class TestDomains(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_01_get_domains(self): self.mock_get_uri.return_value.content = fake_request_response( "domains") domains = self.helper.get_domains() self.assertIsInstance(domains, Domains) @patch('pytos.securetrack.helpers.Domain.from_xml_string') def test_02_get_domain_by_id(self, mock_domain): mock_domain.return_value = Domain(1, 'default') with patch( 'pytos.common.rest_requests.requests.Request') as mock_get_uri: self.helper.get_domain_by_id(1) mock_get_uri.assert_called_with( 'GET', 'https://localhost/securetrack/api/domains/1', auth=('username', 'password'), headers={}, params=None)
def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200
class TestTopology(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_03_get_topology_interfaces(self): self.mock_get_uri.return_value.content = fake_request_response( "interfaces") topology_interfaces_list = self.helper.get_topology_interfaces(173) self.assertIsInstance(topology_interfaces_list, Topology_Interfaces_List) def test_03_failed_to_get_topology_interfaces(self): self.mock_get_uri.return_value.content = fake_request_response( "bad_request_error") self.mock_get_uri.return_value.status_code = 400 with self.assertRaises(REST_Bad_Request_Error): self.helper.get_topology_interfaces(173)
class TestServices(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_01_get_services_for_device(self): self.mock_get_uri.return_value.content = fake_request_response( "services") services = self.helper.get_services_for_device(158) self.assertIsInstance(services, Services_List) def test_02_get_service_for_device_by_name(self): self.mock_get_uri.return_value.content = fake_request_response( "services") with patch( 'pytos.common.rest_requests.requests.Request') as mock_get_uri: service = self.helper.get_service_for_device_by_name( 158, 'service1') mock_get_uri.assert_called_with( 'GET', 'https://localhost/securetrack/api/devices/158/services?name=service1', auth=('username', 'password'), headers={}, params=None) def test_03_get_service_by_device_and_object_id(self): self.mock_get_uri.return_value.content = fake_request_response( "services") with patch( 'pytos.common.rest_requests.requests.Request') as mock_get_uri: service = self.helper.get_service_by_device_and_object_id( 158, 17973529) mock_get_uri.assert_called_with( 'GET', 'https://localhost/securetrack/api/devices/158/services/17973529', auth=('username', 'password'), headers={}, params=None) def test_04_get_member_services_for_group_service(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects") g_network_object = self.helper.get_network_objects_for_device(158)[-1] self.mock_get_uri.return_value.content = fake_request_response( "services") members = self.helper.get_member_network_objects_for_group_network_object( g_network_object, 158) self.assertIsInstance(members, list)
class TestGeneralSettings(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch('pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_03_get_change_authorization_status(self): self.mock_get_uri.return_value.content = fake_request_response("revisions") revisions = self.helper.get_device_revisions_by_id(device_id=158) self.assertIsInstance(revisions, Device_Revisions_List)
class TestNetworkObjects(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_01_get_network_objects_for_device(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects") network_objects = self.helper.get_network_objects_for_device(158) self.assertIsInstance(network_objects, Network_Objects_List) def test_02_network_object_text_search(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects") with patch( 'pytos.common.rest_requests.requests.Request') as mock_get_uri: network_objects = self.helper.network_object_text_search( "192.168", "any_field") mock_get_uri.assert_called_with( 'GET', 'https://localhost/securetrack/api/network_objects/search?filter=text&any_field=192.168', auth=('username', 'password'), headers={}, params=None) self.assertIsInstance(network_objects, Network_Objects_List) def test_03_network_object_subnet_search(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects") with patch( 'pytos.common.rest_requests.requests.Request') as mock_get_uri: network_objects = self.helper.network_object_subnet_search( "192.168.0.0", "contained_in") mock_get_uri.assert_called_with( 'GET', 'https://localhost/securetrack/api/network_objects/search?filter=subnet&contained_in=192.168.0.0', auth=('username', 'password'), headers={}, params=None) # def test_04_get_network_objects(self): # network_objects = self.helper.get_network_objects() # self.assertIsInstance(network_objects, dict) # self.assertTrue(len(network_objects) > 0) # def test_04_get_network_object_by_device_and_object_id(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects") with patch( 'pytos.common.rest_requests.requests.Request') as mock_get_uri: network_object = self.helper.get_network_object_by_device_and_object_id( 158, 3418214) mock_get_uri.assert_called_with( 'GET', 'https://localhost/securetrack/api/devices/158/network_objects/3418214', auth=('username', 'password'), headers={}, params=None) def test_05_get_member_network_objects_for_group_network_object(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects") g_network_object = self.helper.get_network_objects_for_device(158)[-1] members = self.helper.get_member_network_objects_for_group_network_object( g_network_object, 158) self.assertIsInstance(members, list)
class TestDevices(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("127.0.0.1", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_01_get_device(self): self.mock_get_uri.return_value.content = fake_request_response( "device_by_id") device_by_id = self.helper.get_device_by_id(159) self.assertIsInstance(device_by_id, Device) def test_02_get_devices_list(self): self.mock_get_uri.return_value.content = fake_request_response( "device_list") devices_list = self.helper.get_devices_list() self.assertIsInstance(devices_list, Devices_List) self.assertTrue(len(devices_list) == devices_list.count) self.assertTrue(devices_list.count > 0) def test_03_get_devices_list_with_custom_param(self): self.mock_get_uri.return_value.content = fake_request_response( "device_list") devices_list = self.helper.get_devices_list( custom_params={'vendor': 'cisco'}) self.assertIsInstance(devices_list, Devices_List) self.assertEqual(len(devices_list), devices_list.count) self.assertTrue(devices_list.count > 0) def test_04_get_device_id_by_name(self): self.mock_get_uri.return_value.content = fake_request_response( "device_list") device_id = self.helper.get_device_id_by_name( device_name="Router 2801") self.assertTrue(device_id, 155) # assert invalid request - 2 devices with same name with self.assertRaises(IndexError): self.helper.get_device_id_by_name(device_name="ASA FireWall") # assert invalid request - Non existing device with self.assertRaises(ValueError): self.helper.get_device_id_by_name( device_name="NonExistingDeviceName") def test_05_get_cleanups_for_device_by_id(self): self.mock_get_uri.return_value.content = fake_request_response( "cleanups_by_device_id") cleanups = self.helper.get_cleanups_for_device_by_id(155) self.assertIsInstance(cleanups, Generic_Cleanup_List) self.assertTrue(len(cleanups) > 0) def test_06_failed_to_get_cleanups_for_device_by_id(self): self.mock_get_uri.return_value.status_code = 404 self.mock_get_uri.return_value.content = fake_request_response( "no_found_error") with self.assertRaises(ValueError): self.helper.get_cleanups_for_device_by_id(5555) def test_07_get_bindings_for_device(self): self.mock_get_uri.return_value.content = fake_request_response( "device_bindings") binding = self.helper.get_bindings_for_device(155) self.assertIsInstance(binding, Bindings_List) self.assertTrue(len(binding) > 0) def test_08_get_interfaces_for_device(self): self.mock_get_uri.return_value.content = fake_request_response( "device_interfaces") interfaces = self.helper.get_interfaces_for_device(155) self.assertIsInstance(interfaces, Interfaces_List) self.assertTrue(len(interfaces) > 0) def test_09_get_device_config(self): self.assertEqual(self.helper.get_device_config_by_id(159), b'\x00') def test_10_add_offline_device(self): global added_offline_device_id self.mock_get_uri.return_value.status_code = 201 self.mock_get_uri.return_value.headers = {'location': '1'} added_offline_device_id = self.helper.add_offline_device( "TEST_DEVICE_123", "Cisco", "router") self.assertIsInstance(added_offline_device_id, int)
class TestZonesPoliciesAndRevisions(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("localhost", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_01_get_zones(self): self.mock_get_uri.return_value.content = fake_request_response("zones") zones = self.helper.get_zones() self.assertIsInstance(zones, Zone_List) def test_02_post_zone(self): src_xml = fake_request_response("post_zone") src_tree = lxml.etree.fromstring(src_xml) src_b = io.BytesIO() src_tree.getroottree().write_c14n(src_b) comment = 'Name: {}, Created at: {}'.format("New Zone", "2017-04-22 10:09:18") zone_obj = Zone(None, "New Zone", comment) dst_tree = lxml.etree.fromstring(zone_obj.to_xml_string()) dst_b = io.BytesIO() dst_tree.getroottree().write_c14n(dst_b) self.assertEqual(src_b.getvalue(), dst_b.getvalue()) def test_03_post_security_policy_matrix(self): self.mock_get_uri.return_value.headers = {'location': '1'} self.mock_get_uri.return_value.content = fake_request_response("zones") security_policy_name = 'Some Policy Name' security_policy = { 'internal': { 'external': { 'severity': 'critical', 'access_type': 'ignored', 'allowed_services': '' } }, 'external': { 'internal': { 'severity': 'high', 'access_type': 'restricted', 'allowed_services': 'https;Other 53;AOL;udp 88' } }, 'dmz': { 'internal': { 'severity': 'critical', 'access_type': 'blocked', 'allowed_services': '' }, 'dmz': { 'severity': 'low', 'access_type': 'ignored', 'allowed_services': '' } } } policy_id = self.helper.post_security_policy_matrix( security_policy_name, security_policy) self.assertEqual(policy_id, 1) def test_04_post_zone_entry(self): self.mock_get_uri.return_value.headers = {'location': '1'} self.mock_get_uri.return_value.status_code = 201 zone_entry = Zone_Entry(1234, "Description", "1.1.1.1", 0, '255.255.255.255', 36) with patch('pytos.common.rest_requests.requests.Request' ) as mock_post_uri: entry_id = self.helper.post_zone_entry(zone_entry.zoneId, zone_entry) self.assertEqual(entry_id, 1) mock_post_uri.assert_called_with( 'POST', 'https://localhost/securetrack/api/zones/36/entries?context=1', auth=('username', 'password'), data= '<zone_entry>\n <comment>Description</comment>\n <id>1234</id>\n <ip>1.1.1.1</ip>\n <netmask>255.255.255.255</netmask>\n <zoneId>36</zoneId>\n</zone_entry>', headers={'Content-Type': 'application/xml'}) def test_05_delete_zone_entry(self): with patch('pytos.common.rest_requests.requests.Request' ) as mock_post_uri: result = self.helper.delete_zone_entry_by_zone_and_entry_id(1, 1) self.assertTrue(result) mock_post_uri.assert_called_with( 'DELETE', 'https://localhost/securetrack/api/zones/1/entries/1?context=1', auth=('username', 'password'), headers={'Content-Type': 'application/xml'}) def test_06_modify_zone_entry(self): self.mock_get_uri.return_value.content = fake_request_response( "zone_entries") zone_entries = self.helper.get_entries_for_zone_id(13) zone_entry = zone_entries[0] zone_entry.comment = "Modified entry" zone_entry.ip = '101.101.101.101' zone_entry.negate = 0 zone_entry.netmask = '255.255.255.255' with patch('pytos.common.rest_requests.requests.Request' ) as mock_post_uri: result = self.helper.put_zone_entry(13, zone_entry) self.assertTrue(result) mock_post_uri.assert_called_with( 'PUT', 'https://localhost/securetrack/api/zones/13/entries/54?context=1', auth=('username', 'password'), data= '<zone_entry>\n <comment>Modified entry</comment>\n <id>54</id>\n <ip>101.101.101.101</ip>\n <negate>0</negate>\n <netmask>255.255.255.255</netmask>\n <zoneId>13</zoneId>\n</zone_entry>', headers={'Content-Type': 'application/xml'}) def test_07_get_zone_by_name(self): self.mock_get_uri.return_value.content = fake_request_response("zones") zone = self.helper.get_zone_by_name("dmz") self.assertIsInstance(zone, Zone) self.assertEqual(zone.name, "dmz") def test_08_get_device_revisions_by_id(self): self.mock_get_uri.return_value.content = fake_request_response( "revisions") revisions = self.helper.get_device_revisions_by_id(device_id=155) self.assertIsInstance(revisions, Device_Revisions_List) self.assertTrue(len(revisions) > 0) def test_09_get_policy_analysis(self): self.mock_get_uri.return_value.content = fake_request_response( "policy_analysis_query_result") policy_analysis = self.helper.get_policy_analysis(155) self.assertIsInstance(policy_analysis, Policy_Analysis_Query_Result) def test_10_get_security_policies(self): self.mock_get_uri.return_value.content = fake_request_response( "securitypolicylist") policies = self.helper.get_security_policies() self.assertIsInstance(policies, Security_Policies_List) def test_11_get_security_policy_by_name(self): self.mock_get_uri.return_value.content = fake_request_response( "securitypolicylist") policy = self.helper.get_security_policy_by_name("policy") self.assertIsInstance(policy, Security_Policy) self.assertEqual(policy.name, "policy") def test_12_get_security_policy_by_id(self): self.mock_get_uri.return_value.content = fake_request_response( "securitypolicylist") policy = self.helper.get_security_policy_by_id(3) self.assertEqual(policy.id, 3) def test_13_delete_security_policy_matrix(self): with patch('pytos.common.rest_requests.requests.Request' ) as mock_post_uri: result = self.helper.delete_security_policy_matrix(3) self.assertTrue(result) mock_post_uri.assert_called_with( 'DELETE', 'https://localhost/securetrack/api/security_policies/3', auth=('username', 'password'), headers={'Content-Type': 'application/xml'}) def test_14_get_revision_by_id(self): self.mock_get_uri.return_value.content = fake_request_response( "revision") revision = self.helper.get_revision_by_id(5685) self.assertIsInstance(revision, Device_Revision) self.assertTrue(revision.id, 5685) def test_15_get_security_policy_device_violations_by_severity(self): self.mock_get_uri.return_value.content = fake_request_response( "security_policy_device_violations") violations = self.helper.get_security_policy_device_violations_by_severity( 159, "CRITICAL", "SECURITY_POLICY") self.assertIsInstance(violations, SecurityPolicyDeviceViolations) def test_16_get_policies_for_revision(self): self.mock_get_uri.return_value.content = fake_request_response( "policies") policies = self.helper.get_policies_for_revision(1) self.assertIsInstance(policies, Policy_List) def test_17_post_security_policy_exception(self): self.mock_get_uri.return_value.headers = {'location': '1'} self.mock_get_uri.return_value.status_code = 201 xml = fake_request_response("exception") policy_exception = security_policy.Security_Policy_Exception.from_xml_string( xml.decode("utf-8")) with patch('pytos.common.rest_requests.requests.Request' ) as mock_post_uri: self.helper.post_security_policy_exception(policy_exception) mock_post_uri.assert_called_with( 'POST', 'https://localhost/securetrack/api/security_policies/exceptions/?context=1', auth=('username', 'password'), data=policy_exception.to_xml_string(), headers={'Content-Type': 'application/xml'}) def test_18_delete_zone_by_zone_id(self): with patch('pytos.common.rest_requests.requests.Request' ) as mock_delete_uri: self.helper.delete_zone_by_zone_id(1, True) mock_delete_uri.assert_called_with( 'DELETE', 'https://localhost/securetrack/api/zones/1', auth=('username', 'password'), headers={'Content-Type': 'application/xml'}) def test_19_get_zone_descendants(self): self.mock_get_uri.return_value.content = fake_request_response( "zone_descendants") zone_descendants_list = self.helper.get_zone_descendants("16") self.assertIsInstance(zone_descendants_list, ZoneDescendantsList) def test_20_delete_security_policy_exception(self): with patch('pytos.common.rest_requests.requests.Request' ) as mock_delete_uri: self.helper.delete_security_policy_exception(1) mock_delete_uri.assert_called_with( 'DELETE', 'https://localhost/securetrack/api/security_policies/exceptions/1', auth=('username', 'password'), headers={'Content-Type': 'application/xml'})
class TestRules(unittest.TestCase): def setUp(self): self.helper = Secure_Track_Helper("127.0.0.1", ("username", "password")) self.patcher = patch( 'pytos.common.rest_requests.requests.Session.send') self.mock_get_uri = self.patcher.start() self.mock_get_uri.return_value.status_code = 200 def tearDown(self): self.patcher.stop() def test_01_get_shadowed_rules(self): self.mock_get_uri.return_value.content = fake_request_response( "cleanup_set") cleanup = self.helper.get_shadowed_rules_for_device_by_id(155) self.assertIsInstance(cleanup, Cleanup_Set) def test_02_get_rule_by_device_and_rule_id(self): self.mock_get_uri.return_value.content = fake_request_response("rules") rules = self.helper.get_rule_by_device_and_rule_id(155, 1318013) self.assertEqual(rules[0].id, 1318013) def test_03_get_rules_for_device(self): self.mock_get_uri.return_value.content = fake_request_response("rules") rules = self.helper.get_rules_for_device(155) self.assertIsInstance(rules, Rules_List) self.assertTrue(len(rules) > 0) def test_04_failed_to_get_rules_for_device(self): self.mock_get_uri.return_value.content = fake_request_response( "empty_rules") rules = self.helper.get_rules_for_device(155) self.assertIsInstance(rules, Rules_List) self.assertTrue(len(rules) == 0) def test_05_get_shadowing_rules_for_device_id_and_rule_uids(self): self.mock_get_uri.return_value.content = fake_request_response( "cleanup_set") uid = "{53b95431-73ee-43de-a153-d299f4eb4804}" shadowing_rules = self.helper.get_shadowing_rules_for_device_id_and_rule_uids( 155, uid) self.assertIsInstance(shadowing_rules, Cleanup_Set) def test_06_failed_get_shadowing_rules_for_device_id_and_rule_uids(self): self.mock_get_uri.return_value.content = fake_request_response( "bad_request_error") self.mock_get_uri.return_value.status_code = 400 with self.assertRaises(REST_Bad_Request_Error): self.helper.get_shadowing_rules_for_device_id_and_rule_uids( 155, []) def test_07_get_devices_by_rule_search(self): self.mock_get_uri.return_value.content = fake_request_response( "device_list_by_rule_search") devices = self.helper.get_devices_by_rule_search() self.assertIsInstance(devices, RuleSearchDeviceList) def test_08_rule_search_for_device(self): self.mock_get_uri.return_value.content = fake_request_response("rules") rules = self.helper.rule_search_for_device(155) self.assertIsInstance(rules, Rules_List) self.assertTrue(len(rules) > 0) def test_09_get_rules_for_revision(self): self.mock_get_uri.return_value.content = fake_request_response("rules") rules = self.helper.get_rules_for_revision(1, True) self.assertIsInstance(rules, Rules_List) self.assertTrue(len(rules) > 0) def test_10_rule_documentation_format(self): src_xml = fake_request_response("rule_documentation") src_tree = lxml.etree.fromstring(src_xml) src_b = io.BytesIO() src_tree.getroottree().write_c14n(src_b) # create a new record set fot the rule documentation record_sets = [ Record_Set("*****@*****.**", "admin", "2019-01-08T00:00:00+02:00", 1235, "this is a comment", "") ] rd = Rule_Documentation("admin", 'Comment for unittest suit', record_sets, '', True) dst_tree = lxml.etree.fromstring(rd.to_xml_string()) dst_b = io.BytesIO() dst_tree.getroottree().write_c14n(dst_b) self.assertEqual(src_b.getvalue(), dst_b.getvalue()) def test_11_get_rule_documentation_by_device_id_and_rule_id(self): self.mock_get_uri.return_value.content = fake_request_response( "rule_documentation") rd = self.helper.get_rule_documentation_by_device_id_and_rule_id( 155, 1330304) self.assertIsInstance(rd, Rule_Documentation) def test_12_failed_to_get_rule_documentation_by_device_id_and_rule_id( self): self.mock_get_uri.return_value.content = fake_request_response( "not_found_error") self.mock_get_uri.return_value.status_code = 404 with self.assertRaises(ValueError): self.helper.get_rule_documentation_by_device_id_and_rule_id( 155, 1330303) def test_13_get_network_objects(self): self.mock_get_uri.return_value.content = fake_request_response( "network_objects_search") network_objects = self.helper.network_object_text_search( "81.81.81.5", "any_field") self.assertIsInstance(network_objects, Network_Objects_List)
from pytos.securechange.xml_objects.rest import Ticket, Group_Change_Node, Elements, XML_List, \ Group_Change_Member_Object, TYPE_HOST from common.secret_store import SecretDb logger = logging.getLogger(COMMON_LOGGER_NAME) conf = Secure_Config_Parser( config_file_path="/usr/local/orca/conf/custom.conf") secret_helper = SecretDb() st_cred = (secret_helper.get_username('securetrack'), secret_helper.get_password('securetrack')) sc_cred = (secret_helper.get_username('securechange'), secret_helper.get_password('securechange')) sc_host = conf.get("securechange", "host") st_host = conf.get("securetrack", "host") sc_helper = Secure_Change_Helper(sc_host, sc_cred) st_helper = Secure_Track_Helper(st_host, st_cred) orca_host = conf.get("integration setup", "hostname") ticket_template_path = conf.get("integration setup", "change_group_ticket_template_path") group_path_url = conf.get("integration setup", "group_path_url") orca_update_task_url = conf.get("integration setup", "orca_update_task_url") PID_FILE = '/var/run/orca_group_change.pid' CHANGE_ADDED_STATUS = "ADDED" CHANGE_CREATE_STATUS = "CREATE" NOT_CHANGE_STATUS = "NOT_CHANGED" AUTH_TOKEN_KEY = 'auth_header_integration' SUPPORTED_MODELS = [ 'Panorama_device_group', 'cp_domain_r80plus', 'asa', 'junos', 'fmg_adom' ]
def setUpClass(cls): cls.helper = Secure_Track_Helper("localhost", ("username", "password")) cls.patcher = patch('pytos.common.rest_requests.requests.Session.send') cls.mock_get_uri = cls.patcher.start() cls.mock_get_uri.return_value.status_code = 200
def main(): cli_args = get_cli_args() device = cli_args.device or input('Enter device ID or name: ') hostname = cli_args.hostname or input('Enter SecureTrack hostname or IP: ') username = cli_args.username or input('Enter SecureTrack username: '******'Enter SecureTrack password: '******'.', end='') sys.stdout.flush() rules = { cleanup.rule.uid: cleanup.rule.rule_text for cleanup in st_helper.get_shadowed_rules_for_device_by_id( device.id).shadowed_rules_cleanup.shadowed_rules } print('.', end='') sys.stdout.flush() shadowed_rules = st_helper.\ get_shadowing_rules_for_device_id_and_rule_uids(device.id, [u for u in rules]).shadowed_rules_cleanup.shadowed_rules print('.') sys.stdout.flush() print('Rules to remove for device: {}'.format(device.name)) shadowing_warning = { cleanup.rule.uid: [ shadowing_rule.rule_text for shadowing_rule in cleanup.shadowing_rules ] for cleanup in shadowed_rules if any([ shadowing_rule.src_services for shadowing_rule in cleanup.shadowing_rules ]) } shadowed_warning = { cleanup.rule.uid: [ shadowing_rule.rule_text for shadowing_rule in cleanup.shadowing_rules ] for cleanup in shadowed_rules if cleanup.rule.src_services } print('no {}'.format('\nno '.join([ rules[uid] for uid in set(rules) - set(shadowed_warning) - set(shadowing_warning) ]))) print( '***THE BELOW SHADOWING RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***' ) print('\n'.join([ '{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid]) for uid, shadowed_rules in shadowing_warning.items() ])) print( '***THE BELOW SHADOWED RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***' ) print('\n'.join([ '{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid]) for uid, shadowed_rules in shadowed_warning.items() ]))
#!/usr/bin/python3.4 import os from pytos.securetrack.helpers import Secure_Track_Helper #Files go here confbackdir = '/tmp/tufin/' t_ip = '<IP>' t_user = '******' t_pass = '******' # No edit past here... st_helper = Secure_Track_Helper(t_ip, (t_user, t_pass)) print("Fetching Devices...") try: devices = st_helper.get_devices_list() except: print("Error reading devices") exit() if (not os.path.exists(confbackdir)): os.makedirs(confbackdir) # print(devices) for d in devices: filename = d.name + '-' + str(d.id) print("Getting config for {}".format(filename)) try: c = st_helper.get_device_config_by_id(d.id) except: print("Config failed for {}".format(filename)) continue