def app_download(hostname,api_key,api_secret,dest,validate_certs):
result = {"ansible_facts": {}}
api_endpoint = 'https://{0}'.format(hostname)
restclient = RestClient(api_endpoint, api_key=api_key, api_secret=api_secret, verify=validate_certs)
resp = restclient.get('/openapi/v1/applications')
if not resp.status_code == 200:
return (1, "Error {0}: {1} during connection attempt to {2}/openapi/v1/applications. \n".format(resp.status_code,
resp.reason,api_endpoint))
apps = json.loads(resp.content)
resp = restclient.get('/openapi/v1/app_scopes')
if not resp.status_code == 200:
return (1, "Error {0}: {1} during connection attempt to {2}/openapi/v1/app_scopes. \n".format(resp.status_code,
resp.reason,api_endpoint))
scopes = json.loads(resp.content)
with open(dest, 'w') as f:
for app in apps:
print('Retrieving details for app {0}'.format(app['name']))
resp = restclient.get('/openapi/v1/applications/{0}/details'.format(app['id']))
if not resp.status_code == 200:
return (1, "Error {0}: {1} during connection attempt to {2}/openapi/v1/applications/{3}/details.\n".format(
resp.status_code,
resp.reason,
api_endpoint,
app['id']))
app_details = json.loads(resp.content)
app_details['app_scope_name'] = [x['name'] for x in scopes if x['id'] == app['app_scope_id']][0]
f.write('---\n')
oyaml.dump(app_details, f, allow_unicode=True, encoding='utf-8')
f.write('\n')
result["ansible_facts"] = {'Output':os.path.join(os.getcwd(),dest)}
result['changed'] = False
return (0, result)
def dump_applications(endpoint):
restclient = RestClient(endpoint + '/',
credentials_file='api_cred.json',
verify=False)
apps = []
resp = restclient.get('/applications')
if resp.status_code == 200:
respbody = json.loads(resp.text)
with open('public/data/all.json', 'w+') as appf:
appf.write(resp.text)
respbody = json.loads(resp.text)
for app in respbody:
appnames = {}
appnames['id'] = str(app['id'])
appnames['name'] = str(app['name'])
#version changed after 2.3+
try:
appnames['version'] = str(app['version'])
except KeyError as ke:
appnames['version'] = str(app['latest_adm_version'])
apps.append(appnames)
for app in apps:
resp = restclient.get('/applications/%s/details' % (app['id']))
if resp.status_code == 200:
try:
os.mkdir('public/data/%s' % (app['id']))
except:
pass
with open('public/data/%s.json' % (app['id']), "w+") as outf:
outf.write(resp.text)
with open('public/data/%s/%s.json' % (app['id'], app['version']),
"w+") as outf2:
outf2.write(resp.text)
def get_applications(
host=env.TET.get("host"), api_key=env.TET_API_KEY,
api_sec=env.TET_SEC):
# Build URL
url = f"https://{host}"
restclient = RestClient(url,
api_key=api_key,
api_secret=api_sec,
verify=True)
# HTTP Get Request
response = restclient.get("/applications")
# If response code is 200, then return the json response
if response.status_code == 200:
# JSON Response
applications = response.json()
return applications
# If response code is anything but 200, print error message with response code
else:
print(
f"Unable to find any Applications. Error code {response.status_code}."
)
def get_sensors(
host=env.TET.get("host"), api_key=env.TET_API_KEY,
api_sec=env.TET_SEC):
# Build URL
url = f"https://{host}"
restclient = RestClient(url,
api_key=api_key,
api_secret=api_sec,
verify=True)
# HTTP Get Request
response = restclient.get("/sensors")
# If successful response code return list sensors
if response.status_code == 200:
# print(json.dumps(response.json(), indent=2))
return response.json()
# If response code is anything but 200, print error message with response code
else:
print(
f"Error code: {response.status_code} getting sensors: {response.content}"
)
class Environment(object):
def __init__(self,tetCluster,tetCreds):
self._primaryApps = {}
self._adjacentApps = {}
self._scopes = {}
self._restclient = RestClient(tetCluster,
credentials_file=tetCreds,
verify=False)
@property
def primaryApps(self):
return self._primaryApps
@property
def adjacentApps(self):
return self._adjacentApps
@property
def tetClient(self):
return self._restclient
@property
def scopes(self):
return self._scopes
def addScope(self, scope_id):
self._scopes['scope']=scope_id
def loadPolicy(self, appIDs):
#Load Policy JSON
for appID in appIDs:
appDetails = self._restclient.get('/openapi/v1/applications/%s/details'%appID).json()
print('\nProcessing "%s"...'%appDetails['name'])
self._primaryApps[appID] = App(environment=self,app_def=appDetails)
def selectTetrationApps(endpoint, credentials):
restclient = RestClient(endpoint,
credentials_file=credentials,
verify=False)
requests.packages.urllib3.disable_warnings()
resp = restclient.get('/openapi/v1/applications')
if not resp:
sys.exit("No data returned for Tetration Apps! HTTP {}".format(
resp.status_code))
app_table = []
app_table.append(['Number', 'Name', 'Author', 'Primary'])
print('\nApplications: ')
for i, app in enumerate(resp.json()):
app_table.append([i + 1, app['name'], app['author'], app['primary']])
print('%i: %s' % (i + 1, app['name']))
# print(AsciiTable(app_table).table)
choice = raw_input('\nSelect Tetration App: ')
choice = choice.split(',')
appIDs = []
for app in choice:
if '-' in app:
for app in range(int(app.split('-')[0]),
int(app.split('-')[1]) + 1):
appIDs.append(resp.json()[int(app) - 1]['id'])
else:
appIDs.append(resp.json()[int(app) - 1]['id'])
return appIDs
def test_tetration():
'''
Function attempts to connect to Tetration. Arguments are retrieved from
environment variables. The bulk of the work in this function is error
handling. It returns a tuple that has a status code and an error message
(which will be an empty string if there are no errors)
'''
requests.packages.urllib3.disable_warnings()
status = 200
return_msg = "Tetration connectivity verified."
restclient = RestClient(os.environ['TETRATION_ENDPOINT'],
api_key=os.environ['TETRATION_API_KEY'],
api_secret=os.environ['TETRATION_API_SECRET'],
verify=False)
try:
resp = restclient.get('/filters/inventories')
# most likely a DNS issue
except requests.exceptions.ConnectionError:
status = 404
return_msg = "Error connecting to Tetration endpoint"
except:
status = 400
return_msg = "Unknown error connecting to Tetration"
else:
status = resp.status_code
# this doesn't work if the Tetration endpoint is specified as a valid
# website (but not a TA endpoint) because it returns all of the HTML
# for the whole website
if resp.status_code >= 400:
return_msg = "Tetration " + str(resp.text).rstrip()
return (status, return_msg)
def scope_download(hostname, api_key, api_secret, dest, validate_certs):
result = {"ansible_facts": {}}
api_endpoint = 'https://{0}'.format(hostname)
restclient = RestClient(api_endpoint,
api_key=api_key,
api_secret=api_secret,
verify=validate_certs)
resp = restclient.get('/openapi/v1/app_scopes')
if not resp.status_code == 200:
return (
1,
"Error {0}: {1} during connection attempt to {2}/openapi/v1/app_scopes. \n"
.format(resp.status_code, resp.reason, api_endpoint))
scopes = json.loads(resp.content)
shortened_scope_list = []
for i in range(len(scopes) - 1, 0, -1):
shortened_scope_list.append(
dict(short_name=scopes[i]['short_name'],
short_query=scopes[i]['short_query'],
parent_app_scope_name=scope_name_lookup(
scopes, scopes[i]['parent_app_scope_id'])))
with open(dest, 'w') as f:
for scope in shortened_scope_list:
f.write('---\n')
oyaml.dump(scope, f, allow_unicode=True, encoding='utf-8')
f.write('\n')
result["ansible_facts"] = {'Output': os.path.join(os.getcwd(), dest)}
result['changed'] = False
return (0, result)
def get_app_scope(
scope_id,
host=env.TET.get("host"),
api_key=env.TET_API_KEY,
api_sec=env.TET_SEC
):
# Build URL
url = f"https://{host}"
restclient = RestClient(url,
api_key=api_key,
api_secret=api_sec,
verify=True)
# HTTP Get Request
response = restclient.get(f"/app_scopes/{scope_id}")
# If response code is 200, then return the json response
if response.status_code == 200:
# JSON Response
application_scope = response.json()
return application_scope
# If response code is anything but 200, print error message with response code
else:
print(f"Application Scope ID {scope_id} can not be found. Error code {response.status_code}.")
def get_reg_token():
OUTPUT_TOKEN_FILE = 'registration.token'
print("")
app_scope = input(
" Enter application scope name for this agent to register with: ")
host = env.TET.get("host")
api_key = env.TET_API_KEY
api_sec = env.TET_SEC
# Build URL
url = f"https://{host}"
restclient = RestClient(url,
api_key=api_key,
api_secret=api_sec,
verify=True)
resp = restclient.get('/secureconnector/name/{}/token'.format(app_scope))
if resp.status_code != 200:
print("Error ({}): {}".format(resp.status_code, resp.content.decode()))
sys.exit(1)
else:
with open(OUTPUT_TOKEN_FILE, 'w') as f:
token_str = str(resp.content.decode())
f.write(token_str)
print(" Agent registration token retrieved. Filename: " +
OUTPUT_TOKEN_FILE)
def get_tet_json(request_str,
host=env.TET.get("host"),
api_key=env.TET_API_KEY,
api_sec=env.TET_SEC):
# Build URL
url = f"https://{host}"
restclient = RestClient(url,
api_key=api_key,
api_secret=api_sec,
verify=False)
# Get Request
response = restclient.get(request_str)
# If successful response code return list sensors
if response.status_code == 200:
#print ("DEBUG GET:", json.dumps(response.json(), indent=2))
return response.json()
# If response code is anything but 200, print error message with response code
else:
#print(f"Error processing GET request on {request_str}. Error code: {response.status_code}.")
return None
def dump_application_revisions( endpoint, username, password):
restclient = RestClient( endpoint +'/',
credentials_file='api_cred.json',
verify=False)
apps = []
resp = restclient.get('/applications')
if resp.status_code == 200 :
respbody = json.loads(resp.text)
with open('public/data/all.json', 'w+') as appf:
appf.write( resp.text)
respbody = json.loads( resp.text)
for app in respbody:
appnames = {}
appnames['id'] = str(app['id'])
appnames['name'] = str(app['name'])
#version changed after 2.3+
try:
appnames['version'] = str(app['version'])
except KeyError as ke:
appnames['version'] = str(app['latest_adm_version'])
apps.append( appnames)
# go to the tetration login page
driver.get(endpoint)
ids = ['h4_user_email', 'h4_user_password']
vals = [ username, password]
for idx, eid in enumerate(ids):
element = driver.find_element_by_id( eid)
element.send_keys( vals[idx])
submit_btn = driver.find_element_by_name('commit')
submit_btn.click()
# just give a time to get data
time.sleep(10)
el = driver.find_element_by_name('csrf-token')
newheader = {'X-CSRF-Token': el.get_attribute('content'), 'Referer': endpoint +'/'}
scookie = driver.get_cookies()
newcookies = {}
for x in scookie:
newcookies[ x['name']] = x['value']
payload= {'clusters_only': 'false'}
# extract all revision data fro each application
for app in apps:
for x in range(1, int(app['version'])):
resp = requests.post('{0}/api/data_sets/{1}/download.json?version={2}'.format(endpoint, app['id'], x), headers = newheader, cookies=newcookies, json=payload, verify=False)
newcookies = resp.cookies
json_body = resp.json()
with open('public/data/{0}/{1}.json'.format(app['id'], x), "w+") as outf:
outf.write( json.dumps(json_body))
def app_upload(hostname, api_key, api_secret, source, validate_certs):
result = {"ansible_facts": {'result': []}}
api_endpoint = 'https://{0}'.format(hostname)
restclient = RestClient(api_endpoint,
api_key=api_key,
api_secret=api_secret,
verify=validate_certs)
app_list = []
with open(source, 'r') as f:
for data in oyaml.load_all(f):
app_list.append(data)
for i, app in enumerate(app_list):
exists = False
if scope['parent_app_scope_name']:
resp = restclient.get('/openapi/v1/app_scopes')
if not resp.status_code == 200:
return (
1,
"Error {0}: {1} during connection attempt to {2}/openapi/v1/app_scopes. \n"
.format(resp.status_code, resp.reason, api_endpoint))
current_scopes = json.loads(resp.content)
for current_scope in current_scopes:
if current_scope['short_name'] == scope['short_name']:
exists = True
if not exists:
scope['parent_app_scope_id'] = ParentIDLookup(
current_scopes, scope['parent_app_scope_name'])
scope.pop('parent_app_scope_name')
print('Posting scope {0} to the cluster'.format(
scope['short_name']))
resp = restclient.post('/openapi/v1/app_scopes',
json_body=json.dumps(scope))
if not resp.status_code == 200:
return (1,
"Error {0}: {1} creating scope {2}. \n{3}".format(
resp.status_code, resp.reason,
scope['short_name'], resp.json()))
result['ansible_facts']['result'].append(resp.json())
if result['ansible_facts']['result']:
result['changed'] = True
else:
result['changed'] = False
return (0, result)
def get_key_capability(url, api_key, api_secret):
""" Returns the capabilities of a given API key as a list
Keyword arguments:
url -- https url of the Tetration GUI
api_key -- Tetration API key to be tested
api_secret -- Tetration API secret for given API key
"""
# Each API 'capability' is a key in the following dict and the value for
# each key is *one* API endpoint that requires *only* that capability to
# return a successful status code.
api_map = {
"user_role_scope_management": "/openapi/v1/roles",
"flow_inventory_query": "/openapi/v1/flowsearch/dimensions",
"hw_sensor_management": "/openapi/v1/switches",
"app_policy_management": "/openapi/v1/applications",
"sensor_management": "/openapi/v1/sensors",
"user_data_upload": "/openapi/v1/assets/cmdb/download"
}
restclient = RestClient(url,
api_key=api_key,
api_secret=api_secret,
verify=False)
requests.packages.urllib3.disable_warnings()
# step through each capability and test the API endpoint associated with
# it; if we get a status_code of 200, then add it to the list of
# capabilities of the API key we are testing
return_list = []
for capability, endpoint in api_map.iteritems():
try:
resp = restclient.get(endpoint)
if resp.status_code == 200:
return_list.append(capability)
except:
pass
return [str(x) for x in return_list]
def download(hostname, api_key, api_secret, dest, validate_certs):
result = {"ansible_facts": {}}
api_endpoint = 'https://{0}'.format(hostname)
restclient = RestClient(api_endpoint,
api_key=api_key,
api_secret=api_secret,
verify=validate_certs)
resp = restclient.get('/openapi/v1/filters/inventories')
if not resp.status_code == 200:
return (
1,
"Error {0}: {1} during connection attempt to {2}/openapi/v1/filters/inventories. \n"
.format(resp.status_code, resp.reason, api_endpoint))
filters = json.loads(resp.content)
with open(dest, 'w') as f:
for filter in filters:
f.write('---\n')
oyaml.dump(filter, f, allow_unicode=True, encoding='utf-8')
f.write('\n')
result["ansible_facts"] = {'Output': os.path.join(os.getcwd(), dest)}
result['changed'] = False
return (0, result)
def tetration_test(
host=env.TET.get("host"), api_key=env.TET_API_KEY,
api_sec=env.TET_SEC):
# Build URL
url = f"https://{host}"
restclient = RestClient(url,
api_key=api_key,
api_secret=api_sec,
verify=True)
# HTTP Get Request
response = restclient.get("/applications")
# If response code is 200, Test Successful
if response.status_code == 200:
print("Test Successful....Woo Hoo!")
# return applications
# If response code is anything but 200, print error message with response code
else:
print(f"Test Failed....DOE!" f"\nError Code {response.status_code}")
def main():
"""
Main execution routine
"""
parser = argparse.ArgumentParser(description='Tetration Policy to XLS')
parser.add_argument('--maxlogfiles',
type=int,
default=10,
help='Maximum number of log files (default is 10)')
parser.add_argument('--debug',
nargs='?',
choices=['verbose', 'warnings', 'critical'],
const='critical',
help='Enable debug messages.')
parser.add_argument('--config', default=None, help='Configuration file')
args = parser.parse_args()
apps = []
if args.config is None:
print '%% No configuration file given - connecting directly to Tetration'
try:
restclient = RestClient(API_ENDPOINT,
credentials_file=API_CREDS,
verify=False)
appIDs = selectTetrationApps(endpoint=API_ENDPOINT,
credentials=API_CREDS)
for appID in appIDs:
print('Downloading app details for ' + appID)
apps.append(
restclient.get('/openapi/v1/applications/%s/details' %
appID).json())
except:
print('Error connecting to Tetration')
else:
# Load in the configuration
try:
with open(args.config) as config_file:
apps.append(json.load(config_file))
except IOError:
print '%% Could not load configuration file'
return
except ValueError:
print 'Could not load improperly formatted configuration file'
return
protocols = {}
try:
with open('protocol-numbers-1.csv') as protocol_file:
reader = csv.DictReader(protocol_file)
for row in reader:
protocols[row['Decimal']] = row
except IOError:
print '%% Could not load protocols file'
return
except ValueError:
print 'Could not load improperly formatted protocols file'
return
port_labels = {}
try:
with open('common-ports.csv') as protocol_file:
reader = csv.DictReader(protocol_file)
for row in reader:
port_labels[row['Port']] = row
except IOError:
print '%% Could not load protocols file'
return
except ValueError:
print 'Could not load improperly formatted protocols file'
return
showPorts = raw_input(
'\nWould you like to include ports and protocols in the diagram? [Y,N]: '
)
if showPorts.upper() == 'Y':
showPorts = True
elif showPorts.upper() == 'N':
showPorts = False
else:
print('Invalid input.')
return
for appDetails in apps:
graph = pydot.Dot(graph_type='digraph',
name=appDetails['name'],
label='Application Name: ' + appDetails['name'])
print('\nPreparing "%s"...' % appDetails['name'])
if 'clusters' in appDetails.keys():
for cluster in appDetails['clusters']:
node_names = cluster['name'] + ':'
for node in cluster['nodes']:
node_names = node_names + '\n' + node['name']
graph.add_node(
pydot.Node(cluster['id'],
label=node_names,
shape='rectangle',
style='filled',
fontcolor='white',
fillcolor='royalblue4'))
if 'inventory_filters' in appDetails.keys():
for invfilter in appDetails['inventory_filters']:
graph.add_node(
pydot.Node(invfilter['id'],
label='"' + invfilter['name'] + '"',
shape='rectangle',
style='filled',
fontcolor='white',
fillcolor='orange2'))
if 'default_policies' in appDetails.keys():
for policy in appDetails['default_policies']:
pols = None
if showPorts:
pols = {}
#print(json.dumps(policy, indent=4))
for rule in policy['l4_params']:
if 'port' not in rule:
continue
if rule['port'][0] == rule['port'][1]:
port = str(rule['port'][0])
if port in port_labels.keys():
port = port + '(%s)' % port_labels[port]['Name']
else:
port = str(rule['port'][0]) + '-' + str(
rule['port'][1])
if protocols[str(
rule['proto'])]['Keyword'] in pols.keys():
pols[protocols[str(
rule['proto'])]['Keyword']].append(port)
else:
pols[protocols[str(
rule['proto'])]['Keyword']] = [port]
pols = '\n'.join("%s=%r" % (key, ', '.join(val))
for (key, val) in pols.iteritems())
if pols:
graph.add_edge(
pydot.Edge(policy['consumer_filter_id'],
policy['provider_filter_id'],
label=pols))
else:
graph.add_edge(
pydot.Edge(policy['consumer_filter_id'],
policy['provider_filter_id']))
f = open(appDetails['name'] + '.dot', 'w')
f.write(graph.to_string())
def main():
"""
Main execution routine
"""
protocols = {}
try:
with open('protocol-numbers-1.csv') as protocol_file:
reader = csv.DictReader(protocol_file)
for row in reader:
protocols[row['Decimal']] = row
except IOError:
print '%% Could not load protocols file'
return
except ValueError:
print 'Could not load improperly formatted protocols file'
return
appIDs = selectTetrationApps(endpoint=API_ENDPOINT, credentials=API_CREDS)
showPorts = raw_input(
'\nWould you like to include ports and protocols in the diagram? [Y,N]: '
)
if showPorts.upper() == 'Y':
showPorts = True
elif showPorts.upper() == 'N':
showPorts = False
else:
print('Invalid input.')
return
restclient = RestClient(API_ENDPOINT,
credentials_file=API_CREDS,
verify=False)
for appID in appIDs:
print appID
appDetails = restclient.get('/openapi/v1/applications/%s/details' %
appID).json()
#with open('./SQL-DVA-v8-policies.json') as config_file:
# appDetails = json.load(config_file)
#graph = pgv.AGraph(directed=True, rankdir="LR", name=appDetails['name'])
graph = pydot.Dot(graph_type='digraph', name=appDetails['name'])
print('\nPreparing "%s"...' % appDetails['name'])
for cluster in appDetails['clusters']:
node_names = cluster['name'] + ':'
for node in cluster['nodes']:
node_names = node_names + '\n' + node['name']
#graph.add_node(cluster['id'],
# label=node_names)
graph.add_node(pydot.Node(cluster['id'], label=node_names))
for invfilter in appDetails['inventory_filters']:
#graph.add_node(invfilter['id'],
# label=invfilter['name'],style='filled', color='lightblue')
graph.add_node(
pydot.Node(invfilter['id'],
label='"' + invfilter['name'] + '"',
style='filled',
fillcolor='lightblue'))
for policy in appDetails['default_policies']:
if showPorts:
policies = {}
#Sort ports and protocols
for port_range in policy['l4_params']:
if port_range['port'][0] == port_range['port'][1]:
port = str(port_range['port'][0])
else:
port = str(port_range['port'][0]) + '-' + str(
port_range['port'][1])
if protocols[str(port_range['proto']
)]['Keyword'] in policies.keys():
policies[protocols[str(
port_range['proto'])]['Keyword']].append(port)
else:
policies[protocols[str(
port_range['proto'])]['Keyword']] = [port]
#Stringify policies
ports = '\n'.join("%s=%r" % (key, val)
for (key, val) in policies.iteritems())
ports = policy['consumer_filter_name'] + '-->' + policy[
'provider_filter_name'] + ':\n' + ports
#pol_node = graph.add_node(policy['consumer_filter_id']+policy['provider_filter_id'],
# label=ports, shape='box',
# style='filled', color='lightgray')
pol_node = graph.add_node(
pydot.Node(policy['consumer_filter_id'] +
policy['provider_filter_id'],
label=ports,
shape='box',
style='filled',
color='lightgray'))
#graph.add_edge(policy['consumer_filter_id'],policy['consumer_filter_id']+policy['provider_filter_id'])
#graph.add_edge(policy['consumer_filter_id']+policy['provider_filter_id'],policy['provider_filter_id'])
graph.add_edge(
pydot.Edge(
policy['consumer_filter_id'],
policy['consumer_filter_id'] +
policy['provider_filter_id']))
graph.add_edge(
pydot.Edge(
policy['consumer_filter_id'] +
policy['provider_filter_id'],
policy['provider_filter_id']))
else:
if policy[
'consumer_filter_id'] == '5959528c755f024cb6d32189' and policy[
'provider_filter_id'] == '5959528c755f024cb6d3218c':
print('I think this is right')
graph.add_edge(
pydot.Edge(policy['consumer_filter_id'],
policy['provider_filter_id']))
f = open(appDetails['name'] + '.dot', 'w')
#f.write(graph.string())
f.write(graph.to_string())
""""
Sample Code - Housley Communications
- Agent/Sensor list
These APIs are only available to site admin users.
"""
from tetpyclient import RestClient
import requests.packages.urllib3
from pprint import pprint
import json
# set variables
server = "oz.tet.hl.dns"
creds = "./api_credentials.json"
# open connection class
client = RestClient(server, credentials_file=creds, verify=False)
# suppress warning message
requests.packages.urllib3.disable_warnings()
# GET the list of agents
sensors = client.get('/sensors')
# Convert Text to json
json_output = json.loads(sensors.text)
# print Json in format output
pprint(json_output)
import json
scopeid = []
api_ep = "https://tetcluster.xxx.xxx"
tet_headers = {
'Content-Type': "application/json",
'Accept': "application/json"
}
restclient = RestClient(
api_ep,
headers=tet_headers,
credentials_file='/home/xxx/cisco_tet/api_credentials.json',
verify=False)
resp = restclient.get('/app_scopes')
jdata_load = json.loads(resp.text)
#jdata_scope = json.dumps(jdata_load, sort_keys=True, indent=True)
for ep in jdata_load:
scopeid.append(ep['id'])
#for x in scopeid:
# print x
for id in scopeid:
restclient = RestClient(
api_ep,
headers=tet_headers,
credentials_file='/home/xxxx/cisco_tet/api_credentials.json',
verify=False)
config_file = config_file.readlines()
fw.loadConfig(config_file)
except IOError:
print('%% Could not load ASA Config file')
except ValueError:
print('Could not load improperly formatted ASA Config file')
print('Connecting to Tetration')
restclient = RestClient(TET_API_ENDPOINT,
credentials_file=TET_API_CREDS,
verify=False)
print('Connected Successfully')
requests.packages.urllib3.disable_warnings()
#Get the Default scope ID
resp = restclient.get('/openapi/v1/app_scopes').json()
default_scope_id = [x for x in resp if x['name'] == scopeName][0]['id']
inventory_filters = {}
print("Creating Firewall Objects as Tetration Filters...")
if not args.f:
for key in tqdm(fw.networkObjects.keys()):
filters = []
for ip in fw.networkObjects[key].ipSet():
filters.append({"field": "ip", "type": "eq", "value": ip})
post_data = {
"name": 'fw_obj_' + key,
"query": {
"type": "or",
"filters": filters
},
"""
Main execution routine
"""
parser = argparse.ArgumentParser(
description='Secure Workload PoV Helper - DNS Get Top Talkers - RUN FIRST')
parser.add_argument('--tet_url', help='Tetration URL', type=str,required=True)
parser.add_argument('--tet_creds', type=str,
help='Tetration API Credentials File',required=True)
parser.add_argument('--workspace', type=str, default=None,
help='Name of the Target Workspace for Conversations. If multiple workspaces have the same name, this may be random. If not provided, it will default to a workspace for the root scope')
parser.add_argument('--subnets', type=str, default=None,
help='Additional subnets other than RFC1918 addresses where resolution is needed, ex: customer-owned public IP space. Provide in a comma separated list in CIDR notation.')
args = parser.parse_args()
rc = RestClient(args.tet_url, credentials_file=args.tet_creds, verify=True)
root_scope = rc.get('/openapi/v1/app_scopes').json()[0]['root_app_scope_id']
workspaces = rc.get('/openapi/v1/applications').json()
global_workspace = [x for x in rc.get(
'/openapi/v1/applications').json() if x['app_scope_id'] == root_scope]
workspace = None
if args.workspace != None:
workspace = [x for x in workspaces if x['name'] == args.workspace]
if len(workspace) > 0:
workspace = workspace[0]
else:
print('No workspace named {} found. Looking for a compatible global workspace.'.format(
args.workspace))
if workspace == None and len(global_workspace) > 0:
workspace = global_workspace[0]
import sys
from tetpyclient import RestClient
import json
import pandas as pd
from tabulate import tabulate
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
API_ENDPOINT="https://{Your cluster's ip or FQDN}"
rc = RestClient(API_ENDPOINT,credentials_file='credentials.json', verify=False)
resp = rc.get('/applications')
app = resp.json()
a_list = []
b_list = []
for i in app:
app_name = i['name']
id = i['id']
a_list.append(app_name)
b_list.append(id)
app_list = list(enumerate(a_list, start=1))
id_list = list(enumerate(b_list, start=1))
print()
print('-' * 10, 'アプリケーションの一覧を表示します', '-' * 10)
print()
# FORMATTING
import pprint
import json
# Tetration Keys
API_SECRET = <secret agent man>
API_KEY = <friends don't let friends do key-to> #wahwah lol
# This /applications resource is defined on the OpenAPI documentation
CURRENT_GET_ENDPOINT = '/applications'
# Create the Tetration REST Client
API_ENDPOINT = 'https://tetbdc.myco.int/openapi/v1'
rc = RestClient(API_ENDPOINT, api_secret=API_SECRET, api_key=API_KEY, verify=False)
resp = rc.get(CURRENT_GET_ENDPOINT)
# make sure we get a good response from the request
if resp.status_code != 200:
print("Unsuccessful request returned code: {} , \
response: {}".format(resp.status_code,resp.reason))
results = resp.json()
pprint.pprint(results[0])
#---------------------------------------------------------------------------------------
# Delete Application Workspace
# Create the Tetration REST Client
rc = RestClient(API_ENDPOINT, api_secret=API_SECRET, api_key=API_KEY, verify=False)
#!/usr/bin/env python
from tetpyclient import RestClient
import requests.packages.urllib3
import json
CLUSTER_URL = "https://andromeda-aus.cisco.com"
CRED_FILE = "./cred.json"
MY_APP = "Siwapp Prod"
requests.packages.urllib3.disable_warnings()
rc = RestClient(CLUSTER_URL, credentials_file=CRED_FILE, verify=False)
resp = rc.get("/openapi/v1/applications")
if resp.status_code == 200:
for app in json.loads(resp.content):
if app['name'] == MY_APP:
my_app_id = app['id']
if not 'my_app_id' in vars():
print(MY_APP + " Not found!")
else:
resp_policy = rc.get("/openapi/v1/applications/" + my_app_id +
"/details")
if resp_policy.status_code == 200:
print(
json.dumps(json.loads(resp_policy.content),
indent=4,
sort_keys=True))
import sys
import json
from tetpyclient import RestClient
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
#Tetration IP address
API_ENDPOINT = "https://x.x.x.x"
searchString = str(sys.argv[1])
#auth using credentials.json file
restclient = RestClient(API_ENDPOINT,
credentials_file='credentials.json',
verify=False)
#GET
appScopes = restclient.get('/app_scopes').json()
#Iterate through JSON response for SearchStright and Print name and short_name, id, and query are also options among other
for s in appScopes:
if searchString in s["name"]:
req_payload = {
"scopeName": s["name"], # optional
"filter": {
"type":
"and",
"filters": [
{
"type": "subnet",
"field": "ip",
"value": "0.0.0.0/0"
},
]
}
def main():
module = AnsibleModule(
argument_spec=dict(
api_key=dict(type='str', required=True),
api_secret=dict(type='str', required=True),
host=dict(type='str', required=True),
api_version=dict(type='str', default='v1'),
name=dict(type='str', required=True),
method=dict(type='str', required=True, choices=['delete', 'get', 'post', 'put']),
payload=dict(type='dict', required=False),
params=dict(type='dict', required=False),
),
# we can't predict if the proposed API call will make a change to the system
supports_check_mode=False
)
# if tetpyclient is not available, our only option is to fail
try:
import json
import tetpyclient
from tetpyclient import RestClient
except ImportError:
module.fail_json(msg="Some module dependencies are missing.")
method = module.params['method']
api_name = '/openapi/' + module.params['api_version'] + '/' + module.params['name']
req_payload = module.params['payload']
restclient = RestClient(
module.params['host'],
api_key=module.params['api_key'],
api_secret=module.params['api_secret'],
verify=False
)
# Do our best to provide "changed" status accurately, but it's not possible
# as different Tetration APIs react differently to operations like creating
# an element that already exists.
changed = False
if method == 'get':
response = restclient.get(api_name, params=module.params['params'])
elif method == 'delete':
response = restclient.delete(api_name)
changed = True if response.status_code / 100 == 2 else False
elif method == 'post':
response = restclient.post(api_name, json_body=json.dumps(req_payload))
changed = True if response.status_code / 100 == 2 else False
elif method == 'put':
response = restclient.put(api_name, json_body=json.dumps(req_payload))
changed = True if response.status_code / 100 == 2 else False
# Put status_code in the return JSON. If the status_code is not 200, we
# add the text that came from the REST call and the payload to make
# debugging easier.
result = {}
result['status_code'] = response.status_code
result['ok'] = response.ok
result['reason'] = response.reason
if int(response.status_code) / 100 == 2:
result['json'] = response.json()
else:
result['text'] = response.text
module.exit_json(changed=changed, **result)
from pprint import pprint
import sys
import json
from tetpyclient import RestClient
#Tetration IP address
API_ENDPOINT = "https://10.0.76.4"
searchString = str(sys.argv[1])
#auth
restclient = RestClient(API_ENDPOINT,
credentials_file='credentials.json',
verify=False)
#GET
resp = restclient.get('/app_scopes')
#Turn Resp into python list
parsed_resp = resp.json()
#Iterate through JSON response for searchString and Print name and short_name, id, and query are also options among others
for s in range(len(parsed_resp)):
if searchString in parsed_resp[s]["name"]:
print(parsed_resp[s]["name"] + ' ID: ' + parsed_resp[s]["id"])
required=True,
help=
'Name of the Target Workspace for Conversations. If multiple workspaces have the same name, this may be random. If not provided, it will default to a workspace for the root scope'
)
parser.add_argument(
'--exclude_ephemeral_ports',
action='store_true',
default=False,
help=
'Filters out conversations with ports in the standard Windows ephemeral port range. Only ports less than 49152 will be included.'
)
args = parser.parse_args()
rc = RestClient(args.tet_url, credentials_file=args.tet_creds, verify=True)
# Find workspace target for exporting conversations
workspaces = rc.get('/openapi/v1/applications').json()
workspace = None
if args.workspace != None:
workspace = [x for x in workspaces if x['name'] == args.workspace]
if len(workspace) > 0:
workspace = workspace[0]
else:
print('No workspace named {} found.'.format(args.workspace))
exit()
if workspace['latest_adm_version'] == 0:
print(
'Please run an ADM target workspace or in the global workspace with Deep Policy Generation checked prior to running this script.'
)
exit()
type=str,
help='Comma Separate List of Important Annotation Fields',
required=True)
parser.add_argument(
"--upload",
type=str2bool,
nargs='?',
const=True,
default=False,
help=
"If set, the script will also upload the reduced annotations file to Tetration."
)
args = parser.parse_args()
rc = RestClient(args.tet_url, credentials_file=args.tet_creds, verify=True)
root_scope = rc.get('/openapi/v1/app_scopes').json()[0]['root_app_scope_id']
global_workspace = [
x for x in rc.get('/openapi/v1/applications').json()
if x['app_scope_id'] == root_scope
]
if len(global_workspace) > 0:
global_workspace = global_workspace[0]
else:
print(
'No global workspace found. Please create a workspace in the root scope and run an ADM with Deep Policy Generation checked. Then attempt to run this script again.'
)
exit()
if global_workspace['latest_adm_version'] == 0:
print(
