Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- coding: utf-8 -*-
- import requests
- from requests.packages.urllib3.exceptions import InsecureRequestWarning
- requests.packages.urllib3.disable_warnings()
- import xml.etree.ElementTree as ET
- #GLOBAL VARIABLES
- _csm_server = 'https://w2dapw0002501.corp.heb.com/nbi/'
- _user = 'csmapi4'
- _pass = 'admin'
- _reqId = '001'
- #fwdata = "null"
- _csm_session_number = '' #This will hold the CSM Session GID for write methods
- #START OF METHODS (XML)#
- login_body = '''<?xml version="1.0" encoding="UTF-8"?>
- <csm:loginRequest xmlns:csm="csm"><protVersion>1.0</protVersion>
- <reqId>'''+_reqId+'''</reqId><username>'''+_user+'''</username><password>'''+_pass+'''</password>
- <heartbeatRequested>true</heartbeatRequested><callbackUrl>'''+_csm_server+'''login</callbackUrl>
- </csm:loginRequest>'''
- logout_body = '''<?xml version="1.0" encoding="UTF-8"?><csm:logoutRequest xmlns:csm="csm">
- <protVersion>1.0</protVersion><reqId>'''+_reqId+'''</reqId></csm:logoutRequest>'''
- firewall_device_list_body = '''<?xml version="1.0" encoding="UTF-8"?><csm:deviceListByCapabilityRequest xmlns:csm="csm">
- <protVersion>1.0</protVersion><reqId>'''+_reqId+'''</reqId><deviceCapability>firewall</deviceCapability>
- </csm:deviceListByCapabilityRequest>'''
- firewall_group_list_body = '''<?xml version="1.0" encoding="UTF-8"?><csm:groupListRequest xmlns:csm="csm">
- <protVersion>1.0</protVersion><reqId>'''+_reqId+'''</reqId><includeEmptyGroups>false</includeEmptyGroups>
- </csm:groupListRequest>'''
- firewall_config_devicename_body = '''<?xml version="1.0" encoding="UTF-8"?><csm:deviceConfigByNameRequest xmlns:csm="csm">
- <protVersion>1.0</protVersion><reqId>'''+_reqId+'''</reqId><name>W2-DEV-0001-FW1.heb.com</name>
- </csm:deviceConfigByNameRequest>'''
- create_csm_session_body = '''<?xml version="1.0" encoding="UTF-8"?><csm:newCSMSessionRequest xmlns:csm="csm">
- <csmSessionDescription></csmSessionDescription></csm:newCSMSessionRequest>'''
- add_network_object_body = '''<enforceDuplicateDetection>false</enforceDuplicateDetection>
- <networkPolicyObject>
- <name>Store_Vlan110</name>
- <parentGID>00000000-0000-0000-0000-060129549592</parentGID>
- <type>NetworkPolicyObject</type>
- <comment></comment>
- <nodeGID>00000000-0000-0000-0000-060129542292</nodeGID>
- <isProperty>false</isProperty>
- <subType>NN</subType>
- <isGroup>false</isGroup>
- <ipData>110.106.197.0/24</ipData>
- </networkPolicyObject>
- </csm:addPolicyObjectRequest>'''
- get_policy_object_body = '''<?xml version="1.0" encoding="UTF-8"?>
- <p:getPolicyObjectRequest xmlns:p="csm">
- <networkPolicyObject>
- <name>Store_Vlan110</name>
- </networkPolicyObject>
- </p:getPolicyObjectRequest>'''
- get_policy_object_gid_body = '''<?xml version="1.0" encoding="UTF-8"?>
- <p:getPolicyObjectByGID xmlns:p="csm">
- <gid>00000000-0000-0000-0000-060129549592</gid>
- </p:getPolicyObjectByGID>'''
- #END OF METHODS (XML)#
- #LOGIN - START SESSION
- with requests.Session() as s:
- s.headers.update({'Content-Type':'application/xml'})
- s.verify = False
- login_response = s.post(_csm_server+'login', data=login_body)
- #update headers to contain session cookie 'asCookie'
- s.headers.update(login_response.headers)
- print(login_response.text)
- #QUERY - Pull firewall device list by TYPE 'firewall', parse XML for each firewall (gather info.)
- def firewall_device_list_xml():
- firewall_device_list_response = s.post(_csm_server+'configservice/getDeviceListByType', data=firewall_device_list_body)
- firewall_device_list_response_text = firewall_device_list_response.text
- tree = ET.fromstring(firewall_device_list_response_text)
- for firewall_elemments in tree.findall('.//'):
- for elements in firewall_elemments:
- #print "\t", elements.tag,":", elements.text
- tag = elements.tag
- text = elements.text
- #f = open("firewallinfo.txt", "a")
- if tag == "deviceName" and "W2-DEV" in text:
- global fwdata
- fwdata = text
- #print text
- print fwdata
- #f.write(text + "\t")
- if tag == "gid" and "W2-DEV" in fwdata:
- fwdata = fwdata + " : " + text
- print fwdata
- #print text
- #f.write(text + "\n")
- #f.close()
- #QUERY - Pull firewall config by device NOTE: *FOR NOW* Requires update to xml body method 'firewall_config_devicename_body' above
- def firewall_config_devicename():
- firewall_config_devicename_response = s.post(_csm_server+'configservice/getDeviceConfigByName', data=firewall_config_devicename_body)
- firewall_config = firewall_config_devicename_response.text
- print (firewall_config)
- #QUERY - Pull firewall device list by GROUP
- def firewall_group_list():
- firewall_group_list_response = s.post(_csm_server+'configservice/getGroupList', data=firewall_group_list_body)
- print (firewall_group_list_response.text)
- #QUERY - Setup CSM Session (for write methods) and add network object(s) to CSM
- def csm_session_add_network_object():
- create_csm_session_response = s.post(_csm_server+'configservice/createCSMSession', data=create_csm_session_body)
- create_csm_session_response_text = create_csm_session_response.text
- tree = ET.fromstring(create_csm_session_response_text)
- for csm_session in tree.findall('.//csmSessionGID'):
- _csm_session_number = csm_session.text
- csm_session_local_function = '''<csm:addPolicyObjectRequest xmlns:csm="csm"><csmSessionGID>'''+_csm_session_number+'''</csmSessionGID>'''
- add_network_object_response = s.post(_csm_server+'configservice/addPolicyObject', data=csm_session_local_function+add_network_object_body)
- print (add_network_object_response.text)
- #QUERY - Pull Policy Object Details
- def get_policy_object():
- get_policy_object_response = s.post(_csm_server+'configservice/getPolicyObject', data=get_policy_object_body)
- print (get_policy_object_response.text)
- #QUERY - Pull Policy Object by GID
- def get_policy_object_gid():
- get_policy_object_gid_response = s.post(_csm_server+'configservice/getPolicyObjectByGID', data=get_policy_object_gid_body)
- print (get_policy_object_gid_response.text)
- #LOGOUT - END SESSION
- def logout():
- logout_response = s.post(_csm_server+'logout', data=logout_body)
- print(logout_response.text)
- #UNCOMMENT TO TEST A METHOD
- firewall_device_list_xml()
- #firewall_config_devicename()
- #firewall_group_list()
- #get_policy_object()
- #get_policy_object_gid()
- #csm_session_add_network_object()
- logout()
- #Create function for object override that iterates all firewalls and creates a custom object for each firewall.
- #Need to pull the gid and devicename
- #IP Address will be based on device name
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement