def createRulesForEnv(master_config, url_path_prefix="", content_path_prefix="", crc_env = "stage"): # First, add the rules for the landing page. if crc_env == "stage": rules = util.getJSONFromFileWithReplacements("./data/landing_page_rules.json", [("\"cloud.redhat.com\"", "\"cloud.stage.redhat.com\"")]) rules.extend(util.getJSONFromFileWithReplacements("./data/storybook_rules.json", [("\"cloud.redhat.com\"", "\"cloud.stage.redhat.com\"")])) else: rules = util.getJSONFromFile("./data/landing_page_rules.json") rules.extend(util.getJSONFromFile("./data/storybook_rules.json")) # If either url path prefix or content path prefix exists, modify paths on landing page & storybook rules. for rule in rules: if rule["behaviors"][0]["name"] == "rewriteUrl" and rule["behaviors"][0]["options"]["behavior"] == "PREPEND" and "pentest" not in content_path_prefix: rules.remove(rule) if content_path_prefix != "": if rule["behaviors"][0]["name"] == "failAction": rule["behaviors"][0]["options"]["contentPath"] = content_path_prefix + rule["behaviors"][0]["options"]["contentPath"] if url_path_prefix != "": for x in range(len(rule["criteria"])): if rule["criteria"][x]["name"] == "path": for y in range(len(rule["criteria"][x]["options"]["values"])): if rule["criteria"][x]["options"]["values"][y] == "/": rule["criteria"][x]["options"]["values"].append(url_path_prefix) rule["criteria"][x]["options"]["values"][y] = url_path_prefix + rule["criteria"][x]["options"]["values"][y] # Create a template object to copy from (reduces number of read/write ops) if crc_env == "stage": rule_template = util.getJSONFromFileWithReplacements("./data/single_rule_template.json", [("\"cloud.redhat.com\"", "\"cloud.stage.redhat.com\"")]) else: rule_template = util.getJSONFromFile("./data/single_rule_template.json") nomatch_template = util.getJSONFromFile("./data/no_match_criteria.json") # Creates rules for all the apps that follow a pattern. for key, app in master_config.items(): if "frontend" in app and "paths" in app["frontend"] and not ("disabled_on_prod" in app and app["disabled_on_prod"]): app_rule = copy.deepcopy(rule_template) app_rule["name"] = "/" + key app_path = app["frontend"]["app_base"] if "app_base" in app["frontend"] else key app_rule["behaviors"][0]["options"]["contentPath"] = "{}/apps/{}/index.html".format(content_path_prefix, app_path) for frontend_path in app["frontend"]["paths"]: values = [url_path_prefix + frontend_path] values += [url_path_prefix + frontend_path + "/*"] app_rule["criteria"][0]["options"]["values"].extend(values) if "frontend_exclude" in app and len(app["frontend_exclude"]) > 0: app_criteria = copy.deepcopy(nomatch_template) for nomatch in app["frontend_exclude"]: app_criteria["options"]["values"].append(url_path_prefix + nomatch) app_criteria["options"]["values"].append(url_path_prefix + nomatch + "/*") app_rule["criteria"].append(app_criteria) rules.append(app_rule) return rules
def updatePropertyRulesUsingConfig(version_number, master_config_list, crc_env="stage"): print("Creating new ruleset based on list of master configs...") frontend_rule_index = 3 if ("stage" == crc_env) else 2 replacements = [ ("<<prod-gateway-secret>>", util.getEnvVar("GATEWAYSECRET")), ("<<pentest-gateway-secret>>", util.getEnvVar("PENTESTGATEWAYSECRET")), ("<<certauth-gateway-secret>>", util.getEnvVar("CERTAUTHSECRET")), ("<<gateway-origin-json>>", util.readFileAsString(util.getEnvVar("GATEWAYORIGINJSON"))) ] rules_tree = util.getJSONFromFileWithReplacements( "./data/{}/base_rules.json".format(crc_env), replacements) parent_rule_template = util.getJSONFromFile("./data/base_env_rule.json") # Iterate through the configurations for each release for env in master_config_list: parent_rule = copy.deepcopy(parent_rule_template) parent_rule["name"] = "{} (AUTO-GENERATED)".format(env["name"]) if ("url_prefix" not in env or env["url_prefix"] == ""): parent_rule["criteria"][0]["options"][ "matchOperator"] = "DOES_NOT_MATCH_ONE_OF" parent_rule["criteria"][0]["options"]["values"].extend( ["/api", "/api/*", "/mirror/openshift*", "/wss/*"]) # Each env should exclude matches for other envs. for nomatch in (x for x in master_config_list if (x != env["name"] and "url_prefix" in x and x["url_prefix"] != "")): parent_rule["criteria"][0]["options"]["values"].extend( [nomatch["url_prefix"], nomatch["url_prefix"] + "/*"]) else: parent_rule["criteria"][0]["options"][ "matchOperator"] = "MATCHES_ONE_OF" parent_rule["criteria"][0]["options"]["values"].extend( [env["url_prefix"], env["url_prefix"] + "/*"]) # Update pen-test cookie check, if necessary if ("cookie_required" in env and env["cookie_required"]): parent_rule["criteria"][1]["options"]["matchOperator"] = "EXISTS" parent_rule["children"] = createRulesForEnv(env["config"], env["url_prefix"], env["content_path_prefix"], crc_env) rules_tree["rules"]["children"][frontend_rule_index][ "children"].append(parent_rule) # Update property with this new ruleset print("API - Updating rule tree...") response = json.loads( util.akamaiPut( "/papi/v1/properties/{}/versions/{}/rules?contractId=ctr_3-1MMN3Z&groupId=grp_134508&validateRules=true&validateMode=full" .format(util.getPropertyIDForEnv(crc_env), version_number), rules_tree)) print("Response:") print(json.dumps(response))