예제 #1
0
def main():

    payload = dict(name=dict(type='str', required=True),
                   ip_address=dict(type='str'),
                   port=dict(type='int', required=True),
                   identifier=dict(type='str'),
                   waf_host=dict(type='str', required=True),
                   service_name=dict(type='str', required=True),
                   comments=dict(type='str'),
                   status=dict(type='str', required=True),
                   address_version=dict(type='str'),
                   hostname=dict(type='str'),
                   state=dict(type='str', required=True))

    choice_map = {"present": svr_create, "absent": svr_delete}

    module = AnsibleModule(argument_spec=payload)
    logs = logger()

    is_error, has_changed, result = choice_map.get(module.params['state'])(
        module.params)

    if not is_error:
        module.exit_json(changed=has_changed, meta=result)
    else:
        module.fail_json(msg="Error executing this request", meta=result)
def svr_update(data):
    logs = logger()
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    svr_name = data['name']
    svc_name = data['service_name']
    svr_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + svc_name + "/content-rules/" + data[
        'rule_group_name'] + "/content-rule-servers/" + svr_name

    update_payload = {
        "hostname": data['hostname'],
        "port": data['port'],
        "status": data['status'],
        "ip-address": data['ip_address'],
        "identifier": data['identifier'],
        "comments": data['comments']
    }

    delete_list = list()
    for key in update_payload.keys():
        if update_payload.values() is None:
            delete_list = list.append[key]
    for key in delete_list:
        del update_payload[key]
    r = requests.put(svr_url,
                     headers=headers,
                     data=json.dumps(update_payload),
                     verify=False)
    if r.status_code == 200:
        result = {"status_code": r.status_code, "msg": r.text}
        return False, True, result
    else:
        result = {"status_code": r.status_code, "msg": r.text}
        return True, False, result
예제 #3
0
def main():
    payload = dict(name=dict(type='str', required=True),
                   comments=dict(type='str'),
                   url_match=dict(type='str', required=True),
                   extended_match_sequence=dict(type='int',
                                                required=False,
                                                default=1000),
                   extended_match=dict(type='str', default="*"),
                   web_firewall_policy=dict(type='str', default="default"),
                   host_match=dict(type='str', required=True),
                   status=dict(type='str', default="On"),
                   app_id=dict(type='str'),
                   access_log=dict(type='str', default="Enable"),
                   mode=dict(type='str', default="Passive"),
                   waf_host=dict(type='str', required=True),
                   service_name=dict(type='str', required=True),
                   state=dict(type='str', required=True))

    choice_map = {"present": rule_grp_create, "absent": rule_grp_delete}
    logs = logger()
    module = AnsibleModule(argument_spec=payload)

    is_error, has_changed, result = choice_map.get(module.params['state'])(
        module.params)

    if not is_error:
        module.exit_json(changed=has_changed, meta=result)
    else:
        module.fail_json(msg="Error executing this request", meta=result)
def system_info(data):
    logs = logger()
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    system_update_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/system"
    r = requests.get(system_update_url, headers=headers, verify=False)
    system_info = json.loads(r.text)
    wan_params = system_info['data']['System']
    system_ip = wan_params["WAN Configuration"]['ip-address']
    return system_ip
def svr_create(data):
    logs = logger()
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    svr_name = data['name']
    svc_name = data['service_name']

    svr_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + svc_name + "/content-rules/" + data[
        'rule_group_name'] + "/content-rule-servers/" + svr_name

    svr_info = requests.get(svr_url, headers=headers, verify=False)
    #del data['waf_host']
    #del data['state']
    #del data['service_name']

    if svr_info.status_code == 200:
        #check for server parameters to figure if PUT is required
        #if svr_info = data_info:
        return svr_update(data)
    if svr_info.status_code == 404:

        svr_payload = {
            "ip-address": data['ip_address'],
            "comments": data['comments'],
            "name": data['name'],
            "status": data['status'],
            "port": data['port'],
            "identifier": data['identifier'],
            "address-version": data['address_version'],
            "hostname": data['hostname']
        }

        if data['identifier'] != "Hostname":
            del svr_payload['hostname']

        svr_common_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + svc_name + "/content-rules/" + data[
            'rule_group_name'] + "/content-rule-servers"
        r = requests.post(svr_common_url,
                          data=json.dumps(svr_payload),
                          headers=headers,
                          verify=False)

        if r.status_code == 201:
            return svr_update(data)
        else:
            result = {"status_code": r.status_code, "msg": r.text}
            return True, False, result
예제 #6
0
def main():
    payload = dict(
        waf_host=dict(type='str', required=True),
        service_name=dict(type='str', required=True),
        enable_hsts=dict(type='str'),
        include_hsts_sub_domains=dict(type='list'),
        enable_tls_1_3=dict(type='str'),
        override_ciphers_tls_1_1=dict(type='str'),
        enable_pfs=dict(type='str'),
        selected_ciphers=dict(type='list'),
        override_ciphers_tls_1=dict(type='str'),
        enable_sni=dict(type='str'),
        override_ciphers_ssl3=dict(type='str'),
        certificate=dict(type='str'),
        enable_tls_1_1=dict(type='str'),
        sni_ecdsa_certificate=dict(type='str'),
        ciphers=dict(type='list'),
        enable_strict_sni_check=dict(type='str'),
        enable_tls_1_2=dict(type='str'),
        enable_ssl_3=dict(type='str'),
        ecdsa_certificate=dict(type='str'),
        enable_tls_1=dict(type='str'),
        status=dict(type='str', required=True),
        hsts_max_age=dict(type='int'),
        domain=dict(type='list'),
        sni_certificate=dict(type='str'),
    )
    logs = logger()
    config_map = {
        "on": ssl_config_update,
        "off": ssl_config_update,
    }

    module = AnsibleModule(argument_spec=payload)
    logs.debug(type(module))
    is_error, has_changed, result = config_map.get(module.params['status'])(
        module.params)

    if not is_error:

        module.exit_json(changed=has_changed, meta=result)

    else:

        module.fail_json(msg="Error executing this request", meta=result)
def main():
    # define available arguments/parameters a user can pass to the module

    payload = dict(
        waf_host=dict(type='str', required=True),
        name=dict(type='str', required=True),
        port=dict(type='int', required=True),
        ip_address=dict(type='str', required=True),
        service_type=dict(type='str', required=True),
        state=dict(type='str', required=True),
        address_version=dict(type='str', default='IPv4'),
        app_id=dict(type='str'),
        certificate=dict(type='str'),
        vsite=dict(type='str'),
        group=dict(type='str'),
        mask=dict(type='str'),
        status=dict(type='str', default='On'),
        comments=dict(type='str', default='Created by Ansible Playbook'),
        enable_access_logs=dict(type='str'),
        session_timeout=dict(type='int'),
        secure_site_domain=dict(type='list'),
        dps_enabled=dict(type='str'),
    )

    choice_map = {"present": waf_svc_create, "absent": waf_svc_delete}

    module = AnsibleModule(argument_spec=payload)

    is_error, has_changed, result = choice_map.get(module.params['state'])(
        module.params)
    logs = logger()

    if not is_error:
        logs.debug("success condition")
        logs.debug(result)
        module.exit_json(changed=has_changed, meta=result)

    else:
        logs.debug("failure condition")
        logs.debug(result)
        module.fail_json(msg="Error executing this request", meta=result)
예제 #8
0
def ssl_config_update(data):
    logs = logger()
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    svc_name = data['service_name']
    svc_get_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + svc_name
    r = requests.get(svc_get_url, headers=headers, verify=False)
    existing_config = json.loads(r.text)
    service_type = existing_config["data"][svc_name]["type"]
    logs.debug(service_type)
    if r.status_code == 200:
        # build update payload
        ssl_config_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + svc_name + "/ssl-security"
        logs.debug("test message")
        r = requests.get(ssl_config_url, headers=headers, verify=False)
        existing_values = json.loads(r.text)
        existing_config = existing_values["data"][svc_name]["SSL Security"]
        ansible_config = {
            "enable-tls-1-2": data['enable_tls_1_2'],
            "sni-certificate": data['sni_certificate'],
            "sni-ecdsa-certificate": data['sni_ecdsa_certificate'],
            "override-ciphers-ssl3": data['override_ciphers_ssl3'],
            "ciphers": data['ciphers'],
            "selected-ciphers": data['selected_ciphers'],
            "enable-strict-sni-check": data['enable_strict_sni_check'],
            "enable-tls-1-3": data['enable_tls_1_3'],
            "certificate": data['certificate'],
            "override-ciphers-tls-1-1": data['override_ciphers_tls_1_1'],
            "enable-pfs": data['enable_pfs'],
            "status": data['status'],
            "enable-tls-1-1": data['enable_tls_1_1'],
            "domain": data['domain'],
            "enable-ssl-3": data['enable_ssl_3'],
            "hsts-max-age": data['hsts_max_age'],
            "ecdsa-certificate": data['ecdsa_certificate'],
            "override-ciphers-tls-1": data['override_ciphers_tls_1'],
            "include-hsts-sub-domains": data['include_hsts_sub_domains'],
            "enable-tls-1": data['enable_tls_1'],
            "enable-sni": data['enable_sni'],
            "enable-hsts": data['enable_hsts'],
        }
        if existing_config.items() == ansible_config.items():
            result = {
                "msg":
                "existing configuration and ansible configuration are same. No changes made"
            }
            return False, False, result
        else:
            update_config_payload = dict()
            update_config_payload['waf_host'] = data['waf_host']
            delete_list = [
                key for key, value in ansible_config.items() if value is None
            ]
            for key in delete_list:
                del ansible_config[key]
            update_config_payload = ansible_config
            logs.debug(update_config_payload)
            r = requests.put(ssl_config_url,
                             data=json.dumps(update_config_payload),
                             headers=headers,
                             verify=False)
            if r.status_code == 200:
                #result = {"status_code": r.status_code, "msg": r.text}
                return False, True, result_func(r)
            else:
                #result = {"status_code": r.status_code, "msg": r.text}
                return True, False, result_func(r)
    else:
        #result={"msg":"service does not exist"}
        return True, False, result_func(r)
def waf_svc_create(data):
    #Picks up the service attributes from the payload var,
    # makes an API call to the waf to create the service
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    service_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/"

    logs = logger()
    del data['state']

    service_data = {
        "name": data['name'],
        "ip-address": data['ip_address'],
        "port": data['port'],
        "app-id": data['app_id'],
        "comments": data['comments'],
        "address-version": data['address_version'],
        "vsite": data['vsite'],
        "type": data['service_type'],
        "group": data['group'],
        "mask": data['mask'],
        "certificate": data['certificate'],
        "secure-site-domain": data['secure_site_domain'],
    }

    service_url_get = service_url + data['name']
    svc_info = requests.get(service_url_get, headers=headers, verify=False)
    #when service exists and an update is required.
    #need to compare the service_data attributes with the existing configuration and then
    #issue a put command for the changed attribute.

    if svc_info.status_code == 200:
        # compare the service attributes with the payload

        return waf_svc_update(data)

    #when there is no service, create a service
    if svc_info.status_code == 404:
        delete_list = [
            key for key, value in service_data.items() if value is None
        ]
        for key in delete_list:
            del service_data[key]

        if service_data['ip-address'] == 'system_ip':
            service_data['ip-address'] = system_info(data)
        else:
            pass

        r = requests.post(service_url,
                          data=json.dumps(service_data),
                          headers=headers,
                          verify=False)

        if r.status_code == 201:
            if data['service_type'] == "Instant SSL":
                #result={"status_code": r.status_code, "msg":r.text[1]}
                return False, True, result_func(r)
            else:
                logs.debug("service created, checking for updates")
                return waf_svc_update(data)

        if r.status_code != 201:
            #result= {"status_code":r.status_code, "msg": r.text[1]}
            return True, False, result_func(r)
def waf_svc_update(data):
    logs = logger()
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    service_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/"
    service_url_get = service_url + data['name']
    svc_info = requests.get(service_url_get, headers=headers, verify=False)
    config = json.loads(svc_info.text)
    svc_config = config["data"][data['name']]
    update_data_list = [
        "app-id", "comments", "enable-access-logs", "ip-address", "mask",
        "port", "session-timeout", "status"
    ]
    existing_config = dict()
    ansible_config = dict()
    for attribute in update_data_list:
        existing_config[attribute] = config['data'][data['name']][attribute]
    svc_type = config['data'][data['name']]['type']
    if svc_type == 'HTTPS':
        existing_config["secure-site-domain"] = config['data'][
            data['name']]['Instant SSL']['secure-site-domain']
    else:
        pass
    #logs.debug(existing_config)
    ansible_config = {
        "app-id": data['app_id'],
        "comments": data['comments'],
        "enable-access-logs": data['enable_access_logs'],
        "ip-address": data['ip_address'],
        "mask": data['mask'],
        "port": data['port'],
        "session-timeout": data['session_timeout'],
        "status": data['status'],
        "secure-site-domain": data['secure_site_domain'],
    }
    if existing_config.items() == ansible_config.items():
        result = {
            "msg":
            "existing configuration and ansible configuration are same. No changes made"
        }
        return False, False, result
    else:
        logs.debug("hello")
        update_config_payload = dict()
        update_config_payload['waf_host'] = data['waf_host']
        delete_list = [
            key for key, value in ansible_config.items() if value is None
        ]
        logs.debug("****")
        logs.debug(delete_list)
        for key in delete_list:
            del ansible_config[key]
        logs.debug(ansible_config.keys())
        #del ansible_config['secure-site-domain']
        update_config_payload = ansible_config
        #del update_config_payload['waf_host']
        logs.debug("***")
        if update_config_payload['ip-address'] == 'system_ip':
            update_config_payload['ip-address'] = system_info(data)
        else:
            pass

        put_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + data[
            'name']
        r = requests.put(put_url,
                         headers=headers,
                         data=json.dumps(update_config_payload),
                         verify=False)
        logs.debug(r.text)
        if r.status_code == 200:
            #result = {"status_code": r.status_code, "msg": "Configuration Updated"}
            #logs.debug(result)
            return False, True, result_func(r)
        else:
            #result = {"status_code": r.status_code, "msg": r.text[1]}
            return True, False, result_func(r)