def setUp(self):
self.helper = Secure_Track_Helper("localhost",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
from pytos.securechange.xml_objects.rest import Ticket, Group_Change_Node, Elements, XML_List, \
Group_Change_Member_Object, TYPE_HOST
from common.secret_store import SecretDb
logger = logging.getLogger(COMMON_LOGGER_NAME)
conf = Secure_Config_Parser(
config_file_path="/usr/local/orca/conf/custom.conf")
secret_helper = SecretDb()
st_cred = (secret_helper.get_username('securetrack'),
secret_helper.get_password('securetrack'))
sc_cred = (secret_helper.get_username('securechange'),
secret_helper.get_password('securechange'))
sc_host = conf.get("securechange", "host")
st_host = conf.get("securetrack", "host")
sc_helper = Secure_Change_Helper(sc_host, sc_cred)
st_helper = Secure_Track_Helper(st_host, st_cred)
orca_host = conf.get("integration setup", "hostname")
ticket_template_path = conf.get("integration setup",
"change_group_ticket_template_path")
group_path_url = conf.get("integration setup", "group_path_url")
orca_update_task_url = conf.get("integration setup", "orca_update_task_url")
PID_FILE = '/var/run/orca_group_change.pid'
CHANGE_ADDED_STATUS = "ADDED"
CHANGE_CREATE_STATUS = "CREATE"
NOT_CHANGE_STATUS = "NOT_CHANGED"
AUTH_TOKEN_KEY = 'auth_header_integration'
SUPPORTED_MODELS = [
'Panorama_device_group', 'cp_domain_r80plus', 'asa', 'junos', 'fmg_adom'
]
def main():
cli_args = get_cli_args()
device = cli_args.device or input('Enter device ID or name: ')
hostname = cli_args.hostname or input('Enter SecureTrack hostname or IP: ')
username = cli_args.username or input('Enter SecureTrack username: '******'Enter SecureTrack password: '******'.', end='')
sys.stdout.flush()
rules = {
cleanup.rule.uid: cleanup.rule.rule_text
for cleanup in st_helper.get_shadowed_rules_for_device_by_id(
device.id).shadowed_rules_cleanup.shadowed_rules
}
print('.', end='')
sys.stdout.flush()
shadowed_rules = st_helper.\
get_shadowing_rules_for_device_id_and_rule_uids(device.id,
[u for u in rules]).shadowed_rules_cleanup.shadowed_rules
print('.')
sys.stdout.flush()
print('Rules to remove for device: {}'.format(device.name))
shadowing_warning = {
cleanup.rule.uid: [
shadowing_rule.rule_text
for shadowing_rule in cleanup.shadowing_rules
]
for cleanup in shadowed_rules if any([
shadowing_rule.src_services
for shadowing_rule in cleanup.shadowing_rules
])
}
shadowed_warning = {
cleanup.rule.uid: [
shadowing_rule.rule_text
for shadowing_rule in cleanup.shadowing_rules
]
for cleanup in shadowed_rules if cleanup.rule.src_services
}
print('no {}'.format('\nno '.join([
rules[uid]
for uid in set(rules) - set(shadowed_warning) - set(shadowing_warning)
])))
print(
'***THE BELOW SHADOWING RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***'
)
print('\n'.join([
'{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid])
for uid, shadowed_rules in shadowing_warning.items()
]))
print(
'***THE BELOW SHADOWED RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***'
)
print('\n'.join([
'{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid])
for uid, shadowed_rules in shadowed_warning.items()
]))
def setUpClass(cls):
cls.helper = Secure_Track_Helper("localhost", ("username", "password"))
cls.patcher = patch('pytos.common.rest_requests.requests.Session.send')
cls.mock_get_uri = cls.patcher.start()
cls.mock_get_uri.return_value.status_code = 200
#!/usr/bin/python3.4
import os
from pytos.securetrack.helpers import Secure_Track_Helper
#Files go here
confbackdir = '/tmp/tufin/'
t_ip = '<IP>'
t_user = '******'
t_pass = '******'
# No edit past here...
st_helper = Secure_Track_Helper(t_ip, (t_user, t_pass))
print("Fetching Devices...")
try:
devices = st_helper.get_devices_list()
except:
print("Error reading devices")
exit()
if (not os.path.exists(confbackdir)):
os.makedirs(confbackdir)
# print(devices)
for d in devices:
filename = d.name + '-' + str(d.id)
print("Getting config for {}".format(filename))
try:
c = st_helper.get_device_config_by_id(d.id)
except:
print("Config failed for {}".format(filename))
continue