Ejemplo n.º 1
0
def run_module():
    # define available arguments/parameters a user can pass to the module
    argument_spec = vmanage_argument_spec()
    argument_spec.update(type=dict(type='str', required=False, default='all'),
                         )

    # seed the result dict in the object
    # we primarily care about changed and state
    # change is if this module effectively modified the target
    # state will include any data that you want your module to pass back
    # for consumption, for example, in a subsequent task
    result = dict(
        changed=False,
        original_message='',
        message=''
    )

    # the AnsibleModule object will be our abstraction working with Ansible
    # this includes instantiation, a couple of common attr would be the
    # args/params passed to the execution, as well as if the module
    # supports check mode
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True,
                           )
    vmanage = Vmanage(module)
    vmanage_policy_definition_lists = PolicyDefinitions(vmanage.auth, vmanage.host)

    vmanage.result['policy_definitions'] = vmanage_policy_definition_lists.get_policy_definition_list(vmanage.params['type'])

    vmanage.exit_json(**vmanage.result)
Ejemplo n.º 2
0
    def export_policy_to_file(self, export_file):

        policy_lists = PolicyLists(self.session, self.host, self.port)
        policy_definitions = PolicyDefinitions(self.session, self.host,
                                               self.port)
        local_policy = LocalPolicy(self.session, self.host, self.port)
        central_policy = CentralPolicy(self.session, self.host, self.port)

        policy_lists_list = policy_lists.get_policy_list_list()
        policy_definitions_list = policy_definitions.get_policy_definition_list(
        )
        central_policies_list = central_policy.get_central_policy_list()
        local_policies_list = local_policy.get_local_policy_list()

        policy_export = {
            'vmanage_policy_lists': policy_lists_list,
            'vmanage_policy_definitions': policy_definitions_list,
            'vmanage_central_policies': central_policies_list,
            'vmanage_local_policies': local_policies_list
        }

        if export_file.endswith('.json'):
            with open(export_file, 'w') as outfile:
                json.dump(policy_export, outfile, indent=4, sort_keys=False)
        elif export_file.endswith(('.yaml', 'yml')):
            with open(export_file, 'w') as outfile:
                yaml.dump(policy_export, outfile, default_flow_style=False)
        else:
            raise Exception("File format not supported")
Ejemplo n.º 3
0
    def __init__(self, session, host, port=443):
        """Initialize Localized Policy object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.policy_definitions = PolicyDefinitions(self.session, self.host)
Ejemplo n.º 4
0
    def __init__(self, session, host, port=443):
        """Initialize Files object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.device_templates = DeviceTemplates(self.session, self.host,
                                                self.port)
        self.feature_templates = FeatureTemplates(self.session, self.host,
                                                  self.port)
        self.template_data = TemplateData(self.session, self.host, self.port)
        self.policy_data = PolicyData(self.session, self.host, self.port)
        self.policy_lists = PolicyLists(self.session, self.host, self.port)
        self.policy_definitions = PolicyDefinitions(self.session, self.host,
                                                    self.port)
        self.local_policy = LocalPolicy(self.session, self.host, self.port)
        self.central_policy = CentralPolicy(self.session, self.host, self.port)
        self.vmanage_device = Device(self.session, self.host, self.port)
def definition(ctx, name, json, definition_type):  #pylint: disable=unused-argument
    """
    Show policy definition information
    """
    policy_definitions = PolicyDefinitions(ctx.auth, ctx.host, ctx.port)
    policy_data = PolicyData(ctx.auth, ctx.host, ctx.port)
    pp = pprint.PrettyPrinter(indent=2)

    if name:
        policy_definition_dict = policy_definitions.get_policy_definition_dict(definition_type)
        if name in policy_definition_dict:
            policy_definition = policy_data.export_policy_definition_list(policy_definition_dict[name]['type'].lower())
            # list_keys(policy_definition['definition'])
            pp.pprint(policy_definition)
    else:
        policy_definition_list = policy_data.export_policy_definition_list(definition_type)
        pp.pprint(policy_definition_list)
Ejemplo n.º 6
0
    def __init__(self, session, host, port=443):
        """Initialize Policy Method object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.policy_lists = PolicyLists(self.session, self.host, self.port)
        self.policy_definitions = PolicyDefinitions(self.session, self.host, self.port)
        self.local_policy = LocalPolicy(self.session, self.host, self.port)
        self.central_policy = CentralPolicy(self.session, self.host, self.port)
        self.security_policy = SecurityPolicy(self.session, self.host, self.port)
def run_module():
    # define available arguments/parameters a user can pass to the module
    # we only support the 'data' type currently, it will be fixed when we migrate to the SDK
    argument_spec = vmanage_argument_spec()
    argument_spec.update(
        state=dict(type='str',
                   choices=['absent', 'present'],
                   default='present'),
        aggregate=dict(type='list'),
        name=dict(type='str'),
        description=dict(type='str'),
        type=dict(type='str', required=False, choices=['data']),
        sequences=dict(type='list'),
        default_action=dict(type='dict', alias='defaultAction'),
        update=dict(type='bool', default=False),
        push=dict(type='bool', default=False),
    )

    # seed the result dict in the object
    # we primarily care about changed and state
    # change is if this module effectively modified the target
    # state will include any data that you want your module to pass back
    # for consumption, for example, in a subsequent task
    result = dict(changed=False, )

    # the AnsibleModule object will be our abstraction working with Ansible
    # this includes instantiation, a couple of common attr would be the
    # args/params passed to the execution, as well as if the module
    # supports check mode
    module = AnsibleModule(
        argument_spec=argument_spec,
        supports_check_mode=True,
    )
    vmanage = Vmanage(module)
    vmanage_policy_definitions = PolicyDefinitions(vmanage.auth, vmanage.host)

    # Always as an aggregate... make a definition if just given a single entry
    if vmanage.params['aggregate']:
        policy_definition_list = vmanage.params['aggregate']
    else:
        policy_definition_list = [{
            "name":
            vmanage.params['name'],
            "description":
            vmanage.params['description'],
            "type":
            vmanage.params['type'],
            "sequences":
            vmanage.params['sequences'],
            "defaultAction":
            vmanage.params['default_action']
        }]

    # Import site lists
    policy_definition_updates = []
    if vmanage.params['state'] == 'present':
        policy_list_updates = vmanage_policy_definitions.import_policy_definition_list(
            policy_definition_list,
            check_mode=module.check_mode,
            update=vmanage.params['update'],
            push=vmanage.params['push'])
        if policy_list_updates:
            vmanage.result['changed'] = True
    else:
        policy_definition_dict = vmanage_policy_definitions.get_policy_definition_dict(
            vmanage.params['type'], remove_key=False)
        for policy_definition in policy_definition_list:
            if policy_definition['name'] in policy_definition_dict:
                diff = list(dictdiffer.diff({}, policy_definition))
                policy_definition_updates.append({
                    'name':
                    policy_definition['name'],
                    'diff':
                    diff
                })
                if not module.check_mode:
                    vmanage_policy_definitions.delete_policy_definition(
                        policy_definition['type'].lower(),
                        policy_definition['listId'])
                vmanage.result['changed'] = True

    vmanage.params['updates'] = policy_definition_updates
    vmanage.exit_json(**vmanage.result)
Ejemplo n.º 8
0
    def import_policy_from_file(self,
                                file,
                                update=False,
                                check_mode=False,
                                push=False):

        vmanage_policy_lists = PolicyLists(self.session, self.host, self.port)
        vmanage_policy_definitions = PolicyDefinitions(self.session, self.host,
                                                       self.port)
        vmanage_central_policy = CentralPolicy(self.session, self.host,
                                               self.port)
        vmanage_local_policy = LocalPolicy(self.session, self.host, self.port)

        policy_list_updates = []
        policy_definition_updates = []
        central_policy_updates = []
        local_policy_updates = []

        # Read in the datafile
        if not os.path.exists(file):
            raise Exception('Cannot find file {0}'.format(file))
        with open(file) as f:
            if file.endswith('.yaml') or file.endswith('.yml'):
                policy_data = yaml.safe_load(f)
            else:
                policy_data = json.load(f)

        # Separate the feature template data from the device template data
        if 'vmanage_policy_lists' in policy_data:
            policy_list_data = policy_data['vmanage_policy_lists']
        else:
            policy_list_data = []
        if 'vmanage_policy_definitions' in policy_data:
            policy_definition_data = policy_data['vmanage_policy_definitions']
        else:
            policy_definition_data = []
        if 'vmanage_central_policies' in policy_data:
            central_policy_data = policy_data['vmanage_central_policies']
        else:
            central_policy_data = []
        if 'vmanage_local_policies' in policy_data:
            local_policy_data = policy_data['vmanage_local_policies']
        else:
            local_policy_data = []

        policy_list_updates = vmanage_policy_lists.import_policy_list_list(
            policy_list_data, check_mode=check_mode, update=update, push=push)

        vmanage_policy_lists.clear_policy_list_cache()

        policy_definition_updates = vmanage_policy_definitions.import_policy_definition_list(
            policy_definition_data,
            check_mode=check_mode,
            update=update,
            push=push)
        central_policy_updates = vmanage_central_policy.import_central_policy_list(
            central_policy_data,
            check_mode=check_mode,
            update=update,
            push=push)
        local_policy_updates = vmanage_local_policy.import_local_policy_list(
            local_policy_data, check_mode=check_mode, update=update, push=push)

        return {
            'policy_list_updates': policy_list_updates,
            'policy_definition_updates': policy_definition_updates,
            'central_policy_updates': central_policy_updates,
            'local_policy_updates': local_policy_updates
        }
Ejemplo n.º 9
0
class PolicyData(object):
    """Methods that deal with importing, exporting, and manipulating data from policies.

    """
    def __init__(self, session, host, port=443):
        """Initialize Policy Method object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.policy_lists = PolicyLists(self.session, self.host, self.port)
        self.policy_definitions = PolicyDefinitions(self.session, self.host, self.port)
        self.local_policy = LocalPolicy(self.session, self.host, self.port)
        self.central_policy = CentralPolicy(self.session, self.host, self.port)
        self.security_policy = SecurityPolicy(self.session, self.host, self.port)

    #pylint: disable=unused-argument
    def import_policy_list_list(self, policy_list_list, push=False, update=False, check_mode=False, force=False):
        """Import a list of policyies lists into vManage.  Object Names are translated to IDs.

        Args:
            policy_list_list: A list of polcies
            push (bool): Whether to push a change out
            update (bool): Whether to update when the list exists
            check_mode (bool): Report what updates would happen, but don't update

        Returns:
            result (dict): All data associated with a response.

        """

        # Policy Lists
        diff = []
        policy_list_updates = []
        #pylint: disable=too-many-nested-blocks
        for policy_list in policy_list_list:
            policy_list_dict = self.policy_lists.get_policy_list_dict(policy_list['type'],
                                                                      remove_key=False,
                                                                      cache=False)
            if policy_list['name'] in policy_list_dict:
                existing_list = policy_list_dict[policy_list['name']]
                diff_ignore = set(
                    ['listId', 'references', 'lastUpdated', 'activatedId', 'policyId', 'listId', 'isActivatedByVsmart'])
                diff = list(dictdiffer.diff(existing_list, policy_list, ignore=diff_ignore))
                if diff:
                    policy_list_updates.append({'name': policy_list['name'], 'diff': diff})
                    policy_list['listId'] = policy_list_dict[policy_list['name']]['listId']
                    # If description is not specified, try to get it from the existing information
                    if not policy_list['description']:
                        policy_list['description'] = policy_list_dict[policy_list['name']]['description']
                    if not check_mode and update:
                        response = self.policy_lists.update_policy_list(policy_list)

                        if response['json']:
                            # Updating the policy list returns a `processId` that locks the list and 'masterTemplatesAffected'
                            # that lists the templates affected by the change.
                            if 'error' in response['json']:
                                raise Exception(response['json']['error']['message'])
                            elif 'processId' in response['json']:
                                if push:
                                    vmanage_device_templates = DeviceTemplates(self.session, self.host)
                                    # If told to push out the change, we need to reattach each template affected by the change
                                    for template_id in response['json']['masterTemplatesAffected']:
                                        vmanage_device_templates.reattach_device_template(template_id)
                            else:
                                raise Exception("Did not get a process id when updating policy list")
            else:
                diff = list(dictdiffer.diff({}, policy_list))
                policy_list_updates.append({'name': policy_list['name'], 'diff': diff})
                if not check_mode:
                    self.policy_lists.add_policy_list(policy_list)

        return policy_list_updates

    def convert_list_name_to_id(self, name_list):
        """Convert policy list from names to IDs in object.

        Args:
            name_list (list): Object

        """
        if isinstance(name_list, dict):
            for key, value in list(name_list.items()):
                if key.endswith('List') and key != "signatureWhiteList":
                    t = key[0:len(key) - 4]
                    policy_list = self.policy_lists.get_policy_list_by_name(value, policy_list_type=t)
                    if policy_list:
                        name_list[key] = policy_list['listId']
                    else:
                        raise Exception(f"Could not find id for list {value}, type {t}")
                elif key.endswith('Lists'):
                    t = key[0:len(key) - 5]
                    new_list = []
                    for list_name in value:
                        policy_list = self.policy_lists.get_policy_list_by_name(list_name, policy_list_type=t)
                        if policy_list:
                            list_id = policy_list['listId']
                            new_list.append(list_id)
                        else:
                            raise Exception(f"Could not find id for list {list_name}, type {t}")
                    name_list[key] = new_list
                elif key.endswith('Zone'):
                    policy_list = self.policy_lists.get_policy_list_by_name(value, 'zone')
                    if policy_list:
                        name_list[key] = policy_list['listId']
                    else:
                        raise Exception(f"Could not find id for list {value}, type zone")
                elif key == 'listName':
                    if 'listType' in name_list:
                        policy_list = self.policy_lists.get_policy_list_by_name(name_list['listName'],
                                                                                policy_list_type=name_list['listType'])
                    else:
                        raise Exception(f"Could not find type for list {name_list['listName']}")
                    if policy_list and 'listId' in policy_list:
                        name_list['ref'] = policy_list['listId']
                        name_list.pop('listName')
                        name_list.pop('listType')
                    else:
                        raise Exception(
                            f"Could not find id for list {name_list['listName']}, type {name_list['listType']}")
                elif key == 'className':
                    if 'classType' in name_list:
                        policy_list = self.policy_lists.get_policy_list_by_name(name_list['className'],
                                                                                policy_list_type=name_list['classType'])
                    else:
                        raise Exception(f"Could not find type for list {name_list['className']}")
                    if policy_list and 'listId' in policy_list:
                        name_list['class'] = policy_list['listId']
                        name_list.pop('className')
                        name_list.pop('classType')
                    else:
                        raise Exception(
                            f"Could not find id for list {name_list['className']}, type {name_list['classType']}")
                else:
                    self.convert_list_name_to_id(value)
        elif isinstance(name_list, list):
            for item in name_list:
                self.convert_list_name_to_id(item)

    def convert_list_id_to_name(self, id_list):
        """Convert policy list from IDs to names in object.

        Args:
            id_list (list): Object

        """
        if isinstance(id_list, dict):
            for key, value in list(id_list.items()):
                if key.endswith('List') and key != "signatureWhiteList":
                    t = key[0:len(key) - 4]
                    val = value
                    if isinstance(value, list):
                        val = value[0]
                    policy_list = self.policy_lists.get_policy_list_by_id(val, policy_list_type=t)
                    if policy_list:
                        id_list[key] = policy_list['name']
                    else:
                        raise Exception(f"Could not find name for list id {val}, type {t}")
                elif key.endswith('Lists'):
                    t = key[0:len(key) - 5]
                    new_list = []
                    for list_id in value:
                        policy_list = self.policy_lists.get_policy_list_by_id(list_id, policy_list_type=t)
                        if policy_list:
                            list_name = policy_list['name']
                            new_list.append(list_name)
                        else:
                            raise Exception(f"Could not find name for list id {list_id}, type {t}")
                    id_list[key] = new_list
                elif key.endswith('Zone'):
                    policy_list = self.policy_lists.get_policy_list_by_id(value, 'zone')
                    if policy_list:
                        id_list[key] = policy_list['name']
                    else:
                        raise Exception(f"Could not find name for list {value}, type zone")
                elif key == 'ref':
                    policy_list = self.policy_lists.get_policy_list_by_id(id_list['ref'])
                    if policy_list:
                        id_list['listName'] = policy_list['name']
                        id_list['listType'] = policy_list['type']
                        id_list.pop('ref')
                    else:
                        raise Exception(f"Could not find name for list {id_list['ref']}")
                elif key == 'class':
                    policy_list = self.policy_lists.get_policy_list_by_id(id_list['class'])
                    if policy_list:
                        id_list['className'] = policy_list['name']
                        id_list['classType'] = policy_list['type']
                        id_list.pop('class')
                    else:
                        raise Exception(f"Could not find name for list {id_list['class']}")
                else:
                    self.convert_list_id_to_name(value)
        elif isinstance(id_list, list):
            for item in id_list:
                self.convert_list_id_to_name(item)

    def convert_sequences_to_id(self, sequence_list):
        """Convert sequence entries from IDs to names in object.

        Args:
            sequence_list (list): Sequence list

        """
        for sequence in sequence_list:
            if 'match' in sequence and 'entries' in sequence['match']:
                for entry in sequence['match']['entries']:
                    if 'listName' in entry:
                        policy_list_dict = self.policy_lists.get_policy_list_dict(entry['listType'])
                        if entry['listName'] in policy_list_dict:
                            entry['ref'] = policy_list_dict[entry['listName']]['listId']
                            entry.pop('listName')
                            entry.pop('listType')
                        else:
                            raise Exception("Could not find list {0} of type {1}".format(
                                entry['listName'], entry['listType']))

    def convert_definition_id_to_name(self, policy_definition):
        """Convert policy_definition from IDs to names in object.

        Args:
            policy_definition (list): Sequence list

        """
        if 'assembly' in policy_definition and policy_definition['assembly']:
            for assembly_item in policy_definition['assembly']:
                policy_definition_detail = self.policy_definitions.get_policy_definition(
                    assembly_item['type'].lower(), assembly_item['definitionId'])
                definition_id = assembly_item.pop('definitionId')
                if policy_definition_detail:
                    assembly_item['definitionName'] = policy_definition_detail['name']
                else:
                    raise Exception("Cannot find policy definition for {0}".format(definition_id))
                if 'entries' in assembly_item:
                    # Translate list IDs to names
                    self.convert_list_id_to_name(assembly_item['entries'])

    def convert_definition_name_to_id(self, policy_definition):
        """Convert policy_definition from names to IDs in object.

        Args:
            policy_definition (list): Sequence list

        """
        if 'assembly' in policy_definition and policy_definition['assembly']:
            for assembly_item in policy_definition['assembly']:
                definition_name = assembly_item.pop('definitionName')
                policy_definition_dict = self.policy_definitions.get_policy_definition_dict(assembly_item['type'])
                if definition_name in policy_definition_dict:
                    assembly_item['definitionId'] = policy_definition_dict[definition_name]['definitionId']
                else:
                    raise Exception("Cannot find policy definition {0}".format(definition_name))
                if 'entries' in assembly_item:
                    self.convert_list_name_to_id(assembly_item['entries'])

    def convert_policy_definition_to_name(self, policy_definition):
        """Convert policy_definition objects from IDs to names

        Args:
            policy_definition (list): Sequence list

        Returns:
            result (dict): The converted policy definition

        """
        converted_policy_definition = policy_definition
        if 'definition' in policy_definition:
            self.convert_list_id_to_name(policy_definition['definition'])
        if 'sequences' in policy_definition:
            self.convert_list_id_to_name(policy_definition['sequences'])
        if 'rules' in policy_definition:
            self.convert_list_id_to_name(policy_definition['rules'])

        return converted_policy_definition

    def convert_policy_definition_to_id(self, policy_definition):
        """Convert policy_definition objects from names to IDs

        Args:
            policy_definition (list): Sequence list

        Returns:
            result (dict): The converted policy definition

        """
        converted_policy_definition = policy_definition
        if 'definition' in policy_definition:
            self.convert_list_name_to_id(policy_definition['definition'])
        if 'sequences' in policy_definition:
            self.convert_list_name_to_id(policy_definition['sequences'])
        if 'rules' in policy_definition:
            self.convert_list_name_to_id(policy_definition['rules'])

        return converted_policy_definition

    def export_policy_definition_list(self, definition_type='all'):
        """Export Policy Definition Lists from vManage, translating IDs to Names.

        Args:
            definition_type (string): The type of Definition List to retreive

        Returns:
            response (list): A list of all definition lists currently
                in vManage.

        """

        policy_definition_list = self.policy_definitions.get_policy_definition_list(definition_type)
        export_definition_list = []
        for policy_definition in policy_definition_list:
            definition_detail = self.policy_definitions.get_policy_definition(policy_definition['type'],
                                                                              policy_definition['definitionId'])
            converted_policy_definition = self.convert_policy_definition_to_name(definition_detail)
            export_definition_list.append(converted_policy_definition)

        return export_definition_list

    #pylint: disable=unused-argument
    def import_policy_definition_list(self,
                                      policy_definition_list,
                                      update=False,
                                      push=False,
                                      check_mode=False,
                                      force=False):
        """Import Policy Definitions into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        policy_definition_updates = []
        for definition in policy_definition_list:
            policy_definition_dict = self.policy_definitions.get_policy_definition_dict(definition['type'],
                                                                                        remove_key=False)
            diff = []
            payload = {
                "name": definition['name'],
                "description": definition['description'],
                "type": definition['type'],
            }
            if 'defaultAction' in definition:
                payload.update({'defaultAction': definition['defaultAction']})
            if 'sequences' in definition:
                payload.update({'sequences': definition['sequences']})
            if 'definition' in definition:
                payload.update({'definition': definition['definition']})

            if definition['name'] in policy_definition_dict:
                existing_definition = self.convert_policy_definition_to_name(policy_definition_dict[definition['name']])
                # Just check the things that we care about changing.
                diff_ignore = set([
                    'lastUpdated', 'definitionId', 'referenceCount', 'references', 'owner', 'isActivatedByVsmart',
                    'infoTag', 'activatedId'
                ])
                diff = list(dictdiffer.diff(existing_definition, payload, ignore=diff_ignore))
                if diff:
                    converted_definition = self.convert_policy_definition_to_id(definition)
                    policy_definition_updates.append({'name': converted_definition['name'], 'diff': diff})
                    if not check_mode and update:
                        self.policy_definitions.update_policy_definition(
                            converted_definition, policy_definition_dict[converted_definition['name']]['definitionId'])
                    policy_definition_updates.append({'name': converted_definition['name'], 'diff': diff})
            else:
                # Policy definition does not exist
                diff = list(dictdiffer.diff({}, payload))
                policy_definition_updates.append({'name': definition['name'], 'diff': diff})
                converted_definition = self.convert_policy_definition_to_id(definition)
                if not check_mode:
                    self.policy_definitions.add_policy_definition(converted_definition)

        return policy_definition_updates

    def convert_policy_to_name(self, policy_item):
        """Convert policy items from IDs to names

        Args:
            definition_type (string): Policy item

        Returns:
            response (dict): The converted policy item

        """
        if 'policyDefinition' in policy_item:
            converted_policy_item = policy_item
            self.convert_definition_id_to_name(converted_policy_item['policyDefinition'])
            return converted_policy_item
        return policy_item

    def convert_policy_to_id(self, policy_item):
        """Convert policy items from names IDs

        Args:
            definition_type (string): Policy item

        Returns:
            response (dict): The converted policy item

        """
        if 'policyDefinition' in policy_item:
            converted_policy_item = policy_item
            self.convert_definition_name_to_id(converted_policy_item['policyDefinition'])
            return converted_policy_item
        return policy_item

    def export_local_policy_list(self):
        """Export Local Policies from vManage.  Object IDs are converted to names.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        export_policy_list = []
        local_policy_list = self.local_policy.get_local_policy_list()
        for local_policy in local_policy_list:
            converted_policy_definition = self.convert_policy_to_name(local_policy)
            export_policy_list.append(converted_policy_definition)

        return export_policy_list

    #pylint: disable=unused-argument
    def import_local_policy_list(self, local_policy_list, update=False, push=False, check_mode=False, force=False):
        """Import Local Policies into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        local_policy_dict = self.local_policy.get_local_policy_dict(remove_key=False)
        diff = []
        local_policy_updates = []
        for local_policy in local_policy_list:
            payload = {'policyName': local_policy['policyName']}
            payload['policyDescription'] = local_policy['policyDescription']
            payload['policyType'] = local_policy['policyType']
            payload['policyDefinition'] = local_policy['policyDefinition']
            if payload['policyName'] in local_policy_dict:
                # A policy by that name already exists
                existing_policy = self.convert_policy_to_name(local_policy_dict[payload['policyName']])
                diff_ignore = set([
                    'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
                    'createdBy', 'lastUpdatedBy', 'lastUpdatedOn', 'mastersAttached', 'policyDefinitionEdit',
                    'devicesAttached'
                ])
                diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
                if diff:
                    print(diff)
                    local_policy_updates.append({'name': local_policy['policyName'], 'diff': diff})
                    if 'policyDefinition' in payload:
                        self.convert_definition_name_to_id(payload['policyDefinition'])
                    if not check_mode and update:
                        self.local_policy.update_local_policy(payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                local_policy_updates.append({'name': local_policy['policyName'], 'diff': diff})
                if 'policyDefinition' in payload:
                    # Convert list and definition names to template IDs
                    self.convert_definition_name_to_id(payload['policyDefinition'])
                if not check_mode:
                    self.local_policy.add_local_policy(payload)
        return local_policy_updates

    def export_central_policy_list(self):
        """Export Central Policies from vManage, converting IDs to names.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """

        export_policy_list = []
        central_policy_list = self.central_policy.get_central_policy_list()
        for central_policy in central_policy_list:
            converted_policy_definition = self.convert_policy_to_name(central_policy)
            export_policy_list.append(converted_policy_definition)

        return export_policy_list

    #pylint: disable=unused-argument
    def import_central_policy_list(self, central_policy_list, update=False, push=False, check_mode=False, force=False):
        """Import Central Policies into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        central_policy_dict = self.central_policy.get_central_policy_dict(remove_key=False)
        diff = []
        central_policy_updates = []
        for central_policy in central_policy_list:
            payload = {'policyName': central_policy['policyName']}
            payload['policyDescription'] = central_policy['policyDescription']
            payload['policyType'] = central_policy['policyType']
            payload['policyDefinition'] = central_policy['policyDefinition']
            if payload['policyName'] in central_policy_dict:
                # A policy by that name already exists
                existing_policy = self.convert_policy_to_name(central_policy_dict[payload['policyName']])
                diff_ignore = set([
                    'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
                    'createdBy', 'lastUpdatedBy', 'lastUpdatedOn'
                ])
                diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
                if diff:
                    central_policy_updates.append({'name': central_policy['policyName'], 'diff': diff})
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    if not check_mode and update:
                        self.central_policy.update_central_policy(converted_payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                central_policy_updates.append({'name': central_policy['policyName'], 'diff': diff})
                if not check_mode:
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    self.central_policy.add_central_policy(converted_payload)
        return central_policy_updates

    def export_security_policy_list(self):
        """Export Security Policies from vManage, converting IDs to names.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """

        export_policy_list = []
        security_policy_list = self.security_policy.get_security_policy_list()
        for security_policy in security_policy_list:
            converted_policy_definition = self.convert_policy_to_name(security_policy)
            export_policy_list.append(converted_policy_definition)

        return export_policy_list

    def import_security_policy_list(self,
                                    security_policy_list,
                                    update=False,
                                    push=False,
                                    check_mode=False,
                                    force=False):
        """Import Security Policies into vManage.  Object names are converted to IDs.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        security_policy_dict = self.security_policy.get_security_policy_dict(remove_key=False)
        diff = []
        security_policy_updates = []
        for security_policy in security_policy_list:
            payload = {'policyName': security_policy['policyName']}
            payload['policyDescription'] = security_policy['policyDescription']
            payload['policyType'] = security_policy['policyType']
            payload['policyDefinition'] = security_policy['policyDefinition']
            if payload['policyName'] in security_policy_dict:
                # A policy by that name already exists
                existing_policy = self.convert_policy_to_name(security_policy_dict[payload['policyName']])
                diff_ignore = set([
                    'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
                    'createdBy', 'lastUpdatedBy', 'lastUpdatedOn', 'policyDefinitionEdit', 'mastersAttached',
                    'devicesAttached', 'supportedDevices', 'virtualApplicationTemplates', 'policyUseCase'
                ])
                diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
                if diff:
                    security_policy_updates.append({'name': security_policy['policyName'], 'diff': diff})
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    if not check_mode and update:
                        self.security_policy.update_security_policy(converted_payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                security_policy_updates.append({'name': security_policy['policyName'], 'diff': diff})
                if not check_mode:
                    # Convert list and definition names to template IDs
                    converted_payload = self.convert_policy_to_id(payload)
                    self.security_policy.add_security_policy(converted_payload)
        return security_policy_updates
Ejemplo n.º 10
0
class CleanVmanage(object):
    """Reset all configuratios on a vManage instance.

    Executes the necessary REST calls in specific order to remove
    configurations applied to a vManage instance.

    """
    def __init__(self, session, host, port=443):
        """Initialize Reset vManage object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.utilities = Utilities(self.session, self.host)
        self.central_policy = CentralPolicy(self.session, self.host)
        self.local_policy = LocalPolicy(self.session, self.host)
        self.device = Device(self.session, self.host)
        self.device_templates = DeviceTemplates(self.session, self.host)
        self.feature_templates = FeatureTemplates(self.session, self.host)
        self.sec_pol = SecurityPolicy(self.session, self.host)
        self.policy_definitions = PolicyDefinitions(self.session, self.host)
        self.policy_lists = PolicyLists(self.session, self.host)

    def active_count_delay(self):
        """Delay while there are active tasks.

        """
        activeCount = 1
        while activeCount != 0:
            time.sleep(1.0)
            data = self.utilities.get_active_count()
            activeCount = data["activeTaskCount"]

    def clean_vedge_attachments(self):
        """Clean all vedge attachments

        """
        data = self.device.get_device_list('vedges')
        for device in data:
            if (('deviceIP' in device) and (device['configOperationMode'] == 'vmanage')):
                deviceId = device['uuid']
                deviceIP = device['deviceIP']
                deviceType = device['deviceType']
                self.device.post_device_cli_mode(deviceId, deviceIP, deviceType)
        self.active_count_delay()

    def clean_controller_attachments(self):
        """Clean all controller attachments

        """
        data = self.device.get_device_list('controllers')
        for device in data:
            if (('deviceIP' in device) and (device['configOperationMode'] == 'vmanage')):
                deviceId = device['uuid']
                deviceIP = device['deviceIP']
                deviceType = device['deviceType']
                self.device.post_device_cli_mode(deviceId, deviceIP, deviceType)
                # Requires pause between controllers
                self.active_count_delay()
        self.active_count_delay()

    def clean_device_templates(self):
        """Clean all device templates

        """
        data = self.device_templates.get_device_templates()
        for device in data:
            templateId = device['templateId']
            self.device_templates.delete_device_template(templateId)
        self.active_count_delay()

    def clean_feature_templates(self):
        """Clean all feature templates

        """
        data = self.feature_templates.get_feature_templates()
        for device in data:
            #pylint: disable=no-else-continue
            if device['factoryDefault']:
                continue
            else:
                templateId = device['templateId']
                self.feature_templates.delete_feature_template(templateId)
        self.active_count_delay()

    def clean_central_policy(self):
        """Clean all central policy

        """
        data = self.central_policy.get_central_policy()
        for policy in data:
            policy_id = policy['policyId']
            if policy['isPolicyActivated']:
                action_id = self.central_policy.deactivate_central_policy(policy_id)
                if action_id:
                    self.utilities.waitfor_action_completion(action_id)
            self.central_policy.delete_central_policy(policy_id)
        self.active_count_delay()

    def clean_local_policy(self):
        """Clean all local policy

        """
        data = self.local_policy.get_local_policy()
        for policy in data:
            policyId = policy['policyId']
            self.local_policy.delete_local_policy(policyId)
        self.active_count_delay()

    def clean_policy_definitions(self):
        """Clean all policy definitions

        """
        policy_definition_list = self.policy_definitions.get_policy_definition_list()
        for policy_definition in policy_definition_list:
            self.policy_definitions.delete_policy_definition(policy_definition['type'],
                                                             policy_definition['definitionId'])
        self.active_count_delay()

    def clean_policy_lists(self):
        """Clean all policy lists

        """
        policy_list_list = self.policy_lists.get_policy_list_list()
        for policy_list in policy_list_list:
            if not policy_list['readOnly'] and policy_list['owner'] != 'system':
                self.policy_lists.delete_policy_list(policy_list['type'], policy_list['listId'])
        self.active_count_delay()

    def clean_security_policy(self):
        """Clean all security policy

        """
        version = self.utilities.get_vmanage_version()
        if version >= '18.2.0':
            data = self.sec_pol.get_security_policy()
            for policy in data:
                policyId = policy['policyId']
                self.sec_pol.delete_security_policy(policyId)
            self.active_count_delay()

        # # Step 11 - Delete All UTD Specific Security Policies
        # version = self.utilities.get_vmanage_version()
        # definitionList = []
        # # TODO: implement a proper semver comparison, this will fail if version is 18.30.0
        # if version >= '18.4.0':
        #     definitionList = [
        #         'zonebasedfw', 'urlfiltering', 'dnssecurity', 'intrusionprevention', 'advancedMalwareProtection'
        #     ]
        # #pylint: disable=chained-comparison
        # if version < '18.4.0' and version >= '18.2.0':
        #     definitionList = ['zonebasedfw']

        # if definitionList:
        #     for definition in definitionList:
        #         data = self.sec_pol.get_security_definition(definition)
        #         if data:
        #             for policy in data:
        #                 definitionId = policy['definitionId']
        #                 self.sec_pol.delete_security_definition(definition, definitionId)
        # self.active_count_delay()

        # # Step 12 - Delete All Lists

        # data = self.pol_lists.get_policy_list_all()
        # for policy_list in data:
        #     owner = policy_list['owner']

        #     if owner != 'system':
        #         listType = policy_list['type'].lower()
        #         listId = policy_list['listId']
        #         self.pol_lists.delete_policy_list(listType, listId)

    def clean_all(self):
        """Clean everything in vManage

        """
        # Step 1 - Deactivate Central Policy
        self.clean_central_policy()

        # Step 2 - Detach vedges from template
        self.clean_vedge_attachments()

        # Step 3 - Detach controllers from template
        self.clean_controller_attachments()

        # Step 4 - Delete All Device Templates
        self.clean_device_templates()

        # Step 5 - Delete All Feature Templates
        self.clean_feature_templates()

        # Step 6 - Delete All Centralized Policies
        self.clean_central_policy()

        # Step 7 - Delete All Policy Definitions
        self.clean_policy_definitions()

        # Step 8 - Delete All Policy Lists
        self.clean_policy_lists()

        # Step 9 - Delete All Local Policies
        self.clean_local_policy()

        # Step 10 - Delete All Security Policies
        self.clean_security_policy()

        return ('Reset Complete')
Ejemplo n.º 11
0
class LocalPolicy(object):
    """vManage Local Policy API

    Responsible for DELETE, GET, POST, PUT methods against vManage
    Local Policy.

    """
    def __init__(self, session, host, port=443):
        """Initialize Localized Policy object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.policy_definitions = PolicyDefinitions(self.session, self.host)

    # Need to decide where this goes

    def add_local_policy(self, policy):
        """Delete a Central Policy from vManage.

        Args:
            policy: The Central Policy

        Returns:
            result (dict): All data associated with a response.

        """

        url = f"{self.base_url}template/policy/vedge"
        HttpMethods(self.session, url).request('POST', payload=json.dumps(policy))

    def update_local_policy(self, policy, policy_id):
        """Update a Central from vManage.

        Args:
            policy: The Central Policy
            policy_id: The ID of the Central Policy to update

        Returns:
            result (dict): All data associated with a response.

        """

        url = f"{self.base_url}template/policy/vedge/{policy_id}"
        HttpMethods(self.session, url).request('PUT', payload=json.dumps(policy))

    def delete_localized_policy(self, policy_id):
        """Deletes the specified local policy

        Args:
            policyId (str): ID of the active local policy
        Returns:
            result (dict): All data associated with a response.

        """

        url = f"{self.base_url}template/policy/vedge/{policy_id}"
        response = HttpMethods(self.session, url).request('DELETE')
        result = ParseMethods.parse_status(response)
        return result

    def get_local_policy_list(self):
        """Get all Central Policies from vManage.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """
        api = "template/policy/vedge"
        url = self.base_url + api
        response = HttpMethods(self.session, url).request('GET')
        result = ParseMethods.parse_data(response)

        local_policy_list = result
        for policy in local_policy_list:
            # This is to accommodate CLI policy
            try:
                json_policy = json.loads(policy['policyDefinition'])
                policy['policyDefinition'] = json_policy
            except Exception:
                pass
            # policy['policyDefinition'] = json.loads(policy['policyDefinition'])
            self.policy_definitions.convert_definition_id_to_name(policy['policyDefinition'])
        return local_policy_list

    def get_local_policy_dict(self, key_name='policyName', remove_key=False):

        local_policy_list = self.get_local_policy_list()

        return list_to_dict(local_policy_list, key_name, remove_key=remove_key)

    #pylint: disable=unused-argument
    def import_local_policy_list(self, local_policy_list, update=False, push=False, check_mode=False, force=False):
        local_policy_dict = self.get_local_policy_dict(remove_key=False)
        local_policy_updates = []
        for local_policy in local_policy_list:
            payload = {'policyName': local_policy['policyName']}
            payload['policyDescription'] = local_policy['policyDescription']
            payload['policyType'] = local_policy['policyType']
            payload['policyDefinition'] = local_policy['policyDefinition']
            if payload['policyName'] in local_policy_dict:
                # A policy by that name already exists
                existing_policy = local_policy_dict[payload['policyName']]
                diff = list(dictdiffer.diff(existing_policy['policyDefinition'], payload['policyDefinition']))
                if len(diff):
                    if 'policyDefinition' in payload:
                        self.policy_definitions.convert_definition_name_to_id(payload['policyDefinition'])
                    if not check_mode and update:
                        self.update_local_policy(payload, existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                if 'policyDefinition' in payload:
                    # Convert list and definition names to template IDs
                    self.policy_definitions.convert_definition_name_to_id(payload['policyDefinition'])
                if not check_mode:
                    self.add_local_policy(payload)
        return local_policy_updates
Ejemplo n.º 12
0
class CentralPolicy(object):
    """vManage Central Policy API

    Responsible for DELETE, GET, POST, PUT methods against vManage
    Central Policy.

    """
    def __init__(self, session, host, port=443):
        """Initialize Centralized Policy object with session parameters.

        Args:
            session (obj): Requests Session object
            host (str): hostname or IP address of vManage
            port (int): default HTTPS 443

        """

        self.session = session
        self.host = host
        self.port = port
        self.base_url = f'https://{self.host}:{self.port}/dataservice/'
        self.policy_definitions = PolicyDefinitions(self.session, self.host)

    def activate_central_policy(self, policy_name, policy_id):
        """Activates the current active centralized policy

        Args:
            policyId (str): ID of the active centralized policy

        Returns:
            result (str): The Action ID from the activation.

        """

        url = f"{self.base_url}template/policy/vsmart/activate/{policy_id}?confirm=true"
        payload = {'policyName': policy_name}
        response = HttpMethods(self.session,
                               url).request('POST',
                                            payload=json.dumps(payload))
        # result = ParseMethods.parse_status(response)
        if 'json' in response and 'id' in response['json']:
            return response['json']['id']

        error = response['error']
        result = response['details']
        raise Exception(f'{error}: {result}')

    def deactivate_central_policy(self, policy_id):
        """Deactivates the current active centralized policy

        Args:
            policyId (str): ID of the deactive centralized policy

        Returns:
            result (str): The Action ID from the activation.

        """

        url = f"{self.base_url}template/policy/vsmart/deactivate/{policy_id}?confirm=true"
        response = HttpMethods(self.session, url).request('POST')
        ParseMethods.parse_status(response)
        if 'json' in response and 'id' in response['json']:
            return response['json']['id']

        return None

    def add_central_policy(self, policy):
        """Delete a Central Policy from vManage.

        Args:
            policy: The Central Policy

        Returns:
            result (dict): All data associated with a response.

        """

        url = f"{self.base_url}template/policy/vsmart"
        HttpMethods(self.session, url).request('POST',
                                               payload=json.dumps(policy))

    def update_central_policy(self, policy, policy_id):
        """Update a Central from vManage.

        Args:
            policy: The Central Policy
            policy_id: The ID of the Central Policy to update

        Returns:
            result (dict): All data associated with a response.

        """

        url = f"{self.base_url}template/policy/vsmart/{policy_id}"
        HttpMethods(self.session, url).request('PUT',
                                               payload=json.dumps(policy))

    def delete_central_policy(self, policyId):
        """Deletes the specified centralized policy

        Args:
            policyId (str): ID of the active centralized policy
        Returns:
            result (dict): All data associated with a response.

        """

        api = f"template/policy/vsmart/{policyId}"
        url = self.base_url + api
        response = HttpMethods(self.session, url).request('DELETE')
        result = ParseMethods.parse_status(response)
        return result

    def get_central_policy_list(self):
        """Get all Central Policies from vManage.

        Returns:
            response (dict): A list of all policy lists currently
                in vManage.

        """

        api = "template/policy/vsmart"
        url = self.base_url + api
        response = HttpMethods(self.session, url).request('GET')
        result = ParseMethods.parse_data(response)

        central_policy_list = result
        # We need to convert the policy definitions from JSON
        for policy in central_policy_list:
            try:
                json_policy = json.loads(policy['policyDefinition'])
                policy['policyDefinition'] = json_policy
            except Exception:  # TODO: figuring out better exception type to catch
                pass
            self.policy_definitions.convert_definition_id_to_name(
                policy['policyDefinition'])
        return central_policy_list

    def get_central_policy_dict(self, key_name='policyName', remove_key=False):

        central_policy_list = self.get_central_policy_list()

        return list_to_dict(central_policy_list,
                            key_name,
                            remove_key=remove_key)

    #pylint: disable=unused-argument
    def import_central_policy_list(self,
                                   central_policy_list,
                                   update=False,
                                   push=False,
                                   check_mode=False,
                                   force=False):
        central_policy_dict = self.get_central_policy_dict(remove_key=True)
        central_policy_updates = []
        for central_policy in central_policy_list:
            payload = {'policyName': central_policy['policyName']}
            payload['policyDescription'] = central_policy['policyDescription']
            payload['policyType'] = central_policy['policyType']
            payload['policyDefinition'] = central_policy['policyDefinition']
            if payload['policyName'] in central_policy_dict:
                # A policy by that name already exists
                existing_policy = central_policy_dict[payload['policyName']]
                diff = list(
                    dictdiffer.diff(existing_policy['policyDefinition'],
                                    payload['policyDefinition']))
                if diff:
                    central_policy_updates.append({
                        'name':
                        central_policy['policyName'],
                        'diff':
                        diff
                    })
                if len(diff):
                    # Convert list and definition names to template IDs
                    if 'policyDefinition' in payload:
                        self.policy_definitions.convert_definition_name_to_id(
                            payload['policyDefinition'])
                    if not check_mode and update:
                        self.update_central_policy(payload,
                                                   existing_policy['policyId'])
            else:
                diff = list(dictdiffer.diff({}, payload['policyDefinition']))
                central_policy_updates.append({
                    'name':
                    central_policy['policyName'],
                    'diff':
                    diff
                })
                if not check_mode:
                    # Convert list and definition names to template IDs
                    if 'policyDefinition' in payload:
                        self.policy_definitions.convert_definition_name_to_id(
                            payload['policyDefinition'])
                    self.add_central_policy(payload)
        return central_policy_updates

    # Might want to move this later
    def waitfor_action_completion(self, action_id):
        status = 'in_progress'
        response = {}
        while status == "in_progress":
            url = f"{self.base_url}device/action/status/{action_id}"
            response = HttpMethods(self.session, url).request('GET')
            ParseMethods.parse_data(response)

            if 'json' in response:
                status = response['json']['summary']['status']
                if 'data' in response['json'] and response['json']['data']:
                    action_status = response['json']['data'][0]['statusId']
                    action_activity = response['json']['data'][0]['activity']
                    if 'actionConfig' in response['json']['data'][0]:
                        action_config = response['json']['data'][0][
                            'actionConfig']
                    else:
                        action_config = None
            else:
                raise Exception(msg="Unable to get action status: No response")
            time.sleep(10)

        # if self.result['action_status'] == 'failure':
        #    self.fail_json(msg="Action failed")
        return {
            'action_response': response['json'],
            'action_id': action_id,
            'action_status': action_status,
            'action_activity': action_activity,
            'action_config': action_config
        }