def reattach_multi_device_templates(self, template_ids):
"""Re-Attach a template to the devices it it attached to.
Args:
template_id (str): The template ID to attach to
config_type (str): Type of template i.e. device or CLI template
is_edited (bool): True if the template has been edited
is_master_edited (bool): For CLI device template needs to match is_edited.
For device templates using feature templates needs to be set to False.
Returns:
action_id (str): Returns the action id of the attachment
"""
payload = self.get_multi_attach_payload(template_ids)
if payload['deviceTemplateList'][0]['device']:
url = f"{self.base_url}template/device/config/attachfeature"
utils = Utilities(self.session, self.host, self.port)
response = HttpMethods(self.session,
url).request('POST',
payload=json.dumps(payload))
action_id = ParseMethods.parse_id(response)
utils.waitfor_action_completion(action_id)
else:
raise RuntimeError(
f"Could not retrieve input for template {template_ids}")
return action_id
def serial_file(ctx, input_file):
"""
Import serial file
"""
vmanage_utilities = Utilities(ctx.auth, ctx.host)
click.echo(f'Uploading serial file... {input_file}')
result = vmanage_utilities.upload_file(input_file)
click.echo(result)
def reattach_device_template(self,
template_id,
config_type,
is_edited=True,
is_master_edited=True):
"""Re-Attach a template to the devices it it attached to.
Args:
template_id (str): The template ID to attach to
config_type (str): Type of template i.e. device or CLI template
Returns:
action_id (str): Returns the action id of the attachment
"""
device_list = self.get_template_attachments(template_id, key='uuid')
template_input = self.get_template_input(template_id, device_list)
# Then we feed that to the attach
if 'data' in template_input and template_input['data']:
payload = {
"deviceTemplateList": [{
"templateId": template_id,
"device": template_input['data'],
"isEdited": is_edited,
"isMasterEdited": is_master_edited
}]
}
if config_type == 'file':
url = f"{self.base_url}template/device/config/attachcli"
elif config_type == 'template':
url = f"{self.base_url}template/device/config/attachfeature"
else:
raise Exception('Got invalid Config Type')
utils = Utilities(self.session, self.host, self.port)
response = HttpMethods(self.session,
url).request('POST',
payload=json.dumps(payload))
if 'json' in response and 'id' in response['json']:
action_id = response['json']['id']
utils.waitfor_action_completion(action_id)
else:
raise Exception(
f"Did not get action ID after attaching device to template {template_id}."
)
else:
raise Exception(
f"Could not retrieve input for template {template_id}")
return action_id
def push_certificates(self):
"""Push certificates to all controllers
Returns:
id (str): The action ID of the push command.
"""
url = f"{self.base_url}vedge/list?action=push"
response = HttpMethods(self.session, url).request('POST', payload={})
utilities = Utilities(self.session, self.host)
action_id = ParseMethods.parse_id(response)
utilities.waitfor_action_completion(action_id)
return action_id
def reattach_device_template(self,
template_id,
config_type,
is_edited=True,
is_master_edited=True,
wait=True):
"""Re-Attach a template to the devices it it attached to.
Args:
template_id (str): The template ID to attach to
config_type (str): Type of template i.e. device or CLI template
is_edited (bool): True if the template has been edited
is_master_edited (bool): For CLI device template needs to match is_edited.
For device templates using feature templates needs to be set to False.
Returns:
action_id (str): Returns the action id of the attachment
"""
device_list = self.get_template_attachments(template_id, key='uuid')
template_input = self.get_template_input(template_id, device_list)
# Then we feed that to the attach
if 'data' in template_input and template_input['data']:
payload = {
"deviceTemplateList": [{
"templateId": template_id,
"device": template_input['data'],
"isEdited": is_edited,
"isMasterEdited": is_master_edited
}]
}
if config_type == 'file':
url = f"{self.base_url}template/device/config/attachcli"
elif config_type == 'template':
url = f"{self.base_url}template/device/config/attachfeature"
else:
raise RuntimeError('Got invalid Config Type')
utils = Utilities(self.session, self.host, self.port)
response = HttpMethods(self.session,
url).request('POST',
payload=json.dumps(payload))
action_id = ParseMethods.parse_id(response)
if wait:
utils.waitfor_action_completion(action_id)
else:
raise RuntimeError(
f"Could not retrieve input for template {template_id}")
return action_id
def central_policy(ctx, name):
"""
Activate Central Policy
"""
vmanage_central_policy = CentralPolicy(ctx.auth, ctx.host, ctx.port)
vmanage_utilities = Utilities(ctx.auth, ctx.host, ctx.port)
central_policy_dict = vmanage_central_policy.get_central_policy_dict(
remove_key=True)
if name in central_policy_dict:
click.echo(f'Activating Central Policy {name}')
action_id = vmanage_central_policy.activate_central_policy(
name, central_policy_dict[name]['policyId'])
vmanage_utilities.waitfor_action_completion(action_id)
else:
click.secho(f'Cannot find Central Policy {name}', fg="red")
def push_certificates(self):
"""Push certificates to all controllers
Returns:
result (str): The action ID of the push command.
"""
url = f"{self.base_url}vedge/list?action=push"
response = HttpMethods(self.session, url).request('POST', payload={})
utilities = Utilities(self.session, self.host)
if 'json' in response and 'id' in response['json']:
utilities.waitfor_action_completion(response['json']['id'])
else:
raise Exception('Did not get action ID after pushing certificates.')
return response['json']['id']
def install_device_cert(self, cert):
"""Install signed cert on vManage
Args:
cert (str): The certificate to install.
Returns:
id (str): The action ID of the install command.
"""
url = f"{self.base_url}install/signedCert"
response = HttpMethods(self.session, url).request('POST', payload=cert)
utilities = Utilities(self.session, self.host)
action_id = ParseMethods.parse_id(response)
utilities.waitfor_action_completion(action_id)
return action_id
def policy_activation():
try:
log_level = logging.DEBUG
logger = get_logger("log/sdwan-te-integration.txt", log_level)
if logger is not None:
logger.info("Loading vManage login details from YAML\n")
data = json.loads(request.data)
with open("config_details.yaml") as f:
config = yaml.safe_load(f.read())
vmanage_host = config["vmanage_host"]
vmanage_port = config["vmanage_port"]
username = config["vmanage_username"]
password = config["vmanage_password"]
session = Authentication(host=vmanage_host,
port=vmanage_port,
user=username,
password=password).login()
name = config["central_policy_name"]
vmanage_central_policy = CentralPolicy(session, vmanage_host,
vmanage_port)
central_policy_dict = vmanage_central_policy.get_central_policy_dict(
remove_key=True)
if name in central_policy_dict:
print(f'Activating Central Policy {name}')
action_id = vmanage_central_policy.activate_central_policy(
name, central_policy_dict[name]['policyId'])
utils = Utilities(session, vmanage_host, vmanage_port)
utils.waitfor_action_completion(action_id)
else:
return jsonify(f'Cannot find Central Policy {name}'), 200
except Exception as exc:
print('Exception line number: {}'.format(sys.exc_info()[-1].tb_lineno),
type(exc).__name__, exc)
return jsonify(str(exc)), 500
return jsonify(f'Activated Policy {name}'), 200
def install_device_cert(self, cert):
"""Install signed cert on vManage
Args:
cert (str): The certificate to install.
Returns:
id (str): The action ID of the install command.
"""
url = f"{self.base_url}install/signedCert"
response = HttpMethods(self.session, url).request('POST', payload=cert)
utilities = Utilities(self.session, self.host)
if 'json' in response and 'id' in response['json']:
utilities.waitfor_action_completion(response['json']['id'])
else:
raise Exception(
'Did not get action ID after installing certificate.')
return response['json']['id']
def __init__(self, session, host, port=443):
"""Initialize Reset vManage object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.utilities = Utilities(self.session, self.host)
self.cen_pol = CentralizedPolicy(self.session, self.host)
self.inventory = DeviceInventory(self.session, self.host)
self.dev_temps = DeviceTemplates(self.session, self.host)
self.fet_temps = FeatureTemplates(self.session, self.host)
self.loc_pol = LocalizedPolicy(self.session, self.host)
self.sec_pol = SecurityPolicy(self.session, self.host)
self.pol_lists = PolicyLists(self.session, self.host)
def central_policy(ctx, name, id):
"""
deactivate Central Policy
"""
vmanage_central_policy = CentralPolicy(ctx.auth, ctx.host, ctx.port)
vmanage_utilities = Utilities(ctx.auth, ctx.host, ctx.port)
central_policy_dict = vmanage_central_policy.get_central_policy_dict(
remove_key=True)
if id:
vmanage_central_policy.deactivate_central_policy(id)
elif name:
if name in central_policy_dict:
click.echo(f'Deactivating Central Policy {name}')
action_id = vmanage_central_policy.deactivate_central_policy(
central_policy_dict[name]['policyId'])
vmanage_utilities.waitfor_action_completion(action_id)
else:
click.secho(f'Cannot find Central Policy {name}', fg="red")
else:
click.secho('Must specify either policy name of id to deactivate',
fg="red")
def __init__(self, session, host, port=443):
"""Initialize Centralized Policy object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_definitions = PolicyDefinitions(self.session, self.host)
self.utilities = Utilities(self.session, self.host)
def login(self):
"""Executes login tasks against vManage to retrieve token(s).
Args:
None.
Returns:
self.session: a Requests session with JSESSIONID and an
X-XSRF-TOKEN for vManage version >= 19.2.0.
Raises:
LoginFailure: If the username/password are incorrect.
RequestException: If the host is not accessible.
"""
try:
api = 'j_security_check'
url = f'{self.base_url}{api}'
response = self.session.post(url=url,
data={
'j_username': self.user,
'j_password': self.password
},
timeout=self.timeout)
if (response.status_code != 200
or response.text.startswith('<html>')):
raise ConnectionError('Login failed, check user credentials.')
version = Utilities(self.session, self.host,
self.port).get_vmanage_version()
if version >= '19.2.0':
api = 'client/token'
url = f'{self.base_url}{api}'
response = self.session.get(url=url, timeout=self.timeout)
self.session.headers['X-XSRF-TOKEN'] = response.content
except requests.exceptions.RequestException as e:
raise ConnectionError(f'Could not connect to {self.host}: {e}')
return self.session
def __init__(self, session, host, port=443):
"""Initialize Policy Lists object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_lists = PolicyLists(self.session, self.host, self.port)
version = Utilities(self.session, self.host,
self.port).get_vmanage_version()
if version >= '19.3.0':
self.definition_types = definition_types_19_3_0
else:
self.definition_types = definition_types_19_2_0
def run_module():
# define available arguments/parameters a user can pass to the module
argument_spec = vmanage_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present', 'activated', 'deactivated'],
default='present'),
name=dict(type='str', alias='policyName'),
description=dict(type='str', alias='policyDescription'),
definition=dict(type='str', alias='policyDefinition'),
type=dict(type='list', alias='policyType'),
wait=dict(type='bool', default=False),
update=dict(type='bool', default=False),
push=dict(type='bool', default=False),
aggregate=dict(type='list'),
)
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(changed=False, )
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
vmanage = Vmanage(module)
vmanage_central_policy = CentralPolicy(vmanage.auth, vmanage.host)
policy_data = PolicyData(vmanage.auth, vmanage.host)
vmanage_utils = Utilities(vmanage.auth, vmanage.host)
# Always as an aggregate... make a list if just given a single entry
if vmanage.params['aggregate']:
policy_list = vmanage.params['aggregate']
else:
if vmanage.params['state'] == 'present':
policy_list = [{
'policyName': vmanage.params['name'],
'policyDescription': vmanage.params['description'],
'policyType': vmanage.params['type'],
'policyDefinition': vmanage.params['definition'],
}]
else:
policy_list = [{
'policyName': vmanage.params['name'],
'state': 'absent'
}]
central_policy_updates = []
if vmanage.params['state'] == 'present':
central_policy_updates = policy_data.import_central_policy_list(
policy_list,
check_mode=module.check_mode,
update=vmanage.params['update'],
push=vmanage.params['push'])
if central_policy_updates:
vmanage.result['changed'] = True
elif vmanage.params['state'] == 'absent':
central_policy_dict = vmanage_central_policy.get_central_policy_dict(
remove_key=False)
for policy in policy_list:
if policy in central_policy_dict:
if not module.check_mode:
vmanage_central_policy.delete_central_policy(
central_policy_dict[policy['policyName']]['policyId'])
vmanage.result['changed'] = True
elif vmanage.params['state'] == 'activated':
central_policy_dict = vmanage_central_policy.get_central_policy_dict(
remove_key=False)
if vmanage.params['name'] in central_policy_dict:
if not central_policy_dict[
vmanage.params['name']]['isPolicyActivated']:
vmanage.result['changed'] = True
if not module.check_mode:
action_id = vmanage_central_policy.activate_central_policy(
vmanage.params['name'], central_policy_dict[
vmanage.params['name']]['policyId'])
if action_id:
if vmanage.params['wait']:
vmanage_utils.waitfor_action_completion(action_id)
else:
vmanage.fail_json(
msg=
'Did not get action ID after attaching device to template.'
)
else:
# TODO: The reference to 'policy' in the following line is wrong. What should it be?
vmanage.fail_json(msg="Cannot find central policy {0}".format(
vmanage.params['name']))
if vmanage.params['state'] in ['absent', 'deactivated']:
central_policy_dict = vmanage_central_policy.get_central_policy_dict(
remove_key=False)
if policy['policyName'] in central_policy_dict:
if central_policy_dict[policy['policyName']]['isPolicyActivated']:
vmanage.result['changed'] = True
if not module.check_mode:
action_id = vmanage_central_policy.deactivate_central_policy(
vmanage.params['name'])
if action_id:
if vmanage.params['wait']:
vmanage_central_policy.waitfor_action_completion(
action_id)
else:
vmanage.fail_json(
msg=
'Did not get action ID after attaching device to template.'
)
else:
vmanage.fail_json(msg="Cannot find central policy {0}".format(
policy['policyName']))
vmanage.params['updates'] = central_policy_updates
vmanage.exit_json(**vmanage.result)
class ResetVmanage(object):
"""Reset all configuratios on a vManage instance.
Executes the necessary REST calls in specific order to remove
configurations applied to a vManage instance.
"""
def __init__(self, session, host, port=443):
"""Initialize Reset vManage object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.utilities = Utilities(self.session, self.host)
self.cen_pol = CentralizedPolicy(self.session, self.host)
self.inventory = DeviceInventory(self.session, self.host)
self.dev_temps = DeviceTemplates(self.session, self.host)
self.fet_temps = FeatureTemplates(self.session, self.host)
self.loc_pol = LocalizedPolicy(self.session, self.host)
self.sec_pol = SecurityPolicy(self.session, self.host)
self.pol_lists = PolicyLists(self.session, self.host)
def active_count_delay(self):
activeCount = 1
while activeCount != 0:
time.sleep(1.0)
data = self.utilities.get_active_count()
activeCount = data["activeTaskCount"]
def execute(self):
# Step 1 - Deactivate Centralized Policy
data = self.cen_pol.get_centralized_policy()
for policy in data:
if policy['isPolicyActivated']:
policyId = policy['policyId']
self.cen_pol.deactivate_centralized_policy(policyId)
self.active_count_delay()
# Step 2 - Detach vedges from template
data = self.inventory.get_device_list('vedges')
for device in data:
if (('deviceIP' in device)
and (device['configOperationMode'] == 'vmanage')):
deviceId = device['uuid']
deviceIP = device['deviceIP']
deviceType = device['deviceType']
self.inventory.post_device_cli_mode(deviceId, deviceIP,
deviceType)
self.active_count_delay()
# Step 3 - Detach controllers from template
data = self.inventory.get_device_list('controllers')
for device in data:
if (('deviceIP' in device)
and (device['configOperationMode'] == 'vmanage')):
deviceId = device['uuid']
deviceIP = device['deviceIP']
deviceType = device['deviceType']
self.inventory.post_device_cli_mode(deviceId, deviceIP,
deviceType)
# Requires pause between controllers
self.active_count_delay()
self.active_count_delay()
# Step 4 - Delete All Device Templates
data = self.dev_temps.get_device_templates()
for device in data:
templateId = device['templateId']
self.dev_temps.delete_device_template(templateId)
self.active_count_delay()
# Step 5 - Delete All Feature Templates
data = self.fet_temps.get_feature_templates()
for device in data:
#pylint: disable=no-else-continue
if device['factoryDefault']:
continue
else:
templateId = device['templateId']
self.fet_temps.delete_feature_template(templateId)
self.active_count_delay()
# Step 6 - Delete All Centralized Policies
data = self.cen_pol.get_centralized_policy()
for policy in data:
policyId = policy['policyId']
self.cen_pol.delete_centralized_policy(policyId)
self.active_count_delay()
# Step 7 - Delete All Topology, Traffic, Cflowd Policies
definitionList = [
'control', 'mesh', 'hubandspoke', 'vpnmembershipgroup', 'approute',
'data', 'cflowd'
]
for definition in definitionList:
data = self.cen_pol.get_policy_definition(definition)
if data:
for policy in data:
definitionId = policy['definitionId']
self.cen_pol.delete_policy_definition(
definition, definitionId)
self.active_count_delay()
# Step 8 - Delete All Localized Policies
data = self.loc_pol.get_localized_policy()
for policy in data:
policyId = policy['policyId']
self.loc_pol.delete_localized_policy(policyId)
self.active_count_delay()
# Step 9 - Delete All Localized Specific Definitions
definitionList = [
'qosmap', 'rewriterule', 'acl', 'aclv6', 'vedgeroute'
]
for definition in definitionList:
data = self.loc_pol.get_localized_definition(definition)
if data:
for policy in data:
definitionId = policy['definitionId']
self.loc_pol.delete_localized_definition(
definition, definitionId)
self.active_count_delay()
# Step 10 - Delete All Security Policies
version = self.utilities.get_vmanage_version()
if version >= '18.2.0':
data = self.sec_pol.get_security_policy()
for policy in data:
policyId = policy['policyId']
self.sec_pol.delete_security_policy(policyId)
self.active_count_delay()
# Step 11 - Delete All UTD Specific Security Policies
version = self.utilities.get_vmanage_version()
definitionList = []
# TODO: implement a proper semver comparison, this will fail if version is 18.30.0
if version >= '18.4.0':
definitionList = [
'zonebasedfw', 'urlfiltering', 'dnssecurity',
'intrusionprevention', 'advancedMalwareProtection'
]
#pylint: disable=chained-comparison
if version < '18.4.0' and version >= '18.2.0':
definitionList = ['zonebasedfw']
if definitionList:
for definition in definitionList:
data = self.sec_pol.get_security_definition(definition)
if data:
for policy in data:
definitionId = policy['definitionId']
self.sec_pol.delete_security_definition(
definition, definitionId)
self.active_count_delay()
# Step 12 - Delete All Lists
data = self.pol_lists.get_policy_list_all()
for policy_list in data:
owner = policy_list['owner']
if owner != 'system':
listType = policy_list['type'].lower()
listId = policy_list['listId']
self.pol_lists.delete_policy_list(listType, listId)
return ('Reset Complete')
def attach_to_template(self, template_id, config_type, uuid):
"""Attach and device to a template
Args:
template_id (str): The template ID to attach to
config_type (str): Type of template i.e. device or CLI template
uuid (dict): The UUIDs of the device to attach and mapping for corresponding variables, system-ip, host-name
Returns:
action_id (str): Returns the action id of the attachment
"""
# Construct the variable payload
device_template_var_list = list()
template_variables = self.get_template_input(template_id)
for device_uuid in uuid:
device_template_variables = {
"csv-status": "complete",
"csv-deviceId": device_uuid,
"csv-deviceIP": uuid[device_uuid]['system_ip'],
"csv-host-name": uuid[device_uuid]['host_name'],
'//system/host-name': uuid[device_uuid]['host_name'],
'//system/system-ip': uuid[device_uuid]['system_ip'],
'//system/site-id': uuid[device_uuid]['site_id'],
}
# Make sure they passed in the required variables and map
# variable name -> property mapping
for entry in template_variables['columns']:
if entry['variable']:
if entry['variable'] in uuid[device_uuid]['variables']:
device_template_variables[entry['property']] = uuid[
device_uuid]['variables'][entry['variable']]
else:
raise Exception(
f"{entry['variable']} is missing for template {uuid[device_uuid]['host_name']}"
)
device_template_var_list.append(device_template_variables)
payload = {
"deviceTemplateList": [{
"templateId": template_id,
"device": device_template_var_list,
"isEdited": False,
"isMasterEdited": False
}]
}
if config_type == 'file':
url = f"{self.base_url}template/device/config/attachcli"
elif config_type == 'template':
url = f"{self.base_url}template/device/config/attachfeature"
else:
raise Exception('Got invalid Config Type')
utils = Utilities(self.session, self.host, self.port)
response = HttpMethods(self.session,
url).request('POST',
payload=json.dumps(payload))
if 'json' in response and 'id' in response['json']:
action_id = response['json']['id']
utils.waitfor_action_completion(action_id)
else:
raise Exception(
'Did not get action ID after attaching device to template.')
return action_id
class CleanVmanage(object):
"""Reset all configuratios on a vManage instance.
Executes the necessary REST calls in specific order to remove
configurations applied to a vManage instance.
"""
def __init__(self, session, host, port=443):
"""Initialize Reset vManage object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.utilities = Utilities(self.session, self.host)
self.central_policy = CentralPolicy(self.session, self.host)
self.local_policy = LocalPolicy(self.session, self.host)
self.device = Device(self.session, self.host)
self.device_templates = DeviceTemplates(self.session, self.host)
self.feature_templates = FeatureTemplates(self.session, self.host)
self.sec_pol = SecurityPolicy(self.session, self.host)
self.policy_definitions = PolicyDefinitions(self.session, self.host)
self.policy_lists = PolicyLists(self.session, self.host)
def active_count_delay(self):
"""Delay while there are active tasks.
"""
activeCount = 1
while activeCount != 0:
time.sleep(1.0)
data = self.utilities.get_active_count()
activeCount = data["activeTaskCount"]
def clean_vedge_attachments(self):
"""Clean all vedge attachments
"""
data = self.device.get_device_list('vedges')
for device in data:
if (('deviceIP' in device) and (device['configOperationMode'] == 'vmanage')):
deviceId = device['uuid']
deviceIP = device['deviceIP']
deviceType = device['deviceType']
self.device.post_device_cli_mode(deviceId, deviceIP, deviceType)
self.active_count_delay()
def clean_controller_attachments(self):
"""Clean all controller attachments
"""
data = self.device.get_device_list('controllers')
for device in data:
if (('deviceIP' in device) and (device['configOperationMode'] == 'vmanage')):
deviceId = device['uuid']
deviceIP = device['deviceIP']
deviceType = device['deviceType']
self.device.post_device_cli_mode(deviceId, deviceIP, deviceType)
# Requires pause between controllers
self.active_count_delay()
self.active_count_delay()
def clean_device_templates(self):
"""Clean all device templates
"""
data = self.device_templates.get_device_templates()
for device in data:
templateId = device['templateId']
self.device_templates.delete_device_template(templateId)
self.active_count_delay()
def clean_feature_templates(self):
"""Clean all feature templates
"""
data = self.feature_templates.get_feature_templates()
for device in data:
#pylint: disable=no-else-continue
if device['factoryDefault']:
continue
else:
templateId = device['templateId']
self.feature_templates.delete_feature_template(templateId)
self.active_count_delay()
def clean_central_policy(self):
"""Clean all central policy
"""
data = self.central_policy.get_central_policy()
for policy in data:
policy_id = policy['policyId']
if policy['isPolicyActivated']:
action_id = self.central_policy.deactivate_central_policy(policy_id)
if action_id:
self.utilities.waitfor_action_completion(action_id)
self.central_policy.delete_central_policy(policy_id)
self.active_count_delay()
def clean_local_policy(self):
"""Clean all local policy
"""
data = self.local_policy.get_local_policy()
for policy in data:
policyId = policy['policyId']
self.local_policy.delete_local_policy(policyId)
self.active_count_delay()
def clean_policy_definitions(self):
"""Clean all policy definitions
"""
policy_definition_list = self.policy_definitions.get_policy_definition_list()
for policy_definition in policy_definition_list:
self.policy_definitions.delete_policy_definition(policy_definition['type'],
policy_definition['definitionId'])
self.active_count_delay()
def clean_policy_lists(self):
"""Clean all policy lists
"""
policy_list_list = self.policy_lists.get_policy_list_list()
for policy_list in policy_list_list:
if not policy_list['readOnly'] and policy_list['owner'] != 'system':
self.policy_lists.delete_policy_list(policy_list['type'], policy_list['listId'])
self.active_count_delay()
def clean_security_policy(self):
"""Clean all security policy
"""
version = self.utilities.get_vmanage_version()
if version >= '18.2.0':
data = self.sec_pol.get_security_policy()
for policy in data:
policyId = policy['policyId']
self.sec_pol.delete_security_policy(policyId)
self.active_count_delay()
# # Step 11 - Delete All UTD Specific Security Policies
# version = self.utilities.get_vmanage_version()
# definitionList = []
# # TODO: implement a proper semver comparison, this will fail if version is 18.30.0
# if version >= '18.4.0':
# definitionList = [
# 'zonebasedfw', 'urlfiltering', 'dnssecurity', 'intrusionprevention', 'advancedMalwareProtection'
# ]
# #pylint: disable=chained-comparison
# if version < '18.4.0' and version >= '18.2.0':
# definitionList = ['zonebasedfw']
# if definitionList:
# for definition in definitionList:
# data = self.sec_pol.get_security_definition(definition)
# if data:
# for policy in data:
# definitionId = policy['definitionId']
# self.sec_pol.delete_security_definition(definition, definitionId)
# self.active_count_delay()
# # Step 12 - Delete All Lists
# data = self.pol_lists.get_policy_list_all()
# for policy_list in data:
# owner = policy_list['owner']
# if owner != 'system':
# listType = policy_list['type'].lower()
# listId = policy_list['listId']
# self.pol_lists.delete_policy_list(listType, listId)
def clean_all(self):
"""Clean everything in vManage
"""
# Step 1 - Deactivate Central Policy
self.clean_central_policy()
# Step 2 - Detach vedges from template
self.clean_vedge_attachments()
# Step 3 - Detach controllers from template
self.clean_controller_attachments()
# Step 4 - Delete All Device Templates
self.clean_device_templates()
# Step 5 - Delete All Feature Templates
self.clean_feature_templates()
# Step 6 - Delete All Centralized Policies
self.clean_central_policy()
# Step 7 - Delete All Policy Definitions
self.clean_policy_definitions()
# Step 8 - Delete All Policy Lists
self.clean_policy_lists()
# Step 9 - Delete All Local Policies
self.clean_local_policy()
# Step 10 - Delete All Security Policies
self.clean_security_policy()
return ('Reset Complete')
def load_serial_file(self):
self.__logger.info(f'[orange1]Load license file')
vmanage_utilities = Utilities(self.vm_auth, self.vm_mgmt_ip)
result = vmanage_utilities.upload_file(self.serial_file)
self.__logger.info(result)
def import_attachment_list(self,
attachment_list,
check_mode=False,
update=False):
"""Import a list of device attachments to vManage.
Args:
attachment_list (list): List of attachments
check_mode (bool): Only check to see if changes would be made
update (bool): Update the template if it exists
Returns:
result (list): Returns the diffs of the updates.
"""
attachment_updates = {}
attachment_failures = {}
action_id_list = []
device_template_dict = self.device_templates.get_device_template_dict()
vmanage_device = Device(self.session, self.host, self.port)
for attachment in attachment_list:
if attachment['template'] in device_template_dict:
if attachment['device_type'] == 'vedge':
# The UUID is fixes from the serial file/upload
device_uuid = attachment['uuid']
else:
# If this is not a vedge, we need to get the UUID from the vmanage since
# it is generated by that vmanage
device_status = vmanage_device.get_device_status(
attachment['host_name'], key='host-name')
if device_status:
device_uuid = device_status['uuid']
else:
raise Exception(
f"Cannot find UUID for {attachment['host_name']}")
template_id = device_template_dict[
attachment['template']]['templateId']
attached_uuid_list = self.device_templates.get_attachments(
template_id, key='uuid')
if device_uuid in attached_uuid_list:
# The device is already attached to the template. We need to see if any of
# the input changed, so we make an API call to get the input on last attach
existing_template_input = self.device_templates.get_template_input(
device_template_dict[attachment['template']]
['templateId'], [device_uuid])
current_variables = existing_template_input['data'][0]
changed = False
for property_name in attachment['variables']:
# Check to see if any of the passed in varibles have changed from what is
# already on the attachment. We are are not checking to see if the
# correct variables are here. That will be done on attachment.
if ((property_name in current_variables) and
(str(attachment['variables'][property_name]) !=
str(current_variables[property_name]))):
changed = True
if changed:
if not check_mode and update:
action_id = self.device_templates.attach_to_template(
template_id, device_uuid,
attachment['system_ip'],
attachment['host_name'], attachment['site_id'],
attachment['variables'])
action_id_list.append(action_id)
else:
if not check_mode:
action_id = self.device_templates.attach_to_template(
template_id, device_uuid, attachment['system_ip'],
attachment['host_name'], attachment['site_id'],
attachment['variables'])
action_id_list.append(action_id)
else:
raise Exception(f"No template named {attachment['template']}")
utilities = Utilities(self.session, self.host)
# Batch the waits so that the peocessing of the attachments is in parallel
for action_id in action_id_list:
result = utilities.waitfor_action_completion(action_id)
data = result['action_response']['data'][0]
if result['action_status'] == 'failure':
attachment_failures.update(
{data['uuid']: data['currentActivity']})
else:
attachment_updates.update(
{data['uuid']: data['currentActivity']})
result = {
'updates': attachment_updates,
'failures': attachment_failures
}
return result
