def run_module():
# define available arguments/parameters a user can pass to the module
argument_spec = vmanage_argument_spec()
argument_spec.update(type=dict(type='str', required=False, default='all'),
)
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(
changed=False,
original_message='',
message=''
)
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(argument_spec=argument_spec,
supports_check_mode=True,
)
vmanage = Vmanage(module)
vmanage_policy_definition_lists = PolicyDefinitions(vmanage.auth, vmanage.host)
vmanage.result['policy_definitions'] = vmanage_policy_definition_lists.get_policy_definition_list(vmanage.params['type'])
vmanage.exit_json(**vmanage.result)
def export_policy_to_file(self, export_file):
policy_lists = PolicyLists(self.session, self.host, self.port)
policy_definitions = PolicyDefinitions(self.session, self.host,
self.port)
local_policy = LocalPolicy(self.session, self.host, self.port)
central_policy = CentralPolicy(self.session, self.host, self.port)
policy_lists_list = policy_lists.get_policy_list_list()
policy_definitions_list = policy_definitions.get_policy_definition_list(
)
central_policies_list = central_policy.get_central_policy_list()
local_policies_list = local_policy.get_local_policy_list()
policy_export = {
'vmanage_policy_lists': policy_lists_list,
'vmanage_policy_definitions': policy_definitions_list,
'vmanage_central_policies': central_policies_list,
'vmanage_local_policies': local_policies_list
}
if export_file.endswith('.json'):
with open(export_file, 'w') as outfile:
json.dump(policy_export, outfile, indent=4, sort_keys=False)
elif export_file.endswith(('.yaml', 'yml')):
with open(export_file, 'w') as outfile:
yaml.dump(policy_export, outfile, default_flow_style=False)
else:
raise Exception("File format not supported")
def __init__(self, session, host, port=443):
"""Initialize Localized Policy object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_definitions = PolicyDefinitions(self.session, self.host)
def __init__(self, session, host, port=443):
"""Initialize Files object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.device_templates = DeviceTemplates(self.session, self.host,
self.port)
self.feature_templates = FeatureTemplates(self.session, self.host,
self.port)
self.template_data = TemplateData(self.session, self.host, self.port)
self.policy_data = PolicyData(self.session, self.host, self.port)
self.policy_lists = PolicyLists(self.session, self.host, self.port)
self.policy_definitions = PolicyDefinitions(self.session, self.host,
self.port)
self.local_policy = LocalPolicy(self.session, self.host, self.port)
self.central_policy = CentralPolicy(self.session, self.host, self.port)
self.vmanage_device = Device(self.session, self.host, self.port)
def definition(ctx, name, json, definition_type): #pylint: disable=unused-argument
"""
Show policy definition information
"""
policy_definitions = PolicyDefinitions(ctx.auth, ctx.host, ctx.port)
policy_data = PolicyData(ctx.auth, ctx.host, ctx.port)
pp = pprint.PrettyPrinter(indent=2)
if name:
policy_definition_dict = policy_definitions.get_policy_definition_dict(definition_type)
if name in policy_definition_dict:
policy_definition = policy_data.export_policy_definition_list(policy_definition_dict[name]['type'].lower())
# list_keys(policy_definition['definition'])
pp.pprint(policy_definition)
else:
policy_definition_list = policy_data.export_policy_definition_list(definition_type)
pp.pprint(policy_definition_list)
def __init__(self, session, host, port=443):
"""Initialize Policy Method object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_lists = PolicyLists(self.session, self.host, self.port)
self.policy_definitions = PolicyDefinitions(self.session, self.host, self.port)
self.local_policy = LocalPolicy(self.session, self.host, self.port)
self.central_policy = CentralPolicy(self.session, self.host, self.port)
self.security_policy = SecurityPolicy(self.session, self.host, self.port)
def run_module():
# define available arguments/parameters a user can pass to the module
# we only support the 'data' type currently, it will be fixed when we migrate to the SDK
argument_spec = vmanage_argument_spec()
argument_spec.update(
state=dict(type='str',
choices=['absent', 'present'],
default='present'),
aggregate=dict(type='list'),
name=dict(type='str'),
description=dict(type='str'),
type=dict(type='str', required=False, choices=['data']),
sequences=dict(type='list'),
default_action=dict(type='dict', alias='defaultAction'),
update=dict(type='bool', default=False),
push=dict(type='bool', default=False),
)
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(changed=False, )
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
vmanage = Vmanage(module)
vmanage_policy_definitions = PolicyDefinitions(vmanage.auth, vmanage.host)
# Always as an aggregate... make a definition if just given a single entry
if vmanage.params['aggregate']:
policy_definition_list = vmanage.params['aggregate']
else:
policy_definition_list = [{
"name":
vmanage.params['name'],
"description":
vmanage.params['description'],
"type":
vmanage.params['type'],
"sequences":
vmanage.params['sequences'],
"defaultAction":
vmanage.params['default_action']
}]
# Import site lists
policy_definition_updates = []
if vmanage.params['state'] == 'present':
policy_list_updates = vmanage_policy_definitions.import_policy_definition_list(
policy_definition_list,
check_mode=module.check_mode,
update=vmanage.params['update'],
push=vmanage.params['push'])
if policy_list_updates:
vmanage.result['changed'] = True
else:
policy_definition_dict = vmanage_policy_definitions.get_policy_definition_dict(
vmanage.params['type'], remove_key=False)
for policy_definition in policy_definition_list:
if policy_definition['name'] in policy_definition_dict:
diff = list(dictdiffer.diff({}, policy_definition))
policy_definition_updates.append({
'name':
policy_definition['name'],
'diff':
diff
})
if not module.check_mode:
vmanage_policy_definitions.delete_policy_definition(
policy_definition['type'].lower(),
policy_definition['listId'])
vmanage.result['changed'] = True
vmanage.params['updates'] = policy_definition_updates
vmanage.exit_json(**vmanage.result)
def import_policy_from_file(self,
file,
update=False,
check_mode=False,
push=False):
vmanage_policy_lists = PolicyLists(self.session, self.host, self.port)
vmanage_policy_definitions = PolicyDefinitions(self.session, self.host,
self.port)
vmanage_central_policy = CentralPolicy(self.session, self.host,
self.port)
vmanage_local_policy = LocalPolicy(self.session, self.host, self.port)
policy_list_updates = []
policy_definition_updates = []
central_policy_updates = []
local_policy_updates = []
# Read in the datafile
if not os.path.exists(file):
raise Exception('Cannot find file {0}'.format(file))
with open(file) as f:
if file.endswith('.yaml') or file.endswith('.yml'):
policy_data = yaml.safe_load(f)
else:
policy_data = json.load(f)
# Separate the feature template data from the device template data
if 'vmanage_policy_lists' in policy_data:
policy_list_data = policy_data['vmanage_policy_lists']
else:
policy_list_data = []
if 'vmanage_policy_definitions' in policy_data:
policy_definition_data = policy_data['vmanage_policy_definitions']
else:
policy_definition_data = []
if 'vmanage_central_policies' in policy_data:
central_policy_data = policy_data['vmanage_central_policies']
else:
central_policy_data = []
if 'vmanage_local_policies' in policy_data:
local_policy_data = policy_data['vmanage_local_policies']
else:
local_policy_data = []
policy_list_updates = vmanage_policy_lists.import_policy_list_list(
policy_list_data, check_mode=check_mode, update=update, push=push)
vmanage_policy_lists.clear_policy_list_cache()
policy_definition_updates = vmanage_policy_definitions.import_policy_definition_list(
policy_definition_data,
check_mode=check_mode,
update=update,
push=push)
central_policy_updates = vmanage_central_policy.import_central_policy_list(
central_policy_data,
check_mode=check_mode,
update=update,
push=push)
local_policy_updates = vmanage_local_policy.import_local_policy_list(
local_policy_data, check_mode=check_mode, update=update, push=push)
return {
'policy_list_updates': policy_list_updates,
'policy_definition_updates': policy_definition_updates,
'central_policy_updates': central_policy_updates,
'local_policy_updates': local_policy_updates
}
class PolicyData(object):
"""Methods that deal with importing, exporting, and manipulating data from policies.
"""
def __init__(self, session, host, port=443):
"""Initialize Policy Method object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_lists = PolicyLists(self.session, self.host, self.port)
self.policy_definitions = PolicyDefinitions(self.session, self.host, self.port)
self.local_policy = LocalPolicy(self.session, self.host, self.port)
self.central_policy = CentralPolicy(self.session, self.host, self.port)
self.security_policy = SecurityPolicy(self.session, self.host, self.port)
#pylint: disable=unused-argument
def import_policy_list_list(self, policy_list_list, push=False, update=False, check_mode=False, force=False):
"""Import a list of policyies lists into vManage. Object Names are translated to IDs.
Args:
policy_list_list: A list of polcies
push (bool): Whether to push a change out
update (bool): Whether to update when the list exists
check_mode (bool): Report what updates would happen, but don't update
Returns:
result (dict): All data associated with a response.
"""
# Policy Lists
diff = []
policy_list_updates = []
#pylint: disable=too-many-nested-blocks
for policy_list in policy_list_list:
policy_list_dict = self.policy_lists.get_policy_list_dict(policy_list['type'],
remove_key=False,
cache=False)
if policy_list['name'] in policy_list_dict:
existing_list = policy_list_dict[policy_list['name']]
diff_ignore = set(
['listId', 'references', 'lastUpdated', 'activatedId', 'policyId', 'listId', 'isActivatedByVsmart'])
diff = list(dictdiffer.diff(existing_list, policy_list, ignore=diff_ignore))
if diff:
policy_list_updates.append({'name': policy_list['name'], 'diff': diff})
policy_list['listId'] = policy_list_dict[policy_list['name']]['listId']
# If description is not specified, try to get it from the existing information
if not policy_list['description']:
policy_list['description'] = policy_list_dict[policy_list['name']]['description']
if not check_mode and update:
response = self.policy_lists.update_policy_list(policy_list)
if response['json']:
# Updating the policy list returns a `processId` that locks the list and 'masterTemplatesAffected'
# that lists the templates affected by the change.
if 'error' in response['json']:
raise Exception(response['json']['error']['message'])
elif 'processId' in response['json']:
if push:
vmanage_device_templates = DeviceTemplates(self.session, self.host)
# If told to push out the change, we need to reattach each template affected by the change
for template_id in response['json']['masterTemplatesAffected']:
vmanage_device_templates.reattach_device_template(template_id)
else:
raise Exception("Did not get a process id when updating policy list")
else:
diff = list(dictdiffer.diff({}, policy_list))
policy_list_updates.append({'name': policy_list['name'], 'diff': diff})
if not check_mode:
self.policy_lists.add_policy_list(policy_list)
return policy_list_updates
def convert_list_name_to_id(self, name_list):
"""Convert policy list from names to IDs in object.
Args:
name_list (list): Object
"""
if isinstance(name_list, dict):
for key, value in list(name_list.items()):
if key.endswith('List') and key != "signatureWhiteList":
t = key[0:len(key) - 4]
policy_list = self.policy_lists.get_policy_list_by_name(value, policy_list_type=t)
if policy_list:
name_list[key] = policy_list['listId']
else:
raise Exception(f"Could not find id for list {value}, type {t}")
elif key.endswith('Lists'):
t = key[0:len(key) - 5]
new_list = []
for list_name in value:
policy_list = self.policy_lists.get_policy_list_by_name(list_name, policy_list_type=t)
if policy_list:
list_id = policy_list['listId']
new_list.append(list_id)
else:
raise Exception(f"Could not find id for list {list_name}, type {t}")
name_list[key] = new_list
elif key.endswith('Zone'):
policy_list = self.policy_lists.get_policy_list_by_name(value, 'zone')
if policy_list:
name_list[key] = policy_list['listId']
else:
raise Exception(f"Could not find id for list {value}, type zone")
elif key == 'listName':
if 'listType' in name_list:
policy_list = self.policy_lists.get_policy_list_by_name(name_list['listName'],
policy_list_type=name_list['listType'])
else:
raise Exception(f"Could not find type for list {name_list['listName']}")
if policy_list and 'listId' in policy_list:
name_list['ref'] = policy_list['listId']
name_list.pop('listName')
name_list.pop('listType')
else:
raise Exception(
f"Could not find id for list {name_list['listName']}, type {name_list['listType']}")
elif key == 'className':
if 'classType' in name_list:
policy_list = self.policy_lists.get_policy_list_by_name(name_list['className'],
policy_list_type=name_list['classType'])
else:
raise Exception(f"Could not find type for list {name_list['className']}")
if policy_list and 'listId' in policy_list:
name_list['class'] = policy_list['listId']
name_list.pop('className')
name_list.pop('classType')
else:
raise Exception(
f"Could not find id for list {name_list['className']}, type {name_list['classType']}")
else:
self.convert_list_name_to_id(value)
elif isinstance(name_list, list):
for item in name_list:
self.convert_list_name_to_id(item)
def convert_list_id_to_name(self, id_list):
"""Convert policy list from IDs to names in object.
Args:
id_list (list): Object
"""
if isinstance(id_list, dict):
for key, value in list(id_list.items()):
if key.endswith('List') and key != "signatureWhiteList":
t = key[0:len(key) - 4]
val = value
if isinstance(value, list):
val = value[0]
policy_list = self.policy_lists.get_policy_list_by_id(val, policy_list_type=t)
if policy_list:
id_list[key] = policy_list['name']
else:
raise Exception(f"Could not find name for list id {val}, type {t}")
elif key.endswith('Lists'):
t = key[0:len(key) - 5]
new_list = []
for list_id in value:
policy_list = self.policy_lists.get_policy_list_by_id(list_id, policy_list_type=t)
if policy_list:
list_name = policy_list['name']
new_list.append(list_name)
else:
raise Exception(f"Could not find name for list id {list_id}, type {t}")
id_list[key] = new_list
elif key.endswith('Zone'):
policy_list = self.policy_lists.get_policy_list_by_id(value, 'zone')
if policy_list:
id_list[key] = policy_list['name']
else:
raise Exception(f"Could not find name for list {value}, type zone")
elif key == 'ref':
policy_list = self.policy_lists.get_policy_list_by_id(id_list['ref'])
if policy_list:
id_list['listName'] = policy_list['name']
id_list['listType'] = policy_list['type']
id_list.pop('ref')
else:
raise Exception(f"Could not find name for list {id_list['ref']}")
elif key == 'class':
policy_list = self.policy_lists.get_policy_list_by_id(id_list['class'])
if policy_list:
id_list['className'] = policy_list['name']
id_list['classType'] = policy_list['type']
id_list.pop('class')
else:
raise Exception(f"Could not find name for list {id_list['class']}")
else:
self.convert_list_id_to_name(value)
elif isinstance(id_list, list):
for item in id_list:
self.convert_list_id_to_name(item)
def convert_sequences_to_id(self, sequence_list):
"""Convert sequence entries from IDs to names in object.
Args:
sequence_list (list): Sequence list
"""
for sequence in sequence_list:
if 'match' in sequence and 'entries' in sequence['match']:
for entry in sequence['match']['entries']:
if 'listName' in entry:
policy_list_dict = self.policy_lists.get_policy_list_dict(entry['listType'])
if entry['listName'] in policy_list_dict:
entry['ref'] = policy_list_dict[entry['listName']]['listId']
entry.pop('listName')
entry.pop('listType')
else:
raise Exception("Could not find list {0} of type {1}".format(
entry['listName'], entry['listType']))
def convert_definition_id_to_name(self, policy_definition):
"""Convert policy_definition from IDs to names in object.
Args:
policy_definition (list): Sequence list
"""
if 'assembly' in policy_definition and policy_definition['assembly']:
for assembly_item in policy_definition['assembly']:
policy_definition_detail = self.policy_definitions.get_policy_definition(
assembly_item['type'].lower(), assembly_item['definitionId'])
definition_id = assembly_item.pop('definitionId')
if policy_definition_detail:
assembly_item['definitionName'] = policy_definition_detail['name']
else:
raise Exception("Cannot find policy definition for {0}".format(definition_id))
if 'entries' in assembly_item:
# Translate list IDs to names
self.convert_list_id_to_name(assembly_item['entries'])
def convert_definition_name_to_id(self, policy_definition):
"""Convert policy_definition from names to IDs in object.
Args:
policy_definition (list): Sequence list
"""
if 'assembly' in policy_definition and policy_definition['assembly']:
for assembly_item in policy_definition['assembly']:
definition_name = assembly_item.pop('definitionName')
policy_definition_dict = self.policy_definitions.get_policy_definition_dict(assembly_item['type'])
if definition_name in policy_definition_dict:
assembly_item['definitionId'] = policy_definition_dict[definition_name]['definitionId']
else:
raise Exception("Cannot find policy definition {0}".format(definition_name))
if 'entries' in assembly_item:
self.convert_list_name_to_id(assembly_item['entries'])
def convert_policy_definition_to_name(self, policy_definition):
"""Convert policy_definition objects from IDs to names
Args:
policy_definition (list): Sequence list
Returns:
result (dict): The converted policy definition
"""
converted_policy_definition = policy_definition
if 'definition' in policy_definition:
self.convert_list_id_to_name(policy_definition['definition'])
if 'sequences' in policy_definition:
self.convert_list_id_to_name(policy_definition['sequences'])
if 'rules' in policy_definition:
self.convert_list_id_to_name(policy_definition['rules'])
return converted_policy_definition
def convert_policy_definition_to_id(self, policy_definition):
"""Convert policy_definition objects from names to IDs
Args:
policy_definition (list): Sequence list
Returns:
result (dict): The converted policy definition
"""
converted_policy_definition = policy_definition
if 'definition' in policy_definition:
self.convert_list_name_to_id(policy_definition['definition'])
if 'sequences' in policy_definition:
self.convert_list_name_to_id(policy_definition['sequences'])
if 'rules' in policy_definition:
self.convert_list_name_to_id(policy_definition['rules'])
return converted_policy_definition
def export_policy_definition_list(self, definition_type='all'):
"""Export Policy Definition Lists from vManage, translating IDs to Names.
Args:
definition_type (string): The type of Definition List to retreive
Returns:
response (list): A list of all definition lists currently
in vManage.
"""
policy_definition_list = self.policy_definitions.get_policy_definition_list(definition_type)
export_definition_list = []
for policy_definition in policy_definition_list:
definition_detail = self.policy_definitions.get_policy_definition(policy_definition['type'],
policy_definition['definitionId'])
converted_policy_definition = self.convert_policy_definition_to_name(definition_detail)
export_definition_list.append(converted_policy_definition)
return export_definition_list
#pylint: disable=unused-argument
def import_policy_definition_list(self,
policy_definition_list,
update=False,
push=False,
check_mode=False,
force=False):
"""Import Policy Definitions into vManage. Object names are converted to IDs.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
policy_definition_updates = []
for definition in policy_definition_list:
policy_definition_dict = self.policy_definitions.get_policy_definition_dict(definition['type'],
remove_key=False)
diff = []
payload = {
"name": definition['name'],
"description": definition['description'],
"type": definition['type'],
}
if 'defaultAction' in definition:
payload.update({'defaultAction': definition['defaultAction']})
if 'sequences' in definition:
payload.update({'sequences': definition['sequences']})
if 'definition' in definition:
payload.update({'definition': definition['definition']})
if definition['name'] in policy_definition_dict:
existing_definition = self.convert_policy_definition_to_name(policy_definition_dict[definition['name']])
# Just check the things that we care about changing.
diff_ignore = set([
'lastUpdated', 'definitionId', 'referenceCount', 'references', 'owner', 'isActivatedByVsmart',
'infoTag', 'activatedId'
])
diff = list(dictdiffer.diff(existing_definition, payload, ignore=diff_ignore))
if diff:
converted_definition = self.convert_policy_definition_to_id(definition)
policy_definition_updates.append({'name': converted_definition['name'], 'diff': diff})
if not check_mode and update:
self.policy_definitions.update_policy_definition(
converted_definition, policy_definition_dict[converted_definition['name']]['definitionId'])
policy_definition_updates.append({'name': converted_definition['name'], 'diff': diff})
else:
# Policy definition does not exist
diff = list(dictdiffer.diff({}, payload))
policy_definition_updates.append({'name': definition['name'], 'diff': diff})
converted_definition = self.convert_policy_definition_to_id(definition)
if not check_mode:
self.policy_definitions.add_policy_definition(converted_definition)
return policy_definition_updates
def convert_policy_to_name(self, policy_item):
"""Convert policy items from IDs to names
Args:
definition_type (string): Policy item
Returns:
response (dict): The converted policy item
"""
if 'policyDefinition' in policy_item:
converted_policy_item = policy_item
self.convert_definition_id_to_name(converted_policy_item['policyDefinition'])
return converted_policy_item
return policy_item
def convert_policy_to_id(self, policy_item):
"""Convert policy items from names IDs
Args:
definition_type (string): Policy item
Returns:
response (dict): The converted policy item
"""
if 'policyDefinition' in policy_item:
converted_policy_item = policy_item
self.convert_definition_name_to_id(converted_policy_item['policyDefinition'])
return converted_policy_item
return policy_item
def export_local_policy_list(self):
"""Export Local Policies from vManage. Object IDs are converted to names.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
export_policy_list = []
local_policy_list = self.local_policy.get_local_policy_list()
for local_policy in local_policy_list:
converted_policy_definition = self.convert_policy_to_name(local_policy)
export_policy_list.append(converted_policy_definition)
return export_policy_list
#pylint: disable=unused-argument
def import_local_policy_list(self, local_policy_list, update=False, push=False, check_mode=False, force=False):
"""Import Local Policies into vManage. Object names are converted to IDs.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
local_policy_dict = self.local_policy.get_local_policy_dict(remove_key=False)
diff = []
local_policy_updates = []
for local_policy in local_policy_list:
payload = {'policyName': local_policy['policyName']}
payload['policyDescription'] = local_policy['policyDescription']
payload['policyType'] = local_policy['policyType']
payload['policyDefinition'] = local_policy['policyDefinition']
if payload['policyName'] in local_policy_dict:
# A policy by that name already exists
existing_policy = self.convert_policy_to_name(local_policy_dict[payload['policyName']])
diff_ignore = set([
'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
'createdBy', 'lastUpdatedBy', 'lastUpdatedOn', 'mastersAttached', 'policyDefinitionEdit',
'devicesAttached'
])
diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
if diff:
print(diff)
local_policy_updates.append({'name': local_policy['policyName'], 'diff': diff})
if 'policyDefinition' in payload:
self.convert_definition_name_to_id(payload['policyDefinition'])
if not check_mode and update:
self.local_policy.update_local_policy(payload, existing_policy['policyId'])
else:
diff = list(dictdiffer.diff({}, payload['policyDefinition']))
local_policy_updates.append({'name': local_policy['policyName'], 'diff': diff})
if 'policyDefinition' in payload:
# Convert list and definition names to template IDs
self.convert_definition_name_to_id(payload['policyDefinition'])
if not check_mode:
self.local_policy.add_local_policy(payload)
return local_policy_updates
def export_central_policy_list(self):
"""Export Central Policies from vManage, converting IDs to names.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
export_policy_list = []
central_policy_list = self.central_policy.get_central_policy_list()
for central_policy in central_policy_list:
converted_policy_definition = self.convert_policy_to_name(central_policy)
export_policy_list.append(converted_policy_definition)
return export_policy_list
#pylint: disable=unused-argument
def import_central_policy_list(self, central_policy_list, update=False, push=False, check_mode=False, force=False):
"""Import Central Policies into vManage. Object names are converted to IDs.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
central_policy_dict = self.central_policy.get_central_policy_dict(remove_key=False)
diff = []
central_policy_updates = []
for central_policy in central_policy_list:
payload = {'policyName': central_policy['policyName']}
payload['policyDescription'] = central_policy['policyDescription']
payload['policyType'] = central_policy['policyType']
payload['policyDefinition'] = central_policy['policyDefinition']
if payload['policyName'] in central_policy_dict:
# A policy by that name already exists
existing_policy = self.convert_policy_to_name(central_policy_dict[payload['policyName']])
diff_ignore = set([
'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
'createdBy', 'lastUpdatedBy', 'lastUpdatedOn'
])
diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
if diff:
central_policy_updates.append({'name': central_policy['policyName'], 'diff': diff})
# Convert list and definition names to template IDs
converted_payload = self.convert_policy_to_id(payload)
if not check_mode and update:
self.central_policy.update_central_policy(converted_payload, existing_policy['policyId'])
else:
diff = list(dictdiffer.diff({}, payload['policyDefinition']))
central_policy_updates.append({'name': central_policy['policyName'], 'diff': diff})
if not check_mode:
# Convert list and definition names to template IDs
converted_payload = self.convert_policy_to_id(payload)
self.central_policy.add_central_policy(converted_payload)
return central_policy_updates
def export_security_policy_list(self):
"""Export Security Policies from vManage, converting IDs to names.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
export_policy_list = []
security_policy_list = self.security_policy.get_security_policy_list()
for security_policy in security_policy_list:
converted_policy_definition = self.convert_policy_to_name(security_policy)
export_policy_list.append(converted_policy_definition)
return export_policy_list
def import_security_policy_list(self,
security_policy_list,
update=False,
push=False,
check_mode=False,
force=False):
"""Import Security Policies into vManage. Object names are converted to IDs.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
security_policy_dict = self.security_policy.get_security_policy_dict(remove_key=False)
diff = []
security_policy_updates = []
for security_policy in security_policy_list:
payload = {'policyName': security_policy['policyName']}
payload['policyDescription'] = security_policy['policyDescription']
payload['policyType'] = security_policy['policyType']
payload['policyDefinition'] = security_policy['policyDefinition']
if payload['policyName'] in security_policy_dict:
# A policy by that name already exists
existing_policy = self.convert_policy_to_name(security_policy_dict[payload['policyName']])
diff_ignore = set([
'lastUpdated', 'policyVersion', 'createdOn', 'references', 'isPolicyActivated', '@rid', 'policyId',
'createdBy', 'lastUpdatedBy', 'lastUpdatedOn', 'policyDefinitionEdit', 'mastersAttached',
'devicesAttached', 'supportedDevices', 'virtualApplicationTemplates', 'policyUseCase'
])
diff = list(dictdiffer.diff(existing_policy, payload, ignore=diff_ignore))
if diff:
security_policy_updates.append({'name': security_policy['policyName'], 'diff': diff})
# Convert list and definition names to template IDs
converted_payload = self.convert_policy_to_id(payload)
if not check_mode and update:
self.security_policy.update_security_policy(converted_payload, existing_policy['policyId'])
else:
diff = list(dictdiffer.diff({}, payload['policyDefinition']))
security_policy_updates.append({'name': security_policy['policyName'], 'diff': diff})
if not check_mode:
# Convert list and definition names to template IDs
converted_payload = self.convert_policy_to_id(payload)
self.security_policy.add_security_policy(converted_payload)
return security_policy_updates
class CleanVmanage(object):
"""Reset all configuratios on a vManage instance.
Executes the necessary REST calls in specific order to remove
configurations applied to a vManage instance.
"""
def __init__(self, session, host, port=443):
"""Initialize Reset vManage object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.utilities = Utilities(self.session, self.host)
self.central_policy = CentralPolicy(self.session, self.host)
self.local_policy = LocalPolicy(self.session, self.host)
self.device = Device(self.session, self.host)
self.device_templates = DeviceTemplates(self.session, self.host)
self.feature_templates = FeatureTemplates(self.session, self.host)
self.sec_pol = SecurityPolicy(self.session, self.host)
self.policy_definitions = PolicyDefinitions(self.session, self.host)
self.policy_lists = PolicyLists(self.session, self.host)
def active_count_delay(self):
"""Delay while there are active tasks.
"""
activeCount = 1
while activeCount != 0:
time.sleep(1.0)
data = self.utilities.get_active_count()
activeCount = data["activeTaskCount"]
def clean_vedge_attachments(self):
"""Clean all vedge attachments
"""
data = self.device.get_device_list('vedges')
for device in data:
if (('deviceIP' in device) and (device['configOperationMode'] == 'vmanage')):
deviceId = device['uuid']
deviceIP = device['deviceIP']
deviceType = device['deviceType']
self.device.post_device_cli_mode(deviceId, deviceIP, deviceType)
self.active_count_delay()
def clean_controller_attachments(self):
"""Clean all controller attachments
"""
data = self.device.get_device_list('controllers')
for device in data:
if (('deviceIP' in device) and (device['configOperationMode'] == 'vmanage')):
deviceId = device['uuid']
deviceIP = device['deviceIP']
deviceType = device['deviceType']
self.device.post_device_cli_mode(deviceId, deviceIP, deviceType)
# Requires pause between controllers
self.active_count_delay()
self.active_count_delay()
def clean_device_templates(self):
"""Clean all device templates
"""
data = self.device_templates.get_device_templates()
for device in data:
templateId = device['templateId']
self.device_templates.delete_device_template(templateId)
self.active_count_delay()
def clean_feature_templates(self):
"""Clean all feature templates
"""
data = self.feature_templates.get_feature_templates()
for device in data:
#pylint: disable=no-else-continue
if device['factoryDefault']:
continue
else:
templateId = device['templateId']
self.feature_templates.delete_feature_template(templateId)
self.active_count_delay()
def clean_central_policy(self):
"""Clean all central policy
"""
data = self.central_policy.get_central_policy()
for policy in data:
policy_id = policy['policyId']
if policy['isPolicyActivated']:
action_id = self.central_policy.deactivate_central_policy(policy_id)
if action_id:
self.utilities.waitfor_action_completion(action_id)
self.central_policy.delete_central_policy(policy_id)
self.active_count_delay()
def clean_local_policy(self):
"""Clean all local policy
"""
data = self.local_policy.get_local_policy()
for policy in data:
policyId = policy['policyId']
self.local_policy.delete_local_policy(policyId)
self.active_count_delay()
def clean_policy_definitions(self):
"""Clean all policy definitions
"""
policy_definition_list = self.policy_definitions.get_policy_definition_list()
for policy_definition in policy_definition_list:
self.policy_definitions.delete_policy_definition(policy_definition['type'],
policy_definition['definitionId'])
self.active_count_delay()
def clean_policy_lists(self):
"""Clean all policy lists
"""
policy_list_list = self.policy_lists.get_policy_list_list()
for policy_list in policy_list_list:
if not policy_list['readOnly'] and policy_list['owner'] != 'system':
self.policy_lists.delete_policy_list(policy_list['type'], policy_list['listId'])
self.active_count_delay()
def clean_security_policy(self):
"""Clean all security policy
"""
version = self.utilities.get_vmanage_version()
if version >= '18.2.0':
data = self.sec_pol.get_security_policy()
for policy in data:
policyId = policy['policyId']
self.sec_pol.delete_security_policy(policyId)
self.active_count_delay()
# # Step 11 - Delete All UTD Specific Security Policies
# version = self.utilities.get_vmanage_version()
# definitionList = []
# # TODO: implement a proper semver comparison, this will fail if version is 18.30.0
# if version >= '18.4.0':
# definitionList = [
# 'zonebasedfw', 'urlfiltering', 'dnssecurity', 'intrusionprevention', 'advancedMalwareProtection'
# ]
# #pylint: disable=chained-comparison
# if version < '18.4.0' and version >= '18.2.0':
# definitionList = ['zonebasedfw']
# if definitionList:
# for definition in definitionList:
# data = self.sec_pol.get_security_definition(definition)
# if data:
# for policy in data:
# definitionId = policy['definitionId']
# self.sec_pol.delete_security_definition(definition, definitionId)
# self.active_count_delay()
# # Step 12 - Delete All Lists
# data = self.pol_lists.get_policy_list_all()
# for policy_list in data:
# owner = policy_list['owner']
# if owner != 'system':
# listType = policy_list['type'].lower()
# listId = policy_list['listId']
# self.pol_lists.delete_policy_list(listType, listId)
def clean_all(self):
"""Clean everything in vManage
"""
# Step 1 - Deactivate Central Policy
self.clean_central_policy()
# Step 2 - Detach vedges from template
self.clean_vedge_attachments()
# Step 3 - Detach controllers from template
self.clean_controller_attachments()
# Step 4 - Delete All Device Templates
self.clean_device_templates()
# Step 5 - Delete All Feature Templates
self.clean_feature_templates()
# Step 6 - Delete All Centralized Policies
self.clean_central_policy()
# Step 7 - Delete All Policy Definitions
self.clean_policy_definitions()
# Step 8 - Delete All Policy Lists
self.clean_policy_lists()
# Step 9 - Delete All Local Policies
self.clean_local_policy()
# Step 10 - Delete All Security Policies
self.clean_security_policy()
return ('Reset Complete')
class LocalPolicy(object):
"""vManage Local Policy API
Responsible for DELETE, GET, POST, PUT methods against vManage
Local Policy.
"""
def __init__(self, session, host, port=443):
"""Initialize Localized Policy object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_definitions = PolicyDefinitions(self.session, self.host)
# Need to decide where this goes
def add_local_policy(self, policy):
"""Delete a Central Policy from vManage.
Args:
policy: The Central Policy
Returns:
result (dict): All data associated with a response.
"""
url = f"{self.base_url}template/policy/vedge"
HttpMethods(self.session, url).request('POST', payload=json.dumps(policy))
def update_local_policy(self, policy, policy_id):
"""Update a Central from vManage.
Args:
policy: The Central Policy
policy_id: The ID of the Central Policy to update
Returns:
result (dict): All data associated with a response.
"""
url = f"{self.base_url}template/policy/vedge/{policy_id}"
HttpMethods(self.session, url).request('PUT', payload=json.dumps(policy))
def delete_localized_policy(self, policy_id):
"""Deletes the specified local policy
Args:
policyId (str): ID of the active local policy
Returns:
result (dict): All data associated with a response.
"""
url = f"{self.base_url}template/policy/vedge/{policy_id}"
response = HttpMethods(self.session, url).request('DELETE')
result = ParseMethods.parse_status(response)
return result
def get_local_policy_list(self):
"""Get all Central Policies from vManage.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
api = "template/policy/vedge"
url = self.base_url + api
response = HttpMethods(self.session, url).request('GET')
result = ParseMethods.parse_data(response)
local_policy_list = result
for policy in local_policy_list:
# This is to accommodate CLI policy
try:
json_policy = json.loads(policy['policyDefinition'])
policy['policyDefinition'] = json_policy
except Exception:
pass
# policy['policyDefinition'] = json.loads(policy['policyDefinition'])
self.policy_definitions.convert_definition_id_to_name(policy['policyDefinition'])
return local_policy_list
def get_local_policy_dict(self, key_name='policyName', remove_key=False):
local_policy_list = self.get_local_policy_list()
return list_to_dict(local_policy_list, key_name, remove_key=remove_key)
#pylint: disable=unused-argument
def import_local_policy_list(self, local_policy_list, update=False, push=False, check_mode=False, force=False):
local_policy_dict = self.get_local_policy_dict(remove_key=False)
local_policy_updates = []
for local_policy in local_policy_list:
payload = {'policyName': local_policy['policyName']}
payload['policyDescription'] = local_policy['policyDescription']
payload['policyType'] = local_policy['policyType']
payload['policyDefinition'] = local_policy['policyDefinition']
if payload['policyName'] in local_policy_dict:
# A policy by that name already exists
existing_policy = local_policy_dict[payload['policyName']]
diff = list(dictdiffer.diff(existing_policy['policyDefinition'], payload['policyDefinition']))
if len(diff):
if 'policyDefinition' in payload:
self.policy_definitions.convert_definition_name_to_id(payload['policyDefinition'])
if not check_mode and update:
self.update_local_policy(payload, existing_policy['policyId'])
else:
diff = list(dictdiffer.diff({}, payload['policyDefinition']))
if 'policyDefinition' in payload:
# Convert list and definition names to template IDs
self.policy_definitions.convert_definition_name_to_id(payload['policyDefinition'])
if not check_mode:
self.add_local_policy(payload)
return local_policy_updates
class CentralPolicy(object):
"""vManage Central Policy API
Responsible for DELETE, GET, POST, PUT methods against vManage
Central Policy.
"""
def __init__(self, session, host, port=443):
"""Initialize Centralized Policy object with session parameters.
Args:
session (obj): Requests Session object
host (str): hostname or IP address of vManage
port (int): default HTTPS 443
"""
self.session = session
self.host = host
self.port = port
self.base_url = f'https://{self.host}:{self.port}/dataservice/'
self.policy_definitions = PolicyDefinitions(self.session, self.host)
def activate_central_policy(self, policy_name, policy_id):
"""Activates the current active centralized policy
Args:
policyId (str): ID of the active centralized policy
Returns:
result (str): The Action ID from the activation.
"""
url = f"{self.base_url}template/policy/vsmart/activate/{policy_id}?confirm=true"
payload = {'policyName': policy_name}
response = HttpMethods(self.session,
url).request('POST',
payload=json.dumps(payload))
# result = ParseMethods.parse_status(response)
if 'json' in response and 'id' in response['json']:
return response['json']['id']
error = response['error']
result = response['details']
raise Exception(f'{error}: {result}')
def deactivate_central_policy(self, policy_id):
"""Deactivates the current active centralized policy
Args:
policyId (str): ID of the deactive centralized policy
Returns:
result (str): The Action ID from the activation.
"""
url = f"{self.base_url}template/policy/vsmart/deactivate/{policy_id}?confirm=true"
response = HttpMethods(self.session, url).request('POST')
ParseMethods.parse_status(response)
if 'json' in response and 'id' in response['json']:
return response['json']['id']
return None
def add_central_policy(self, policy):
"""Delete a Central Policy from vManage.
Args:
policy: The Central Policy
Returns:
result (dict): All data associated with a response.
"""
url = f"{self.base_url}template/policy/vsmart"
HttpMethods(self.session, url).request('POST',
payload=json.dumps(policy))
def update_central_policy(self, policy, policy_id):
"""Update a Central from vManage.
Args:
policy: The Central Policy
policy_id: The ID of the Central Policy to update
Returns:
result (dict): All data associated with a response.
"""
url = f"{self.base_url}template/policy/vsmart/{policy_id}"
HttpMethods(self.session, url).request('PUT',
payload=json.dumps(policy))
def delete_central_policy(self, policyId):
"""Deletes the specified centralized policy
Args:
policyId (str): ID of the active centralized policy
Returns:
result (dict): All data associated with a response.
"""
api = f"template/policy/vsmart/{policyId}"
url = self.base_url + api
response = HttpMethods(self.session, url).request('DELETE')
result = ParseMethods.parse_status(response)
return result
def get_central_policy_list(self):
"""Get all Central Policies from vManage.
Returns:
response (dict): A list of all policy lists currently
in vManage.
"""
api = "template/policy/vsmart"
url = self.base_url + api
response = HttpMethods(self.session, url).request('GET')
result = ParseMethods.parse_data(response)
central_policy_list = result
# We need to convert the policy definitions from JSON
for policy in central_policy_list:
try:
json_policy = json.loads(policy['policyDefinition'])
policy['policyDefinition'] = json_policy
except Exception: # TODO: figuring out better exception type to catch
pass
self.policy_definitions.convert_definition_id_to_name(
policy['policyDefinition'])
return central_policy_list
def get_central_policy_dict(self, key_name='policyName', remove_key=False):
central_policy_list = self.get_central_policy_list()
return list_to_dict(central_policy_list,
key_name,
remove_key=remove_key)
#pylint: disable=unused-argument
def import_central_policy_list(self,
central_policy_list,
update=False,
push=False,
check_mode=False,
force=False):
central_policy_dict = self.get_central_policy_dict(remove_key=True)
central_policy_updates = []
for central_policy in central_policy_list:
payload = {'policyName': central_policy['policyName']}
payload['policyDescription'] = central_policy['policyDescription']
payload['policyType'] = central_policy['policyType']
payload['policyDefinition'] = central_policy['policyDefinition']
if payload['policyName'] in central_policy_dict:
# A policy by that name already exists
existing_policy = central_policy_dict[payload['policyName']]
diff = list(
dictdiffer.diff(existing_policy['policyDefinition'],
payload['policyDefinition']))
if diff:
central_policy_updates.append({
'name':
central_policy['policyName'],
'diff':
diff
})
if len(diff):
# Convert list and definition names to template IDs
if 'policyDefinition' in payload:
self.policy_definitions.convert_definition_name_to_id(
payload['policyDefinition'])
if not check_mode and update:
self.update_central_policy(payload,
existing_policy['policyId'])
else:
diff = list(dictdiffer.diff({}, payload['policyDefinition']))
central_policy_updates.append({
'name':
central_policy['policyName'],
'diff':
diff
})
if not check_mode:
# Convert list and definition names to template IDs
if 'policyDefinition' in payload:
self.policy_definitions.convert_definition_name_to_id(
payload['policyDefinition'])
self.add_central_policy(payload)
return central_policy_updates
# Might want to move this later
def waitfor_action_completion(self, action_id):
status = 'in_progress'
response = {}
while status == "in_progress":
url = f"{self.base_url}device/action/status/{action_id}"
response = HttpMethods(self.session, url).request('GET')
ParseMethods.parse_data(response)
if 'json' in response:
status = response['json']['summary']['status']
if 'data' in response['json'] and response['json']['data']:
action_status = response['json']['data'][0]['statusId']
action_activity = response['json']['data'][0]['activity']
if 'actionConfig' in response['json']['data'][0]:
action_config = response['json']['data'][0][
'actionConfig']
else:
action_config = None
else:
raise Exception(msg="Unable to get action status: No response")
time.sleep(10)
# if self.result['action_status'] == 'failure':
# self.fail_json(msg="Action failed")
return {
'action_response': response['json'],
'action_id': action_id,
'action_status': action_status,
'action_activity': action_activity,
'action_config': action_config
}