def get_have(api, module): """Get current configuration Args: api (AEDApi): AEDApi instance for this connection module (AnsibleModule): AnsibleModule instance Returns: A dict of the current state of the AED License. """ have = {} lic_server_id = module.params.get('server_id', None) capability = module.params.get('capability', None) if lic_server_id or not (lic_server_id or capability): # Get license server config url = BASE_URI + '/server/' resp_code, raw_config = api.get_config(url) verify_response(resp_code, raw_config) have.update(rest_to_ans(raw_config, SERVER_PARAM_MAP)) if capability or not (lic_server_id or capability): # Get license capabilities config url = BASE_URI + '/capabilities/' resp_code, raw_config = api.get_config(url) verify_response(resp_code, raw_config) capabilities = [] for cap in raw_config['capabilities']: if cap['capability'] == capability or \ not (lic_server_id or capability): capabilities.append(rest_to_ans(cap, CAPABILITIES_PARAM_MAP)) have['capabilities'] = capabilities return have
def get_have(api, module): """Get current configuration Args: api (AEDApi): AEDApi instance for this connection module (AnsibleModule): AnsibleModule instance Returns: A dict of the current state of the interfaces. """ # This task is probably setting the # link state propagation timeouts if not module.params.get('name'): # Get all information about interfaces resp_code, raw_config = api.get_config('mitigation-interfaces') if resp_code in ResponseCodes.GOOD_RESP: timeouts = rest_to_ans(raw_config, LP_PARAM_MAP) return timeouts else: raise AEDAPIError('APIError: Failed fetching config. ' 'response code:{}, response:{}'.format( resp_code, raw_config)) else: intf_name = module.params.get('name') resp_code, raw_config = api.get_config( 'mitigation-interfaces/{}/'.format(intf_name)) if resp_code in ResponseCodes.GOOD_RESP: intf = rest_to_ans(raw_config, INTF_PARAM_MAP) return intf else: raise AEDAPIError('APIError: Failed fetching config. ' 'response code:{}, response:{}'.format( resp_code, raw_config))
def populate(self): param_map = [ ('deployment_mode', 'deploymentMode', str), ('protection_active', 'protectionActive', self.morph_protection_active), ('protection_level', 'protectionLevel', self.morph_protection_level), ] self.facts.update(rest_to_ans(self.get_config('summary'), param_map))
def get_have(api): # single rest GET call, return the dict... resp_code, raw_config = api.get_config('snmp') if resp_code == 200: return rest_to_ans(raw_config, PARAM_MAP) else: raise AEDAPIError('APIError: Failed fetching config. ' 'response code:{}, response:{}'.format( resp_code, raw_config))
def populate(self): """Gather relevant data for interfaces and format it for display """ lp_param_map = [('link_propagation_up_timeout', 'linkPropagationUpTimeout', int), ('link_propagation_down_timeout', 'linkPropagationDownTimeout', int)] intf_param_map = [('name', 'interfaceName', str), ('addr', 'address', str)] intf_config = self.get_config('mitigation-interfaces') intf_config_list = [] intf_config_list.append(rest_to_ans(intf_config, lp_param_map)) for intf in intf_config.get('mitigationInterfaces'): intf_config_list.append(rest_to_ans(intf, intf_param_map)) self.facts.update({'aed_interfaces': intf_config_list}) return
def populate(self): param_map = [('pg_name', 'name', str), ('pg_active', 'active', self.morph_pg_active), ('pg_protected_hosts', 'prefixes', list), ('pg_server_type', 'serverType', self.morph_server_types), ('pg_description', 'description', str), ('pg_protection_level', 'protectionLevel', self.morph_pg_protection_level), ('pgid', 'pgid', int)] all_pgs = self.get_config('protection-groups').get('protection-groups') pg_list = [] for pg in all_pgs: pg_list.append(rest_to_ans(pg, param_map)) self.facts.update({'aed_protectiongroups': pg_list}) return
def get_have(api, module): st_name = module.params.get('name') resp_code, raw_config = api.get_config( 'protection-groups/server-types/', query_params=dict(serverName=st_name)) if resp_code in ResponseCodes.GOOD_RESP: st_list = raw_config.get('server-types') if st_list is None: # Need to create it, requires a 'base' server type. if not (module.params.get('base_server_type')): raise AEDAPIError( 'Server Type "{}" does not exist, creating new server type ' 'requires base_server_type defined'.format(st_name)) return dict( name=st_name, present=False, ) elif len(st_list) is 1: rest_dict = st_list[0] ans_dict = rest_to_ans(rest_dict, PARAM_MAP) ans_dict['protection_level_high'] = pl_rest_to_ans( rest_dict['protectionLevels']['high'], P_LEVEL_MAP) ans_dict['protection_level_low'] = pl_rest_to_ans( rest_dict['protectionLevels']['low'], P_LEVEL_MAP) ans_dict['protection_level_medium'] = pl_rest_to_ans( rest_dict['protectionLevels']['medium'], P_LEVEL_MAP) ans_dict['present'] = True return ans_dict else: # not good.... raise AEDAPIError( 'Multiple Server Types match name, can only configure ' 'one at a time.') else: raise AEDAPIError('APIError: Failed fetching config. ' 'response code:{}, response:{}'.format( resp_code, raw_config))
def populate(self): param_map = [ ('name', 'serverName', str), ('server_type', 'serverType', int), ('http_reporting', 'httpReporting', bool), ('profilling', 'profiling', bool), ('profiling_duration', 'profilingDuration', int), ('profiling_start', 'profilingStart', int), ('stix_enabled', 'stixEnabled', None), ] p_levels = [ 'protection_level_high', # noqa 'protection_level_low', 'protection_level_medium' ] p_level_map = [ ('appbehavior', [('appbehavior_interrupt_count', 'interruptCnt', int)]), ('botnet', [('botnet_basic', 'basic', bool), ('botnet_segment', 'segment', bool), ('botnet_signatures', 'signatures', bool)]), ('connlimit', [('connection_limit_enabled', 'enabled', bool)]), ('detectIcmp', [('detect_icmp_enabled', 'enabled', bool), ('detect_icmp_bps', 'icmpBps', int), ('detect_icmp_rate', 'icmpRate', int)]), ('detectSyn', [('detect_syn_flood_enabled', 'enabled', bool), ('detect_syn_flood_delta_rate', 'synAckDeltaRate', int), ('detect_syn_flood_rate', 'synRate', int)]), ('dnsAuth', [('dns_auth_enable', 'enabled', bool)]), ('dnsMalform', [('dns_malform_enable', 'enabled', bool)]), ('dnsNxdomain', [('dns_nx_domain_rate', 'rate', int)]), ('dnsQuery', [('dns_query_rate', 'rate', int)]), ('dnsRegex', [('dns_regex_list', 'statement', list)]), ('filter', [('filter_list', 'statement', list)]), ('fragmentation', [('fragmentation_detection_enabled', 'enabled', bool), ('fragmentation_detection_bps', 'bps', int), ('fragmentation_detection_pps', 'pps', int)]), ('httpMalform', [('http_malform_enabled', 'enabled', bool)]), ('httpProxyDetect', [('http_proxy_detect_enabled', 'enabled', bool) ]), ('httpRatelimit', [('http_rate_limit_object_rate', 'objectRate', int), ('http_rate_limit_request_rate', 'requestRate', int)]), ('httpRegex', [('http_regex_list', 'statement', list)]), ('idleReset', [('idle_reset_enabled', 'enabled', bool), ('idle_reset_bit_rate', 'bitRate', int), ('idle_reset_idle_timeout', 'idleTimeout', int), ('idle_reset_init_size', 'initSize', int), ('idle_reset_init_timeout', 'initTimeout', int), ('idle_reset_num_idles', 'numIdles', int), ('idle_reset_track_long_lived', 'trackLongLived', bool)]), ('multicast', [('multicast_enabled', 'enabled', bool)]), ('privateAddress', [('private_addresses_enabled', 'enabled', bool) ]), ('regex', [('regex_enabled', 'enabled', bool), ('regex_blacklist_enable', 'blacklistEnable', bool), ('regex_include_headers', 'includeHeaders', bool), ('regex_match_source_port', 'matchSrcPort', bool), ('regex_pattern', 'pattern', list), ('regex_tcp_ports', 'tcpPorts', list), ('regex_udp_ports', 'udpPorts', list)]), ('reputation', [('reputation_enabled', 'enabled', bool), ('reputation_asert_confidence', 'asertConfidence', str), ('reputation_categories', 'categories', dict), ('reputation_custom_confidence', 'customConfidence', str), ('reputation_use_custom', 'useCustom', bool)]), ('shaping', [('shaping_enabled', 'enabled', bool), ('shaping_bps', 'bps', int), ('shaping_filter', 'filter', list), ('shaping_pps', 'pps', int)]), ('sipMalform', [('sip_malform_enabled', 'enabled', bool)]), ('sipRequest', [('sip_request_rate', 'rate', int)]), ('synAuth', [('syn_auth_enabled', 'enabled', bool), ('syn_auth_automation_enabled', 'automationEnabled', bool), ('syn_auth_automation_threshold', 'automationThreshold', bool), ('syn_auth_destination_ports', 'dstPorts', list), ('syn_auth_http_auth_enabled', 'httpAuthEnabled', bool), ('syn_auth_javascript_enabled', 'javascriptEnabled', bool), ('syn_auth_out_of_sequence_enabled', 'outOfSeqEnabled', bool), ('syn_auth_soft_reset_enabled', 'softResetEnabled', bool)]), ('tlsMalform', [('tls_malfom_enabled', 'enabled', bool)]), ('udpFlood', [('udp_flood_enabled', 'enabled', bool), ('udp_flood_bps', 'bps', int), ('udp_flood_pps', 'pps', int)]), ('webcrawler', [('webcrawler_enabled', 'enabled', bool)]), ('zombie', [('zombie_bps', 'bps', int), ('zombie_pps', 'pps', int)]) ] all_sts = self.get_config('protection-groups/server-types').get( 'server-types') st_list = [] for st_rest in all_sts: st_config = rest_to_ans(st_rest, param_map) st_config['protection_level_high'] = self.pl_rest_to_ans( st_rest['protectionLevels']['high'], p_level_map) st_config['protection_level_low'] = self.pl_rest_to_ans( st_rest['protectionLevels']['low'], p_level_map) st_config['protection_level_medium'] = self.pl_rest_to_ans( st_rest['protectionLevels']['medium'], p_level_map) st_list.append(st_config) self.facts.update({'aed_server_types': st_list}) return