Exemple #1
0
def createdicts(cgx_session):
    resp = cgx_session.get.sites()
    if resp.cgx_status:
        sitelist = resp.cgx_content.get("items",None)
        for site in sitelist:
            sid = site['id']
            sname = site['name']
            siteid_sitename_dict[sid] = sname
            sitename_siteid_dict[sname] = sid
    else:
        print("ERR: Could not retrieve sites")
        cloudgenix.jd_detailed(resp)

    resp = cgx_session.get.elements()
    if resp.cgx_status:
        elemlist = resp.cgx_content.get("items",None)
        for elem in elemlist:
            eid = elem['id']
            ename = elem['name']
            sid = elem['site_id']
            elemname_elemid_dict[ename] = eid
            if sid == "1":
                continue

            sname = siteid_sitename_dict[sid]
            elemname_sitename_dict[ename] = sname

    else:
        print("ERR: Could not retrieve sites")
        cloudgenix.jd_detailed(resp)

    return
Exemple #2
0
def applySNMPConfig(cgx, site, element, snmp):
    for agent in snmp["agents"]:
        res = cgx.post.snmpagents(site, element, agent)
        if not res:
            jd_detailed(res)
            print(f"Can't create SNMP Agent config")
            sys.exit(-1)

    for trap in snmp["traps"]:
        #convert interface into import ip, if its a controller port, try diffrerent combinations
        if "controller" in trap["source_interface"]:
            s_interface = getInterfaceByName(cgx, site, element, "controller")
            if not s_interface:
                s_interface = getInterfaceByName(cgx, site, element,
                                                 "controller 1")
        else:
            s_interface = getInterfaceByName(cgx, site, element,
                                             trap["source_interface"])
        if not s_interface:
            print(
                f"Can't find interface {trap['source_interface']} in target element"
            )
            sys.exit(-1)
        save_interface = trap['source_interface']
        trap['source_interface'] = s_interface["id"]
        res = cgx.post.snmptraps(site, element, trap)
        if not res:
            jd_detailed(res)
            print(f"Can't create SNMP Traps config")
            sys.exit(-1)
        trap['source_interface'] = save_interface
Exemple #3
0
def updatePerPrefixARP(cgx, args, sites):
    """
    change per Prefix ARP according to the args input
    """
    # for every elemnt, check if it should be changed and if it should do the required change
    for element in cgx.get.elements().cgx_content["items"]:

        # if element ID isn't in the sites list, its a hub and we can ignore it
        if not element["site_id"] in sites:
            continue

        # first check if extension exist
        log.info("{element} at {site} is being configured".format(
            element=element["name"], site=sites[element["site_id"]]))
        fcconfig = None
        for extension in cgx.get.element_extensions(
                element["site_id"], element["id"]).cgx_content["items"]:
            if extension["namespace"] == "fcconfig":
                fcconfig = extension
                log.info("-- already have fcconfig")
                break

        # if alg do not exists create on
        if not fcconfig:
            log.info("-- creating fcconfig namespace")
            ext = {
                "name": "fc config",
                "namespace": "fcconfig",
                "entity_id": "8844",
                "disabled": False,
                "conf": {
                    "arp_per_prefix_router_failure": args["enable"]
                }
            }
            r = cgx.post.element_extensions(element["site_id"], element["id"],
                                            ext)
            if not r:
                jd_detailed(r)
                raise ValueError("cant create fcconfig extenstion")
        else:
            # set the new value
            fcconfig["conf"]["arp_per_prefix_router_failure"] = args["enable"]

            # update the rules
            log.info("-- updating fcconfig entry")
            r = cgx.put.element_extensions(element["site_id"], element["id"],
                                           fcconfig["id"], fcconfig)
            if not r:
                jd_detailed(r)
                raise ValueError("cant update fcconfig extension")
def get_events(cgx_session, numhours, starttime, endtime, event_codes, sitelist):

    if numhours == RANGE:
        start_time_iso = starttime.isoformat() + "Z"
        end_time_iso = endtime.isoformat() + "Z"

    else:
        current_time = datetime.datetime.utcnow().replace(second=0, microsecond=0)
        start_time = current_time - datetime.timedelta(hours= numhours)
        start_time_iso = start_time.isoformat() + "Z"
        end_time_iso = None

    eventlist = []

    #
    # Get matching set of events.
    #

    events_query_payload = {
        "limit":
            {
                "count": 100,
                "sort_on": "time",
                "sort_order": "descending"
            },
        "query": {
            "code": event_codes,
            "site": sitelist
        },
        "severity": [],
        "start_time":start_time_iso,
        "end_time":end_time_iso
    }

    more_events=True
    while more_events:
        print ("INFO: Getting {0} starting from {1} using query {2}".format(event_codes, start_time_iso, json.dumps(events_query_payload)))
        resp = cgx_session.post.events_query(data=events_query_payload)
        if resp.cgx_status:
            eventlist += resp.cgx_content.get("items", None)
            offset = resp.cgx_content['_offset']
            print ("\tTotal events: {0}. Events Retrieved: {1}. Events Pending: {2}".format(resp.cgx_content['total_count'],resp.cgx_content['included_count'], (resp.cgx_content['total_count']-resp.cgx_content['included_count']) ))

            if offset:
                events_query_payload['start_time'] = start_time_iso
                events_query_payload['_offset'] = offset
                more_events = True

            else:
                more_events = False

        else:
            print ("ERR: Failed to get events: {}".format(resp.cgx_content))
            print(cloudgenix.jd_detailed(resp))

            more_events = False
            return []

    #print "\t{0}:{1} returned".format(datetime.datetime.utcnow(), len(eventlist))
    return eventlist
Exemple #5
0
def createdicts(cgx_session):

    # Network Stack
    resp = cgx_session.get.networkpolicysetstacks()
    if resp.cgx_status:
        nwstacklist = resp.cgx_content.get("items",None)
        for nwstack in nwstacklist:
            nwstackid_nwstackname_dict[nwstack['id']] = nwstack['name']

    else:
        print("ERR: Could not query Network Policy Stack")
        cloudgenix.jd_detailed(resp)


    # QoS Stack
    resp = cgx_session.get.prioritypolicysetstacks()
    if resp.cgx_status:
        qosstacklist = resp.cgx_content.get("items", None)
        for qosstack in qosstacklist:
            qosstackid_qosstackname_dict[qosstack['id']] = qosstack['name']

    else:
        print("ERR: Could not query Priority Policy Stack")
        cloudgenix.jd_detailed(resp)


    # Policy (v1)
    resp = cgx_session.get.policysets()
    if resp.cgx_status:
        pollist = resp.cgx_content.get("items", None)

        for pol in pollist:
            polid_polname_dict[pol['id']] = pol['name']

    else:
        print("ERR: Could not query for Policy Sets (v1)")
        cloudgenix.jd_detailed(resp)


    # Security Set
    resp = cgx_session.get.securitypolicysets()
    if resp.cgx_status:
        secpollist = resp.cgx_content.get("items", None)

        for secpol in secpollist:
            secpolid_secpolname_dict[secpol['id']] = secpol['name']

    else:
        print("ERR: Could not query for Security Policy Sets")
        cloudgenix.jd_detailed(resp)


    return
Exemple #6
0
def updateSIPalg(cgx, args, sites):
    """
    change SIP alg accoring to the args input
    """
    # for every elemnt, check if it should be changed and if it should do the required change
    for element in cgx.get.elements().cgx_content["items"]:

        # if element ID isn't in the sites list, its a hub and we can ignore it
        if not element["site_id"] in sites:
            continue

        # check if the element should be changed
        if args["scope_all"]:
            # first check if extension exist
            log.info("{element} at {site} is being configured".format(
                element=element["name"], site=sites[element["site_id"]]))
            alg = None
            for extension in cgx.get.element_extensions(
                    element["site_id"], element["id"]).cgx_content["items"]:
                if extension["namespace"] == "algconfig":
                    alg = extension
                    log.info("-- already have algconfig")
                    break

            # if alg do not exists create on
            if not alg:
                log.info("-- creating algconfig name space")
                ext = {
                    "name": "alg",
                    "namespace": "algconfig",
                    "entity_id": None,
                    "disabled": False,
                    "conf": {
                        "rules": []
                    }
                }
                r = cgx.post.element_extensions(element["site_id"],
                                                element["id"], ext)
                if not r:
                    jd_detailed(r)
                    raise ValueError("cant create algconfig extenstion")
                alg = r.cgx_content

            # if rules is None then create a list
            if not alg["conf"]["rules"]:
                alg["conf"]["rules"] = []

            # find SIP alg rule
            rule_found = False
            for i in range(len(alg["conf"]["rules"])):
                #if found set the enable
                if alg["conf"]["rules"][i]["alg"] == "SIP":
                    log.info("-- SIP alg found. Updating")
                    rule_found = True
                    alg["conf"]["rules"][i]["enabled"] = args["enable_alg"]
                    break

            # if SIP alg not found append it to the rules
            if not rule_found:
                log.info("-- SIP alg not found. adding sip rule")
                alg["conf"]["rules"].append({
                    "alg": "SIP",
                    "enabled": args["enable_alg"]
                })

            # update the rules
            log.info("-- updating alg entry")
            r = cgx.put.element_extensions(element["site_id"], element["id"],
                                           alg["id"], alg)
            if not r:
                jd_detailed(r)
                raise ValueError("cant update alg extension")
Exemple #7
0
def createnewrule(cgx_session, TYPE, SRC_POLICY_SET, SRC_POLICY_RULE,
                  DST_POLICY_SET, DST_POLICY_RULE):
    if TYPE == "NW":
        if SRC_POLICY_SET in nwset_name_id_dict.keys():
            nwpid = nwset_name_id_dict[SRC_POLICY_SET]

            rulesidname = nwpolicyid_rulenameiddict_dict[nwpid]
            rulesnameid = nwpolicyid_rulenameiddict_dict[nwpid]

            if SRC_POLICY_RULE in rulesnameid.keys():
                print("INFO: Rule {} found in Network Policy Set {}".format(
                    SRC_POLICY_RULE, SRC_POLICY_SET))
                rid = rulesnameid[SRC_POLICY_RULE]
                resp = cgx_session.get.networkpolicyrules(
                    networkpolicyset_id=nwpid, networkpolicyrule_id=rid)
                if resp.cgx_status:
                    rule = resp.cgx_content

                    if DST_POLICY_SET in nwset_name_id_dict.keys():
                        dstpolid = nwset_name_id_dict[DST_POLICY_SET]
                        print("INFO: Destination Network Policy Set {} found".
                              format(DST_POLICY_SET))
                        print("INFO: Creating rule {} in policy {}".format(
                            DST_POLICY_RULE, DST_POLICY_SET))

                        nwrulepayload = {
                            "name":
                            DST_POLICY_RULE,
                            "description":
                            rule.get("description", None),
                            "tags":
                            rule.get("tags", None),
                            "network_context_id":
                            rule.get("network_context_id", None),
                            "source_prefixes_id":
                            rule.get("source_prefixes_id", None),
                            "destination_prefixes_id":
                            rule.get("destination_prefixes_id", None),
                            "app_def_ids":
                            rule.get("app_def_ids", None),
                            "paths_allowed":
                            rule.get("paths_allowed", None),
                            "service_context":
                            rule.get("service_context", None),
                            "order_number":
                            rule.get("order_number", None),
                            "enabled":
                            rule.get("enabled", None)
                        }

                        resp = cgx_session.post.networkpolicyrules(
                            networkpolicyset_id=dstpolid, data=nwrulepayload)
                        if resp.cgx_status:
                            print(
                                "SUCCESS: Rule {} created on Network Policy Set {}"
                                .format(DST_POLICY_RULE, DST_POLICY_SET))

                        else:
                            print("ERR: Could not create the rule")
                            cloudgenix.jd_detailed(resp)

                    else:
                        print(
                            "ERR: Invalid Destination {} Policy set name: {}".
                            format(TYPE, DST_POLICY_SET))
                        print("Please select from the following:")
                        for x in nwset_name_id_dict.keys():
                            print("\t{}".format(x))
            else:
                print("ERR: Rule {} does not exist in Network Policy Set {}".
                      format(SRC_POLICY_RULE, SRC_POLICY_SET))
                print("Please select from the following rules:")
                for x in rulesnameid.keys():
                    print("\t{}".format(x))

        else:
            print("ERR: Invalid Source {} Policy set name: {}".format(
                TYPE, SRC_POLICY_SET))
            print("Please select from the following:")
            for x in nwset_name_id_dict.keys():
                print("\t{}".format(x))

    elif TYPE == "QOS":
        if SRC_POLICY_SET in qosset_name_id_dict.keys():
            qospid = qosset_name_id_dict[SRC_POLICY_SET]

            rulesidname = qospolicyid_rulenameiddict_dict[qospid]
            rulesnameid = qospolicyid_rulenameiddict_dict[qospid]

            if SRC_POLICY_RULE in rulesnameid.keys():
                print("INFO: Rule {} found in Priority Policy Set {}".format(
                    SRC_POLICY_RULE, SRC_POLICY_SET))
                rid = rulesnameid[SRC_POLICY_RULE]
                resp = cgx_session.get.prioritypolicyrules(
                    prioritypolicyset_id=qospid, prioritypolicyrule_id=rid)
                if resp.cgx_status:
                    rule = resp.cgx_content

                    if DST_POLICY_SET in qosset_name_id_dict.keys():
                        dstpolid = qosset_name_id_dict[DST_POLICY_SET]

                        print("INFO: Destination Priority Policy Set {} found".
                              format(DST_POLICY_SET))
                        print("INFO: Creating rule {} in policy {}".format(
                            DST_POLICY_RULE, DST_POLICY_SET))

                        qosrulepayload = {
                            "name":
                            DST_POLICY_RULE,
                            "description":
                            rule.get("description", None),
                            "tags":
                            rule.get("tags", None),
                            "network_context_id":
                            rule.get("network_context_id", None),
                            "source_prefixes_id":
                            rule.get("source_prefixes_id", None),
                            "destination_prefixes_id":
                            rule.get("destination_prefixes_id", None),
                            "app_def_ids":
                            rule.get("app_def_ids", None),
                            "priority_number":
                            rule.get("priority_number", None),
                            "dscp":
                            rule.get("dscp", None),
                            "order_number":
                            rule.get("order_number", None),
                            "enabled":
                            rule.get("enabled", None)
                        }

                        resp = cgx_session.post.prioritypolicyrules(
                            prioritypolicyset_id=dstpolid, data=qosrulepayload)
                        if resp.cgx_status:
                            print(
                                "SUCCESS: Rule {} created on Priority Policy Set {}"
                                .format(DST_POLICY_RULE, DST_POLICY_SET))

                        else:
                            print("ERR: Could not create the rule")
                            cloudgenix.jd_detailed(resp)

                    else:
                        print(
                            "ERR: Invalid Destination {} Policy set name: {}".
                            format(TYPE, DST_POLICY_SET))
                        print("Please select from the following:")
                        for x in qosset_name_id_dict.keys():
                            print("\t{}".format(x))
            else:
                print("ERR: Rule {} does not exist in Priority Policy Set {}".
                      format(SRC_POLICY_RULE, SRC_POLICY_SET))
                print("Please select from the following rules:")
                for x in rulesnameid.keys():
                    print("\t{}".format(x))

        else:
            print("ERR: Invalid Source {} Policy set name: {}".format(
                TYPE, SRC_POLICY_SET))
            print("Please select from the following:")
            for x in qosset_name_id_dict.keys():
                print("\t{}".format(x))

    else:
        print(
            "ERR: Invalid Policy Type: {}. Please pick NW or QOS".format(TYPE))

    return
Exemple #8
0
#!/usr/bin ptpython3

import cgxinit
import requests
from cloudgenix import jd, jd_detailed

if __name__ == "__main__":
    # parse commands and get CGX
    cgx, args = cgxinit.go()

    IPs = set()
    # get the json file
    for key, row in requests.get(args["url"]).json().items():
        for IP in row['ip_ranges']:
            if "255/32" not in IP:
                IPs.add(IP)

    # get the list of existing prefixes in the prefix list
    for filter in cgx.get.globalprefixfilters().cgx_content['items']:
        if filter["name"] == args["prefix"]:
            filter["filters"][0]["ip_prefixes"] = list(IPs)
            res = cgx.put.globalprefixfilters(filter["id"], filter)
            if not res:
                jd_detailed(res)
            else:
                print(f"{args['prefix']} update successfuly")



def createdicts(cgx_session):
    print("INFO: Building Translation dicts")
    print("\tSites..")
    resp = cgx_session.get.sites()
    if resp.cgx_status:
        sitelist = resp.cgx_content.get("items", None)

        for site in sitelist:
            sid = site['id']
            sname = site['name']
            site_id_name_dict[sid] = sname
            site_name_id_dict[sname] = sid

    else:
        print("ERR: Could not get sites")
        print(cloudgenix.jd_detailed(resp))


    print("\tElements..")
    resp = cgx_session.get.elements()
    if resp.cgx_status:
        elemlist = resp.cgx_content.get("items", None)

        for elem in elemlist:
            eid = elem['id']
            ename = elem['name']
            if ename is None:
                ename = elem['serial_number']

            elem_id_name_dict[eid] = ename

            sid = elem['site_id']
            if sid == "1":
                continue

            eid_sid_dict[eid] = sid


    print("\tInterfaces..")
    for eid in eid_sid_dict.keys():
        sid = eid_sid_dict[eid]
        if sid == "1":
            continue

        resp = cgx_session.get.interfaces(site_id=sid, element_id=eid)
        if resp.cgx_status:
            intflist = resp.cgx_content.get("items",None)

            for intf in intflist:
                iid = intf['id']
                iname = intf['name']

                intf_id_name_dict[(sid,eid,iid)] = iname
                intf_name_id_dict[(sid,eid,iname)] = iid

        else:
            print("ERR: Could not query for interfaces")
            print(cloudgenix.jd_detailed(resp))

    print("\tSite WAN Interfaces..")
    for sid in site_id_name_dict.keys():
        resp = cgx_session.get.waninterfaces(site_id = sid)
        if resp.cgx_status:
            swilist = resp.cgx_content.get("items", None)

            for swi in swilist:
                swiid = swi['id']
                swiname = swi['name']

                swi_id_name_dict[(sid,swiid)] = swiname
                swi_name_id_dict[(sid,swiname)] = swiid
        else:
            print("ERR: Could not query for site wan interfaces")
            print(cloudgenix.jd_detailed(resp))

    return
Exemple #10
0
def configextention(cgx_session, site, element, interface, prefix, app,
                    action):

    if site in sitename_siteid_dict.keys():
        ssid = sitename_siteid_dict[site]

    else:
        print("ERR: Site {} does not exist".format(site))
        cleanexit(cgx_session)

    if element in elemname_elemid_dict.keys():
        eid = elemname_elemid_dict[element]
        sid = elemid_siteid_dict[eid]
        if ssid != sid:
            print("ERR: Element {} does not belong to site {}".format(
                element, site))
            cleanexit(cgx_session)

        interfacenamelist = elemname_intfnamelist_dict[element]

        if interface in interfacenamelist:
            iid = intfname_intfid_dict[(sid, eid, interface)]

            resp = cgx_session.get.element_extensions(site_id=sid,
                                                      element_id=eid)
            if resp.cgx_status:
                extensionlist = resp.cgx_content.get("items", None)

                entitynotfound = True
                for ext in extensionlist:
                    if ext['entity_id'] == iid:
                        entitynotfound = False

                        config = ext.get("conf", None)
                        rules = config.get("rules", None)

                        print("INFO: Configuration rules {} found on {}:{}:{}".
                              format(rules, siteid_sitename_dict[sid],
                                     elemid_elemname_dict[eid], interface))

                        rules.append({
                            "app": app,
                            "action": action,
                            "prefix": prefix
                        })
                        config['rules'] = rules
                        ext['conf'] = config

                        resp = cgx_session.put.element_extensions(
                            site_id=sid,
                            element_id=eid,
                            extension_id=ext['id'],
                            data=ext)
                        if resp.cgx_status:
                            print("INFO: Configuration {} edited on {}:{}:{}".
                                  format(rules, siteid_sitename_dict[sid],
                                         elemid_elemname_dict[eid], interface))
                            cleanexit(cgx_session)

                        else:
                            print(
                                "ERR: Could not update configuration to {} on {}:{}:{}"
                                .format(rules, siteid_sitename_dict[sid],
                                        elemid_elemname_dict[eid], interface))
                            cloudgenix.jd_detailed(resp)
                            cleanexit(cgx_session)

                if entitynotfound:
                    postpayload = {
                        "name": "allowssh",
                        "namespace": "devicemanagement/interface",
                        "entity_id": iid,
                        "disabled": False,
                        "conf": {
                            "rules": [{
                                "prefix": prefix,
                                "app": app,
                                "action": action
                            }]
                        }
                    }

                    rules = postpayload["conf"]["rules"]
                    resp = cgx_session.post.element_extensions(
                        site_id=sid, element_id=eid, data=postpayload)
                    if resp.cgx_status:

                        print(
                            "INFO: Added configuration {} to {}:{}:{}".format(
                                rules, siteid_sitename_dict[sid],
                                elemid_elemname_dict[eid], interface))

                    else:
                        print(
                            "ERR: Could not update configuration to {} on {}:{}:{}"
                            .format(rules, siteid_sitename_dict[sid],
                                    elemid_elemname_dict[eid], interface))
                        cloudgenix.jd_detailed(resp)

        else:
            print("ERR: Interface {} does not exist on element {}".format(
                interface, element))
            cleanexit(cgx_session)

    else:
        print("ERR: Element {} not found.".format(element))
        cleanexit(cgx_session)

    return
def go():
    ############################################################################
    # Begin Script, parse arguments.
    ############################################################################

    # Parse arguments
    parser = argparse.ArgumentParser(description="{0}.".format(SCRIPT_NAME))

    # Allow Controller modification and debug level sets.
    controller_group = parser.add_argument_group('API', 'These options change how this program connects to the API.')
    controller_group.add_argument("--controller", "-C",
                                  help="Controller URI, ex. "
                                       "C-Prod: https://api.elcapitan.cloudgenix.com",
                                  default="https://api.elcapitan.cloudgenix.com")

    login_group = parser.add_argument_group('Login', 'These options allow skipping of interactive login')
    login_group.add_argument("--email", "-E", help="Use this email as User Name instead of prompting",
                             default=None)
    login_group.add_argument("--pass", "-P", help="Use this Password instead of prompting",
                             default=None)

    args = vars(parser.parse_args())

    ############################################################################
    # Instantiate API & Login
    ############################################################################

    cgx_session = cloudgenix.API(controller=args["controller"], ssl_verify=False)
    print("{0} v{1} ({2})\n".format(SCRIPT_NAME, SDK_VERSION, cgx_session.controller))

    # login logic. Use cmdline if set, use AUTH_TOKEN next, finally user/pass from config file, then prompt.
    # figure out user
    if args["email"]:
        user_email = args["email"]
    elif CLOUDGENIX_USER:
        user_email = CLOUDGENIX_USER
    else:
        user_email = None

    # figure out password
    if args["pass"]:
        user_password = args["pass"]
    elif CLOUDGENIX_PASSWORD:
        user_password = CLOUDGENIX_PASSWORD
    else:
        user_password = None

    # check for token
    if CLOUDGENIX_AUTH_TOKEN and not args["email"] and not args["pass"]:
        cgx_session.interactive.use_token(CLOUDGENIX_AUTH_TOKEN)
        if cgx_session.tenant_id is None:
            print("AUTH_TOKEN login failure, please check token.")
            sys.exit()

    else:
        while cgx_session.tenant_id is None:
            cgx_session.interactive.login(user_email, user_password)
            # clear after one failed login, force relogin.
            if not cgx_session.tenant_id:
                user_email = None
                user_password = None

    ############################################################################
    # Get Operators
    ############################################################################
    roles_id_name = {}
    resp = cgx_session.get.roles()
    if resp.cgx_status:
        rolelist = resp.cgx_content.get("items", None)
        for role in rolelist:
            roles_id_name[role['id']] = role['name']

    else:
        print("ERR: Could not retrieve roles")
        cloudgenix.jd_detailed(resp)


    userlist = pd.DataFrame()
    print("INFO: Retrieving operators")
    resp = cgx_session.get.tenant_operators()

    if resp.cgx_status:
        operators = resp.cgx_content.get("items", None)

        for op in operators:
            first_name = ""
            last_name = ""
            email = ""
            rolestr = ""
            crolestr = ""
            if "first_name" in op.keys():
                first_name = op.get("first_name", None)

            if "last_name" in op.keys():
                last_name = op.get("last_name", None)

            if "email" in op.keys():
                email = op.get("email", None)

            if "roles" in op.keys():
                roles = op.get("roles", None)
                for role in roles:
                    rolestr = rolestr + "{},".format(role['name'])

            if "custom_roles" in op.keys():
                customroles = op.get("custom_roles", None)

                for crole in customroles:
                    cid = crole['id']
                    if cid in roles_id_name.keys():
                        cname = roles_id_name[cid]
                    else:
                        cname = cid

                    crolestr = crolestr + "{},".format(cname)

            userlist = userlist.append({"First Name": first_name,
                                        "Last Name": last_name,
                                        "Email": email,
                                        "Roles": rolestr[:-1],
                                        "Custom Roles": crolestr[:-1]}, ignore_index=True)

        ############################################################################
        # Store file
        ############################################################################
        curtime_str = datetime.datetime.utcnow().strftime('%Y-%m-%d_%H-%M-%S')
        filename = "{}/operators_{}.csv".format(os.getcwd(), curtime_str)
        print("INFO: Operators retrieved.. Saving to file {}".format(filename))

        userlist.to_csv(filename,index=False)


    else:
        print("ERR: Could not query operators")
        cloudgenix.jd_detailed(resp)

    ############################################################################
    # Logout to clear session.
    ############################################################################
    cgx_session.get.logout()

    print("INFO: Logging Out")
    sys.exit()
Exemple #12
0
def go():
    ############################################################################
    # Begin Script, parse arguments.
    ############################################################################

    # Parse arguments
    parser = argparse.ArgumentParser(description="{0}.".format(SCRIPT_NAME))

    # Allow Controller modification and debug level sets.
    controller_group = parser.add_argument_group('API', 'These options change how this program connects to the API.')
    controller_group.add_argument("--controller", "-C",
                                  help="Controller URI, ex. "
                                       "C-Prod: https://api.elcapitan.cloudgenix.com",
                                  default="https://api.elcapitan.cloudgenix.com")

    login_group = parser.add_argument_group('Login', 'These options allow skipping of interactive login')
    login_group.add_argument("--email", "-E", help="Use this email as User Name instead of prompting",
                             default=None)
    login_group.add_argument("--pass", "-P", help="Use this Password instead of prompting",
                             default=None)

    # Commandline for entering Site info
    site_group = parser.add_argument_group('Device Specific information',
                                           'Provide the site and element name where ALG needs to be disabled')
    site_group.add_argument("--sitename", "-SN", help="Name of the Site", default=None)
    site_group.add_argument("--elemname", "-EN", help="Name of the Element", default=None)
    site_group.add_argument("--action", "-A", help="Action for ALG configuration. Select ENABLE or DISABLE", default=None)


    args = vars(parser.parse_args())

    ############################################################################
    # Extract Command Line Arguments
    ############################################################################
    sitename = args['sitename']
    elemname = args['elemname']
    action = args['action']

    if (sitename is None) or (elemname is None):
        print("ERR: Please provide both Site and Element names")
        sys.exit()

    if action not in ["ENABLE", "DISABLE"]:
        print("ERR: Incorrect action: {}. Please select ENABLE or DISABLE".format(action))
        sys.exit()

    ############################################################################
    # Instantiate API & Login
    ############################################################################

    cgx_session = cloudgenix.API(controller=args["controller"], ssl_verify=False)
    print("{0} v{1} ({2})\n".format(SCRIPT_NAME, SDK_VERSION, cgx_session.controller))

    # login logic. Use cmdline if set, use AUTH_TOKEN next, finally user/pass from config file, then prompt.
    # figure out user
    if args["email"]:
        user_email = args["email"]
    elif CLOUDGENIX_USER:
        user_email = CLOUDGENIX_USER
    else:
        user_email = None

    # figure out password
    if args["pass"]:
        user_password = args["pass"]
    elif CLOUDGENIX_PASSWORD:
        user_password = CLOUDGENIX_PASSWORD
    else:
        user_password = None

    # check for token
    if CLOUDGENIX_AUTH_TOKEN and not args["email"] and not args["pass"]:
        cgx_session.interactive.use_token(CLOUDGENIX_AUTH_TOKEN)
        if cgx_session.tenant_id is None:
            print("AUTH_TOKEN login failure, please check token.")
            sys.exit()

    else:
        while cgx_session.tenant_id is None:
            cgx_session.interactive.login(user_email, user_password)
            # clear after one failed login, force relogin.
            if not cgx_session.tenant_id:
                user_email = None
                user_password = None

    ############################################################################
    # Validate Site & Element Name and Config SIP ALG
    ############################################################################
    createdicts(cgx_session)
    if sitename in sitename_siteid_dict.keys():
        sid = sitename_siteid_dict[sitename]

        if elemname in elemname_sitename_dict.keys():
            sname = elemname_sitename_dict[elemname]

            if sname == sitename:
                eid = elemname_elemid_dict[elemname]

                print("INFO: Element {} found attached to site {}".format(elemname, sitename))

                resp = cgx_session.get.element_extensions(site_id=sid, element_id=eid)
                if resp.cgx_status:
                    extensions = resp.cgx_content.get("items",None)
                    extfound = False
                    for ext in extensions:
                        if ext['namespace'] == "algconfig":
                            print("INFO: ALG Config on {}:{}".format(sitename,elemname))
                            extfound = True

                            conf = {
                                "rules":[
                                    {
                                        "alg": "SIP",
                                        "enabled": actionxlate[action]
                                    }
                                ]
                            }

                            ext["conf"] = conf

                            resp = cgx_session.put.element_extensions(site_id=sid, element_id=eid, extension_id=ext['id'],data=ext)
                            if resp.cgx_status:
                                print("INFO: SIP ALG {}D on {}:{}".format(action,sitename,elemname))
                            else:
                                print("ERR: Could not edit ALG config on {}:{}\n{}".format(sitename,elemname,cloudgenix.jd_detailed(resp)))

                    if not extfound:
                        print("INFO: No ALG Config on {}:{}".format(sitename,elemname))

                        data = {
                            "name" : "alg",
                            "namespace":"algconfig",
                            "entity_id": None,
                            "conf":{
                                "rules":[
                                    {
                                        "alg": "SIP",
                                        "enabled": actionxlate[action]
                                     }
                                ]
                            },
                            "disabled":False,
                        }

                        print("Using element extensions API to configure: {}".format(data))
                        resp = cgx_session.post.element_extensions(site_id=sid, element_id=eid, data=data)
                        if resp.cgx_status:
                            print("INFO: SIP ALG {}D on {}:{}".format(action,sitename, elemname))

                        else:
                            print("ERR: Could not {} SIP ALG.\n {}".format(action, cloudgenix.jd_detailed(resp)))

            else:
                print("ERR: Element {} is not attached to site {}. Please reenter site name and element name".format(elemname,sitename))

        else:
            print("ERR: Element {} not found. Please reenter element name".format(elemname))

    else:
        print("ERR: Site {} not found. Please reenter site name".format(sitename))

    ############################################################################
    # Logout to clear session.
    ############################################################################
    cgx_session.get.logout()

    print("INFO: Logging Out")
    sys.exit()
Exemple #13
0
    template = {
        "name": "REPLACE",
        "description": None,
        "tags": None,
        "ipv4_config": {
            "prefixes": ["REPLACE"],
            "dhcp_relay": None,
            "dhcp_server": None,
            "default_routers": None
        },
        "scope": "global",
        "network_context_id": None
    }

    # add one prefix at a time
    for prefix in ip_list:
        if prefix in existing:
            print(f"{prefix} already exists")
        else:
            # add prefix to cgx
            template['ipv4_config']['prefixes'] = [prefix]
            template['name'] = "p-" + prefix

            res = cgx.post.lannetworks(site_id, template)
            if not res:
                print(f"ERROR: Couldn't add {prefix}")
                cloudgenix.jd_detailed(res)
                sys.exit()
            else:
                print(f"Added {prefix} to site")
Exemple #14
0
def go():
    ############################################################################
    # Begin Script, start login / argument handling.
    ############################################################################
    # Parse arguments
    parser = argparse.ArgumentParser(description="{0}.".format(SCRIPT_NAME))

    # Allow Controller modification and debug level sets.
    controller_group = parser.add_argument_group('API', 'These options change how this program connects to the API.')
    controller_group.add_argument("--controller", "-C",
                                  help="Controller URI, ex. "
                                       "C-Prod: https://api.cloudgenix.com",
                                  default=None)

    controller_group.add_argument("--insecure", "-I", help="Disable SSL certificate and hostname verification",
                                  dest='verify', action='store_false', default=True)

    login_group = parser.add_argument_group('Login', 'These options allow skipping of interactive login')
    login_group.add_argument("--email", "-E", help="Use this email as User Name instead of prompting",
                             default=None)
    login_group.add_argument("--pass", "-PW", help="Use this Password instead of prompting",
                             default=None)

    debug_group = parser.add_argument_group('Debug', 'These options enable debugging output')
    debug_group.add_argument("--debug", "-D", help="Verbose Debug info, levels 0-2", type=int,
                             default=0)

    args = vars(parser.parse_args())

    ############################################################################
    # Instantiate API
    ############################################################################
    cgx_session = cloudgenix.API(controller=args["controller"], ssl_verify=args["verify"])
    cgx_session.set_debug(args["debug"])

    ############################################################################
    # Draw Interactive login banner, run interactive login including args above.
    ############################################################################

    print("{0} v{1} ({2})\n".format(SCRIPT_NAME, SDK_VERSION, cgx_session.controller))

    # login logic. Use cmdline if set, use AUTH_TOKEN next, finally user/pass from config file, then prompt.
    # figure out user
    if args["email"]:
        user_email = args["email"]
    elif CLOUDGENIX_USER:
        user_email = CLOUDGENIX_USER
    else:
        user_email = None

    # figure out password
    if args["pass"]:
        user_password = args["pass"]
    elif CLOUDGENIX_PASSWORD:
        user_password = CLOUDGENIX_PASSWORD
    else:
        user_password = None

    # check for token
    if CLOUDGENIX_AUTH_TOKEN and not args["email"] and not args["pass"]:
        cgx_session.interactive.use_token(CLOUDGENIX_AUTH_TOKEN)
        if cgx_session.tenant_id is None:
            print("AUTH_TOKEN login failure, please check token.")
            sys.exit()

    else:
        while cgx_session.tenant_id is None:
            cgx_session.interactive.login(user_email, user_password)
            # clear after one failed login, force relogin.
            if not cgx_session.tenant_id:
                user_email = None
                user_password = None


    ############################################################################
    # Iterate through tenant_ids and get machines, elements and sites
    ############################################################################
    curtime_str = datetime.datetime.utcnow().strftime('%Y-%m-%d_%H-%M-%S')
    tenantname = cgx_session.tenant_name
    tenantname = tenantname.replace(" ","")
    tenantname = tenantname.replace("/","")


    filename = "{}/{}_inventory_{}.csv".format(os.getcwd(),tenantname,curtime_str)

    with open(filename, 'w') as csvfile:

        writer = csv.DictWriter(csvfile, fieldnames=HEADER)
        writer.writeheader()

        hwids = []
        machines = {}
        resp = cgx_session.get.machines()
        if resp.cgx_status:
            machinelist = resp.cgx_content.get("items", None)
            print("\tMachines: {}".format(len(machinelist)))

            for machine in machinelist:

                if machine['machine_state'] in ["claimed"]:
                    em_element_id = machine["em_element_id"]
                else:
                    em_element_id = "n/a"

                machines[machine["sl_no"]] = {"em_element_id": em_element_id, "model_name": machine["model_name"],
                                              "software_version": machine["image_version"],
                                              "ship_state": machine["ship_state"]}
                hwids.append(machine["sl_no"])

        else:
            print("ERR: Failed to retrieve machines")
            cloudgenix.jd_detailed(resp)

        elements = {}
        elemid_siteid_dict = {}
        resp = cgx_session.get.elements()
        if resp.cgx_status:
            elemlist = resp.cgx_content.get("items", None)
            print("\tElements: {}".format(len(elemlist)))

            for elem in elemlist:
                elements[elem['serial_number']] = {"site_id": elem["site_id"],
                                                   "software_version": elem["software_version"],
                                                   "name": elem["name"], "role": elem["role"],
                                                   "state": elem["state"]}

                elemid_siteid_dict[elem["id"]] = elem["site_id"]

        else:
            print("ERR: Failed to retrieve elements")
            cloudgenix.jd_detailed(resp)

        sites = {}
        resp = cgx_session.get.sites()
        if resp.cgx_status:
            sitelist = resp.cgx_content.get("items", None)
            print("\tSites: {}".format(len(sitelist)))

            for site in sitelist:
                sites[site["id"]] = {"name": site["name"], "admin_state": site["admin_state"],
                                     "address": site["address"], "location": site["location"]}


        else:
            print("ERR: Failed to retrieve sites")
            cloudgenix.jd_detailed(resp)

        # Extract data from dicts for CSV
        hwidslist = list(dict.fromkeys(hwids))
        for item in hwidslist:
            site_name = "Unbound"
            element_name = "Unclaimed"
            element_role = "n/a"
            site_state = "n/a"
            element_state = "n/a"
            street = "n/a"
            city = "n/a"
            state = "n/a"
            country = "n/a"
            post_code = "n/a"
            longitude = "n/a"
            latitude = "n/a"
            model_type = None
            model_name = None

            curmachine = machines[item]
            ship_state = curmachine["ship_state"]
            software_version = curmachine["software_version"]
            model_name = curmachine["model_name"]

            if "v" in model_name:
                model_type = "Virtual"
            else:
                model_type = "Physical"

            if item in elements.keys():
                curelement = elements[item]
                software_version = curelement["software_version"]
                element_name = curelement["name"]
                element_state = curelement["state"]
                element_role = curelement["role"]

                site_id = curelement["site_id"]
                if site_id != "1":
                    cursite = sites[site_id]
                    site_name = cursite["name"]
                    site_state = cursite["admin_state"]
                    address = cursite["address"]

                    if address:
                        street = "{} {}".format(address.get("street",None),address.get("street2",None))
                        city = address.get("city")
                        state = address.get("state")
                        country = address.get("country")
                        post_code = address.get("post_code")

                    location = cursite["location"]
                    longitude = location["longitude"]
                    latitude = location["latitude"]


            writer.writerow({
                "serial_number": item,
                "model_name":model_name,
                "model_type":model_type,
                "software_version": software_version,
                "site_name": site_name,
                "element_name": element_name,
                "element_role": element_role,
                "site_state": site_state,
                "element_state": element_state,
                "street": street,
                "city": city,
                "state": state,
                "country": country,
                "post_code": post_code,
                "longitude": longitude,
                "latitude": latitude})


    #############################################################
    # Logout
    #############################################################
    print("INFO: Logging Out")
    cgx_session.get.logout()
    sys.exit()
def createcustomapps(yamldata, cgx_session):
    appconfig = yamldata.get("apps", None)

    for app in appconfig.keys():

        config = appconfig[app]

        iprules = config.get("ip_rules", None)
        if iprules is not None:
            for i, rule in enumerate(iprules):
                dstfilter = rule.get("dest_filters", None)
                if dstfilter is not None:
                    for dj, df in enumerate(dstfilter):
                        if df in global_pfname_id_dict.keys():
                            pfid = global_pfname_id_dict[df]
                            config["ip_rules"][i]["dest_filters"][dj] = pfid
                            yamlreplace[df] = pfid
                        else:
                            print("ERR: IP Rule Destination Prefix Filter {} not found. Please reenter the Prefix Filter for {}".format(df, app))
                            cleanexit(cgx_session)

                srcfilter = rule.get("src_filters", None)
                if srcfilter is not None:
                    for sj, sf in enumerate(srcfilter):
                        if sf in global_pfname_id_dict.keys():
                            pfid = global_pfname_id_dict[sf]
                            config["ip_rules"][i]["src_filters"][sj] = pfid
                            yamlreplace[sf] = pfid
                        else:
                            print("ERR: IP Rule Source Prefix Filter {} not found. Please reenter the Prefix Filter for {}".format(sf, app))
                            cleanexit(cgx_session)

        tcprules = config.get("tcp_rules", None)
        if tcprules is not None:
            for i, rule in enumerate(tcprules):
                client_filters = rule.get("client_filters", None)
                if client_filters is not None:

                    for clj, clf in enumerate(client_filters):
                        if clf in global_pfname_id_dict.keys():
                            pfid = global_pfname_id_dict[clf]
                            config["tcp_rules"][i]["client_filters"][clj] = pfid
                            yamlreplace[clf] = pfid
                        else:
                            print("ERR: TCP Client Prefix Filter {} not found. Please reenter the Prefix Filter for {}".format(clf, app))
                            cleanexit(cgx_session)

                server_filters = rule.get("server_filters", None)
                if server_filters is not None:
                    for srj, srf in enumerate(server_filters):
                        if srf in global_pfname_id_dict.keys():
                            pfid = global_pfname_id_dict[srf]
                            config["tcp_rules"][i]["server_filters"][srj] = pfid
                            yamlreplace[srf] = pfid
                        else:
                            print("ERR: TCP Server Prefix Filter {} not found. Please reenter the Prefix Filter for {}".format(srf, app))
                            cleanexit(cgx_session)

        udprules = config.get("udp_rules", None)
        if udprules is not None:

            for i, rule in enumerate(udprules):
                udp_filters = rule.get("udp_filters", None)
                if udp_filters is not None:
                    for uj, uf in enumerate(udp_filters):
                        if uf in global_pfname_id_dict.keys():
                            pfid = global_pfname_id_dict[uf]
                            config["udp_rules"][i]["udp_filters"][uj] = pfid
                            yamlreplace[uf] = pfid
                        else:
                            print("ERR: UDP Prefix Filter {} not found. Please reenter the Prefix Filter for {}".format(uf, app))
                            cleanexit(cgx_session)


        resp = cgx_session.post.appdefs(data=config, api_version="v2.3")
        if resp.cgx_status:
            print("SUCCESS: Custom App {} created".format(app))

        else:
            print("ERR: Could not create Custom App {}".format(app))
            cloudgenix.jd_detailed(resp)

    return
def go():
    ############################################################################
    # Begin Script, parse arguments.
    ############################################################################

    # Parse arguments
    parser = argparse.ArgumentParser(description="{0}.".format(SCRIPT_NAME))

    # Allow Controller modification and debug level sets.
    controller_group = parser.add_argument_group(
        'API', 'These options change how this program connects to the API.')
    controller_group.add_argument(
        "--controller",
        "-C",
        help="Controller URI, ex. "
        "C-Prod: https://api.elcapitan.cloudgenix.com",
        default="https://api.elcapitan.cloudgenix.com")

    login_group = parser.add_argument_group(
        'Login', 'These options allow skipping of interactive login')
    login_group.add_argument(
        "--email",
        "-E",
        help="Use this email as User Name instead of prompting",
        default=None)
    login_group.add_argument("--pass",
                             "-P",
                             help="Use this Password instead of prompting",
                             default=None)

    # Commandline for entering Auth Token info
    auth_group = parser.add_argument_group(
        'Auth Token Specific information',
        'Information shared here will be used to create an auth token')
    auth_group.add_argument(
        "--roles",
        "-R",
        help=
        "Roles. Allowed values: super, viewonly, secadmin, nwadmin, iamadmin. Multiple roles should be comma separated",
        default=None)
    auth_group.add_argument(
        "--expirationdate",
        "-ED",
        help="Expiration Date in format YYYY-MM-DDTHH:MM:SSZ",
        default=None)

    args = vars(parser.parse_args())

    ############################################################################
    # Parse Args
    ############################################################################
    roles = args["roles"]
    role_ds = []
    if roles:
        if "," in roles:
            tmp = roles.split(",")

            for role in tmp:
                if role not in ROLES:
                    print(
                        "ERR: Invalid role. Please choose from: super,viewonly,secadmin,nwadmin or iamadmin"
                    )
                    sys.exit()
                else:
                    mappedrole = rolemap[role]
                    role_ds.append({"name": mappedrole})
        else:
            if roles in ROLES:
                mappedrole = rolemap[roles]
                role_ds.append({"name": mappedrole})
            else:
                print(
                    "ERR: Invalid role. Please choose from: super,viewonly,secadmin,nwadmin or iamadmin"
                )
                sys.exit()

    expirationdate = args["expirationdate"]
    timestamp = None
    if expirationdate:
        if "." in expirationdate:
            utc_dt = datetime.datetime.strptime(expirationdate,
                                                "%Y-%m-%dT%H:%M:%S.%fZ")

        else:
            utc_dt = datetime.datetime.strptime(expirationdate,
                                                "%Y-%m-%dT%H:%M:%SZ")

        # Convert UTC datetime to seconds since the Epoch
        timestamp = (utc_dt -
                     datetime.datetime(1970, 1, 1)).total_seconds() * 1000

    ############################################################################
    # Instantiate API & Login
    ############################################################################

    cgx_session = cloudgenix.API(controller=args["controller"],
                                 ssl_verify=False)
    print("{0} v{1} ({2})\n".format(SCRIPT_NAME, SDK_VERSION,
                                    cgx_session.controller))

    # login logic. Use cmdline if set, use AUTH_TOKEN next, finally user/pass from config file, then prompt.
    # figure out user
    if args["email"]:
        user_email = args["email"]
    elif CLOUDGENIX_USER:
        user_email = CLOUDGENIX_USER
    else:
        user_email = None

    # figure out password
    if args["pass"]:
        user_password = args["pass"]
    elif CLOUDGENIX_PASSWORD:
        user_password = CLOUDGENIX_PASSWORD
    else:
        user_password = None

    # check for token
    if CLOUDGENIX_AUTH_TOKEN and not args["email"] and not args["pass"]:
        cgx_session.interactive.use_token(CLOUDGENIX_AUTH_TOKEN)
        if cgx_session.tenant_id is None:
            print("AUTH_TOKEN login failure, please check token.")
            sys.exit()

    else:
        while cgx_session.tenant_id is None:
            cgx_session.interactive.login(user_email, user_password)
            # clear after one failed login, force relogin.
            if not cgx_session.tenant_id:
                user_email = None
                user_password = None

    ############################################################################
    # Create Auth Token
    ############################################################################
    authdata = {"roles": role_ds, "expires_utc_ms": timestamp}

    operator_id = cgx_session.operator_id

    print("INFO: Creating AUTH Token for operator {} using data {}".format(
        operator_id, authdata))
    resp = cgx_session.post.authtokens(operator_id=operator_id, data=authdata)
    if resp.cgx_status:
        print("Auth creation successful!")
        authtoken = resp.cgx_content.get("x_auth_token", None)
        print(authtoken)

    else:
        print("ERR: Could not create auth token")
        cloudgenix.jd_detailed(resp)

    ############################################################################
    # Logout to clear session.
    ############################################################################
    cgx_session.get.logout()

    print("INFO: Logging Out")
    sys.exit()