def transform_rules_from_vlan_to_subnet(self):
"""
Transforms all the firewall rules
"""
# Using deep copy to avoid future stepping into fw references.
self.fwNewRules = deepcopy(self.fwRules)
for rule in self.fwNewRules:
rule["destCidr"] = self.vlans_to_subnet(rule["destCidr"])
rule["srcCidr"] = self.vlans_to_subnet(rule["srcCidr"])
"""
Syslog enabled is breaking the api so we force it to disabled.
2018-04-19 ["Cannot enable s yslog on rules - a syslog server must be configured"]}
"""
#rule["syslogEnabled"] = False
rules=[]
"""
Don't apply default rules
"""
for rule in self.fwNewRules:
if rule["comment"] == "Default rule":
continue
rules.append(rule)
json.writer(self.firewallOutputFile, rules)
self.fwRules=deepcopy(rules)
l.logger.debug("created {}".format(self.firewallOutputFile))
def createVlanDefs(self, storeNumber):
self.NetX = netx.NetX()
self.validSubnets = self.NetX.validSubNetList
self.netxFile = config.netxFile
storeDevice="{}{}{}".format(config.devicePrefix, storeNumber, config.devicePostfix)
self.netx, picknet = self.NetX.getAll(None, storeDevice, None)
json.writer(self.netxFile, self.netx)
l.logger.debug("created {}".format(self.netxFile))
def create_funnel_vlan_table(self):
self.funnel_vlan_table = {}
for entry in self.funnel:
vlan = entry["Vlan"]
self.funnel_vlan_table[vlan] = entry["Subnet"]
json.writer(self.funnelVlanFile, self.funnel_vlan_table)
l.logger.debug("created {}".format(self.funnelVlanFile))
def transformFunnelToNetx(self):
for entry in self.funnel:
subnet = entry["Subnet"].split(".")
# if there is an x than we need to replace otherwise skip
if subnet[1]=='x':
if (subnet[2]>='a' and subnet[2]<='h'):
entry["Subnet"]=subnet[2]+"."+subnet[3]
json.writer(self.funnelNetxFile, self.funnel)
l.logger.debug("created {}".format(self.funnelNetxFile))
def transformFunnelToSubnet(self):
for entry in self.funnel:
subnet = entry["Subnet"].split(".")
netxIndex = subnet[0]
if netxIndex in self.validSubnets:
subnet[0] = self.netx[netxIndex]
elem=entry["Subnet"].split(".")
entry["Subnet"] = "{}.{}".format(subnet[0],elem[1])
json.writer(self.funnelSubnetFile, self.funnel)
l.logger.debug("created {}".format(self.funnelSubnetFile))
def create_vlan_defs(self):
self.netx = netx.Netx()
self.valid_subnets = self.netx.valid_subnet_list
self.netxFile = settings["CONFIG"]["netx-file"]
device = "{}{}{}".format(settings["CONFIG"]["device-prefix"],
settings["store-number"],
settings["CONFIG"]["device-postfix"])
self.netx = self.netx.get_netx(device)
json.writer(self.netxFile, self.netx)
l.logger.debug("created {}".format(self.netxFile))
def get(self, netid):
self.firewalls = None
try:
success, self.firewalls = meraki.getmxl3fwrules(config.apikey, netid)
if not success:
l.logger.error("failed netid:{} {}".format(netid, self.firewalls))
fname = "firewall_{}".format(netid)
json.writer(fname, self.firewalls)
except Exception as err:
l.logger.error("exception failure netid:{}".format(netid))
traceback.print_tb(err.__traceback__)
def get(self, netid):
self.vlans = None
try:
success, self.vlans = meraki.getvlans(config.apikey, netid)
if not success:
l.logger.error("failed netid:{} {}".format(netid, self.vlans))
fname = "vlans_{}".format(netid)
json.writer(fname, self.vlans)
l.logger.info("netid:{} {}".format(netid,
json.make_pretty(self.vlans)))
except Exception as err:
l.logger.error("exception failure netid:{}".format(netid))
traceback.print_tb(err.__traceback__)
def createFunnelVlanTable(self):
self.funnelVlanTable={}
for entry in self.funnel:
vlan = entry["Vlan"]
self.funnelVlanTable[vlan]=entry["Subnet"]
# # Adding fixed in the VlanTable (Guest WIFI, Cache VPN Cache Internet)
self.funnelVlanTable["995"] = "192.168.1.0/24"
self.funnelVlanTable["996"] = "192.168.100.0/24"
self.funnelVlanTable["997"] = "192.168.101.0/24"
json.writer(self.funnelVlanFile, self.funnelVlanTable)
l.logger.debug("created {}".format(self.funnelVlanFile))
def remove_serials():
# Convert meraki template firewall to subnet firewall
fname = "firewall_serials"
data = Csv.transform_to_json(fname)
json.writer(fname, data[0])
for item in range(len(data)):
netid = data[item]["id"]
serial1 = data[item]["serial1"]
serial2 = data[item]["serial2"]
devices.removedevice(netid, serial1)
devices.removedevice(netid, serial2)
# Does physical VLAN creation on meraki device
l.logger.info("success")
def addtonet(self, networkid, serial):
success = False
str = None
try:
success, str = meraki.adddevtonet(config.apikey, networkid, serial)
if success:
l.logger.debug("success")
json.writer("addtonet_{}".format(serial), str)
else:
l.logger.error("failed.")
l.logger.error("{}".format(str))
except Exception as err:
l.logger.error("networkid: {} serial:{}".format(networkid, serial))
traceback.print_tb(err.__traceback__)
return success, str
def transformRulesFromVlanToSubnet(self):
# Using deep copy to avoid future stepping into fw references.
self.fwNewRules = deepcopy(self.fwRules)
for rule in self.fwNewRules:
rule["destCidr"] = self.vlansToSubnet(rule["destCidr"])
rule["srcCidr"] = self.vlansToSubnet(rule["srcCidr"])
rule["syslogEnabled"] = False
rules = []
for rule in self.fwNewRules:
if rule["comment"] == "Default rule":
continue
rules.append(rule)
json.writer(self.firewallOutputFile, rules)
self.fwRules = deepcopy(rules)
l.logger.debug("created {}".format(self.firewallOutputFile))
def removeSerials():
print("DONE")
exit(0)
# Convert meraki template firewall to subnet firewall
fname = "firewall_serials"
data = json.convert(fname)
json.writer(fname, data[0])
for item in range(len(data)):
netid = data[item]["id"]
serial1 = data[item]["serial1"]
serial2 = data[item]["serial2"]
# print (netid, serial1, serial2)
devices.removedevice(netid, serial1)
devices.removedevice(netid, serial2)
# Does physical VLAN creation on meraki device
l.logger.info("success")
def claim(self, serial, licensekey=None, licensemode=None, orderid=None):
success = False
str = None
try:
success, self.claim = meraki.claim(config.apikey, config.orgid,
serial, licensekey, licensemode,
orderid)
if not success:
l.logger.error("orgid: {} serial:{} claim:{}".format(
orgid, serial, self.claim))
json.writer("claim_{}".format(serial), self.claim)
json.writer("claim_{}".format(serial), self.claim)
except Exception as err:
l.logger.error("serial:{}".format(serial))
traceback.print_tb(err.__traceback__)
return success, self.claim
def updateVpnSettings(self, networkid, hubnetworks, defaultroute, subnets,
usevpn):
success = False
str = None
try:
mode = 'spoke'
success, str = meraki.updatevpnsettings(config.apikey, networkid,
mode, subnets, usevpn,
hubnetworks, defaultroute)
if success:
l.logger.debug("success")
json.writer("vpn_updatevpnsettings_{}".format(networkid), str)
else:
l.logger.error("failed.")
l.logger.error("{}".format(str))
except Exception as err:
l.logger.error("networkid: {} str:{}".format(networkid, str))
traceback.print_tb(err.__traceback__)
return success, str
def add(self, orgid, name, nettype):
success = False
self.network = None
try:
clone_id = config.get_clone_id()
success, self.network = meraki.addnetwork(config.api_key,
orgid,
name,
nettype,
tags=None,
tz="US/Pacific",
cloneid=clone_id,
suppressprint=False)
store_number = settings["store-number"]
fname = "network_{}".format(store_number)
data = dict()
data["store-name"] = settings["store-name"]
data["netid"] = settings["netid"]
data["clone-source"] = settings["CLI"]["networks-clone-source"]
json.writer(fname, data, path="data", header=None, logPath=False)
if success:
logger.info("success org-id {} {} {} {}".format(
orgid, name, nettype, self.network))
else:
logger.error("failed org-id {} {} {} {}".format(
orgid, name, nettype, self.network))
runlogs_logger.error("failed org-id {} {} {}".format(
orgid, name, nettype, self.network))
gv.fake_assert()
logger.debug("cloned network, {} {} {}".format(
name, nettype, self.network))
except Exception as err:
logger.error("orgid {} name {} nettype {}".format(
orgid, name, nettype))
runlogs_logger.error("orgid {} name {} nettype {}".format(
orgid, name, nettype))
gv.fake_assert()
assert (0)
return success, self.network
def add(self, orgid, name, nettype):
# nettype : wireless, Switch, "Security appliance"
success = False
self.network = None
try:
success, self.network = meraki.addnetwork(config.apikey,
orgid,
name,
nettype,
tags=None,
tz="US/Pacific")
json.writer("network_{}".format(name), self.network)
if not success:
l.logger.warning("failed, {} {}: {}".format(
name, nettype, self.network))
except Exception as err:
l.logger.error("orgid:{} name:{} nettype:{}".format(
orgid, name, nettype))
traceback.print_tb(err.__traceback__)
return success, self.network
def update_settings_single(self, org_id, vpn_rules=[]):
api_key = config.api_key
success = False
str = None
try:
single_rule = []
count = 1100
start = count
for rule in vpn_rules[start:]:
l.runlogs_logger.info(
"deploying rule number: {} ==> rule: {}".format(
count, str))
single_rule.append(rule)
success, str = meraki.updatemxvpnfwrules(
api_key,
org_id,
single_rule,
syslogDefaultRule=False,
suppressprint=False)
single_rule.pop()
count += 1
str = Json.make_pretty(rule)
l.logger.info(
"deployed org-id {} count {} rule number {}".format(
org_id, count, str))
l.runlogs_logger.info(
"deployed org-di {} rule number {}".format(org_id, count))
Json.writer("s2svpnrules_deploy", single_rule)
if not success:
l.logger.error("failed count {} {}".format(count, str))
l.runlogs_logger.error("failed count {} {}".format(
count, str))
l.runlogs_logger.error("{}".format(str))
gv.fake_assert()
except Exception as err:
l.runlogs_logger.error("org_id: {} str:{}".format(org_id, str))
l.logger.error("org_id: {} str:{}".format(org_id, str))
gv.fake_assert()
return success, str
def update_settings(self, networkid, hubnetworks, defaultroute, subnets,
usevpn):
success = False
str = None
try:
mode = 'spoke'
success, str = meraki.updatevpnsettings(config.api_key, networkid,
mode, subnets, usevpn,
hubnetworks, defaultroute)
if success:
l.logger.debug("success netid {}")
json.writer("vpn_updatevpnsettings_{}".format(networkid), str)
else:
l.logger.error("failure netid {} {}".format(networkid, str))
l.runlogs_logger.error("{}".format(str))
gv.fake_assert()
except Exception as err:
l.logger.error("exception failure networkid: {} str:{}".format(
networkid, str))
l.runlogs_logger.error("exception failure str:{}".format(str))
gv.fake_assert()
return success, str
def get_settings(self, org_id):
api_key = config.api_key
vpn_rules_str = ""
success = False
try:
success, vpn_rules = meraki.getmxvpnfwrules(api_key, org_id)
if success:
l.logger.debug("success")
Json.writer("s2svpnrules_get",
vpn_rules,
path="ORG",
header=None,
logPath=True)
else:
l.runlogs_logger.error("failed: {}".format(str))
l.logger.error("failed: {}".format(str))
gv.fake_assert()
except Exception as err:
l.logger.error("org_id: {} str:{}".format(org_id, str))
l.runlogs_logger.error("org_id: {} str:{}".format(org_id, str))
gv.fake_assert()
return success, str
def addtonet(self, networkid, serial):
success = False
try:
success, _str = meraki.adddevtonet(config.api_key, networkid,
serial)
if success:
logger.debug("success {}".format(networkid))
json.writer("addtonet {}".format(serial), _str)
else:
logger.error("failed.")
logger.error("{}".format(str))
except (meraki.EmailFormatError, meraki.OrgPermissionError,
meraki.ListError) as err:
logger.error("failed {}".format(err.default))
runlogs_logger.error("failed {}".format(err.default))
exit(-1)
except Exception as err:
runlogs_logger.error("failed {} serial:{}".format(err, serial))
logger.error("failed {} networkid: {} serial:{}".format(
err, networkid, serial))
gv.fake_assert()
return success, _str
def get(self, netid, store_number):
self.firewalls = None
try:
success, self.firewalls = meraki.getmxl3fwrules(
config.api_key, netid)
if not success:
log.logger.error("failed netid {} {}".format(
netid, self.firewalls))
log.runlogs_logger.error("failed netid {}".format(
netid, self.firewalls))
gv.fake_assert()
fname = "l3fwrules_get_{}".format(store_number)
json.writer(fname,
data=self.firewalls,
path="data",
header=None,
logPath=True)
except Exception as err:
log.logger.error("exception failure {} netid {}\n{}".format(
err, netid, self.firewalls))
log.runlogs_logger.error("exception {} failure netid \n{}".format(
err, self.firewalls))
gv.fake_assert()
def update_settings(self, org_id, vpn_rules=[]):
api_key = config.api_key
try:
success, str = meraki.updatemxvpnfwrules(api_key,
org_id,
vpn_rules,
syslogDefaultRule=False,
suppressprint=False)
l.logger.info("updatemxvpnfwrules {} {}".format(success, str))
import json as _json
aux = _json.dumps(str)[0:160]
Json.writer("s2svpnrules_deploy", vpn_rules, path="ORG")
l.runlogs_logger.info("updatemxvpnfwrules {}".format(success))
l.logger.debug("updatemxvpnfwrules {} {}".format(success, str))
if success:
return True, None
if success:
l.logger.info("success org-id {}".format(org_id))
l.runlogs_logger.info("success org-id {}".format(org_id))
Json.writer("vpn_updatevpnfwrules_{}".format(org_id), str)
else:
l.logger.error("failed org-id {} {}".format(org_id, str))
l.runlogs_logger.error("failed org-id {} {}".format(
org_id, aux))
gv.fake_assert()
except Exception as err:
l.logger.error("{}".format(str))
l.logger.error("exception failure org_id: {}".format(org_id))
l.runlogs_logger.error("{}".format(str))
l.runlogs_logger.error(
"exception failure org_id: {}".format(org_id))
gv.fake_assert()
return success, str
