示例#1
0
def main():

    payload = dict(name=dict(type='str', required=True),
                   ip_address=dict(type='str'),
                   port=dict(type='int', required=True),
                   identifier=dict(type='str'),
                   waf_host=dict(type='str', required=True),
                   service_name=dict(type='str', required=True),
                   comments=dict(type='str'),
                   status=dict(type='str', required=True),
                   address_version=dict(type='str'),
                   hostname=dict(type='str'),
                   state=dict(type='str', required=True))

    choice_map = {"present": svr_create, "absent": svr_delete}

    module = AnsibleModule(argument_spec=payload)
    logs = logger()

    is_error, has_changed, result = choice_map.get(module.params['state'])(
        module.params)

    if not is_error:
        module.exit_json(changed=has_changed, meta=result)
    else:
        module.fail_json(msg="Error executing this request", meta=result)
def main():
    payload = dict(name=dict(type='str', required=True),
                   comments=dict(type='str'),
                   url_match=dict(type='str', required=True),
                   extended_match_sequence=dict(type='int',
                                                required=False,
                                                default=1000),
                   extended_match=dict(type='str', default="*"),
                   web_firewall_policy=dict(type='str', default="default"),
                   host_match=dict(type='str', required=True),
                   status=dict(type='str', default="On"),
                   app_id=dict(type='str'),
                   access_log=dict(type='str', default="Enable"),
                   mode=dict(type='str', default="Passive"),
                   waf_host=dict(type='str', required=True),
                   service_name=dict(type='str', required=True),
                   state=dict(type='str', required=True))

    choice_map = {"present": rule_grp_create, "absent": rule_grp_delete}
    logs = logger()
    module = AnsibleModule(argument_spec=payload)

    is_error, has_changed, result = choice_map.get(module.params['state'])(
        module.params)

    if not is_error:
        module.exit_json(changed=has_changed, meta=result)
    else:
        module.fail_json(msg="Error executing this request", meta=result)
def main():
    payload = dict(
    waf_host = dict(type='str', required=True),
    service_name = dict(type='str', required=True),
    enable_hsts = dict(type='str'),
    include_hsts_sub_domains = dict(type='list'),
    enable_tls_1_3 = dict(type='str'),
    override_ciphers_tls_1_1 = dict(type='str'),
    enable_pfs = dict(type='str'),
    selected_ciphers = dict(type='list'),
    override_ciphers_tls_1 = dict(type='str'),
    enable_sni = dict(type='str'),
    override_ciphers_ssl3 = dict(type='str'),
    certificate = dict(type='str'),
    enable_tls_1_1 = dict(type='str'),
    sni_ecdsa_certificate = dict(type='str'),
    ciphers = dict(type='list'),
    enable_strict_sni_check = dict(type='str'),
    enable_tls_1_2 = dict(type='str'),
    enable_ssl_3 = dict(type='str'),
    ecdsa_certificate = dict(type='str'),
    enable_tls_1 = dict(type='str'),
    status = dict(type='str', required=True),
    hsts_max_age = dict(type='int'),
    domain = dict(type='list'),
    sni_certificate = dict(type='str'),
    )
    logs=logger()
    config_map = {
        "on": ssl_config_update,
        "off": ssl_config_update,
    }

    module = AnsibleModule(argument_spec=payload)
    logs.debug(type(module))
    is_error, has_changed, result = config_map.get(module.params['status'])(module.params)
    

    if not is_error:
    
        module.exit_json(changed=has_changed, meta=result)

    else:
    
        module.fail_json(msg="Error executing this request", meta=result)
def main():
    # define available arguments/parameters a user can pass to the module

    payload = dict(
        waf_host=dict(type='str', required=True),
        name=dict(type='str', required=True),
        port=dict(type='int', required=True),
        ip_address=dict(type='str', required=True),
        service_type=dict(type='str', required=True),
        state=dict(type='str', required=True),
        address_version=dict(type='str', default='IPv4'),
        app_id=dict(type='str'),
        certificate=dict(type='str'),
        vsite=dict(type='str'),
        group=dict(type='str'),
        mask=dict(type='str'),
        status=dict(type='str', default='On'),
        comments=dict(type='str', default='Created by Ansible Playbook'),
        enable_access_logs=dict(type='str'),
        session_timeout=dict(type='int'),
        secure_site_domain=dict(type='list'),
        dps_enabled=dict(type='str'),
    )

    choice_map = {"present": waf_svc_create, "absent": waf_svc_delete}

    module = AnsibleModule(argument_spec=payload)

    is_error, has_changed, result = choice_map.get(module.params['state'])(
        module.params)
    logs = logger()

    if not is_error:
        logs.debug("success condition")
        logs.debug(result)
        module.exit_json(changed=has_changed, meta=result)

    else:
        logs.debug("failure condition")
        logs.debug(result)
        module.fail_json(msg="Error executing this request", meta=result)
def waf_svc_create(data):
    #Picks up the service attributes from the payload var,
    # makes an API call to the waf to create the service
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    service_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/"

    logs = logger()
    del data['state']

    service_data = {
        "name": data['name'],
        "ip-address": data['ip_address'],
        "port": data['port'],
        "app-id": data['app_id'],
        "comments": data['comments'],
        "address-version": data['address_version'],
        "vsite": data['vsite'],
        "type": data['service_type'],
        "group": data['group'],
        "mask": data['mask'],
        "certificate": data['certificate'],
        "secure-site-domain": data['secure_site_domain'],
    }

    service_url_get = service_url + data['name']
    svc_info = requests.get(service_url_get, headers=headers, verify=False)
    #when service exists and an update is required.
    #need to compare the service_data attributes with the existing configuration and then
    #issue a put command for the changed attribute.

    if svc_info.status_code == 200:
        # compare the service attributes with the payload

        return waf_svc_update(data)

    #when there is no service, create a service
    if svc_info.status_code == 404:
        delete_list = [
            key for key, value in service_data.items() if value is None
        ]
        for key in delete_list:
            del service_data[key]

        logs.debug(service_data)

        r = requests.post(service_url,
                          data=json.dumps(service_data),
                          headers=headers,
                          verify=False)

        if r.status_code == 201:
            if data['service_type'] == "Instant SSL":
                #result={"status_code": r.status_code, "msg":r.text[1]}
                return False, True, result_func(r)
            else:
                logs.debug("service created, checking for updates")
                return waf_svc_update(data)

        if r.status_code != 201:
            #result= {"status_code":r.status_code, "msg": r.text[1]}
            return True, False, result_func(r)
def waf_svc_update(data):
    logs = logger()
    headers, waf_ip, waf_port, proto = token(data['waf_host'])
    service_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/"
    service_url_get = service_url + data['name']
    svc_info = requests.get(service_url_get, headers=headers, verify=False)
    config = json.loads(svc_info.text)
    svc_config = config["data"][data['name']]
    update_data_list = [
        "app-id", "comments", "enable-access-logs", "ip-address", "mask",
        "port", "session-timeout", "status"
    ]
    existing_config = dict()
    ansible_config = dict()
    for attribute in update_data_list:
        existing_config[attribute] = config['data'][data['name']][attribute]
    svc_type = config['data'][data['name']]['type']
    if svc_type == 'HTTPS':
        existing_config["secure-site-domain"] = config['data'][
            data['name']]['Instant SSL']['secure-site-domain']
    else:
        pass
    logs.debug(existing_config)
    ansible_config = {
        "app-id": data['app_id'],
        "comments": data['comments'],
        "enable-access-logs": data['enable_access_logs'],
        "ip-address": data['ip_address'],
        "mask": data['mask'],
        "port": data['port'],
        "session-timeout": data['session_timeout'],
        "status": data['status'],
        "secure-site-domain": data['secure_site_domain'],
    }
    if existing_config.items() == ansible_config.items():
        result = {
            "msg":
            "existing configuration and ansible configuration are same. No changes made"
        }
        return False, False, result
    else:
        update_config_payload = dict()
        update_config_payload['waf_host'] = data['waf_host']
        delete_list = [
            key for key, value in ansible_config.items() if value is None
        ]
        logs.debug(delete_list)
        for key in delete_list:
            del ansible_config[key]
        del ansible_config['secure-site-domain']
        update_config_payload = ansible_config
        #del update_config_payload['waf_host']
        logs.debug("***")
        logs.debug(update_config_payload)
        put_url = proto + waf_ip + ":" + waf_port + "/restapi/v3.1/services/" + data[
            'name']
        r = requests.put(put_url,
                         headers=headers,
                         data=json.dumps(update_config_payload),
                         verify=False)
        logs.debug(r.text)
        if r.status_code == 200:
            #result = {"status_code": r.status_code, "msg": "Configuration Updated"}
            #logs.debug(result)
            return False, True, result_func(r)
        else:
            #result = {"status_code": r.status_code, "msg": r.text[1]}
            return True, False, result_func(r)
def ssl_config_update(data):
    logs = logger()
    headers,waf_ip,waf_port,proto = token(data['waf_host'])
    svc_name = data['service_name']
    svc_get_url = proto+waf_ip+":"+waf_port+"/restapi/v3.1/services/"+svc_name
    r = requests.get(svc_get_url, headers=headers, verify=False)
    existing_config = json.loads(r.text)
    service_type = existing_config["data"][svc_name]["type"]
    logs.debug(service_type)
    if r.status_code == 200:
        # build update payload
        ssl_config_url = proto+waf_ip+":"+waf_port+"/restapi/v3.1/services/"+svc_name+"/ssl-security"
        logs.debug("test message")
        r = requests.get(ssl_config_url, headers=headers, verify=False)
        existing_values = json.loads(r.text)
        existing_config = existing_values["data"][svc_name]["SSL Security"]
        ansible_config = {
                "enable-tls-1-2": data['enable_tls_1_2'],
                "sni-certificate": data['sni_certificate'],
                "sni-ecdsa-certificate": data['sni_ecdsa_certificate'],
                "override-ciphers-ssl3": data['override_ciphers_ssl3'],
                "ciphers": data['ciphers'],
                "selected-ciphers": data['selected_ciphers'],
                "enable-strict-sni-check": data['enable_strict_sni_check'],
                "enable-tls-1-3": data['enable_tls_1_3'],
                "certificate": data['certificate'],
                "override-ciphers-tls-1-1": data['override_ciphers_tls_1_1'],
                "enable-pfs": data['enable_pfs'],
                "status": data['status'],
                "enable-tls-1-1": data['enable_tls_1_1'],
                "domain": data['domain'],
                "enable-ssl-3": data['enable_ssl_3'],
                "hsts-max-age": data['hsts_max_age'],
                "ecdsa-certificate": data['ecdsa_certificate'],
                "override-ciphers-tls-1": data['override_ciphers_tls_1'],
                "include-hsts-sub-domains": data['include_hsts_sub_domains'],
                "enable-tls-1": data['enable_tls_1'],
                "enable-sni": data['enable_sni'],
                "enable-hsts": data['enable_hsts'],
                }
        if existing_config.items() == ansible_config.items():
            result={"msg": "existing configuration and ansible configuration are same. No changes made"}
            return False, False, result
        else:
            update_config_payload = dict()
            update_config_payload['waf_host'] = data['waf_host']
            delete_list = [key for key,value in ansible_config.items() if value is None]
            for key in delete_list:
                del ansible_config[key]
            update_config_payload = ansible_config
            logs.debug(update_config_payload)
            r = requests.put(ssl_config_url, data=json.dumps(update_config_payload), headers=headers, verify=False)
            if r.status_code == 200:
                #result = {"status_code": r.status_code, "msg": r.text}
                return False, True, result_func(r)
            else:
                #result = {"status_code": r.status_code, "msg": r.text}
                return True, False, result_func(r)
    else:
        #result={"msg":"service does not exist"}
        return True, False, result_func(r)