def get_have(api, module):
"""Get current configuration
Args:
api (AEDApi): AEDApi instance for this connection
module (AnsibleModule): AnsibleModule instance
Returns:
A dict of the current state of the AED License.
"""
have = {}
lic_server_id = module.params.get('server_id', None)
capability = module.params.get('capability', None)
if lic_server_id or not (lic_server_id or capability):
# Get license server config
url = BASE_URI + '/server/'
resp_code, raw_config = api.get_config(url)
verify_response(resp_code, raw_config)
have.update(rest_to_ans(raw_config, SERVER_PARAM_MAP))
if capability or not (lic_server_id or capability):
# Get license capabilities config
url = BASE_URI + '/capabilities/'
resp_code, raw_config = api.get_config(url)
verify_response(resp_code, raw_config)
capabilities = []
for cap in raw_config['capabilities']:
if cap['capability'] == capability or \
not (lic_server_id or capability):
capabilities.append(rest_to_ans(cap, CAPABILITIES_PARAM_MAP))
have['capabilities'] = capabilities
return have
def get_have(api, module):
"""Get current configuration
Args:
api (AEDApi): AEDApi instance for this connection
module (AnsibleModule): AnsibleModule instance
Returns:
A dict of the current state of the interfaces.
"""
# This task is probably setting the
# link state propagation timeouts
if not module.params.get('name'):
# Get all information about interfaces
resp_code, raw_config = api.get_config('mitigation-interfaces')
if resp_code in ResponseCodes.GOOD_RESP:
timeouts = rest_to_ans(raw_config, LP_PARAM_MAP)
return timeouts
else:
raise AEDAPIError('APIError: Failed fetching config. '
'response code:{}, response:{}'.format(
resp_code, raw_config))
else:
intf_name = module.params.get('name')
resp_code, raw_config = api.get_config(
'mitigation-interfaces/{}/'.format(intf_name))
if resp_code in ResponseCodes.GOOD_RESP:
intf = rest_to_ans(raw_config, INTF_PARAM_MAP)
return intf
else:
raise AEDAPIError('APIError: Failed fetching config. '
'response code:{}, response:{}'.format(
resp_code, raw_config))
def populate(self):
param_map = [
('deployment_mode', 'deploymentMode', str),
('protection_active', 'protectionActive',
self.morph_protection_active),
('protection_level', 'protectionLevel',
self.morph_protection_level),
]
self.facts.update(rest_to_ans(self.get_config('summary'), param_map))
def get_have(api):
# single rest GET call, return the dict...
resp_code, raw_config = api.get_config('snmp')
if resp_code == 200:
return rest_to_ans(raw_config, PARAM_MAP)
else:
raise AEDAPIError('APIError: Failed fetching config. '
'response code:{}, response:{}'.format(
resp_code, raw_config))
def populate(self):
"""Gather relevant data for interfaces and format it
for display
"""
lp_param_map = [('link_propagation_up_timeout',
'linkPropagationUpTimeout', int),
('link_propagation_down_timeout',
'linkPropagationDownTimeout', int)]
intf_param_map = [('name', 'interfaceName', str),
('addr', 'address', str)]
intf_config = self.get_config('mitigation-interfaces')
intf_config_list = []
intf_config_list.append(rest_to_ans(intf_config, lp_param_map))
for intf in intf_config.get('mitigationInterfaces'):
intf_config_list.append(rest_to_ans(intf, intf_param_map))
self.facts.update({'aed_interfaces': intf_config_list})
return
def populate(self):
param_map = [('pg_name', 'name', str),
('pg_active', 'active', self.morph_pg_active),
('pg_protected_hosts', 'prefixes', list),
('pg_server_type', 'serverType', self.morph_server_types),
('pg_description', 'description', str),
('pg_protection_level', 'protectionLevel',
self.morph_pg_protection_level), ('pgid', 'pgid', int)]
all_pgs = self.get_config('protection-groups').get('protection-groups')
pg_list = []
for pg in all_pgs:
pg_list.append(rest_to_ans(pg, param_map))
self.facts.update({'aed_protectiongroups': pg_list})
return
def get_have(api, module):
st_name = module.params.get('name')
resp_code, raw_config = api.get_config(
'protection-groups/server-types/',
query_params=dict(serverName=st_name))
if resp_code in ResponseCodes.GOOD_RESP:
st_list = raw_config.get('server-types')
if st_list is None:
# Need to create it, requires a 'base' server type.
if not (module.params.get('base_server_type')):
raise AEDAPIError(
'Server Type "{}" does not exist, creating new server type '
'requires base_server_type defined'.format(st_name))
return dict(
name=st_name,
present=False,
)
elif len(st_list) is 1:
rest_dict = st_list[0]
ans_dict = rest_to_ans(rest_dict, PARAM_MAP)
ans_dict['protection_level_high'] = pl_rest_to_ans(
rest_dict['protectionLevels']['high'], P_LEVEL_MAP)
ans_dict['protection_level_low'] = pl_rest_to_ans(
rest_dict['protectionLevels']['low'], P_LEVEL_MAP)
ans_dict['protection_level_medium'] = pl_rest_to_ans(
rest_dict['protectionLevels']['medium'], P_LEVEL_MAP)
ans_dict['present'] = True
return ans_dict
else: # not good....
raise AEDAPIError(
'Multiple Server Types match name, can only configure '
'one at a time.')
else:
raise AEDAPIError('APIError: Failed fetching config. '
'response code:{}, response:{}'.format(
resp_code, raw_config))
def populate(self):
param_map = [
('name', 'serverName', str),
('server_type', 'serverType', int),
('http_reporting', 'httpReporting', bool),
('profilling', 'profiling', bool),
('profiling_duration', 'profilingDuration', int),
('profiling_start', 'profilingStart', int),
('stix_enabled', 'stixEnabled', None),
]
p_levels = [
'protection_level_high', # noqa
'protection_level_low',
'protection_level_medium'
]
p_level_map = [
('appbehavior', [('appbehavior_interrupt_count', 'interruptCnt',
int)]),
('botnet', [('botnet_basic', 'basic', bool),
('botnet_segment', 'segment', bool),
('botnet_signatures', 'signatures', bool)]),
('connlimit', [('connection_limit_enabled', 'enabled', bool)]),
('detectIcmp', [('detect_icmp_enabled', 'enabled', bool),
('detect_icmp_bps', 'icmpBps', int),
('detect_icmp_rate', 'icmpRate', int)]),
('detectSyn', [('detect_syn_flood_enabled', 'enabled', bool),
('detect_syn_flood_delta_rate', 'synAckDeltaRate',
int), ('detect_syn_flood_rate', 'synRate', int)]),
('dnsAuth', [('dns_auth_enable', 'enabled', bool)]),
('dnsMalform', [('dns_malform_enable', 'enabled', bool)]),
('dnsNxdomain', [('dns_nx_domain_rate', 'rate', int)]),
('dnsQuery', [('dns_query_rate', 'rate', int)]),
('dnsRegex', [('dns_regex_list', 'statement', list)]),
('filter', [('filter_list', 'statement', list)]),
('fragmentation', [('fragmentation_detection_enabled', 'enabled',
bool),
('fragmentation_detection_bps', 'bps', int),
('fragmentation_detection_pps', 'pps', int)]),
('httpMalform', [('http_malform_enabled', 'enabled', bool)]),
('httpProxyDetect', [('http_proxy_detect_enabled', 'enabled', bool)
]),
('httpRatelimit',
[('http_rate_limit_object_rate', 'objectRate', int),
('http_rate_limit_request_rate', 'requestRate', int)]),
('httpRegex', [('http_regex_list', 'statement', list)]),
('idleReset', [('idle_reset_enabled', 'enabled', bool),
('idle_reset_bit_rate', 'bitRate', int),
('idle_reset_idle_timeout', 'idleTimeout', int),
('idle_reset_init_size', 'initSize', int),
('idle_reset_init_timeout', 'initTimeout', int),
('idle_reset_num_idles', 'numIdles', int),
('idle_reset_track_long_lived', 'trackLongLived',
bool)]),
('multicast', [('multicast_enabled', 'enabled', bool)]),
('privateAddress', [('private_addresses_enabled', 'enabled', bool)
]),
('regex', [('regex_enabled', 'enabled', bool),
('regex_blacklist_enable', 'blacklistEnable', bool),
('regex_include_headers', 'includeHeaders', bool),
('regex_match_source_port', 'matchSrcPort', bool),
('regex_pattern', 'pattern', list),
('regex_tcp_ports', 'tcpPorts', list),
('regex_udp_ports', 'udpPorts', list)]),
('reputation',
[('reputation_enabled', 'enabled', bool),
('reputation_asert_confidence', 'asertConfidence', str),
('reputation_categories', 'categories', dict),
('reputation_custom_confidence', 'customConfidence', str),
('reputation_use_custom', 'useCustom', bool)]),
('shaping', [('shaping_enabled', 'enabled', bool),
('shaping_bps', 'bps', int),
('shaping_filter', 'filter', list),
('shaping_pps', 'pps', int)]),
('sipMalform', [('sip_malform_enabled', 'enabled', bool)]),
('sipRequest', [('sip_request_rate', 'rate', int)]),
('synAuth',
[('syn_auth_enabled', 'enabled', bool),
('syn_auth_automation_enabled', 'automationEnabled', bool),
('syn_auth_automation_threshold', 'automationThreshold', bool),
('syn_auth_destination_ports', 'dstPorts', list),
('syn_auth_http_auth_enabled', 'httpAuthEnabled', bool),
('syn_auth_javascript_enabled', 'javascriptEnabled', bool),
('syn_auth_out_of_sequence_enabled', 'outOfSeqEnabled', bool),
('syn_auth_soft_reset_enabled', 'softResetEnabled', bool)]),
('tlsMalform', [('tls_malfom_enabled', 'enabled', bool)]),
('udpFlood', [('udp_flood_enabled', 'enabled', bool),
('udp_flood_bps', 'bps', int),
('udp_flood_pps', 'pps', int)]),
('webcrawler', [('webcrawler_enabled', 'enabled', bool)]),
('zombie', [('zombie_bps', 'bps', int),
('zombie_pps', 'pps', int)])
]
all_sts = self.get_config('protection-groups/server-types').get(
'server-types')
st_list = []
for st_rest in all_sts:
st_config = rest_to_ans(st_rest, param_map)
st_config['protection_level_high'] = self.pl_rest_to_ans(
st_rest['protectionLevels']['high'], p_level_map)
st_config['protection_level_low'] = self.pl_rest_to_ans(
st_rest['protectionLevels']['low'], p_level_map)
st_config['protection_level_medium'] = self.pl_rest_to_ans(
st_rest['protectionLevels']['medium'], p_level_map)
st_list.append(st_config)
self.facts.update({'aed_server_types': st_list})
return
