create Infra Connector - POST
response = self.rest_call.post_query(url=url,
data=data,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
cloud_id = int(response.json())
else:
pass
return cloud_id
def delete_cloud(self, cloud_id):
# Craft the URL
url = self.rest_session.base_url + self.infras_url + self.sep_url + str(
cloud_id)
# Headers
headers = self.rest_session.headers
# Delete Infra Connector - DELETE
response = self.rest_call.delete_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
return True
else:
return False
def get_cloud_objects(self, cloud_id):
cloud_objects = None
# Craft the URL
url = self.rest_session.base_url + self.infras_url + self.sep_url + str(
cloud_id) + self.sep_url + "objects"
# Headers
headers = self.rest_session.headers
# Infra Objects - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
cloud_objects = dict(response.json())
else:
return False
return cloud_objects
def create_cloud_infra(self, **cloud_info):
# Infra ID
infra_id = None
# Verify necessary info are defined
try:
# Verify cloud info is not None
if not all([
cloud_info["cloud_type"],
cloud_info["username"],
cloud_info["password"],
]):
self.logger.error("One of the cloud info is None.")
return infra_id
else:
# Proceed with cloud infra creation
pass
except KeyError as e:
self.logger.error("Missing necessary cloud information.")
return infra_id
# Verify cloud information
if cloud_info["cloud_type"] == "VMWARE":
self.logger.info("Cloud Type: {}".format(cloud_info["cloud_type"]))
elif cloud_info["cloud_type"] == "AWS":
self.logger.info("Cloud Type: {}".format(cloud_info["cloud_type"]))
elif cloud_info["cloud_type"] == "MS Azure":
self.logger.info("Cloud Type: {}".format(cloud_info["cloud_type"]))
else:
self.logger.error("Cloud Type: {}".format(
cloud_info["cloud_type"]))
# Craft the URL
url = self.rest_session.base_url + self.infras_url
# Headers
headers = self.rest_session.headers
# Create Infra Connector - POST
# Convert response to expected data
return infra_id
def get_cloud_infra(self):
# Cloud list
cloud_list = None
# Craft the URL
url = self.rest_session.base_url + self.infras_url
# Headers
headers = self.rest_session.headers
# Get Cloud Infras - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
cloud_list = list(response.json())
else:
pass
return cloud_list
def get_cloud_infra_by_name(self, cloud_name):
# Cloud (Infra Connectors)
cloud_list = self.get_cloud_infra()
for cloud in cloud_list:
if cloud_name == cloud["name"]:
return cloud
return None
def update_cloud_infra(self, cloud_info):
is_updated = False
# Craft the URL
url = self.rest_session.base_url + self.infras_url
# Payload
data = json.dumps(cloud_info)
# Headers
headers = self.rest_session.headers
# Update Cloud Infra - PUT
response = self.rest_call.put_query(url=url,
data=data,
verify=False,
headers=headers)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_updated = True
else:
pass
return is_updated
def create_resource_group(self, resource_group):
rg_id = None
# Craft the URL
url = self.rest_session.base_url + self.resource_group_url
# Headers
headers = self.rest_session.headers
# Payload
data = json.dumps(resource_group)
# Create Resource Group - POST
response = self.rest_call.post_query(url=url,
headers=headers,
data=data,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
rg_id, _ = list(response.json())
else:
pass
return rg_id
def get_resource_groups(self):
resource_groups = []
# Craft the URL
url = self.rest_session.base_url + self.resource_groups_url
# Headers
headers = self.rest_session.headers
# Get Resource Groups - GET
response = self.rest_call.get_query(url=url,
headers=headers,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
resource_groups = list(response.json())
else:
pass
return resource_groups
def get_resource_group_by_name(self, rg_name):
resource_group = None
# Craft the URL
url = self.rest_session.base_url + self.resource_groups_url
# Headers
headers = self.rest_session.headers
# Get Resource Groups - GET
response = self.rest_call.get_query(url=url,
headers=headers,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
for rg in list(response.json()):
if rg["name"] == rg_name:
resource_group = rg
break
else:
pass
return resource_group
def remove_resource_group_by_name(self, rg_name):
is_deleted = False
rg = self.get_resource_group_by_name(rg_name)
if rg is not None:
# Craft the URL
url = self.rest_session.base_url + self.resource_group_url + self.sep_url + str(
rg["id"])
# Headers
headers = self.rest_session.headers
# Delete Resource Groups - DELETE
response = self.rest_call.delete_query(url=url,
headers=headers,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_deleted = True
else:
pass
else:
pass
return is_deleted
def create_ip_pool(self, ip_pool):
ip_pool_id = None
# Craft the URL
url = self.rest_session.base_url + self.ip_pool_url
# Data
data = json.dumps(ip_pool)
# Headers
headers = self.rest_session.headers
# Create IP Pool - POST
response = self.rest_call.post_query(url=url,
headers=headers,
data=data,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
ip_pool_id = int(response.text)
else:
pass
return ip_pool_id
def get_ip_pools(self, infra_id):
ip_pools = []
# Craft the URL
url = self.rest_session.base_url + str(
infra_id) + self.sep_url + self.ip_pool_url
# Headers
headers = self.rest_session.headers
# Get IP Pools - GET
response = self.rest_call.get_query(url=url,
headers=headers,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
ip_pools = list(response.json())
else:
pass
return ip_pools
def get_ip_pool_by_name(self, infra_id, ip_pool_name):
ip_pools = self.get_ip_pools(infra_id)
for ip_pool in ip_pools:
if ip_pool["name"] == ip_pool_name:
return ip_pool
else:
continue
return None
def delete_ip_pool_by_name(self, infra_id, ip_pool_name):
is_deleted = False
ip_pools = self.get_ip_pools(infra_id)
ip_pool_id = None
for ip_pool in ip_pools:
if ip_pool["name"] == ip_pool_name:
ip_pool_id = ip_pool["id"]
break
else:
continue
if ip_pool_id is not None:
# Craft URL
url = self.rest_session.base_url + self.ip_pool_url + self.sep_url + str(
ip_pool_id)
# Headers
headers = self.rest_session.headers
# Delete IP Pool - DELETE
response = self.rest_call.delete_query(url=url,
headers=headers,
verify=False)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_deleted = True
else:
pass
else:
# NOOP
pass
return is_deleted
class BreakingPoint:
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# Test Info
self.test_id = None
self.test_iteration = None
self.model_name = None
# URLs specific to Breaking Point
self.ports_url = "bps/ports"
self.reserve_ports_url = "bps/ports/operations/reserve"
self.unreserve_ports_url = "bps/ports/operations/unreserve"
self.chassis_config_url = "bps/ports/chassisconfig"
self.change_card_config_url = "bps/ports/operations/changecardconfig"
self.reboot_card_url = "bps/ports/operations/rebootcard"
self.running_tests_url = "bps/tests"
self.start_test_url = "bps/tests/operations/start"
self.stop_test_url = "bps/tests/operations/stop"
self.get_rts_url = "bps/tests/operations/getrts"
self.result = "bps/tests/operations/getrts"
# Breaking Point constants
self.TEST_COMPLETE = 100.0 # 100% complete
self.BETWEEN_CHECKS = 1 * 60 # period for checking the stats
self.RAMP_UP = 20.0 # Ramp up
self.RAMP_DOWN = 80.0 # Ramp down
def get_ports_status(self):
# Port status
ports_status = None
# Craft the URL
url = self.rest_session.base_url + self.ports_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Call REST - GET
response = self.rest_call.get_query(
url = url,
headers = headers,
verify = False
)
# Convert response to expected data
ports_status = dict(response.json())
return ports_status
def reserve_ports(self, slot, ports):
# Action
is_reserved = False
# Craft the URL
url = self.rest_session.base_url + self.reserve_ports_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"slot": slot, "portList": ports, "group": "1", "force": "true"})
# Call REST - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_reserved = True
else:
is_reserved = False
return is_reserved
def unreserve_ports(self, slot, ports):
# Action
is_unreserved = False
# Craft the URL
url = self.rest_session.base_url + self.unreserve_ports_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"slot": slot, "portList": ports})
# Call REST - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_unreserved = True
else:
is_unreserved = False
return is_unreserved
def check_chassis_config(self, slot):
# Action
is_chassis_ready = False
# Craft the URL
url = self.rest_session.base_url + self.chassis_config_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Get chassis config - GET
response = self.rest_call.get_query(
url = url,
headers = headers,
verify = False
)
if response.status_code == requests.codes.ok:
# Port Status
chassis_config = dict(response.json())
self.logger.info("Chassis Config: {}".format(chassis_config))
if (len(chassis_config) > 0) and ("state" in chassis_config[slot]):
if chassis_config[slot]["state"] == u"ok":
is_chassis_ready = True
else:
self.logger.error("Chassis - ports are not ready.")
self.logger.error("State: {}".format(chassis_config[slot]["state"]))
else:
self.logger.error("Unable to fetch chassis config.")
else:
self.logger.error("Unable to fetch chassis config.")
return is_chassis_ready
def change_card_config(self, slot, action, mode):
# Action
is_card_config_changed = False
# Craft the URL
url = self.rest_session.base_url + self.change_card_config_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"slot": slot, "action": action, "mode": mode})
# Change Card Config
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_card_config_changed = True
else:
is_card_config_changed = False
return is_card_config_changed
def reboot_card(self, card_number):
# Action
is_rebooted = False
# Craft the URL
url = self.rest_session.base_url + self.reboot_card_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"cardNumber": card_number})
# Reboot card
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
# Convert response to expected data
if response.status_code == requests.codes.ok:
is_rebooted = True
else:
is_rebooted = False
return is_rebooted
def start_test(self, model_name):
# Action
is_started = False
# Craft the URL
url = self.rest_session.base_url + self.start_test_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"modelname": model_name, "group": "1"})
# Start Test - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
test_info = dict(response.json())
# Get test info
self.model_name = model_name
self.test_id = test_info["testid"]
self.test_iteration = test_info["iteration"]
if response.status_code == requests.codes.ok:
is_started = True
self.logger.info("Model Name: {}".format(self.model_name))
self.logger.info("Test ID: {}".format(self.test_id))
self.logger.info("Test Iteration: {}".format(self.test_iteration))
else:
self.logger.error("Status Code: {}".format(response.status_code))
return is_started
def stop_test(self, test_id):
# Action
is_stopped = False
# Craft the URL
url = self.rest_session.base_url + self.stop_test_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"testid": test_id})
# Stop Test - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
if response.status_code == requests.codes.ok:
is_stopped = True
else:
is_stopped = False
return is_stopped
def get_real_time_stats(self, test_id, stats_group="summary"):
rts = None
# Craft the URL
url = self.rest_session.base_url + self.get_rts_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
if stats_group in RealTimeStats.STATSGROUP:
data = json.dumps({"runid": test_id, "statsGroup": stats_group})
else:
data = json.dumps({"runid": test_id, "statsGroup": RealTimeStats.STATSGROUP[RealTimeStats.SUMMARY]})
# Get RTS - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
if response.status_code == requests.codes.ok:
rts = dict(response.json())
self.logger.info("RTS: {}".format(rts))
else:
self.logger.error("Error: %d" % response.status_code)
self.logger.error("Unable to get RTS.")
return rts
def get_running_tests(self, user):
# test ID
test_id = None
# Craft the URL
url = self.rest_session.base_url + self.running_tests_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Get Running Tests - GET
response = self.rest_call.get_query(
url = url,
headers = headers,
verify = False
)
# Test output
testInfoRegExp = re.compile(r"""
TestId:\s+\[(.*?)\]\s+ # Test ID, index 1
Run\s+by:\s+\[(.*?)\]\s+ # Run by, index 2
State:\s+\[(.*?)\]\s+ # State
Progress:\s+\[(.*?)\] # Progress
""", re.VERBOSE)
if response.status_code == requests.codes.ok:
self.logger.info("Response Text: %s" % response.text)
runningTestsData = response.json()
if len(runningTestsData) == 0:
# Test is done, return testId = None
return testId
else:
# Proceed
pass
try:
for runningTestKey, runningTestValue in runningTestsData.items():
self.logger.debug("Running Test Key: >>%s<<, Running Test Value: >>%s<<" % (runningTestKey, runningTestValue))
if runningTestKey == 'runningTestInfo':
self.logger.info("%s -> %s" % (runningTestKey, runningTestValue))
# search test info
for testItem in runningTestValue.split(','):
testInfo = re.search(testInfoRegExp, testItem)
if user == testInfo.group(2):
self.logger.info("Test ID: %s" % testInfo.group(1))
testId = testInfo.group(1)
break
else:
self.logger.error("Test run by: >>%s<< == >>%s<<" % (user, testInfo.group(2)))
testId = None
else:
pass
except Exception as e:
self.logger.error("Running test not found, test is done.")
self.logger.error(e)
else:
self.logger.error("Error: %d" % response.status_code)
self.logger.error("Unable to get running tests.")
return testId
def get_result(self, test_id):
result = None
# Craft the URL
url = self.rest_session.base_url + self.result_url
# Headers
headers = {
'content-type': 'application/json;charset=utf-8',
'Cookie': self.rest_session.cookie
}
# Payload
data = json.dumps({"runid": test_id})
# Get result - POST
response = self.rest_call.post_query(
url = url,
headers = headers,
data = data,
verify = False
)
if response.status_code == requests.codes.ok:
result = dict(response.json())
else:
self.logger.error("Error: %d" % response.status_code)
self.logger.error("Unable to get result.")
return result
def get_model_name(self):
return self.model_name
def get_test_id(self):
if self.test_id is not None:
return self.test_id
else:
return None
def get_test_iteration(self):
return self.test_iteration
def send_strikes_traffic(self, slot, ports, traffic_profile):
# BP - Real Time Stats
bp_stats = RealTimeStats()
# Summary Stats
summary_stats = None
# Processed Stats
processed_stats = {
"model_name": None,
"test_id": None,
"test_iteration": None,
"total_strikes": None,
"total_allowed": None,
"total_blocked": None,
}
# Reserve Ports
ports_reserved = self.reserve_ports(slot, ports)
if ports_reserved:
# Start test
test_started = self.start_test(traffic_profile)
if test_started:
# Get test info
test_id = self.get_test_id()
test_iteration = self.get_test_iteration()
# Breaking Point - Real Time Stats, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
# Monitor progress and proceed after test completed
while float(progress) < self.TEST_COMPLETE:
# Wait before the next progress check
time.sleep(self.BETWEEN_CHECKS)
# Get RTS based on Test ID, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
# Breaking Point - Test run completed, extract results
self.logger.critical("RTS[rts]: {}".format(rts["rts"]))
summary_stats = bp_stats.parse_stats(rts["rts"])
self.logger.info("Total Strikes: {}".format(summary_stats["totalStrikes"]))
self.logger.info("Total Allowed: {}".format(summary_stats["totalAllowed"]))
self.logger.info("Total Blocked: {}".format(summary_stats["totalBlocked"]))
# Populate processed stats
processed_stats["model_name"] = traffic_profile
processed_stats["test_id"] = test_id.lstrip("TEST-")
processed_stats["test_iteration"] = test_iteration
processed_stats["total_strikes"] = summary_stats["totalStrikes"]
processed_stats["total_allowed"] = summary_stats["totalAllowed"]
processed_stats["total_blocked"] = summary_stats["totalBlocked"]
else:
self.logger.error("Unable to start test.")
else:
self.logger.error("Unable to reserve ports.")
# Release Ports
ports_freed = self.unreserve_ports(slot, ports)
if ports_freed:
self.logger.info("Ports released.")
else:
self.logger.error("Unable to release ports.")
return processed_stats
def send_perf_traffic(self, slot, ports, traffic_profile):
# BP - Real Time Stats
bp_stats = RealTimeStats()
# Summary Stats
summary_stats = None
# Processed Stats
processed_stats = {
"model_name": None,
"test_id": None,
"test_iteration": None,
"avg_tx_tput": None,
"avg_rx_tput": None,
"avg_tcp_response_time": None,
}
# Stats precision for throughput and response time
PRECISION = 2
tx_frame_data_rate = []
rx_frame_data_rate = []
tcp_response_time = []
# Reserve Ports
ports_reserved = self.reserve_ports(slot, ports)
if ports_reserved:
# Start test
test_started = self.start_test(traffic_profile)
if test_started:
# Get test info
test_id = self.get_test_id()
test_iteration = self.get_test_iteration()
# Breaking Point - Real Time Stats, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
# Monitor progress and proceed after test completed
while float(progress) < self.TEST_COMPLETE:
# Wait before the next progress check
time.sleep(self.BETWEEN_CHECKS)
# Get RTS based on Test ID, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
if (progress >= self.RAMP_UP and progress <= self.RAMP_DOWN):
# Capture stats during "Steady State"
summary_stats = bp_stats.parse_stats(rts["rts"])
# Append stats
tx_frame_data_rate.append(float(summary_stats["ethTxFrameDataRate"]))
rx_frame_data_rate.append(float(summary_stats["ethRxFrameDataRate"]))
tcp_response_time.append(float(summary_stats["tcpAvgResponseTime"]))
else:
# Ignore stats during "Ramp Up" and "Ramp Down"
pass
# Test completed, progress is 100%
# Compute average
avg_tx_frame_data_rate = (sum(tx_frame_data_rate) / len(tx_frame_data_rate))
avg_rx_frame_data_rate = (sum(rx_frame_data_rate) / len(rx_frame_data_rate))
avg_tcp_response_time = (sum(tcp_response_time) / len(tcp_response_time))
# Populate processed stats
processed_stats["model_name"] = traffic_profile
processed_stats["test_id"] = test_id.lstrip("TEST-")
processed_stats["test_iteration"] = test_iteration
processed_stats["avg_tx_tput"] = round(avg_tx_frame_data_rate, PRECISION)
processed_stats["avg_rx_tput"] = round(avg_rx_frame_data_rate, PRECISION)
processed_stats["avg_tcp_response_time"] = round(float(avg_tcp_response_time), PRECISION)
else:
self.logger.error("Unable to start test.")
else:
self.logger.error("Unable to reserve ports.")
# Release Ports
ports_freed = self.unreserve_ports(slot, ports)
if ports_freed:
self.logger.info("Ports released.")
else:
self.logger.error("Unable to release ports.")
return processed_stats
def send_cps_traffic(self, slot, ports, traffic_profile):
# BP - Real Time Stats
bp_stats = RealTimeStats()
# Summary Stats
summary_stats = None
# Processed Stats
processed_stats = {
"model_name": None,
"test_id": None,
"test_iteration": None,
"avg_tcp_client_established_rate": None,
"avg_tcp_server_established_rate": None,
"avg_tcp_response_time": None,
}
# Stats precision for CPS and response time
PRECISION = 2
tcp_client_established_rate = []
tcp_server_established_rate = []
tcp_response_time = []
# Reserve Ports
ports_reserved = self.reserve_ports(slot, ports)
if ports_reserved:
# Start test
test_started = self.start_test(traffic_profile)
if test_started:
# Get test info
test_id = self.get_test_id()
test_iteration = self.get_test_iteration()
# Breaking Point - Real Time Stats, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
# Monitor progress and proceed after test completed
while float(progress) < self.TEST_COMPLETE:
# Wait before the next progress check
time.sleep(self.BETWEEN_CHECKS)
# Get RTS based on Test ID, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
if (progress >= self.RAMP_UP and progress <= self.RAMP_DOWN):
# Capture stats during "Steady State"
summary_stats = bp_stats.parse_stats(rts["rts"])
# Append stats
tcp_client_established_rate.append(float(summary_stats["tcpClientEstablishRate"]))
tcp_server_established_rate.append(float(summary_stats["tcpServerEstablishRate"]))
tcp_response_time.append(float(summary_stats["tcpAvgResponseTime"]))
else:
# Ignore stats during "Ramp Up" and "Ramp Down"
pass
# Test completed, progress is 100%
# Compute average
avg_tcp_client_established_rate = (sum(tcp_client_established_rate) / len(tcp_client_established_rate))
avg_tcp_server_established_rate = (sum(tcp_server_established_rate) / len(tcp_server_established_rate))
avg_tcp_response_time = (sum(tcp_response_time) / len(tcp_response_time))
# Populate processed stats
processed_stats["model_name"] = traffic_profile
processed_stats["test_id"] = test_id.lstrip("TEST-")
processed_stats["test_iteration"] = test_iteration
processed_stats["avg_tcp_client_established_rate"] = round(avg_tcp_client_established_rate, PRECISION)
processed_stats["avg_tcp_server_established_rate"] = round(avg_tcp_server_established_rate, PRECISION)
processed_stats["avg_tcp_response_time"] = round(float(avg_tcp_response_time), PRECISION)
else:
self.logger.error("Unable to start test.")
else:
self.logger.error("Unable to reserve ports.")
# Release Ports
ports_freed = self.unreserve_ports(slot, ports)
if ports_freed:
self.logger.info("Ports released.")
else:
self.logger.error("Unable to release ports.")
return processed_stats
def send_app_traffic(self, slot, ports, traffic_profile):
# BP - Real Time Stats
bp_stats = RealTimeStats()
# Summary Stats
summary_stats = None
# Processed Stats
processed_stats = {
"model_name": None,
"test_id": None,
"test_iteration": None,
"avg_tx_tput": None,
"avg_rx_tput": None,
"avg_tcp_client_established_rate": None,
"avg_tcp_server_established_rate": None,
"avg_tcp_response_time": None,
}
# Stats precision
PRECISION = 2
# Stats
tx_frame_data_rate = []
rx_frame_data_rate = []
tcp_client_established_rate = []
tcp_server_established_rate = []
tcp_response_time = []
# Reserve Ports
ports_reserved = self.reserve_ports(slot, ports)
if ports_reserved:
# Start test
test_started = self.start_test(traffic_profile)
if test_started:
# Get test info
test_id = self.get_test_id()
test_iteration = self.get_test_iteration()
# Breaking Point - Real Time Stats, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
# Monitor progress and proceed after test completed
while float(progress) < self.TEST_COMPLETE:
# Wait before the next progress check
time.sleep(self.BETWEEN_CHECKS)
# Get RTS based on Test ID, extract progress
rts = self.get_real_time_stats(test_id)
progress = rts["progress"]
if (progress >= self.RAMP_UP and progress <= self.RAMP_DOWN):
# Capture stats during "Steady State"
summary_stats = bp_stats.parse_stats(rts["rts"])
# Append stats - data rate
tx_frame_data_rate.append(float(summary_stats["ethTxFrameDataRate"]))
rx_frame_data_rate.append(float(summary_stats["ethRxFrameDataRate"]))
# Append stats - establish rate
tcp_client_established_rate.append(float(summary_stats["tcpClientEstablishRate"]))
tcp_server_established_rate.append(float(summary_stats["tcpServerEstablishRate"]))
# Append stats - response time
tcp_response_time.append(float(summary_stats["tcpAvgResponseTime"]))
else:
# Ignore stats during "Ramp Up" and "Ramp Down"
pass
# Test completed, progress is 100%
# Compute average data rate
avg_tx_frame_data_rate = (sum(tx_frame_data_rate) / len(tx_frame_data_rate))
avg_rx_frame_data_rate = (sum(rx_frame_data_rate) / len(rx_frame_data_rate))
avg_tcp_response_time = (sum(tcp_response_time) / len(tcp_response_time))
# Compute average establish rate
avg_tcp_client_established_rate = (sum(tcp_client_established_rate) / len(tcp_client_established_rate))
avg_tcp_server_established_rate = (sum(tcp_server_established_rate) / len(tcp_server_established_rate))
# Compute average TCP response time
avg_tcp_response_time = (sum(tcp_response_time) / len(tcp_response_time))
# Populate processed stats
processed_stats["model_name"] = traffic_profile
processed_stats["test_id"] = test_id.lstrip("TEST-")
processed_stats["test_iteration"] = test_iteration
# Data rate
processed_stats["avg_tx_tput"] = round(avg_tx_frame_data_rate, PRECISION)
processed_stats["avg_rx_tput"] = round(avg_rx_frame_data_rate, PRECISION)
# CPS
processed_stats["avg_tcp_client_established_rate"] = round(avg_tcp_client_established_rate, PRECISION)
processed_stats["avg_tcp_server_established_rate"] = round(avg_tcp_server_established_rate, PRECISION)
# TCP response time
processed_stats["avg_tcp_response_time"] = round(float(avg_tcp_response_time), PRECISION)
else:
self.logger.error("Unable to start test.")
else:
self.logger.error("Unable to reserve ports.")
# Release Ports
ports_freed = self.unreserve_ports(slot, ports)
if ports_freed:
self.logger.info("Ports released.")
else:
self.logger.error("Unable to release ports.")
return processed_stats
class DataplaneManagement(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# fetched data
self.data = None
# REST Session
self.rest_session = rest_session
# Common REST Calls
self.rest_call = RestCall(rest_session)
# URLs specific to Resource group and Network set
self.chassis_list_url = "chassislist"
self.chassis_redeploy_id = "chassis/"
self.network_set_insertionstaging_elements = "chassis/insertionstagingelements"
self.network_set_chassis_bulkinsertion = "chassisbulkinsertion"
def get_chassis_list(self):
dp_list = None
# Craft the URL
url = self.rest_session.base_url + self.chassis_list_url
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
dp_list = list(response.json())
return dp_list
def get_redeploy_chassisid(self, dp_id):
job_id = None
chassisid = str(dp_id)
# Craft the URL
url = self.rest_session.base_url + self.chassis_redeploy_id + chassisid + "/redeploy"
# Headers
headers = self.rest_session.headers
# Call REST - GET
response = self.rest_call.get_query(url=url,
verify=False,
headers=headers)
job_id = response.json()
return job_id
def ns_insertionstaging_elements(self, ns_id, nsname, chassis_id,
insertion_type):
ns_staged = False
insert_type = insertion_type.upper()
payload = [{
"id": 19,
"name": "NSET-1-PG63-200",
"infraId": 1,
"type": "NETWORK_SET",
"chassisSubscriptionMap": {
"2": {
"subscription": {
"chassisId": 2,
"insertable": True,
"insertionType": "SEGMENTATION",
"markForDeletion": False,
"precedence": 1,
"resourceGroupId": 19
}
}
},
"status": "STAGING",
"action": "EDIT"
}]
for i in payload:
if i["type"] == "NETWORK_SET":
i["id"] = ns_id
i["name"] = nsname
i["chassisSubscriptionMap"]["2"]["subscription"][
"chassisId"] = chassis_id
i["chassisSubscriptionMap"]["2"]["subscription"][
"insertionType"] = insert_type
i["chassisSubscriptionMap"]["2"]["subscription"][
"resourceGroupId"] = ns_id
data = json.dumps(payload)
try:
# Craft the URL
url = self.rest_session.base_url + self.network_set_insertionstaging_elements
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(url=url,
headers=headers,
verify=False,
data=data)
if response.status_code == requests.codes.ok:
ns_staged = True
self.logger.info("New network set staged for insertion")
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return ns_staged
def ns_chassis_bulkinsertion(self, ns_id, chassis_id, insertion_type):
ns_insert = False
insert_type = insertion_type.upper()
payload = [{
"id": 22,
"action": "EDIT",
"infraId": 1,
"status": "STAGING",
"type": "NETWORK_SET",
"chassisSubscriptionMap": {
"2": {
"subscription": {
"chassisId": 2,
"insertable": True,
"insertionType": "SEGMENTATION",
"markForDeletion": False,
"precedence": 1,
"resourceGroupId": 22
}
}
}
}]
for i in payload:
if i["type"] == "NETWORK_SET":
i["id"] = ns_id
i["chassisSubscriptionMap"]["2"]["subscription"][
"chassisId"] = chassis_id
i["chassisSubscriptionMap"]["2"]["subscription"][
"insertionType"] = insert_type
i["chassisSubscriptionMap"]["2"]["subscription"][
"resourceGroupId"] = ns_id
data = json.dumps(payload)
try:
# Craft the URL
url = self.rest_session.base_url + self.network_set_chassis_bulkinsertion
# Headers
headers = self.rest_session.headers
# Call REST - PUT
response = self.rest_call.put_query(url=url,
headers=headers,
verify=False,
data=data)
if response.status_code == requests.codes.ok:
ns_insert = True
self.logger.info("New network set submitted for insertion")
ns_jid = list(response.json())
for nsjid in ns_jid:
if nsjid["type"] == 'NETWORK_SET':
ns_jobid = int(
nsjid["chassisSubscriptionMap"]["2"]["jobId"])
else:
self.logger.error(response.status_code)
except Exception as e:
self.logger.error(e)
return ns_jobid
# Pick URL and update periodically
if action == "url1":
url = "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/stopforumspam_180d.ipset"
else:
# Default URL
url = "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/bi_any_2_1d.ipset"
try:
# Initialize
bl_update = BlacklistUpdate(sx_session, logger)
while True:
is_updated = bl_update.update(url)
if is_updated:
logger.info("Update is successful.")
else:
logger.error("Update has failed.")
# Sleep until next update
time.sleep(5 * 60) # 5 minutes
except KeyboardInterrupt as e:
logger.info("Update task done. Goodbye.")
except Exception as e:
logger.error("Unknown exception: {}".format(e))
# Logout
sx_session.logout()
# Sample Run
# python update_blacklist.py -i 172.16.27.73 -u sxapi -p sxpass -a url1