├── .gitignore
├── README.md
├── __init__.py
├── auditcreeper.py
├── auditdiff.py
├── confirm.py
├── exec_cmd.py
├── get_property.py
├── gifs
    ├── superloop_audit_diff_demo.gif
    ├── superloop_auditcreeper.gif
    ├── superloop_auditcreeper_demo.gif
    ├── superloop_gitops_operational_framework.png
    ├── superloop_host_exec_after_push_cfgs_demo.gif
    ├── superloop_host_exec_demo.gif
    ├── superloop_push_cfgs_demo.gif
    ├── superloop_push_local_demo.gif
    └── superloop_push_onscreen_demo.gif
├── initialize.py
├── lib
    ├── __init__.py
    ├── mediators
    │   ├── __init__.py
    │   ├── generic.py
    │   └── juniper.py
    └── objects
    │   ├── __init__.py
    │   └── basenode.py
├── mediator.py
├── modifydb.py
├── multithread.py
├── node_create.py
├── node_list.py
├── parse_cmd.py
├── processdb.py
├── pull_cfgs.py
├── push_acl.py
├── push_cfgs.py
├── push_local.py
├── push_regex.py
├── push_render.py
├── render.py
├── requirements.apt
├── requirements.txt
├── search.py
├── snmp.py
├── snmp_helper.py
├── ssh_connect.py
└── superloop.py


/.gitignore:
--------------------------------------------------------------------------------
1 | *.yaml
2 | *.jinja2
3 | *.pyc
4 | *.conf
5 | *.bak
6 | *.txt
7 | __pycache__
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # superloop
  2 | Inspired by the world's leading social media tech company (Facebook) for network automation, I have created my own version of the framework.
  3 | 
  4 | ## Prerequisites
  5 |   1. Python 3.6 or higher.
  6 |   2. netmiko - A HUGE thanks and shout out to Kirk Byers for developing the library!
  7 |   3. snmp_helper.py - module written by Kirk Byers (https://github.com/ktbyers/pynet/blob/master/snmp/snmp_helper.py).
  8 |   4. ciscoconfparse - A library to help parse out Cisco (or similiar) CLI configs (https://pypi.org/project/ciscoconfparse/).
  9 |   5. yaml - YAML is a human-readable data-serialization language (https://en.wikipedia.org/wiki/YAML).
 10 |   6. libyaml-cpp-dev - C parser for yaml (xargs apt-get install < requirements.apt)
 11 |   7. jinja2 - template engine for Python (https://jinja.palletsprojects.com/en/2.11.x/)
 12 |   8. hvac - Python client for hashicorp vault (https://pypi.org/project/hvac/).
 13 | 
 14 | ## Support
 15 | 
 16 | |__Platform__|__audit diff__|__push cfgs__|__host exec__|__ssh__ |__node list__|__host add__|__host remove__|__host discover__|__push acl__|__pull cfgs__|
 17 | |------------|:------------:|:-----------:|:-----------:|:------:|:-----------:|:----------:|:-------------:|:---------------:|:----------:|:------------|
 18 | | Cisco IOS  |       x      |      x      |       x     |    x   |      x      |      x     |       x       |        x        |      -     |      x      |
 19 | | Cisco NXOS |       x      |      x      |       x     |    x   |      x      |      x     |       x       |        x        |      -     |      x      |
 20 | | Cisco ASA  |       x      |      x      |       x     |    x   |      x      |      x     |       x       |        x        |            |      x      |
 21 | | Juniper OS |       x      |      x      |       x     |    x   |      x      |      x     |       x       |        x        |            |      x      |
 22 | |F5 BigIP LTM|       x      |      x      |       x     |    x   |      x      |      x     |       x       |        x        |      -     |      x      |
 23 | |  Netscaler |       x      |      x      |       x     |    x   |      x      |      x     |       x       |        x        |      -     |      x      |
 24 | 
 25 | ## Overview
 26 | 
 27 | ![superloop gitops_operational_framework](https://github.com/superloopnetwork/superloop/blob/master/gifs/superloop_gitops_operational_framework.png)
 28 | 
 29 | 
 30 | ## Install
 31 | 
 32 | There are a few methods to install superloop but the easiest is the following:
 33 | 
 34 | An appropriate install location would be in ```/usr/local/```
 35 | 
 36 | ```
 37 |    $ cd /usr/local/
 38 |    $ git clone https://github.com/superloopnetwork/superloop
 39 |    $ cd superloop/
 40 |    $ pip3 install -r requirements.txt
 41 |    $ xargs apt-get install < requirements.apt
 42 | ```
 43 | 
 44 | This will install superloop along with all required dependencies to the directory. 
 45 | 
 46 | IMPORTANT: To simplify the execution of superloop application, please do the following after installation.
 47 | 
 48 | Create a symbolic link of 'superloop.py' and place it in '/usr/local/bin/'. Set the permission to 755. (replace python3.x with your correct python version)
 49 | ```
 50 | $ ln -s /usr/local/superloop/superloop.py /usr/local/bin/superloop
 51 | $ chmod 755 /usr/local/bin/superloop
 52 | ```
 53 | Now uncomment the following code within ```/usr/local/bin/superloop``` near the top:
 54 | ```
 55 | #import sys
 56 | #sys.path.append('/usr/local/superloop')
 57 | ```
 58 | So it looks like this . . . . 
 59 | ```
 60 | #!/usr/bin/python3
 61 | import sys
 62 | sys.path.append('/usr/local/superloop')
 63 | from auditdiff import auditdiff
 64 | from push_cfgs import push_cfgs
 65 | ...
 66 | ..
 67 | .
 68 | <output truncated>
 69 | ```
 70 | This will set the system path of superloop to '/usr/local/superloop'. If you have superloop installed in another directory, change the path accordingly (replace python3.x with appropriate version).
 71 | 
 72 | In Netmiko version 3.x by default is going to expect the configuration command to be echoed to the screen. This ensures Netmiko doesn't get out of sync with the underlying device (ex. keep sending configuration commands even though the remote device might be too slow and buffering them).
 73 | 
 74 | We will need to turn off command verification in netmiko base_connection.py file:
 75 | ```
 76 | vi /usr/local/lib/python3.7/dist-packages/netmiko/base_connection.py
 77 | ```
 78 | Search for the function 'send_config_set' and change 'cmd_verify=True' to 'cmd_verify=False' like this:
 79 | ```
 80 |     def send_config_set(
 81 |         self,
 82 |         config_commands=None,
 83 |         exit_config_mode=True,
 84 |         delay_factor=1,
 85 |         max_loops=150,
 86 |         strip_prompt=False,
 87 |         strip_command=False,
 88 |         config_mode_command=None,
 89 |         cmd_verify=False,
 90 |         enter_config_mode=True,
 91 |     ):
 92 | ```
 93 | We also need to disable `enqueue` in ciscoconfparse package (dependancy of loguru package) as this stalls/hangs/locks threading in superloop.
 94 | ```
 95 | vi /usr/local/lib/python3.7/dist-packages/ciscoconfparse/ccp_util.py
 96 | ```
 97 | Search for `enqueue=True,` and change it to `enqueue=False,'
 98 | 
 99 | Before we begin, I've constructed this application for easy database management by utilizing the power of YAML files. There are a combination of two YAML files that require management (default path is ~/database/):
100 | 
101 |   1. nodes.yaml
102 |   2. templates.yaml
103 | 
104 | The nodes.yaml holds all inventory of devices in the network. The templates.yaml file are mappings of templates so superloop knows which template is provisioned. The state of each template is appended at the end of the mapping to either 'disabled' or 'enabled' pushing of template. This acts as a safety feature. Zero to low confidence templates should never be pushed in a production environment as it may cause impact. However, all templates can be audited or rendered as there is no impact involved; this does not require the state of the template(s) to be flipped to 'enabled'
105 | ```
106 | root@devvm:~# cat superloop_code/database/templates.yaml
107 | ---
108 | - hardware_vendor: cisco 
109 |   type: firewall
110 |   opersys: asa 
111 |   templates:
112 |   - ~/superloop_code/templates/hardware_vendors/cisco/asa/firewall/base.jinja2: disabled
113 |   - ~/superloop_code/templates/hardware_vendors/cisco/asa/firewall/object-groups.jinja2: disabled
114 |   - ~/superloop_code/templates/hardware_vendors/cisco/asa/firewall/logging.jinja2: enabled
115 | - hardware_vendor: cisco
116 |   type: router 
117 |   opersys: ios
118 |   templates:
119 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/router/base.jinja2: enabled
120 | - hardware_vendor: cisco
121 |   type: switch 
122 |   opersys: ios 
123 |   templates:
124 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/switch/base.jinja2: disabled
125 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/switch/logging.jinja2: enabled
126 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/switch/service.jinja2: disabled
127 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/switch/dhcp.jinja2: enabled
128 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/switch/snmp.jinja2: enabled
129 |   - ~/superloop_code/templates/hardware_vendors/cisco/ios/switch/interfaces.jinja2: disabled
130 | - hardware_vendor: juniper
131 |   type: vfirewall
132 |   opersys: junos
133 |   templates:
134 |   - ~/superloop_code/templates/hardware_vendors/juniper/junos/vfirewall/routing-instances.jinja2: disabled
135 |   - ~/superloop_code/templates/hardware_vendors/juniper/junos/vfirewall/routing-options.jinja2: disabled
136 |   - ~/superloop_code/templates/hardware_vendors/juniper/junos/vfirewall/system.jinja2: enabled
137 |   - ~/superloop_code/templates/hardware_vendors/juniper/junos/vfirewall/interfaces.jinja2: disabled
138 |   - ~/superloop_code/templates/hardware_vendors/juniper/junos/vfirewall/protocols.jinja2: disabled
139 | - hardware_vendor: synology 
140 |   type: nas
141 |   opersys: busybox
142 |   templates:
143 |   - ~/superloop_code/templates/hardware_vendors/synology/busybox/base.jinja2: enabled
144 |   ```
145 | 
146 | ## Credentials
147 | 
148 | Credentials used to connect to nodes are via the OS environment varilable, $USER. It will prompt you for your password
149 | ```
150 | export USERNAME=username
151 | ```
152 | 
153 | ## Hierarchy
154 | 
155 | You'll noticed the superloo_code/ and superloop/ source code are completely segregated by different repositories. superloop_code/ repo can be found here and should be cloned to the home directory of the user as that is where superloop references to. Hourly backups should be stored in the superloop_code/backup-configs directory via CI/CD. superloop_code/database are where the inventory of the devices, templates (reference) files are stored. superloop_code/templates are where all the templates are stored. The hierarchy is structured based on vendor, OS and device type when it comes to templates. That's because different vendors and OS have different syntaxes. ex. Cisco IOS have different syntaxes than Cisco NXOS.
156 | ```
157 | root@devvm:~# tree superloop_code/
158 | superloop_code/
159 | ├── database
160 | │   ├── nodes.yaml
161 | │   ├── policies.yaml
162 | │   ├── templates.yaml
163 | │   └── templates.yaml.bak
164 | ├── policy
165 | │   ├── APPLICATIONS.net
166 | │   ├── cisco
167 | │   │   └── ios
168 | │   │       └── firewall
169 | │   │           └── base_policy.json
170 | │   ├── juniper
171 | │   │   └── junos
172 | │   │       └── vfirewall
173 | │   │           └── policy.json
174 | │   ├── NETWORKS.net
175 | │   ├── SERVICES.net
176 | │   ├── SOURCE_DEVICE.net
177 | │   ├── SOURCE_USER.net
178 | │   ├── :w
179 | │   └── ZONES.net
180 | └── templates
181 |     ├── hardware_vendors
182 |     │   ├── cisco
183 |     │   │   ├── asa
184 |     │   │   │   └── firewall
185 |     │   │   │       ├── base.jinja2
186 |     │   │   │       ├── logging.jinja2
187 |     │   │   │       ├── object-groups.jinja2
188 |     │   │   │       └── snmp.jinja2
189 |     │   │   ├── ios
190 |     │   │   │   ├── router
191 |     │   │   │   │   └── base.jinja2
192 |     │   │   │   └── switch
193 |     │   │   │       ├── aaa.jinja2
194 |     │   │   │       ├── base.jinja2
195 |     │   │   │       ├── base.jinja2.bak
196 |     │   │   │       ├── crypto.jinja2
197 |     │   │   │       ├── cs_vserver.jinja2
198 |     │   │   │       ├── dhcp.jinja2
199 |     │   │   │       ├── interfaces.jinja2
200 |     │   │   │       ├── logging.jinja2
201 |     │   │   │       ├── service.jinja2
202 |     │   │   │       └── snmp.jinja2
203 |     │   │   └── nxos
204 |     │   ├── f5
205 |     │   │   └── bigip
206 |     │   └── juniper
207 |     │       └── junos
208 |     │           └── vfirewall
209 |     │               ├── interfaces.jinja2
210 |     │               ├── protocols.jinja2
211 |     │               ├── routing-instances.jinja2
212 |     │               ├── routing-options.jinja2
213 |     │               └── system.jinja2
214 |     └── standards
215 |         └── common.jinja2
216 | 
217 | ```
218 | Let's look at a simple Cisco platform_name jinja2 template as an example.
219 | 
220 | ```
221 | {# audit_filter = ['snmp-server (?!user).*'] #}
222 | {%- import 'global.jinja2' as global -%}
223 | {%- import 'datacenter.jinja2' as dc -%}
224 | {%- import 'environment.jinja2' as env -%}
225 | {# %- import node.name ~ '.jinja2' as device -% #}
226 | snmp-server community {{ secrets['community_1'] }} group network-operator
227 | snmp-server community {{ secrets['community_2'] }} group network-operator
228 | snmp-server community {{ secrets['community_3'] }} group network-operator
229 | snmp-server location {{ dc.snmp.location }}
230 | ```
231 | Notice there is a section called 'audit_filter' at the top of file. This audit filter should be included in all templates of Cisco and Citrix Netscaler. It accepts a regular expression. This tells superloop which lines to look for and compare against when rendering the configs. In other words, superloop will look for only lines that begin with 'snmp-server' and anything else trailing but exclude 'user' as the second piece of string. If you have additional lines that you want superloop to look at, simply append strings seperated by a comma like so...
232 | ```
233 | ['snmp-server (?!user).*','hello','world']
234 | ```
235 | There are a few import statements that you may need to include depending on the variables you need to use. The files are organized based on the logic and reference to their geographic location.
236 | 
237 | global.jinja2 maps to ~/superloop_code/templates/standards/global.jinja2 # all global variables will stored in this file.
238 | 
239 | datacenter.jinja2 maps to ~/superloop_code/templates/datacenter/<site_name>/datacenter.jinja2 # all variables pertaining to datacenter/region specific will be stored in this file.
240 | 
241 | environment.jinja2 maps to ~/superloop_code/templates/datacenter/<site_name>/prod/environment.jinja2 # all variables pertaining to the different region and environment will be stored in this file.
242 | 
243 | NEVER include any secrets (static) within any templates as they will be exposed in clear text and visible in version control. Instead we want to mask our secrets by storing them in hashicorp and calling them in this fashion:
244 | ```
245 | {{ secrets['community_1'] }}
246 | ```
247 | Mappings can be found here: Networking > prod > secrets in vault. Every time when a template is being rendered for output, superloop will authenticate with vault. If successful, it then queries the requested secret. The secret is returned to superloop and is then pushed to jinja for output. With this method, no secrets are exposed in any files.
248 | 
249 | You may also have a template that consist of one or several levels deep like so...
250 | ```
251 | {# audit_filter = ['ip dhcp .*'] #}
252 | ip dhcp excluded-address 10.50.80.1
253 | ip dhcp ping packets 5
254 | !
255 | ip dhcp pool DATA
256 | network 10.10.20.0 255.255.255.0
257 | default-router 10.10.20.1
258 | dns-server 8.8.8.8
259 | ```
260 | Look at 'ip dhcp pool DATA'. The next line of config has an indentation. The parent is considered 'ip dhcp pool DATA' and the child are anything below that section. superloop is intelligent enough to parse the remaining 3 lines of configs without having to include it into the audit_filter.
261 | 
262 | Now that I have explained the basic operations, onto the fun stuff!
263 | 
264 | ## superloop host add
265 | When you add a device, every attribute of the node will be discovered automatically so there is no need to populate it manually.
266 | ```
267 | root@devvm:~# superloop host add 10.202.1.7
268 | + SNMP discovery successful.
269 | + New node appended to database.
270 | ```
271 | 
272 | ## superloop host remove
273 | To remove a node, simply execute a 'superloop host remove <IPv4/hostname>':
274 | ```
275 | wailit.loi@pc-netauto-001:~$ superloop host remove 10.202.1.7
276 | - Node successfully removed from database.
277 | ```
278 | 
279 | ## superloop node list
280 | To verify the device attributes:
281 | 
282 | ```
283 | root@devvm:~# superloop node list pt-switch-001
284 | [
285 |     {
286 |         "created_at": "2022-09-12 14:02:10"
287 |         "created_by": "wailit.loi"
288 |         "data": {
289 |             "managed_configs": {
290 |                    "logging.jinja2"
291 |                    "ntp.jinja2"
292 |                    "snmp.jinja2"
293 |              }
294 |          }
295 |         "domain_name": "null"
296 |         "environment": "prod"
297 |         "hardware_vendor": "cisco"
298 |         "lifecycle_status": "null"
299 |         "location_name": "toronto"
300 |         "mgmt_con_ip4": "null"
301 |         "mgmt_ip4": "10.202.1.7"
302 |         "mgmt_oob_ip4": "null"
303 |         "mgmt_snmp_community4": "null"
304 |         "name": "core1.leaf.yyz.demo.domain.name"
305 |         "opersys": "ios"
306 |         "platform_name": "WS-C3750X-48"
307 |         "role_name": "datacenter-switch"
308 |         "serial_num": "FDO1629R0JL"
309 |         "software_image": "null"
310 |         "software_version": "null"
311 |         "status": "online"
312 |         "type": "switch"
313 |         "updated_at": "null"
314 |         "updated_by": "null"
315 |     }
316 | ]
317 | ```
318 | 
319 | ## superloop host update
320 | 
321 | Notice the 'name' or hostname of the device has the domain appended because the 'ip domain-name domain.name' is configured. If the domain name is not required, superloop has the ability to modify the database attribute from cli:
322 | ```
323 | root@devvm:~#  superloop host update core1.leaf.yyz.domain.name --help
324 | usage: superloop host update [-h] [-a ATTRIBUTE] [-am AMEND] node
325 | positional arguments:
326 |   node
327 | optional arguments:
328 |   -h, --help            show this help message and exit
329 |   -a ATTRIBUTE, --attribute ATTRIBUTE
330 |                         Specify the attribute that requires updating
331 |   -am AMEND, --amend AMEND
332 |                         The value that is being amended
333 |  
334 | root@devvm:~# superloop host update core1.leaf.demo.domain.name -a name -am core1.leaf.yyz.demo
335 | Please confirm you would like to change the value from core1.leaf.yyz.demo.domain.name : name : core1.leaf.yyz.demo.domain.name to core1.leaf.yyz.demo.domain.name : name : core1.leaf.yyz.demo. [y/N]: y
336 | + Amendment to database was successful.
337 | ```
338 | We can take a look at the 'node list' feature to verify the 'name' attribute has changed:
339 | ```
340 | root@devvm:~# superloop node list core1.leaf.yyz.demo
341 | [
342 |     {
343 |         "created_at": "2022-09-12 14:02:10"
344 |         "created_by": "wailit.loi"
345 |         "data": {
346 |             "managed_configs": {
347 |                    "logging.jinja2"
348 |                    "ntp.jinja2"
349 |                    "snmp.jinja2"
350 |              }
351 |          }
352 |         "domain_name": "null"
353 |         "environment": "prod"
354 |         "hardware_vendor": "cisco"
355 |         "lifecycle_status": "null"
356 |         "location_name": "telecity"
357 |         "mgmt_con_ip4": "null"
358 |         "mgmt_ip4": "10.202.1.7"
359 |         "mgmt_oob_ip4": "null"
360 |         "mgmt_snmp_community4": "null"
361 |         "name": "core1.leaf.yyz.demo"
362 |         "opersys": "ios"
363 |         "platform_name": "WS-C3750X-48"
364 |         "role_name": "datacenter-switch"
365 |         "serial_num": "FDO1629R0JL"
366 |         "software_image": "null"
367 |         "software_version": "null"
368 |         "status": "online"
369 |         "type": "switch"
370 |         "updated_at": "2022-09-12 14:13:36"
371 |         "updated_by": "wailit.loi"
372 |     }
373 | ]
374 | ```
375 | When it comes to templating, we are able to call these attributes directly and make logical decisions based on the value. We'll discuss more later on in this article...
376 | 
377 | ## superloop push render
378 | The 'push render' function, simply renders a template created in jinja2. Ensure the template is provisioned in the ~/superloop_code/database/templates.yaml file so superloop understands which template(s) is/are loaded. If we want to render a template, we simply execute 'superloop push render --node <regex> --file <name_of_template>'. --node accepts a regular expression to match (multiple) node(s) and it can be as granular as you wish. Ex. matching an entire datacenter and/or device type. If there is no '–file' flag supplied, ALL templates for the device specific type will be rendered.
379 | ```
380 | root@devvm:~# superloop push render --node core.*sw.*.yyz.*demo --file logging
381 | core1.sw.yyz.demo
382 | /root/superloop_code/templates/hardware_vendors/cisco/nxos/switch/logging.jinja2
383 | logging message interface type ethernet description
384 | logging logfile messages 6 size 32768
385 | logging server 10.100.10.53
386 | logging server 10.100.2.40
387 | logging timestamp milliseconds
388 | logging monitor 3
389 | no logging rate-limit
390 |  
391 | core2.sw.yyz.demo
392 | /root/superloop_code/templates/hardware_vendors/cisco/nxos/switch/logging.jinja2
393 | logging message interface type ethernet description
394 | logging logfile messages 6 size 32768
395 | logging server 10.100.10.53
396 | logging server 10.100.2.40
397 | logging timestamp milliseconds
398 | logging monitor 3
399 | no logging rate-limit
400 | ```
401 | 
402 | ## superloop audit diff
403 | This function was designed to compare against the jinja2 templates with your running-configurations/candidate-configurations to see if they are according to standards. You could imagine if you had hundreds, if not thousands of devices to maintain, standardization would be a nightmare without some form of auditing/automation tool. To paint you an example, say one day, an employee decides to make an unauthorized manual configuration change on a switch. No one knows about it or what they did. 'superloop' is able to dive into all devices and see if there were any discrepancies against the template as that is considered the trusted source. 'superloop' is then able to determine what was exactly modified or changed. Whatever was configured would essentially be negated automatically. This works the other way around as well. If configuration(s) on a device(s) does not have the standard rendered configs from the template (configs removed), superloop will determine they are missing and you may proceed to remediate by pushing the rendered configs. 'audit diff' will audit against ONE or ALL templates belonging to the matched device(s) from the query. If you want to audit against ONE template, simply include the option '--file <template_name>' (exclude extension .jinja2). If you want to audit against ALL templates belonging to the matched device(s) query, do not include the '--file' option.
404 | 
405 | ```
406 | root@devvm:~# superloop audit diff -n pc.*test -f snmp                                   
407 | Password:
408 | [>] complete [0:00:10.911552]
409 |  
410 | Only in the device: -
411 | Only in the generated config: +
412 | pc-n9ktest-001
413 | /root/superloop_code/templates/hardware_vendors/cisco/nxos/switch/snmp.jinja2
414 | - snmp-server community helloworld group network-operator
415 | + snmp-server location coresite
416 | ```
417 | 
418 | ## superloop push cfgs
419 | The 'push cfgs' function simply pushes the template(s) to the specified node(s). For Cisco, Citrix, F5 and Palo Alto devices, a debug output will be shown with a list of commands (if any) of what will be sent first before user commits to push. From the below example, you can see which templates are enabled for pushing, represented by [>] vs. which templates are disabled, represented by [x]. The state of the template can be controlled in the ~/superloop_code/database/templates.yaml file. As a safety, we disable any templates that we are not confident in pushing. If enabled, superloop will auto remediate those template(s). Please use with caution as it can cause severe impact. Two phases happens when pushing templates of Cisco, Citrix, F5 and Palo Alto devices. First, superloop performs an audit diff. It will check to see what configs are missing or removed. Second, it will encapsulate the necessary configs and prepare it for pushing. If the device has no diffs, then no configs will be pushed to the device. The output of session when pushing will be displayed so users can see what happens behind the scenes.
420 | 
421 | ```
422 | root@devvm:~# superloop push cfgs --node p.*nxs
423 | [x] core1.sw.yyz.demo ; base.jinja2
424 | [x] core1.sw.yyz.demo ; base.jinja2
425 | [x] core2.sw.yyz.demo ; base.jinja2
426 | [x] core2.sw.yyz.demo ; base.jinja2
427 | [x] core1.leaf.yyz.demo ; base.jinja2
428 | [x] core2.leaf.yyz.demo ; base.jinja2
429 | [x] core3.leaf.yyz.demo ; base.jinja2
430 | [>] core1.sw.yyz.demo ; logging.jinja2
431 | [>] core1.sw.yyz.demo ; ntp.jinja2
432 | [>] core1.sw.yyz.demo ; snmp.jinja2
433 | [>] core1.sw.yyz.demo ; logging.jinja2
434 | [>] core1.sw.yyz.demo ; ntp.jinja2
435 | [>] core1.sw.yyz.demo ; snmp.jinja2
436 | [>] core2.sw.yyz.demo ; logging.jinja2
437 | [>] core2.sw.yyz.demo ; ntp.jinja2
438 | [>] core2.sw.yyz.demo ; snmp.jinja2
439 | [>] core2.sw.yyz.demo ; logging.jinja2
440 | [>] core2.sw.yyz.demo ; ntp.jinja2
441 | [>] core2.sw.yyz.demo ; snmp.jinja2
442 | [>] core1.leaf.yyz.demo ; logging.jinja2
443 | [>] core1.leaf.yyz.demo ; ntp.jinja2
444 | [>] core1.leaf.yyz.demo ; snmp.jinja2
445 | [>] core2.leaf.yyz.demo ; logging.jinja2
446 | [>] core2.leaf.yyz.demo ; ntp.jinja2
447 | [>] core2.leaf.yyz.demo ; snmp.jinja2
448 | [>] core3.leaf.yyz.demo ; logging.jinja2
449 | [>] core3.leaf.yyz.demo ; ntp.jinja2
450 | [>] core3.leaf.yyz.demo ; snmp.jinja2
451 | + complete [0:00:11.403772]
452 |  
453 | [DEBUG]
454 | {
455 |     "core2.leaf.yyz.demo": [
456 |         [
457 |             "ntp logging"
458 |         ]
459 |     ],
460 |     "core3.leaf.yyz.demo": [
461 |         [
462 |             "ntp logging"
463 |         ]
464 |     ]
465 | }
466 | config term
467 | Enter configuration commands, one per line. End with CNTL/Z.
468 |  
469 | core2.leaf.yyz.demo(config)# ntp logging
470 |  
471 | core2.leaf.yyz.demo(config)# end
472 |  
473 | core2.leaf.yyz.demo#
474 | config term
475 | Enter configuration commands, one per line. End with CNTL/Z.
476 |  
477 | core3.leaf.yyz.demo(config)# ntp logging
478 |  
479 | core3.leaf.yyz.demo(config)# end
480 |  
481 | core3.leaf.yyz.demo#
482 | + complete [0:00:14.664805]
483 | ```
484 | 
485 | ## superloop push local
486 | 
487 | The 'push local' command allows you to push configs that are stored in a text file (home directory). This feature is useful when performing migrations. For example, if we wanted to drain/undrain traffic from one node, we could pre-configure the set of commands in the text file. At the time of migration, we can push the configs to the selected nodes. This method would eliminate any human error in the process.
488 | 
489 | ## superloop ssh
490 | SSH feature allows us to quickly search up node(s) via regular expression and establish a SSH session with the device. This is useful when you have thousands of nodes in the network and memorizing IP addresses is simply not an option.
491 | ```
492 | root@devvm:~# superloop ssh p.*lb.*act
493 | id                        name                           address                   platform
494 | 1                         core1.lb.yyz.demo.active       10.10.10.1               citrix                  
495 | 2                         core1.lb.sfo.demo.active       10.10.10.2               citrix                  
496 | 3                         core1.lb.sin.demo.active       10.10.10.3               citrix
497 | ```
498 | ## superloop host exec
499 | The 'host exec' features allow you to execute a command on the device(s) without requiring you to log in manually one by one. This feature is extremely useful at times when you want to check status across multi devices.
500 | ```
501 | root@devvm:~# superloop host exec "show ip interface brief" --node core.*sw.*yyz.*demo       
502 | Password:
503 | core1.sw.yyz.demo: IP Interface Status for VRF "default"(1)
504 | core1.sw.yyz.demo: Interface            IP Address      Interface Status
505 | core1.sw.yyz.demo: Vlan201              10.201.1.22     protocol-up/link-up/admin-up      
506 | core1.sw.yyz.demo:
507 |  
508 | core2.sw.yyz.demo: IP Interface Status for VRF "default"(1)
509 | core2.sw.yyz.demo: Interface            IP Address      Interface Status
510 | core2.sw.yyz.demo: Vlan201              10.201.1.23     protocol-up/link-up/admin-up      
511 | core2.sw.yyz.demo:
512 |  
513 | [>] Complete [0:00:08.375958]
514 | ```
515 | 


--------------------------------------------------------------------------------
/__init__.py:
--------------------------------------------------------------------------------
 1 | from . import auditcreeper
 2 | from . import auditdiff
 3 | from . import basenode
 4 | from . import confirm_push
 5 | from . import directory
 6 | from . import exec_cmd
 7 | from . import get_property
 8 | from . import initialize
 9 | from . import mediator
10 | from . import modifydb
11 | from . import multithread
12 | from . import node_create
13 | from . import node_list
14 | from . import parse_commands
15 | from . import port
16 | from . import processdb
17 | from . import pull_acl
18 | from . import pull_cfgs
19 | from . import push_cfgs
20 | from . import push_config
21 | from . import push_local
22 | from . import push_render
23 | from . import remediate
24 | from . import render
25 | from . import search
26 | from . import snmp
27 | from . import snmp_helper
28 | from . import ssh_connect
29 | from . import superloop
30 | 


--------------------------------------------------------------------------------
/auditcreeper.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module executes auditcreeper, a continous auditing and remediating cycle.
 3 | """
 4 | from processdb import process_nodes
 5 | from processdb import process_templates
 6 | from search import search_node
 7 | from search import search_template
 8 | from mediator import mediator
 9 | from node_create import node_create
10 | from multithread import multithread_engine
11 | import threading
12 | import os
13 | import initialize
14 | 
15 | def auditcreeper():
16 | 	argument_node = '.+'
17 | 	auditcreeper = True
18 | 	commands = initialize.configuration
19 | 	output = True 
20 | 	redirect = []
21 | 	template_list = []
22 | 	with_remediation = True
23 | 	"""
24 | 		:param argument_node: Argument accepted as regular expression.
25 | 		:type augument_node: str
26 | 		
27 | 		:param auditcreeper: When auditcreeper is active/non-active.
28 | 		:type auditcreeper: bool
29 | 		
30 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
31 | 		:type commands: list
32 | 		
33 | 		:param output: Flag to output to stdout.  
34 | 		:type ext: bool 
35 | 
36 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
37 | 		:type alt_key_file: list
38 | 		
39 | 		:param template_list_original: Take a duplicate copy of template_list
40 | 		:type template_list_original: list
41 | 		
42 | 		:param with_remediation: Current function to remediate or not remediate.  
43 | 		:type ext: bool 
44 | 	"""
45 | 	initialize.variables()
46 | 	redirect.append('push_cfgs') 
47 | 	os.system('clear')
48 | 	node_object = process_nodes()
49 | 	node_template = process_templates()
50 | 	match_node = search_node(argument_node,node_object)
51 | 	match_template = search_template(template_list,match_node,node_template,node_object,auditcreeper)
52 | 	"""
53 | 		:param node_object: All node(s) in the database with all attributes.
54 | 		:type node_object: list
55 | 
56 | 		:param node_template: All templates based on hardware_vendor and device type.
57 | 		:type node_template: list
58 | 
59 | 		:param match_node: Nodes that matches the arguements passed in by user.
60 | 		:type match_node: list
61 | 
62 | 		:param match_template: Return a list of 'match' and/or 'no match'.
63 | 		:type match_template: list 
64 | 	"""
65 | 	node_create(match_node,node_object)
66 | 	mediator(template_list,node_object,auditcreeper,output,with_remediation)
67 | 	for index in initialize.element:
68 | 		redirect.append('push_cfgs')
69 | 	multithread_engine(initialize.ntw_device,redirect,commands)
70 | 	threading.Timer(5.0, auditcreeper).start()
71 | 
72 | if __name__ == "__main__":
73 | 	auditcreeper()
74 | 


--------------------------------------------------------------------------------
/auditdiff.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module controls the pushing of the templates. node_object is a list of dictionary compiled by the processdb module.
  3 | 	It processes the information from the nodes.yaml file and stores it into a list of dictionary.
  4 | """
  5 | import initialize
  6 | from lib.objects.basenode import BaseNode
  7 | from processdb import process_nodes
  8 | from processdb import process_policies
  9 | from processdb import process_templates
 10 | from search import search_node
 11 | from search import search_policy
 12 | from search import search_template
 13 | from mediator import mediator 
 14 | from node_create import node_create
 15 | from confirm import confirm
 16 | 
 17 | def auditdiff(args):
 18 | 	argument_node = args.node
 19 | 	argument_file = args.file
 20 | 	argument_policy = args.policy
 21 | 	auditcreeper = False
 22 | 	commands = initialize.configuration	
 23 | 	ext = {
 24 | 		'jinja':'.jinja2',
 25 | 		'json':'.json'
 26 | 		}
 27 | 	output = True
 28 | 	push_cfgs = False
 29 | 	redirect = []
 30 | 	safe_push_list = []
 31 | 	with_remediation = False 
 32 | 	"""
 33 | 		:param argument_node: Argument accepted as regular expression.
 34 | 		:type augument_node: str
 35 | 
 36 | 		:param auditcreeper: When auditcreeper is active/non-active.
 37 | 		:type auditcreeper: bool
 38 | 
 39 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
 40 | 		:type commands: list
 41 | 
 42 | 		:param ext: File extention
 43 | 		:type ext: str
 44 | 
 45 | 		:param output: Flag to output to stdout.
 46 | 		:type ext: bool
 47 | 
 48 | 		:param push_cfgs: This flag is to determine if a push is required for Cisco like platforms. Juniper will continue to push configs no matter if there are no diffs.
 49 | 		:type ext: bool
 50 | 
 51 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
 52 | 		:type alt_key_file: list
 53 | 
 54 | 		:param safe_push_list: A list of enable/disabled strings. This corresponds to templates that are safe to push (enable) vs. templates that are not safe to push (disabled).
 55 | 		:type ext: list
 56 | 
 57 | 		:param with_remediation: Current function to remediate or not remediate.
 58 | 		:type ext: bool
 59 | 
 60 | 		:param node_object: All node(s) in the database with all attributes.
 61 | 		:type node_object: list
 62 | 
 63 | 		:param node_template: All templates based on hardware_vendor and device type.
 64 | 		:type node_template: list
 65 | 
 66 | 		:param match_node: Nodes that matches the arguements passed in by user.
 67 | 		:type match_node: list
 68 | 
 69 | 		:param match_template: Return a list of 'match' and/or 'no match'.
 70 | 		:type match_template: list 
 71 | 	"""
 72 | 	redirect.append('exec_cmd')
 73 | 	node_object = process_nodes()
 74 | 	match_node = search_node(argument_node,node_object)
 75 | 	if argument_policy is not None:
 76 | 		policy = argument_policy + ext['json']
 77 | 		policy_list = []
 78 | 		policy_list.append(policy)
 79 | 		node_policy = process_policies()
 80 | 		match_policy = search_policy(policy_list,safe_push_list,match_node,node_policy,node_object,auditcreeper,push_cfgs)
 81 | 		policy_list_original = policy_list[:]
 82 | 		policy_list_copy = policy_list
 83 | 		if len(match_policy) != 0:
 84 | 			policy_list = policy_list_copy
 85 | 		if len(match_node) == 0:
 86 | 			print('+ No matching node(s) found in database.')
 87 | 			exit()
 88 | 		elif 'NO MATCH' in match_policy:
 89 | 			print('+ No matching policy(ies) found in database.')
 90 | 			exit()
 91 | 		else:
 92 | 			node_create(match_node,node_object)
 93 | 			mediator(args,policy_list,node_object,auditcreeper,output,with_remediation)
 94 | 			exit()
 95 | 	if argument_file is None and argument_policy is None:
 96 | 		template_list = []
 97 | 		auditcreeper = True
 98 | 	else:
 99 | 		template = args.file + ext['jinja']
100 | 		template_list = []
101 | 		template_list.append(template)
102 | 	node_template = process_templates()
103 | 	match_template = search_template(template_list,safe_push_list,match_node,node_template,node_object,auditcreeper,push_cfgs)
104 | 	if len(match_node) == 0:
105 | 		print('[x] No matching nodes found in database.')
106 | 		print('')
107 | 		exit()
108 | 	elif 'NO MATCH' in match_template or len(match_template) == 0:
109 | 		print('[x] No matching templates found in database.')
110 | 		print('')
111 | 		exit()
112 | 	else:
113 | 		node_create(match_node,node_object)
114 | 		mediator(args,template_list,node_object,auditcreeper,output,with_remediation)
115 | #		if len(initialize.configuration) == 0:
116 | #			pass	
117 | #		else:
118 | #			if remediation:
119 | #				confirm(redirect,commands)
120 | 
121 | 	return None	
122 | 


--------------------------------------------------------------------------------
/confirm.py:
--------------------------------------------------------------------------------
 1 | """
 2 |     This module controls the confirmation of pushing and pulling function
 3 |     from the user.
 4 | """
 5 | import initialize 
 6 | from multithread import multithread_engine
 7 | 
 8 | def confirm(redirect,commands,authentication):
 9 | 	index = 0
10 | 	if(redirect[index] == 'push_cfgs'):
11 | 		try:
12 | 			check = str(input("Push configs? [y/N]: ")).strip()
13 | 		except KeyboardInterrupt as error:
14 | 			print('[>] Terminating...')
15 | 			exit()
16 | 	else:
17 | 		check = str(input("Pull configs? [y/N]: ")).strip()
18 | 	try:
19 | 		if check[0] == 'y':
20 | 			multithread_engine(initialize.ntw_device,redirect,commands,authentication)
21 | 		elif check[0] == 'N':
22 | 			return False
23 | 		else:
24 | 			print("RuntimeError: aborted at user request")
25 | 	except Exception as error:
26 | 		print("ExceptionError: an exception occured")
27 | 		print(error)
28 | 
29 | 	return None
30 | 


--------------------------------------------------------------------------------
/exec_cmd.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module executes user requested commands to devices.
 3 | """
 4 | import initialize
 5 | from lib.objects.basenode import BaseNode
 6 | from processdb import process_nodes
 7 | from search import search_node
 8 | from search import node_element 
 9 | from node_create import node_create
10 | from multithread import multithread_engine
11 | 
12 | def exec_cmd(args):
13 | 	argument_command = args.command
14 | 	argument_node = args.node
15 | 	redirect = []
16 | 	authentication = True
17 | 	"""
18 | 		:param argument_command: Referenced to global variable commands which keeps track of all commands per node.
19 | 		:type commands: list
20 | 		
21 | 		:param argument_node: Argument accepted as regular expression.
22 | 		:type augument_node: str
23 | 		
24 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
25 | 		:type alt_key_file: list
26 | 	"""
27 | 	redirect.append('exec_cmd') 
28 | 	try:
29 | 		if argument_command == 'reload' or argument_command == 'reboot':
30 | 			print("superloopError: command not supported")
31 | 			return False
32 | 		else:
33 | 			node_object = process_nodes()
34 | 			match_node = search_node(argument_node,node_object)
35 | 			"""
36 | 				:param node_object: All node(s) in the database with all attributes.
37 | 				:type node_object: list
38 | 		
39 | 				:param match_node: Nodes that matches the arguements passed in by user.
40 | 				:type match_node: list
41 | 			"""
42 | 			if len(match_node) == 0:
43 | 				print('+ No matching node(s) found in database.')
44 | 				print()
45 | 			else:
46 | 				node_element(match_node,node_object)
47 | 				node_create(match_node,node_object)
48 | 				multithread_engine(initialize.ntw_device,redirect,argument_command,authentication)
49 | 	except Exception as error:
50 | 		print("ExceptionError: an exception occured")
51 | 		print(error)
52 | 
53 | 	return None
54 | 


--------------------------------------------------------------------------------
/get_property.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module holds properties that superloop is required to retrieve.
  3 | """
  4 | import datetime
  5 | import hvac
  6 | import os
  7 | import socket
  8 | import time
  9 | 
 10 | def get_home_directory():
 11 | 	home_directory = os.getenv('HOME')
 12 | 
 13 | 	return home_directory
 14 | 
 15 | def get_real_path():
 16 | 	real_path = os.path.dirname(os.path.realpath(__file__))
 17 | 
 18 | 	return real_path
 19 | 
 20 | def get_port(node_object,element,ssh_id):
 21 | 	if node_object[element[ssh_id]]['type'] == 'switch':
 22 | 		port = '22'
 23 | 	elif node_object[element[ssh_id]]['type'] == 'nas':
 24 | 		port = '2222'
 25 | 	else:
 26 | 		port = '22'
 27 | 
 28 | 	return port
 29 | 
 30 | def get_type(name):
 31 | 	if('fw' in name):
 32 | 		device_type = 'firewall'
 33 | 	elif('rt' in name):
 34 | 		device_type = 'router'
 35 | 	elif('sw' in name):
 36 | 		device_type = 'switch'
 37 | 
 38 | 	return device_type
 39 | 
 40 | def get_template_directory(hardware_vendor,opersys,device_type):
 41 | 	"""
 42 | 		This will return the appropreiate directory based on the device
 43 | 		hardware_vendor, operating system and type
 44 | 	"""
 45 | 	directory = ''
 46 | 	if hardware_vendor == 'cisco' and opersys == 'asa' and device_type == 'firewall':
 47 | 		directory = '{}/superloop_code/templates/hardware_vendors/cisco/asa/firewall/'.format(get_home_directory())
 48 | 	elif hardware_vendor == 'cisco' and opersys == 'ios'and device_type == 'router':
 49 | 		directory = '{}/superloop_code/templates/hardware_vendors/cisco/ios/router'.format(get_home_directory())
 50 | 	elif hardware_vendor == 'cisco' and opersys == 'ios'and device_type == 'switch':
 51 | 		directory = '{}/superloop_code/templates/hardware_vendors/cisco/ios/switch/'.format(get_home_directory())
 52 | 	elif hardware_vendor == 'cisco' and opersys == 'nxos'and device_type == 'switch':
 53 | 		directory = '{}/superloop_code/templates/hardware_vendors/cisco/nxos/switch/'.format(get_home_directory())
 54 | 	elif hardware_vendor == 'cisco' and opersys == 'nxos'and device_type == 'router':
 55 | 		directory = '{}/superloop_code/templates/hardware_vendors/cisco/nxos/router/'.format(get_home_directory())
 56 | 	elif hardware_vendor == 'juniper' and opersys == 'junos' and device_type == 'vfirewall':
 57 | 		directory = '{}/superloop_code/templates/hardware_vendors/juniper/junos/vfirewall/'.format(get_home_directory())
 58 | 	elif hardware_vendor == 'juniper' and opersys == 'junos' and device_type == 'router':
 59 | 		directory = '{}/superloop_code/templates/hardware_vendors/juniper/junos/router/'.format(get_home_directory())
 60 | 	elif hardware_vendor == 'citrix' and opersys == 'netscaler' and device_type == 'loadbalancer':
 61 | 		directory = '{}/superloop_code/templates/hardware_vendors/citrix/netscaler/vpx/'.format(get_home_directory())
 62 | 	elif hardware_vendor == 'f5' and opersys == 'tmsh' and device_type == 'loadbalancer':
 63 | 		directory = '{}/superloop_code/templates/hardware_vendors/f5/tmsh/ltm/'.format(get_home_directory())
 64 | 
 65 | 	return directory
 66 | 
 67 | def get_policy_directory(hardware_vendor,opersys,device_type):
 68 | 	directory = ''
 69 | 	if hardware_vendor == 'cisco' and opersys == 'asa' and device_type == 'firewall':
 70 | 		directory = '{}/superloop_code/policy/cisco/ios/firewall/'.format(get_home_directory())
 71 | 	elif hardware_vendor == 'juniper' and opersys == 'junos' and device_type == 'vfirewall':
 72 | 		directory = '{}/superloop_code/policy/juniper/junos/vfirewall/'.format(get_home_directory())
 73 | 
 74 | 	return directory
 75 | 
 76 | def get_updated_list(list_copy):
 77 | 	"""
 78 | 		This will get the current template list from the list. 
 79 | 		Example: ['base.jinja'],['snmp.jinja','tacacs.jinja']]. 
 80 | 		It will continue to pop off the 1st element until there 
 81 | 		are only one element left.
 82 | 	"""
 83 | 	updated_list = []
 84 | 	if len(list_copy) != 1:
 85 | 		list_copy.pop(0)
 86 | 		updated_list = list_copy[0]
 87 | 
 88 | 	return updated_list
 89 | 
 90 | def get_syntax(node_object,index):
 91 | 	"""
 92 | 		This will return the correct syntax used for CiscoConfParse
 93 | 		based on device hardware vendor.
 94 | 	"""
 95 | 	syntax = ''
 96 | 	if node_object[index]['hardware_vendor'] == 'cisco' and node_object[index]['type'] == 'firewall':
 97 | 		syntax = 'asa'
 98 | 	elif node_object[index]['hardware_vendor'] == 'cisco' and node_object[index]['type'] == 'switch':
 99 | 		syntax = 'ios'
100 | 	elif node_object[index]['hardware_vendor'] == 'juniper' and node_object[index]['type'] == 'switch':
101 | 		syntax = 'junos'
102 | 	elif node_object[index]['hardware_vendor'] == 'f5' and node_object[index]['type'] == 'loadbalancer':
103 | 		syntax = 'ios'
104 | 
105 | 	return syntax
106 | 
107 | def get_sorted_juniper_template_list(template_list):
108 | 
109 | 	""" This will sort the Juniper template list from top configuration
110 | 		in the order they appear in a 'show configuration' juniper output.
111 | 		For example: groups, systems, chassis, security, snmp etc...
112 | 	"""
113 | 	sorted_juniper_template_list = []
114 | 	sorted_juniper_template_list_index = []
115 | 	config_order = {
116 | 					'groups.jinja2': 0 ,
117 | 					'system.jinja2': 1 ,
118 | 					'interfaces.jinja2': 2,
119 | 					'chassis.jinja2': 3 ,
120 | 					'snmp.jinja2': 4 ,
121 | 					'routing-options.jinja2': 5 ,
122 | 					'protocols.jinja2': 6 ,
123 | 					'policy-options.jinja2': 7 ,
124 | 					'security.jinja2': 8 ,
125 | 					'routing-instances.jinja2': 9
126 | 		}			 
127 | 	for template in template_list:         
128 | 		if template in config_order.keys():   
129 | 			sorted_juniper_template_list_index.append(config_order[template]) 
130 | 
131 | 	"""
132 | 		Sorting the order of how the templates should be in comparison with
133 | 		with the Juniper 'show configuration' output.
134 | 	"""
135 | 	sorted_juniper_template_list_index.sort()
136 | 	"""
137 | 		Building the sorted template list and returning
138 | 	"""
139 | 	for element in sorted_juniper_template_list_index:
140 | 		template = list(config_order.keys())[list(config_order.values()).index(element)]
141 | 		sorted_juniper_template_list.append(template)
142 | 
143 | 	return sorted_juniper_template_list
144 | 
145 | def get_standards_directory(name,hardware_vendor,type):
146 | 	directory = '{}/superloop_code/templates/standards/'.format(get_home_directory())
147 | 
148 | 	return directory 
149 | 
150 | def timestamp():
151 |     time_stamp =time.time()
152 |     date_time = datetime.datetime.fromtimestamp(time_stamp).strftime('%Y-%m-%d %H:%M:%S')
153 | 
154 |     return date_time
155 | 
156 | def get_resolve_hostname(fqdn):
157 | 	try:
158 | 		mgmt_ip4 = socket.gethostbyname(fqdn)
159 | 
160 | 		return mgmt_ip4
161 | 
162 | 	except socket.error:
163 | 		mgmt_ip4 = 'null'
164 | 
165 | 	return mgmt_ip4
166 | 
167 | 
168 | def get_serial_oid(snmp_platform_name):
169 | 	platform_name = snmp_platform_name.lower() 
170 | 	device_serial = ''
171 | 	SERIAL_OID = {
172 | 			'firefly-perimeter':'1.3.6.1.4.1.2636.3.1.3.0',
173 | 			'c3750':'1.3.6.1.4.1.9.5.1.2.19.0',
174 | 			'adaptive security appliance':'1.3.6.1.2.1.47.1.1.1.1.11.1',
175 | 			'cisco nx-os':'1.3.6.1.2.1.47.1.1.1.1.11.22',
176 | 			'netscaler':'1.3.6.1.4.1.5951.4.1.1.14.0'
177 | 		}
178 | 	for model in SERIAL_OID:
179 | 		if model in platform_name:
180 | 			device_serial_oid = SERIAL_OID[model]
181 | 			break
182 | 		else:
183 | 			device_serial_oid = 'null'
184 | 
185 | 	return device_serial_oid 
186 | 
187 | def get_secrets():
188 | 	client = hvac.Client()
189 | 	data = client.auth.approle.login(
190 | 			role_id = os.environ.get('VAULT_ROLE_ID'),
191 | 			secret_id = os.environ.get('VAULT_SECRET_ID')
192 | 		)
193 | 	VAULT_TOKEN = data['auth']['client_token']
194 | 	secret_data = client.read('{}'.format(os.environ.get('VAULT_PATH')))
195 | 	secrets = secret_data['data']['data']
196 | 
197 | 	return secrets
198 | 
199 | """
200 | 	get_no_negate() function stores a list of strings that do not require a negation when it comes to the Cisco. However, the command by default begins with a 'no'.
201 | 	For example. 'no logging rate-limit', 'no service-pad'. The keywords must be stored in this list so superloop checks against it to know which commands to not
202 | 	negate.
203 | """ 
204 | def get_no_negate():
205 | 	no_negate = [
206 | 		'logging',
207 | 		'service',
208 | 	]
209 | 
210 | 	return no_negate
211 | 


--------------------------------------------------------------------------------
/gifs/superloop_audit_diff_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_audit_diff_demo.gif


--------------------------------------------------------------------------------
/gifs/superloop_auditcreeper.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_auditcreeper.gif


--------------------------------------------------------------------------------
/gifs/superloop_auditcreeper_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_auditcreeper_demo.gif


--------------------------------------------------------------------------------
/gifs/superloop_gitops_operational_framework.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_gitops_operational_framework.png


--------------------------------------------------------------------------------
/gifs/superloop_host_exec_after_push_cfgs_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_host_exec_after_push_cfgs_demo.gif


--------------------------------------------------------------------------------
/gifs/superloop_host_exec_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_host_exec_demo.gif


--------------------------------------------------------------------------------
/gifs/superloop_push_cfgs_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_push_cfgs_demo.gif


--------------------------------------------------------------------------------
/gifs/superloop_push_local_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_push_local_demo.gif


--------------------------------------------------------------------------------
/gifs/superloop_push_onscreen_demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/gifs/superloop_push_onscreen_demo.gif


--------------------------------------------------------------------------------
/initialize.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module define the global variables.
 3 | """
 4 | def variables():
 5 | 	global backup_config
 6 | 	global compliance_percentage
 7 | 	global configuration
 8 | 	global debug_element 
 9 | 	global element
10 | 	global element_policy
11 | 	global netscaler_ha
12 | 	global ntw_device
13 | 	global password
14 | 	global rendered_config
15 | 
16 | 	backup_config = []
17 | 	compliance_percentage = 0
18 | 	configuration = []
19 | 	debug_element = []
20 | 	element = []
21 | 	element_policy = []
22 | 	netscaler_ha = []
23 | 	ntw_device = []
24 | 	password = ''
25 | 	rendered_config = []
26 | 
27 | 	"""
28 | 		:param backup_config: Backup configuration from taken from devices.
29 | 		:type backup_config: list
30 | 		:param compliance_percentage: This keeps track of the percentage of code compliance from our templates with respect to our running configurations.
31 | 		:type configuration: int
32 | 		:param configuration: Referenced to global variable configuration which keeps track of all commands per node.
33 | 		:type configuration: list
34 | 		:param debug_element: Element number of device for when there are no diffs, then device gets popped off.
35 | 		:type debug_element: list
36 | 		:param element_policy: All elements of matched policies.
37 | 		:type element_policy: int
38 | 		:param netscaler_ha: All matched nodes.
39 | 		:type netscaler_ha: list
40 | 		:param element: The element number of the match device(s) from the list of nodes.
41 | 		:type element: list
42 | 		:param element_policy: The element number of the match policy from the list of polcies.
43 | 		:type element_policy: list
44 | 		:param ntw_device: All matched nodes.
45 | 		:type ntw_device: list
46 | 		:param password: Only a single time use, per session of push_cfgs.py for Cisco like devices so users do not require to authenticate twice.
47 | 		:type password: str
48 | 		:param rendered_config: Rendered configurations from templates.
49 | 		:type rendered_config: list
50 | 	"""
51 | 


--------------------------------------------------------------------------------
/lib/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/lib/__init__.py


--------------------------------------------------------------------------------
/lib/mediators/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/lib/mediators/__init__.py


--------------------------------------------------------------------------------
/lib/mediators/generic.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This mediator is a generic audit diff for various hardware vendors including Cisco, Citrix and F5.
  3 | """
  4 | import diffios
  5 | import re
  6 | import initialize
  7 | import itertools
  8 | import os
  9 | from ciscoconfparse import CiscoConfParse
 10 | from ciscoconfparse import HDiff
 11 | from get_property import get_no_negate
 12 | from get_property import get_policy_directory
 13 | from get_property import get_template_directory
 14 | from get_property import get_syntax
 15 | from get_property import get_sorted_juniper_template_list 
 16 | from parse_cmd import citrix_parse_negation_commands
 17 | from parse_cmd import cisco_parse_negation_commands
 18 | 
 19 | home_directory = os.environ.get('HOME')
 20 | 
 21 | def generic_audit_diff(args,node_configs,node_object,index,template,input_list,AUDIT_FILTER_RE,output,with_remediation):
 22 | 	length_rendered_config = 0
 23 | 	length_backup_config = 0
 24 | 	delta_diff_counter = 0
 25 | 	delta_length_rendered_config = 0
 26 | 	for template in input_list:
 27 | 		filtered_backup_config = []
 28 | 		rendered_config = []
 29 | 		backup_config = []
 30 | 		"""
 31 | 		:param filtered_backup_config: Audit filters that matches the lines in backup_config. Entries include depths/deep configs.
 32 | 		:type filtered_backup_config: list
 33 | 
 34 | 		:param rendered_config: Rendered configs from the templates.
 35 | 		:type rendered_config: list
 36 | 
 37 | 		:param backup_config: Backup configs from the 'show run', 'list ltm' etc...
 38 | 		:type backup_config: list
 39 | 
 40 | 		:param commands: ... Configurations generated from the diff'ed output.
 41 | 		:type commands: list
 42 | 		"""
 43 | 		with open("{}/rendered-configs/{}.{}".format(home_directory,node_object[index]['name'],template.split('.')[0]) + ".conf", "r") as file:
 44 | 			init_config = file.readlines()
 45 | 		for config_line in init_config:
 46 | 			strip_config = config_line.strip('\n')
 47 | 			strip_config = strip_config.rstrip()
 48 | 			if strip_config == '' or strip_config == ' ' or strip_config == '!':
 49 | 				continue	
 50 | 			else:
 51 | 				rendered_config.append(strip_config)	
 52 | 		length_rendered_config = len(rendered_config)
 53 | 		with open("{}/backup-configs/{}".format(home_directory,node_object[index]['name']) + ".conf", "r") as file:
 54 | 			init_config = file.readlines()
 55 | 		for config_line in init_config:
 56 | 			strip_config = config_line.strip('\n')
 57 | 			strip_config = strip_config.rstrip()
 58 | 			if strip_config == '' or strip_config == ' ' or strip_config == '!' or strip_config == '! ':
 59 | 				continue	
 60 | 			else:
 61 | 				backup_config.append(strip_config)	
 62 | 		length_backup_config = len(backup_config)
 63 | 		if args.policy is not None:
 64 | 			directory = get_policy_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
 65 | 			with open("{}".format(directory) + template, "r") as file:
 66 | 				parse_audit = file.readline()
 67 | 		else:
 68 | 			directory = get_template_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
 69 | 			with open("{}".format(directory) + template, "r") as file:
 70 | 				parse_audit = file.readline()
 71 | 		"""
 72 | 			This will take each element from the audit_filter list and search for the matched lines in backup_config.
 73 | 		"""
 74 | 		audit_filter = eval(re.findall(AUDIT_FILTER_RE, parse_audit)[0])
 75 | 		parse_backup_configs = CiscoConfParse(backup_config, syntax=get_syntax(node_object,index))
 76 | 		"""
 77 | 			Matched entries are then appended to the filter_backup_config variable. parse_audit_filter() call will find all parent/child.
 78 | 		"""
 79 | 		filtered_backup_config = parse_audit_filter(
 80 | 				node_object,
 81 | 				index,
 82 | 				parse_backup_configs,
 83 | 				audit_filter
 84 | 		)
 85 | 		diff = diffios.Compare(filtered_backup_config,rendered_config)
 86 | 		push_configs = diff.missing() + diff.additional()
 87 | 		push_configs = list(itertools.chain.from_iterable(push_configs))
 88 | 		addition = list(itertools.chain.from_iterable(diff.additional()))
 89 | 		"""
 90 | 			Calculating the percentage of config lines from the template that matches the running-configuration of the device.
 91 | 			This willprovide an accurate reading config standardization.
 92 | 		"""
 93 | 		total_template_lines = len(rendered_config)
 94 | 		total_filtered_backup_config_lines = len(filtered_backup_config)
 95 | 		total_backup_config_lines = len(backup_config)
 96 | 		total_push_config_lines = len(push_configs)
 97 | 		"""
 98 | 		:param total_template_lines: Total number of lines in the template.
 99 | 		:type total_template_lines: int
100 | 
101 | 		:param total_filtered_backup_config_lines: Total number of lines in the filtered backup config.
102 | 		:type total_filtered_backup_config_lines: int
103 | 
104 | 		:param total_backup_config_lines: Total number of lines in the backup config.
105 | 		:type total_backup_config_lines: int
106 | 		"""
107 | 
108 | 		"""
109 | 			If there are no diffs and only and audit diff is executed, (none) will be printed to show users the result. However, if there are no diffs but a push cfgs
110 | 			is executed, no configs would be pushed as an empty list is appended.
111 | 		"""
112 | 		if len(push_configs) == 0 and output:
113 | 			if output:
114 | 				print('{}{} (none)'.format(directory,template))
115 | 				print('')
116 | 				template_percentage = round(length_rendered_config / length_backup_config * 100,2)
117 | 				initialize.compliance_percentage = round(initialize.compliance_percentage + template_percentage,2)
118 | 			else:
119 | 				initialize.configuration.append([])
120 | 				print('There are no diffs to be pushed for template {} on {}'.format(template,node_object[index]['name']))
121 | 				if len(initialize.element) == 0:
122 | 					node_configs.append('')
123 | 					break
124 | 		else:
125 | 			"""
126 | 				If an audit diff is executed, the diff is outputed to user. If a push cfgs is executed against Cisco like platforms, the commands from the diff are executed
127 | 				with the negation (no). This is to maintain the sequence of the the commands in order to match the jinja2 templates. What you see on the template is what the
128 | 				users want exactly as the running-configurations. The with_remediation flag is no longer required on the template itself as it may cause disruptions to
129 | 				services. For example, blowing out an entire logging configs (no logging) and re-adding all the logging host back on.
130 | 			"""
131 | 			if output:
132 | 				print("{}{}".format(directory,template))
133 | 				print('\n'.join(HDiff(filtered_backup_config,rendered_config,syntax="ios",ordered_diff=True).unified_diffs()[3:]))
134 | 				delta_length_rendered_config = length_rendered_config - delta_diff_counter
135 | 				template_percentage = round(delta_length_rendered_config / length_backup_config * 100,2)
136 | 				initialize.compliance_percentage = round(initialize.compliance_percentage + template_percentage,2)
137 | 			else:
138 | 				if node_object[index]['hardware_vendor'] == 'cisco' and len(push_configs) != 0:
139 | 					negate_configs = cisco_parse_negation_commands(diff.missing())
140 | 					for config in negate_configs:
141 | 						node_configs.append(config)
142 | 					for config in addition:
143 | 						node_configs.append(config)
144 | 				elif node_object[index]['hardware_vendor'] == 'citrix':
145 | 					negate_configs = citrix_parse_negation_commands(diff.missing())
146 | 					for config in negate_configs:
147 | 						node_configs.append(config)
148 | 					for config in addition:
149 | 						node_configs.append(config)
150 | 	return None
151 | 
152 | def parse_audit_filter(node_object,index,parse_backup_configs,audit_filter):
153 | 	filtered_backup_config = []
154 | 	for audit in audit_filter:
155 | 		current_template = parse_backup_configs.find_objects(r"^{}".format(audit))
156 | 		for audit_string in current_template:
157 | 			filtered_backup_config.append(audit_string.text)
158 | 			if audit_string.is_parent:
159 | 				for child in audit_string.all_children:
160 | 					filtered_backup_config.append(child.text)
161 | 
162 | 	return filtered_backup_config
163 | 


--------------------------------------------------------------------------------
/lib/mediators/juniper.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This mediator is a audit diff supporting the Juniper hardware vendor.
  3 | """
  4 | import re
  5 | import initialize
  6 | import os
  7 | from get_property import get_sorted_juniper_template_list 
  8 | 
  9 | home_directory = os.environ.get('HOME')
 10 | 
 11 | def juniper_mediator(node_object,template_list,diff_config,edit_list,index):
 12 | 
 13 | 	for template in template_list:
 14 | 		### THIS SECTION IS FOR JUNIPER NETWORKS PLATFORM ###
 15 | 	
 16 | 		###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
 17 | 	#	print ("DIFF CONFIG: {}".format(diff_config))
 18 | 	
 19 | 		### THIS FIRST SECTION WILL FIND ALL THE INDEXES WITH THE '[edit <TEMPLATE>]' AND APPEND IT TO THE EDIT_LIST
 20 | 		### EDIT_LIST MAINTAINS A LIST OF ALL THE INDEXES THAT PERTAIN TO THE TEMPLATES
 21 | 		for line in diff_config:
 22 | 			if re.search('\[edit\s{}'.format(template.split('.')[0]),line):
 23 | 				element = diff_config.index(line) 
 24 | 				edit_list.append(element)
 25 | 				break
 26 | 			elif re.search('\+\s\s{}\s'.format(template.split('.')[0]),line):
 27 | 				element = diff_config.index(line) 
 28 | 				edit_list.append(element)
 29 | 				break
 30 | 			else:
 31 | 				continue
 32 | 				###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
 33 | 				print('ELEMENT: {}'.format(element))
 34 | 				print("{}".format(line))
 35 | 		###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
 36 | #		print('EDIT_LIST 1st: {}'.format(edit_list))
 37 | #		print("index_of_template_list: {}".format(index_of_template_list))
 38 | #		print("length_template_list: {}".format(length_template_list))
 39 | #		edit_list.sort()
 40 | 	
 41 | 				
 42 | 	return edit_list 
 43 | 
 44 | def juniper_audit_diff(directory,template_list,diff_config,edit_list):
 45 | 
 46 | 	template_list = get_sorted_juniper_template_list(template_list)
 47 | 
 48 | #	for element in edit_list:
 49 | #		if element not in no_duplicate_edit_list:
 50 | #			no_duplicate_edit_list.append(element)
 51 | #
 52 | #	edit_list = no_duplicate_edit_list[:]
 53 | 
 54 | 	###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
 55 | #	print('DIFF_CONFIG: {}'.format(diff_config))
 56 | #	print("EDIT_LIST: {}".format(edit_list))
 57 | 	### THIS WILL CHECK IF IT'S ON THE LAST TEMPLATE. IF IT IS, IT WILL LOCATE THE LAST INDEX FOR EDIT_LIST AND APPEND IT TO THE LIST
 58 | #	if(index_of_template_list == length_template_list):
 59 | 	for line in diff_config:
 60 | 		if(re.search('exit configuration-mode',line)):
 61 | 			element = diff_config.index(line) 
 62 | 			###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
 63 | #			print('ELEMENT: {}'.format(element))
 64 | #			print("{}".format(line))
 65 | 			### THE BELOW STATEMENT IS TO CHECK IF THE PIVOT POINT (INDEX)IS LESS THEN OR EQUAL TO THE INDEX OF THE LAST ELEMENT OF THE EDIT_LIST. IF IT'S LESS THAN
 66 | 			### OR EQUAL TO, IT KNOWS THAT IT HAS NOT REACHED PASSED THE LAST INDEX OF EDIT_LIST (LAST ELEMENT). THEREFORE PIVOT POINT MUST BE GREATER TO KNOW IT'S THE
 67 | 			### END
 68 | #			if(element<=edit_list[len(edit_list) - 1]):
 69 | #				continue
 70 | #			else:
 71 | 				### THE COUNTER 6 IS TO DECREMENT THE INDEX '6' TIMES FROM THE 'exit configuration-mode'. THIS WILL LAND THE PIVOT POINT AT THE END OF THE DIFF.
 72 | 				### THE LAST ELEMENT OF THE 'DIFF' IS NOW APPENDED TO THE EDIT_LIST, (ALL UNNECCESSARY INFO EX. SHOW | COMPARE, ROLLBACK 0 ETC... HAVE BEEN LEFT OUT
 73 | 				### AND THEREFORE WE ARE ABLE TO FILTER OUT THE DIFF OUTPUT.
 74 | 			element = element - 6 
 75 | 			edit_list.append(element)
 76 | 			break
 77 | 	###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
 78 | #	print('EDIT_LIST FINAL: {}'.format(edit_list))
 79 | 	start = 0
 80 | 	end = 1
 81 | 	### THE LAST SECTION WILL PRINT THE APPROPREIATE DIFF BASED ON THE TEMPLATES FROM THE EDIT_LIST INFORMATION
 82 | #	print('TEMPLATE_LIST: {}'.format(template_list))
 83 | #	print('DIFF_config: {}'.format(diff_config))
 84 | 
 85 | 
 86 | 	for template in template_list:
 87 | 		pivot = 1
 88 | #		if(len(search) >= 1):
 89 | #			print("TEMPLATE: {}".format(template))
 90 | #			print("LENGTH OF SEARCH: {}.".format(search))
 91 | 		pivot = 1
 92 | 		for line in diff_config:
 93 | #			print(pivot,len(diff_config))
 94 | 			### SATISFY CONDITION WHEN THERE IS A DIFF AND CONFIGURATION STANZA EXIST ON DEVICE AND IN TEMPLATE
 95 | 			if(re.search('\[edit\s{}'.format(template.split('.')[0]),line)):
 96 | 				juniper_diff_output(diff_config,directory,template,edit_list,start,end)
 97 | 				start = start + 1
 98 | 				end = end + 1
 99 | 				break
100 | 				###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
101 | #				print('DIFF_TEMPLATE: {}'.format(diff_template))
102 | 			### SATISFY CONDITION WHEN CONFIGURATION DOESN'T CURRENTLY EXIST ON DEVICE BUT ONLY IN TEMPLATE
103 | 			elif re.search('\+\s\s{}\s'.format(template.split('.')[0]),line):
104 | 				juniper_diff_output(diff_config,directory,template,edit_list,start,end)
105 | 				start = start + 1
106 | 				end = end + 1
107 | 				break
108 | 			### SATISFY CONDITION WHEN THERE ARE NO DIFFS FOUND. LENGTH OF EDIT_LIST IS EQUAL TO 1 AS '' (BLANK) [MINUS 6 INDEX FROM 'exit configuration-mode' 
109 | 			### WILL BE THE ONLY ELEMENT IN THE LIST.
110 | 			elif len(edit_list) == 1:
111 | 				print("{}{} (none)".format(directory,template))
112 | 				break
113 | 			### SATISFY CONDITION WHEN THERE ARE NO DIFFS FOUND AND THE LINE BEING EVALUATED REACHES THE END OF THE DIFF_CONFIG. IT THEN KNOWS THERE 
114 | 			### ARE NO MATCHES. 
115 | 			else:
116 | 				if pivot == len(diff_config):
117 | 					print("{}{} (none)".format(directory,template))
118 | 				pass
119 | 			pivot = pivot + 1
120 | 
121 | def juniper_diff_output(diff_config,directory,template,edit_list,start,end):
122 | 
123 | 	diff_template = diff_config[edit_list[start]:edit_list[end]]  
124 | 	print("{}{}".format(directory,template))
125 | 	for line in diff_template:
126 | 		## THE BELOW IF STATEMENT IS TO CORRECT THE OUTPUT. AT RANDOM TIMES, THE DIFF-CONFIG MAY INCLUDE 'ROLLBACK 0' IN OUTPUT. IT WILL OMIT PRINTING THAT.
127 | 		if line == '[edit]' or line == 'rollback 0':
128 | 			pass
129 | 		else:
130 | 			print("{}".format(line))
131 | 	print()
132 | 


--------------------------------------------------------------------------------
/lib/objects/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/superloopnetwork/superloop/996fd08a4381b5d6b95e47d75bdfbadfc3bdae6c/lib/objects/__init__.py


--------------------------------------------------------------------------------
/lib/objects/basenode.py:
--------------------------------------------------------------------------------
  1 | from netmiko import ConnectHandler, SCPConn, NetmikoAuthenticationException
  2 | import re
  3 | import os
  4 | import logging
  5 | 
  6 | class BaseNode(object):
  7 | 
  8 | 	def __init__(self,created_at,created_by,domain_name,hardware_vendor,lifecycle_status,location_name,mgmt_ip4,mgmt_con_ip4,mgmt_oob_ip4,mgmt_snmp_community4,name,platform_name,oncall_team,opersys,software_image,software_version,type,role_name,serial_num,status,updated_at,updated_by):
  9 | 
 10 | 		self.created_at = created_at
 11 | 		self.created_by = created_by
 12 | 		self.domain_name = domain_name
 13 | 		self.hardware_vendor = hardware_vendor 
 14 | 		self.lifecycle_status = lifecycle_status
 15 | 		self.location_name = location_name
 16 | 		self.mgmt_con_ip4 = mgmt_con_ip4
 17 | 		self.mgmt_ip4 = mgmt_ip4
 18 | 		self.mgmt_oob_ip4 = mgmt_oob_ip4
 19 | 		self.mgmt_snmp_community4 = mgmt_snmp_community4
 20 | 		self.name = name
 21 | 		self.password = os.environ.get('NETWORK_PASSWORD')
 22 | 		self.platform_name = platform_name
 23 | 		self.oncall_team = oncall_team
 24 | 		self.opersys = opersys
 25 | 		self.role_name = role_name 
 26 | 		self.serial_num = serial_num
 27 | 		self.software_image = software_image
 28 | 		self.software_version = software_version
 29 | 		self.status = status
 30 | 		self.type = type
 31 | 		self.updated_at = updated_at
 32 | 		self.updated_by = updated_by
 33 | 		self.username = os.environ.get('NETWORK_USERNAME')
 34 | 
 35 | 	def connect(self):
 36 | 		try:
 37 | 			self.net_connect = ConnectHandler(self.mgmt_ip4,self.name,self.username,self.password,self.password,device_type=self.get_device_type())
 38 | 		except NetmikoAuthenticationException as error:
 39 | 			print('[x] Authentication failure.')
 40 | 			os._exit(1)
 41 | 			
 42 | 	def scpconnect(self):
 43 | 		self.connect()
 44 | 		self.scp_connect = SCPConn(self.net_connect)
 45 | 		
 46 | 	def location(self):
 47 | 		datacenter_location = ''
 48 | 		if (self.type == 'firewall'):
 49 | 			location_list = self.name.split('-')	
 50 | 			datacenter_location = location_list[3]
 51 | 
 52 | 		elif (self.type == 'switch' or self.type == 'router'):
 53 | 			location_list = self.name.split('.')	
 54 | 			datacenter_location = location_list[3]
 55 | 
 56 | 		return datacenter_location
 57 | 
 58 | 	def get_device_type(self):
 59 | 
 60 | 		device_type = {
 61 | 				'ASA5510' : 'cisco_asa',
 62 | 				'WS-C3750G-24TS-1U' : 'cisco_ios',
 63 | 				'f5linux' : 'f5_linux',
 64 | 				'ltm' : 'f5_ltm',
 65 | 				'tmsh' : 'f5_tmsh',
 66 | 				'firefly-perimeter' : 'juniper',
 67 | 				'junos' : 'juniper_junos',
 68 | 				'vqfx-10000' : 'juniper',
 69 | 				'vyattavyos' : 'vyatta_vyos',
 70 | 				'vyos' : 'vyos',
 71 | 				'NetScaler Virtual Appliance' : 'netscaler',
 72 | 				'NSMPX-8900 8*CPU+4*F1X+6*E1K+1*E1K+1*COL 8955' : 'netscaler',
 73 | 				'N9K-C9300v' : 'cisco_nxos',
 74 | 				'Nexus5548 Chassis' : 'cisco_nxos',
 75 | 				'N9K-C93108TC-FX' : 'cisco_nxos',
 76 | 				'N9K-C9372PX' : 'cisco_nxos',
 77 | 				'PA-VM' : 'paloalto_panos'
 78 | 		}
 79 | 	
 80 | 		return device_type['{}'.format(self.platform_name)]
 81 | 
 82 | 	def push_cfgs(self,password,commands):
 83 | 		self.connect()
 84 | 		output = self.net_connect.enable()
 85 | 		if self.hardware_vendor == 'cisco' and self.opersys == 'ios':
 86 | 			output = self.net_connect.send_config_set(commands, exit_config_mode=True)
 87 | 			save = self.net_connect.send_command('write memory')
 88 | 			print(output)
 89 | 		elif self.hardware_vendor == 'cisco' and self.opersys == 'asa':
 90 | 			output = self.net_connect.send_config_set(commands, exit_config_mode=True)
 91 | 			save = self.net_connect.send_command('write memory')
 92 | 			print(output)
 93 | 		elif self.hardware_vendor == 'cisco' and self.opersys == 'nxos':
 94 | 			output = self.net_connect.send_config_set(commands, exit_config_mode=True)
 95 | 			save = self.net_connect.send_command('copy running-config startup-config')
 96 | 		elif self.hardware_vendor == 'juniper':
 97 | 			output = self.net_connect.send_config_set(commands, exit_config_mode=False)
 98 | 			save = self.net_connect.commit(and_quit=True)
 99 | 			print(output)
100 | 		elif self.hardware_vendor == 'vyatta':
101 | 			output = self.net_connect.send_config_set(commands, exit_config_mode=False)
102 | 			self.net_connect.commit()
103 | 		elif self.hardware_vendor == 'f5':
104 | 			output = self.net_connect.send_config_set(commands,enter_config_mode=False,exit_config_mode=False)
105 | 			save = self.net_connect.send_command('save sys config')
106 | 		elif self.hardware_vendor == 'palo_alto':
107 | 			output = self.net_connect.send_config_set(commands,enter_config_mode=True)
108 | 		self.net_connect.disconnect()
109 | 
110 | 	def pull_cfgs(self,password,command):
111 | 		scp_flag = False
112 | 		method = 'pull_cfgs'
113 | 		if self.hardware_vendor == 'cisco' and self.opersys == 'ios':
114 | 			command = 'show running-config | exclude ntp clock-period'
115 | 		elif self.hardware_vendor == 'cisco' and self.opersys == 'nxos':
116 | 			command = 'show running-config | exclude Time'
117 | 		elif self.hardware_vendor == 'cisco' and self.opersys == 'asa':
118 | 			command = 'show running-config'
119 | 		elif self.hardware_vendor == 'juniper':
120 | 			command = 'show configuration'
121 | 		elif(self.hardware_vendor == 'vyatta'):
122 | 			command = 'show configuration commands'
123 | 		elif(self.hardware_vendor == 'citrix'):
124 | 			command = 'show ns runningConfig | grep -v modified | grep -v password | grep -v encryptionParams'
125 | 		elif self.hardware_vendor == 'f5':
126 | 			command = 'list ltm one-line'
127 | 			self.scpconnect()
128 | 			self.write_to_file(command)
129 | 			scp_flag = True
130 | 			self.scp_connect.scp_get_file('/var/local/ucs/config.ucs', '{}/backup-configs/{}'.format(self.get_home_directory(),self.name))
131 | 			self.scp_connect.close()
132 | 			self.net_connect.disconnect()
133 | 		elif self.hardware_vendor == 'palo_alto':
134 | 			command = ['show']
135 | 		if self.hardware_vendor != 'juniper' or self.hardware_vendor != 'f5':
136 | 			self.connect()
137 | 			self.write_to_file(command,scp_flag,method)
138 | 			self.net_connect.disconnect()
139 | 
140 | 	def exec_cmd(self,password,command):
141 | 		self.connect()
142 | 		output = self.net_connect.send_command(command)
143 | 		output = output.replace('\n','\n{}: '.format(self.name))
144 | 		output = re.sub(r'^','{}: '.format(self.name),output)
145 | 		print ('{}'.format(output))
146 | 		print('')
147 | 		self.net_connect.disconnect()
148 | 
149 | 	def get_home_directory(self):
150 | 		home_directory = os.getenv('HOME')
151 | 
152 | 		return home_directory
153 | 
154 | 	def get_config(self,password,command):
155 | 		scp_flag = False
156 | 		method = 'get_config'
157 | 		if self.hardware_vendor == 'cisco':
158 | 			command = 'show running-config'
159 | 		elif self.hardware_vendor == 'f5':
160 | 			command = 'list one-line'
161 | 		elif self.hardware_vendor == 'citrix':
162 | 			command = 'show ns runningConfig'
163 | 		elif self.hardware_vendor == 'palo_alto':
164 | 			command = ['show']
165 | 		self.connect()
166 | 		self.write_to_file(command,scp_flag,method)
167 | 		self.net_connect.disconnect()
168 | 
169 | 	def get_diff(self,password,commands):
170 | 		scp_flag = False
171 | 		method = 'get_diff'
172 | 		self.connect()
173 | 		self.write_to_file(commands,scp_flag,method)
174 | 		self.net_connect.disconnect()
175 | 
176 | 	def get_subdir(self,scp_flag):
177 | 		if self.hardware_vendor == 'f5' and scp_flag:
178 | 			sub_dir = 'ucs'
179 | 		else:
180 | 			sub_dir = 'configs'
181 | 		return sub_dir
182 | 
183 | 	def write_to_file(self,command,scp_flag,method):
184 | 		if method == 'pull_cfgs':
185 | 			extention = ''
186 | 			if self.hardware_vendor == 'juniper' and 'display set' in command:
187 | 				extention = '.set'
188 | 			else:
189 | 				extention = '.conf'
190 | 			self.check_and_mkdir(scp_flag,method)
191 | 			with open('{}/superloop_code/backup-configs/{}/{}{}'.format(self.get_home_directory(),self.get_subdir(scp_flag),self.name,extention), "w") as file:
192 | 				if self.hardware_vendor != 'palo_alto':
193 | 					output = self.net_connect.send_command(command)
194 | 				else:
195 | 					set_cli = self.net_connect.send_command('set cli config-output-format set')
196 | 					output = self.net_connect.send_config_set(command,exit_config_mode=False)
197 | 					configs = output.splitlines()[3:-2]
198 | 					output = '\n'.join(configs)
199 | 				file.write(output)
200 | 				file.close()
201 | 		elif method == 'get_config':
202 | 			self.check_and_mkdir(scp_flag,method)
203 | 			with open('{}/backup-configs/{}'.format(self.get_home_directory(),self.name) + ".conf", "w") as file:
204 | 				output = self.net_connect.send_command(command)
205 | 				file.write(output)
206 | 				file.close()
207 | 		elif method == 'get_diff':
208 | 			self.check_and_mkdir(scp_flag,method)
209 | 			with open('{}/superloop_code/diff-configs/{}'.format(self.get_home_directory(),self.name) + ".conf", "w") as file:
210 | 				output = self.net_connect.send_config_set(command)
211 | 				file.write(output)
212 | 				file.close()
213 | 
214 | 	def check_and_mkdir(self,scp_flag,method):
215 | 		if method == 'pull_cfgs':
216 | 			os.makedirs('{}/superloop_code/backup-configs/{}/'.format(self.get_home_directory(),self.get_subdir(scp_flag)),exist_ok=True)
217 | 		elif method == 'get_config':
218 | 			os.makedirs('{}/backup-configs/{}'.format(self.get_home_directory(),self.name),exist_ok=True)	
219 | 		elif method == 'get_diff':
220 | 			os.makedirs('{}/superloop_code/diff-configs/{}'.format(self.get_home_directory(),self.name),exist_ok=True)
221 | 


--------------------------------------------------------------------------------
/mediator.py:
--------------------------------------------------------------------------------
  1 | """
  2 | This module allows auditing to occur for different hardware vendors.
  3 | """
  4 | from jinja2 import Environment, FileSystemLoader
  5 | from ciscoconfparse import CiscoConfParse
  6 | from render import process_jinja2_template 
  7 | from render import process_json_template 
  8 | from multithread import multithread_engine
  9 | from lib.mediators.generic import generic_audit_diff
 10 | from lib.mediators.juniper import juniper_mediator
 11 | from lib.mediators.juniper import juniper_audit_diff
 12 | from get_property import get_home_directory
 13 | from get_property import get_template_directory
 14 | from get_property import get_updated_list
 15 | from get_property import get_syntax
 16 | from get_property import get_secrets
 17 | from get_property import get_sorted_juniper_template_list 
 18 | import re
 19 | import initialize
 20 | import os
 21 | 
 22 | def mediator(args,input_list,node_object,auditcreeper,output,with_remediation):
 23 | 	AUDIT_FILTER_RE = r'\[.*\]'
 24 | 	authentication = True
 25 | 	command = [] 
 26 | 	initialize.debug_element = initialize.element[:]
 27 | 	node_index = 0 
 28 | 	policy_list_copy = input_list
 29 | 	policy_list_original = input_list[:]
 30 | 	redirect = []
 31 | 	template_counter = 0
 32 | 	template_list_copy = input_list
 33 | 	template_list_original = input_list[:]
 34 | 	get_config_required = False
 35 | 
 36 | 	"""
 37 | 	:param AUDIT_FILTER_RE: Regular expression to filter out the audit filter in every template.
 38 | 	:type AUDIT_FILTER_RE: str
 39 | 
 40 | 	:param command: A list within a list where each element represents per node of commands to execute.
 41 | 	:type command: list
 42 | 
 43 | 	:param initialize.debug_element: Duplicate of initialize.element as elments need to be popped off when there are no diffs to help display what will be changing in configs.
 44 | 	:type initialize.debug_element: list
 45 | 	
 46 | 	:param template_counter: Used to keep track of the number of templates it cycles through for Juniper.
 47 | 	:type template_counter: int
 48 | 	
 49 | 	:param node_index: Keeps track of the index in initialize.ntw_device. If remediation is not required (configs matches template), then the node is popped off initialize.ntw_device and nothing is changed on that device.
 50 | 	:type node_index: int
 51 | 	
 52 | 	:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
 53 | 	:type redirect: list
 54 | 
 55 | 	:param template_list_original: Take a duplicate copy of template_list
 56 | 	:type template_list_original: list
 57 | 	
 58 | 	:param template_list_copy: Memory reference to template_list
 59 | 	:type template_list_copy: list
 60 | 	
 61 | 	"""
 62 | 	"""
 63 | 	The mediator is broken up into two sections. The first section of code will gather all rendered configs first as it's required for all hardware vendors 
 64 | 	(Cisco, Juniper & F5). Juniper does not require backup-configs in order to be diff'ed. The diff is server (node) side processed and the results 
 65 | 	are returned back to superloop. Cisco hardware_vendors will require backup-configs (get_config) where the diffs are processed locally.
 66 | 	"""
 67 | 	if auditcreeper:
 68 | 		input_list = template_list_copy[0]
 69 | 	for index in initialize.element:
 70 | 		rendered_config = []
 71 | 		if node_object[index]['hardware_vendor'] == 'juniper':
 72 | 			"""
 73 |                 Juniper's diff output are always in a certain stanza order. 
 74 |                 The input_list ordered processed may very well not be in the 
 75 |                 same order as Juniper's. In order to keep it consistent, we must 
 76 |                 call the function get_sorted_juniper_template() and it will 
 77 |                 return a sorted Juniper's stanza list.
 78 | 			"""
 79 | 			input_list = get_sorted_juniper_template_list(input_list)
 80 | 			rendered_config.append('load replace terminal')
 81 | 		for template in input_list:
 82 | 			print('[>] {} ; {}'.format(node_object[index]['name'],template))
 83 | 			"""
 84 | 				Uncomment the secrets below if you are using hashicorp vault. You will need to setup the credentials.
 85 | 			"""
 86 | #			secrets = get_secrets()
 87 | 			if args.policy is not None:
 88 | 				output = False
 89 | 				process_json_template(input_list,node_object,policy_list_copy,output,auditcreeper)
 90 | 				output = True 
 91 | 			else:
 92 | 				process_jinja2_template(node_object,index,template,with_remediation)
 93 | 			"""
 94 | 				Compiling the rendered configs from template and preparing
 95 | 				for pushing to node.
 96 | 			"""
 97 | 			if node_object[index]['hardware_vendor'] == 'juniper':
 98 | 				template_counter = template_counter + 1
 99 | 				with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],template.split('.')[0]) + '.conf','r') as file:
100 | 					init_config = file.readlines()
101 | 				for config_line in init_config:
102 | 					strip_config = config_line.strip('\n')
103 | 					if(strip_config == '' or strip_config == "!"):
104 | 						continue	
105 | 					else:
106 | 						rendered_config.append(strip_config)	
107 | 				"""
108 | 					This below statement will check to see if it's the last 
109 | 					template for the node. It will then append 3 commands to the list.
110 | 				"""
111 | 				if template_counter == len(input_list):
112 | 					rendered_config.append('\x04')
113 | 					if not with_remediation:
114 | 						rendered_config.append('show | compare')
115 | 						rendered_config.append('rollback 0')
116 | 					else:
117 | 						pass
118 | 				"""
119 | 					Uncomment the below print statement for debugging purposes
120 | 				"""
121 | #					print("RENDERED CONFIG: {}".format(rendered_config))
122 | 		"""
123 | 			The below statement will only execute if user is auditing 
124 | 			against multiple templates. If only one template is being 
125 | 			audited, do no pop off element.
126 | 		"""
127 | #		if len(input_list) != 1:
128 | #		print('template_list_copy > {}'.format(template_list_copy))
129 | #		print('input_list > {}'.format(input_list))
130 | 		input_list = get_updated_list(template_list_copy)
131 | 		if node_object[index]['hardware_vendor'] == 'cisco' or node_object[index]['hardware_vendor'] == 'f5' or node_object[index]['hardware_vendor'] == 'palo_alto':
132 | 			get_config_required = True
133 | 			redirect.append('get_config')
134 | 			command.append([''])
135 | 			"""
136 | 			Juniper devices will receive a different redirect than 
137 | 			Cisco. Three additional commands are appeneded 
138 | 			at the end, ^d, show | compare and rollback 0.  All templates 
139 | 			matching are executed at once per device
140 | 		"""
141 | 		elif node_object[index]['hardware_vendor'] == 'juniper':
142 | 			redirect.append('get_diff')
143 | 			command.append(rendered_config)
144 | 			initialize.configuration.append(rendered_config)
145 | 			template_counter = 0
146 | 	"""
147 | 		Uncomment the below print statement for debugging purposes
148 | 	"""
149 | 	#print('REDIRECT: {}'.format(redirect))
150 | 	#print('TEMPLATE_LIST: {}'.format(input_list))
151 | 	#print('COMMAND: {}'.format(command))
152 | 	if get_config_required:
153 | 		multithread_engine(initialize.ntw_device,redirect,command,authentication)
154 | 	input_list = template_list_original
155 | 	if(auditcreeper):
156 | 		input_list = template_list_original[0]
157 | 	for index in initialize.element:
158 | 		initialize.compliance_percentage = 0
159 | 		diff_config = []
160 | 		edit_list = []
161 | 		length_backup_config = 0
162 | 		length_rendered_config = 0
163 | 		node_configs = []
164 | 		diff_config = []
165 | 		ntw_device_pop = True 
166 | 		"""
167 | 			:param edit_list: Anchor points for Juniper audits based on the edit stanza.
168 | 			:type edit_list: list
169 | 
170 | 			:param node_configs: Finalized configs used to push to device
171 | 			:type node_configs: list
172 | 
173 | 			:param diff_config: Differential configs generated by the ~/diff-configs/*.conf file
174 | 			:type diff_config: list
175 | 
176 | 			:param ntw_device_pop: Pop off each node once audit is complete.
177 | 			:type ntw_device_pop: bool
178 | 		"""
179 | 		if not with_remediation:
180 | 			print("Only in the device: -")
181 | 			print("Only in the generated config: +")
182 | 			print ("{}".format(node_object[index]['name']))
183 | 		if node_object[index]['hardware_vendor'] == 'cisco' or node_object[index]['hardware_vendor'] == 'f5' or node_object[index]['hardware_vendor'] == 'palo_alto':
184 | 			generic_audit_diff(args,node_configs,node_object,index,template,input_list,AUDIT_FILTER_RE,output,with_remediation)
185 | #			print('node_configs > {}'.format(node_configs))
186 | 			initialize.configuration.append(node_configs)
187 | 		elif node_object[index]['hardware_vendor'] == 'juniper':
188 | 			input_list = get_sorted_juniper_template_list(input_list)
189 | 			directory = get_template_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
190 | 			with open('{}/superloop_code/diff-configs/{}'.format(get_home_directory(),node_object[index]['name']) + '.conf','r') as file:
191 | 				init_config = file.readlines()
192 | 			for config_line in init_config:
193 | 				strip_config = config_line.strip('\n')
194 | 				diff_config.append(strip_config)
195 | 			for output in diff_config:
196 | 				if 'errors' in output:
197 | 					template_error= True
198 | 					break
199 | 				else:
200 | 					template_error = False
201 | 			if template_error:
202 | 				print('+ Please check error(s) in template(s)')
203 | 				break
204 | 			elif not with_remediation:
205 | 				juniper_mediator(node_object,input_list,diff_config,edit_list,index)
206 | 				juniper_audit_diff(directory,input_list,diff_config,edit_list)
207 | #			initialize.configuration.append(rendered_config)
208 | #		print('initialize.configuration > {}'.format(initialize.configuration))
209 | 		"""
210 | 			If compliance percentage is less than 0% (negative) meaning no configs are to standard, percentage equals 0%.
211 | 		"""
212 | 		if initialize.compliance_percentage < 0:
213 | 			initialize.compliance_percentage = 0
214 | 		"""
215 | 			If remediation is not required (no diffs), then the node and the configuration are popped off from the list.
216 | 		"""
217 | 		if auditcreeper:
218 | 			if node_object[index]['hardware_vendor'] == 'cisco' and len(node_configs) == 0:
219 | 				if output:
220 | 					print('[>] {} code compliance: {}%'.format(node_object[index]['name'],initialize.compliance_percentage))
221 | 					print('')
222 | 				initialize.ntw_device.pop(len(initialize.configuration) - 1)
223 | 				initialize.configuration.pop(len(initialize.configuration) - 1)
224 | 			input_list = get_updated_list(template_list_original)
225 | 
226 | 	return None
227 | 


--------------------------------------------------------------------------------
/modifydb.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module allows modification to be made to the database.
  3 | """
  4 | import os
  5 | from get_property import get_home_directory 
  6 | from get_property import get_resolve_hostname 
  7 | from get_property import timestamp
  8 | from search import search_node
  9 | from processdb import process_nodes
 10 | from snmp import snmp
 11 | import yaml
 12 | 
 13 | def append(args):
 14 | 	argument_node = args.node
 15 | 	database = process_nodes()
 16 | 	index = 0
 17 | 	match_node = []
 18 | 	mgmt_ip4 = get_resolve_hostname(argument_node)
 19 | #	try:
 20 | 	"""
 21 | 		Check if new node currently exist in database.
 22 | 	"""
 23 | #	print(database)
 24 | 	for node in database:
 25 | 		if mgmt_ip4 == node['mgmt_ip4']:
 26 | 			match_node.append('MATCH')
 27 | 			break
 28 | 		else:
 29 | 			continue
 30 | 	try:
 31 | 		if 'MATCH' in match_node:
 32 | 			print('+ Node currently present in database.')
 33 | 		else:
 34 | 			device = snmp(argument_node)
 35 | 			new_node = yaml.dump(device,default_flow_style = False)
 36 | 			with open('{}/superloop_code/database/nodes.yaml'.format(get_home_directory()),'a') as file:
 37 | 				file.write(new_node)
 38 | 			database = process_nodes()
 39 | 			sorted_database = sortdb(database)
 40 | 			updated_database = yaml.dump(sorted_database,default_flow_style = False)
 41 | 			with open('{}/superloop_code/database/nodes.yaml'.format(get_home_directory()),'w') as file:
 42 | 				file.write('---\n')
 43 | 				file.write(updated_database)
 44 | 			print('+ SNMP discovery successful.')
 45 | 			print('+ New node appended to database.')
 46 | 	except FileNotFoundError as error:
 47 | 			print('FileNotFoundError: file cannot be found')
 48 | 			print(error)
 49 | #	except Exception as error:
 50 | #		print('SNMP query timeout. Please ensure that FQDN or IP address is reachable via SNMP.')
 51 | 
 52 | 	return None
 53 | 
 54 | def remove(args):
 55 | 	database = process_nodes()
 56 | 	index = 0
 57 | 	try:
 58 | 		for element in database:
 59 | 			if element['name'] == args.node or element['mgmt_ip4'] == args.node:
 60 | 				break
 61 | 			else:
 62 | 				index = index + 1
 63 | 		"""
 64 | 			Delete node from list.
 65 | 		"""
 66 | 		database.pop(index)
 67 | 		updated_database = yaml.dump(database,default_flow_style = False)
 68 | 		try:
 69 | 			with open('{}/superloop_code/database/nodes.yaml'.format(get_home_directory()),'w') as file:
 70 | 				file.write('---\n')
 71 | 				file.write(updated_database)
 72 | 				print('- Node successfully removed from database.')
 73 | 		except FileNotFoundError as error:
 74 | 			print("FileNotFoundError: file cannot be found")
 75 | 			print(error)
 76 | 	except IndexError as error:
 77 | 		print('+ Node does not exist in database.')
 78 | 	
 79 | 	return None
 80 | 
 81 | def update(args):
 82 | 	argument_node = args.node
 83 | 	argument_attribute = args.attribute
 84 | 	argument_amend = args.amend
 85 | 	database = process_nodes()
 86 | 	index = 0
 87 | 	try:
 88 | 		for element in database:
 89 | 			if element['name'] == argument_node or element['mgmt_ip4'] == argument_node:
 90 | 				break
 91 | 			else:
 92 | 				index = index + 1
 93 | 		"""
 94 | 			Identified node from list.
 95 | 		"""
 96 | 		try:
 97 | 			if argument_attribute == 'data':
 98 | 				return print('+ Attribute \'data\' cannot be modified via host update.')
 99 | 			else:
100 | 				check = str(input('Please confirm you would like to change the value from {} : {} : {} to {} : {} : {}. [y/N]: '.format(database[index]['name'],argument_attribute,database[index][argument_attribute],database[index]['name'],argument_attribute,argument_amend))) 
101 | 				if check[0] == 'y':
102 | 					database[index][argument_attribute] = argument_amend
103 | 					database[index]['updated_at'] = timestamp()
104 | 					database[index]['updated_by'] = '{}'.format(os.environ.get('USER'))
105 | 					updated_database = yaml.dump(database,default_flow_style = False)
106 | 					try:
107 | 						with open('{}/superloop_code/database/nodes.yaml'.format(get_home_directory()),'w') as file:
108 | 							file.write('---\n')
109 | 							file.write(updated_database)
110 | 							print('+ Amendment to database was successful.')
111 | 					except FileNotFoundError as error:
112 | 						print("FileNotFoundError: file cannot be found")
113 | 						print(error)
114 | 				elif check[0] == 'N':
115 | 					return False
116 | 				else:
117 | 					print("RuntimeError: aborted at user request")
118 | 		except Exception as error:
119 | 				print('+ Invalid attribute \'{}\' for \'{}\'. Please check node details via \'superloop node list {}\''.format(argument_attribute,database[index]['name'],database[index]['name']))
120 | 	except IndexError as error:
121 | 		print('+ Node does not exist in database.')	
122 | 
123 | def discover(args):
124 | 	argument_node = args.node
125 | 	database = process_nodes()
126 | 	match_node = search_node(argument_node,database)
127 | 	"""
128 | 		:param node_object: All node(s) in the database with all attributes.
129 | 		:type node_object: list
130 | 	
131 | 		:param match_node: Nodes that matches the arguements passed in by user.
132 | 		:type match_node: list
133 | 	"""
134 | 	if len(match_node) == 0:
135 | 		print('+ No matching node(s) found in database.')
136 | 		return None
137 | 	else:
138 | 		for node in match_node:
139 | 			print('{}'.format(node)) 
140 | 			index = 0
141 | 			try:
142 | 				for element in database:
143 | 					if element['name'] == node or element['mgmt_ip4'] == node:
144 | 						break
145 | 					else:
146 | 						index = index + 1
147 | 				"""
148 | 					Identified node from list.
149 | 				"""
150 | 				device = snmp(node)
151 | 				print('')
152 | 			except Exception as error:
153 | 				print('SNMP query timeout. Please ensure that FQDN or IP address is reachable via SNMP.')
154 | 		for attribute in database[index]:
155 | 			if 'created_at' == attribute or 'created_by' == attribute:
156 | 				continue
157 | 			else:
158 | 				database[index][attribute] = device[0][attribute]
159 | 		database[index]['updated_at'] = timestamp()
160 | 		database[index]['updated_by'] = '{}'.format(os.environ.get('USER'))
161 | 		updated_database = yaml.dump(database,default_flow_style = False)
162 | 		with open('{}/superloop_code/database/nodes.yaml'.format(get_home_directory()),'w') as file:
163 | 			file.write('---\n')
164 | 			file.write(updated_database)
165 | 		print('+ SNMP discovery successful.')
166 | 
167 | def sortdb(database):
168 | 	sorted_database = []
169 | 	names = []
170 | 
171 | 	for node in database:
172 | 		names.append(node['name'])
173 | 	names.sort()
174 | 	for name in names:
175 | 		for node in database:
176 | 			if name == node['name']:
177 | 				sorted_database.append(node)
178 | 			else:
179 | 				continue
180 | 
181 | 	return sorted_database 
182 | 


--------------------------------------------------------------------------------
/multithread.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module controls the multithreaded calls to Class BaseNode	
 3 | """
 4 | import datetime
 5 | import initialize
 6 | import os
 7 | import threading
 8 | import time
 9 | from getpass import getpass
10 | 
11 | def multithread_engine(ntw_object,redirect,commands,authentication):
12 | 	start_time = datetime.datetime.now()
13 | 	index = 0
14 | 	zero = 0
15 | 	element = 0
16 | 
17 | 	if authentication:
18 | 		initialize.password = authenticate()
19 | 	for node in ntw_object:
20 | 		if(redirect[zero] == 'exec_cmd' or redirect[zero] == 'pull_cfgs' ):
21 | 			"""
22 | 				argument(s)/command(s) are being blackholed
23 | 			"""
24 | 			arguments = commands
25 | 			element = 0
26 | 		elif(redirect[index] == 'push_cfgs' or redirect[index] == 'get_config' or redirect[index] == 'get_diff'):
27 | 			arguments = commands[index]
28 | 			element = index
29 | 		my_thread = threading.Thread(delayed_detection(),target=getattr(ntw_object[index],redirect[element]) , args=(initialize.password,arguments,))
30 | 		my_thread.start()
31 | 		index = index + 1
32 | 	main_thread = threading.currentThread()
33 | 	for some_thread in threading.enumerate():
34 | 		if some_thread != main_thread:
35 | 			some_thread.join()
36 | 	print('[>] Complete [{}]\n'.format(datetime.datetime.now() - start_time))
37 | 
38 | 	return None
39 | 
40 | def authenticate():
41 | 	"""
42 | 		Check to see if environment variable exist.
43 | 	"""
44 | 	if 'NETWORK_PASSWORD' in os.environ:
45 | 		initialize.password = os.environ.get('NETWORK_PASSWORD')
46 | 	else:
47 | 		try:
48 | 			initialize.password = getpass()
49 | 		except KeyboardInterrupt as error:
50 | 			print('')
51 | 			print('Terminating...')
52 | 			exit()
53 | 
54 | 	return initialize.password
55 | 
56 | def delayed_detection():
57 | 	time.sleep(0)
58 | 
59 | 	return None
60 | 


--------------------------------------------------------------------------------
/node_create.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module controls the creation of objects from the database.
 3 | """
 4 | import initialize
 5 | from lib.objects.basenode import BaseNode 
 6 | 
 7 | def node_create(match_node,node_object):
 8 | 	for index in initialize.element:
 9 | 		node = BaseNode(
10 | 				node_object[index]['created_at'],
11 | 				node_object[index]['created_by'],
12 | 				node_object[index]['domain_name'],
13 | 				node_object[index]['hardware_vendor'],
14 | 				node_object[index]['lifecycle_status'],
15 | 				node_object[index]['location_name'],
16 | 				node_object[index]['mgmt_ip4'],
17 | 				node_object[index]['mgmt_con_ip4'],
18 | 				node_object[index]['mgmt_oob_ip4'],
19 | 				node_object[index]['mgmt_snmp_community4'],
20 | 				node_object[index]['name'],
21 | 				node_object[index]['platform_name'],
22 | 				node_object[index]['oncall_team'],
23 | 				node_object[index]['opersys'],
24 | 				node_object[index]['role_name'],
25 | 				node_object[index]['serial_num'],
26 | 				node_object[index]['software_image'],
27 | 				node_object[index]['software_version'],
28 | 				node_object[index]['status'],
29 | 				node_object[index]['type'],
30 | 				node_object[index]['updated_at'],
31 | 				node_object[index]['updated_by']
32 | 		)
33 | 		initialize.ntw_device.append(node)
34 | 
35 | 	return None
36 | 


--------------------------------------------------------------------------------
/node_list.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module displays the attributes of the searched node(s) in 
  3 | 	dictionary format. 
  4 | """
  5 | import initialize
  6 | from processdb import process_nodes
  7 | from processdb import process_templates
  8 | from search import node_element
  9 | from search import search_node
 10 | from search import search_template
 11 | from node_create import node_create
 12 | from get_property import get_updated_list
 13 | 
 14 | def node_list(args):
 15 | 	argument_node = args.name
 16 | 	auditcreeper = True
 17 | 	element_position = 1
 18 | 	push_cfgs = False
 19 | 	safe_push_list = []
 20 | 	template_list = []
 21 | 	template_list_copy = template_list
 22 | 	"""
 23 | 		:param argument_node: Argument accepted as regular expression.
 24 | 		:type augument_node: str
 25 | 		
 26 | 		:param auditcreeper: When auditcreeper is active/non-active.
 27 | 		:type auditcreeper: bool
 28 | 		
 29 | 		:param element_position: Keeps track of the position.
 30 | 		:type element_position: int
 31 | 
 32 | 		:param push_cfgs: This flag is to determine if a push is required for Cisco like platforms. Juniper will continue to push configs no matter if there are no diffs.
 33 | 		:type ext: bool
 34 | 
 35 | 		:param safe_push_list: A list of enable/disabled strings. This corresponds to templates that are safe to push (enable) vs. templates that are not safe to push (disabled).
 36 | 		:type ext: list
 37 | 		
 38 | 		:param template_list: Initializing list of templates.
 39 | 		:type template_list: list
 40 | 		
 41 | 		:param template_list_copy: Memory reference to template_list.
 42 | 		:type ext: list
 43 | 		
 44 | 	"""
 45 | 	node_object = process_nodes()
 46 | 	match_node = search_node(argument_node,node_object)
 47 | 	node_template = process_templates()
 48 | 	match_template = search_template(template_list,safe_push_list,match_node,node_template,node_object,auditcreeper,push_cfgs)
 49 | 	"""
 50 | 		:param node_object: All node(s) in the database with all attributes.
 51 | 		:type node_object: list
 52 | 
 53 | 		:param node_template: All templates based on hardware_vendor and device type.
 54 | 		:type node_template: list
 55 | 
 56 | 		:param match_node: Nodes that matches the arguements passed in by user.
 57 | 		:type match_node: list
 58 | 
 59 | 		:param match_template: Return a list of 'match' and/or 'no match'.
 60 | 		:type match_template: list 
 61 | 	"""
 62 | 	if len(match_node) == 0:
 63 | 		print('+ No matching node(s) found in database.')
 64 | 		print('')
 65 | 	else:
 66 | 		print('[')
 67 | 		template_list = template_list_copy[0]
 68 | 		for index in initialize.element:
 69 | 			print('    {')
 70 | 			if(args.attribute == 'protocols' or args.attribute == 'all'):
 71 | 				print("\t\"bgp\": [")
 72 | 				for peer in node_object[index]['bgp']:
 73 | 					print("\t   {")
 74 | 					print("\t\t\"peer\": \"{}\"\n" \
 75 | 					  	  "\t\t\"remote_as\": \"{}\"" \
 76 | 							.format(peer['peer'],
 77 | 									peer['remote_as']
 78 | 								)
 79 | 					)
 80 | 					print("\t   },")
 81 | 					print('        ]')
 82 | 			print("\t\"created_at\": \"{}\"\n" \
 83 | 				  "\t\"created_by\": \"{}\"" \
 84 | 					.format(node_object[index]['created_at'],node_object[index]['created_by'])
 85 | 					)
 86 | 			print("\t\"data\": {\n" \
 87 | 				  "\t    \"managed_configs\": {" \
 88 | 					)
 89 | 			for template in template_list:
 90 | 				print("\t\t   \"{}\"".format(template))
 91 | 			print('\t     }')
 92 | 			print('         }')
 93 | 			print("\t\"domain_name\": \"{}\"\n" \
 94 | 				  "\t\"hardware_vendor\": \"{}\"\n" \
 95 | 				  "\t\"lifecycle_status\": \"{}\"\n" \
 96 | 				  "\t\"location_name\": \"{}\"\n" \
 97 | 				  "\t\"mgmt_con_ip4\": \"{}\"\n" \
 98 | 				  "\t\"mgmt_ip4\": \"{}\"\n" \
 99 | 				  "\t\"mgmt_oob_ip4\": \"{}\"\n" \
100 | 				  "\t\"mgmt_snmp_community4\": \"{}\"\n" \
101 | 				  "\t\"name\": \"{}\"\n" \
102 | 				  "\t\"opersys\": \"{}\"" \
103 | 					.format(node_object[index]['domain_name'],
104 | 							node_object[index]['hardware_vendor'],
105 | 							node_object[index]['lifecycle_status'],
106 | 							node_object[index]['location_name'],
107 | 							node_object[index]['mgmt_con_ip4'],
108 | 							node_object[index]['mgmt_ip4'],
109 | 							node_object[index]['mgmt_oob_ip4'],
110 | 							node_object[index]['mgmt_snmp_community4'],
111 | 							node_object[index]['name'],
112 | 							node_object[index]['opersys'],
113 | 					)
114 | 			)
115 | 			if(args.attribute == 'protocols' or args.attribute == 'all'):
116 | 				print("\t\"ospf\": [")
117 | 				for peer in node_object[index]['ospf']:
118 | 					print("\t   {")
119 | 					print("\t\t\"neighbor_id\": \"{}\"\n" \
120 | 					  	  "\t\t\"area\": \"{}\"\n" \
121 | 					  	  "\t\t\"priority: \"{}\"\n" \
122 | 					  	  "\t\t\"state: \"{}\"" \
123 | 							.format(peer['neighbor_id'],
124 | 									peer['area'],
125 | 									peer['priority'],
126 | 									peer['state']
127 | 								)
128 | 					)
129 | 					print("\t   },")
130 | 					print('        ]')
131 | 			print("\t\"platform_name\": \"{}\"" \
132 | 				.format(node_object[index]['platform_name']
133 | 					)
134 | 			)
135 | 			if(args.attribute == 'ports' or args.attribute == 'all'):
136 | 				print("\t\"ports\": [")
137 | 				for interface in node_object[index]['ports']:
138 | 					print("\t   {")
139 | 					print("\t\t\"access_vlan\": \"{}\"\n" \
140 | 					  	  "\t\t\"acl4_in\": \"{}\"\n" \
141 | 					  	  "\t\t\"acl4_out: \"{}\"\n" \
142 | 					  	  "\t\t\"admin_status: \"{}\"\n" \
143 | 					  	  "\t\t\"created_at: \"{}\"\n" \
144 | 					  	  "\t\t\"created_by: \"{}\"\n" \
145 | 					  	  "\t\t\"data: \"{}\"\n" \
146 | 					  	  "\t\t\"drain_status: \"{}\"\n" \
147 | 					  	  "\t\t\"farend_name: \"{}\"\n" \
148 | 					  	  "\t\t\"if_speed: \"{}\"\n" \
149 | 					  	  "\t\t\"ip4: \"{}\"\n" \
150 | 					  	  "\t\t\"management: \"{}\"\n" \
151 | 					  	  "\t\t\"mtu: \"{}\"\n" \
152 | 					  	  "\t\t\"name: \"{}\"\n" \
153 | 					  	  "\t\t\"node_name: \"{}\"\n" \
154 | 					  	  "\t\t\"portrole_name: \"{}\"\n" \
155 | 					  	  "\t\t\"type: \"{}\"\n" \
156 | 					  	  "\t\t\"updated_at: \"{}\"\n" \
157 | 					  	  "\t\t\"updated_by: \"{}\"\n" \
158 | 					  	  "\t\t\"wan_link: \"{}\"" \
159 | 							.format(interface['access_vlan'],
160 | 									interface['acl4_in'],
161 | 									interface['acl4_out'],
162 | 									interface['admin_status'],
163 | 									interface['created_at'],
164 | 									interface['created_by'],
165 | 									interface['data'],
166 | 									interface['drain_status'],
167 | 									interface['farend_name'],
168 | 									interface['if_speed'],
169 | 									interface['ip4'],
170 | 									interface['management'],
171 | 									interface['mtu'],
172 | 									interface['name'],
173 | 									interface['node_name'],
174 | 									interface['portrole_name'],
175 | 									interface['type'],
176 | 									interface['updated_at'],
177 | 									interface['updated_by'],
178 | 									interface['wan_link']
179 | 							)
180 | 				)
181 | 				print("\t   },")
182 | 				print('        ]')
183 | 			print("\t\"role_name\": \"{}\"\n" \
184 | 				  "\t\"serial_num\": \"{}\"\n" \
185 | 				  "\t\"software_image\": \"{}\"\n" \
186 | 				  "\t\"software_version\": \"{}\"\n" \
187 |                   "\t\"status\": \"{}\"\n" \
188 | 				  "\t\"type\": \"{}\"\n" \
189 |                   "\t\"updated_at\": \"{}\"\n" \
190 |                   "\t\"updated_by\": \"{}\"" \
191 | 					.format(node_object[index]['role_name'],
192 | 							node_object[index]['serial_num'],
193 | 							node_object[index]['software_image'],
194 | 							node_object[index]['software_version'],
195 | 							node_object[index]['status'],
196 | 							node_object[index]['type'],
197 | 							node_object[index]['updated_at'],
198 | 							node_object[index]['updated_by']
199 | 					)
200 | 			)
201 | 			template_list = get_updated_list(template_list_copy)
202 | 			if element_position == len(initialize.element):
203 | 				print('    }')
204 | 			else:
205 | 				print('    },')
206 | 			element_position = element_position + 1
207 | 		print(']')
208 | 
209 | 	return None
210 | 


--------------------------------------------------------------------------------
/parse_cmd.py:
--------------------------------------------------------------------------------
  1 | import ipaddress
  2 | import re
  3 | from processdb import process_json
  4 | from get_property import get_policy_directory
  5 | 
  6 | 
  7 | def parse_commands(node_object,init_config,set_notation):
  8 | 	"""
  9 | 		This function generates the commands in a form of a list so that
 10 | 		it can be passed into the method of the object.
 11 | 	"""
 12 | 	commands = initialize.configuration
 13 | 	config_list = []
 14 | 	if node_object['hardware_vendor'] == 'juniper' and set_notation!=True:
 15 | 		config_list.append('load replace terminal')
 16 | 	elif node_object['hardware_vendor'] == 'f5':
 17 | 		config_list.append('load sys config merge from-terminal')
 18 | 	for config_line in init_config:
 19 | 		strip_config = config_line.strip('\n')
 20 | 		config_list.append(strip_config)
 21 | 	if node_object['hardware_vendor'] == 'juniper' and set_notation!=True or node_object['hardware_vendor'] == 'f5':
 22 | 		config_list.append('\x04')
 23 | 	commands.append(config_list)
 24 | 
 25 | 	return commands
 26 | 
 27 | def cisco_parse_negation_commands(remediate_missing):
 28 | 	commands = []
 29 | 	if len(remediate_missing) == 0:
 30 | 		pass
 31 | 	else:
 32 | 		for negate in remediate_missing:
 33 | 			if len(negate) == 1:
 34 | 				remediate_missing_config = 'no ' + negate[0]
 35 | 				commands.append(remediate_missing_config)
 36 | 			else:
 37 | 				commands.append(negate[0])
 38 | 				for no_config in negate[1:]:
 39 | 					if no_config[0].isspace():
 40 | 						remediate_missing_config = 'no ' + no_config.lstrip()
 41 | 					else:
 42 | 						remediate_missing_config = 'no ' + no_config
 43 | 					commands.append(remediate_missing_config)
 44 | 	return commands
 45 | 
 46 | def citrix_parse_negation_commands(remediate_missing):
 47 | 	remediate_missing = list(itertools.chain.from_iterable(remediate_missing))
 48 | 	command_split = []
 49 | 	commands = []
 50 | 	for line in remediate_missing:
 51 | 		command_split = line.split()
 52 | 		"""
 53 | 			The below if statement will negate binding configurations associated with policy on the Citrix Netscaler.
 54 | 		"""
 55 | 		if command_split[0] == 'bind' and command_split[1] == 'policy':
 56 | 			command_split[0] = 'unbind'
 57 | 			command = ' '.join(command_split[0:5])
 58 | 			commands.append(command)
 59 | 		elif command_split[0] == 'add' and command_split[1] == 'policy':
 60 | 			command_split[0] = 'rm'
 61 | 			command = ' '.join(command_split[0:4])
 62 | 			commands.append(command)
 63 | 		elif command_split[0] == 'add' and command_split[1] == 'server':
 64 | 			command_split[0] = 'rm'
 65 | 			command = ' '.join(command_split[0:3])
 66 | 			commands.append(command)
 67 | 		elif command_split[0] == 'add' and command_split[1] == 'service':
 68 | 			command_split[0] = 'rm'
 69 | 			command = ' '.join(command_split[0:3])
 70 | 			commands.append(command)
 71 | 		elif command_split[0] == 'bind' and command_split[1] == 'service':
 72 | 			command_split[0] = 'unbind'
 73 | 			command = ' '.join(command_split[0:3])
 74 | 			commands.append(command)
 75 | 		elif command_split[0] == 'add' and command_split[1] == 'serviceGroup':
 76 | 			command_split[0] = 'rm'
 77 | 			command = ' '.join(command_split[0:3])
 78 | 			commands.append(command)
 79 | 		elif command_split[0] == 'add' and command_split[1] == 'lb' and command_split[2] == 'vserver':
 80 | 			command_split[0] = 'rm'
 81 | 			command = ' '.join(command_split[0:4])
 82 | 			commands.append(command)
 83 | 		elif command_split[0] == 'bind' and command_split[1] == 'lb' and command_split[2] == 'vserver':
 84 | 			command_split[0] = 'unbind'
 85 | 			command = ' '.join(command_split[0:5])
 86 | 			commands.append(command)
 87 | 		elif command_split[0] == 'add' and command_split[1] == 'cs' and command_split[2] == 'vserver':
 88 | 			command_split[0] = 'rm'
 89 | 			command = ' '.join(command_split[0:4])
 90 | 			commands.append(command)
 91 | 		elif command_split[0] == 'bind' and command_split[1] == 'cs' and command_split[2] == 'vserver':
 92 | 			command_split[0] = 'unbind'
 93 | 			command = ' '.join(command_split[0:4])
 94 | 			commands.append(command)
 95 | 		elif command_split[0] == 'bind' and command_split[1] == 'ssl ' and command_split[2] == 'vserver':
 96 | 			command_split[0] = 'unbind'
 97 | 			command = ' '.join(command_split[0:4])
 98 | 			commands.append(command)
 99 | 		elif command_split[0] == 'set' and command_split[1] == 'ssl ' and command_split[2] == 'vserver':
100 | 			command_split[0] = 'unset'
101 | 			command = ' '.join(command_split[0:4])
102 | 			commands.append(command)
103 | 		else:
104 | 			commands.append(line)
105 | 		
106 | 	return commands
107 | 


--------------------------------------------------------------------------------
/processdb.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module controls the process of yaml files to initialize database.
 3 | """
 4 | import commentjson
 5 | import json
 6 | import os
 7 | import yaml
 8 | from yaml import CLoader as Loader
 9 | from node_create import node_create
10 | from get_property import get_home_directory
11 | from get_property import get_policy_directory
12 | 
13 | def process_nodes():
14 | 	with open("{}/superloop_code/database/nodes.yaml".format(get_home_directory()), 'r') as yaml_file:
15 | 		node_object = yaml.load(yaml_file,Loader=Loader)
16 | 
17 | 	return node_object
18 | 	
19 | def process_templates():
20 | 	with open("{}/superloop_code/database/templates.yaml".format(get_home_directory()), 'r') as yaml_file:
21 | 		template_object = yaml.load(yaml_file, yaml.UnsafeLoader)
22 | 
23 | 	return template_object
24 | 
25 | def process_models():
26 | 	with open("{}/superloop_code/database/models.yaml".format(get_home_directory()), 'r') as yaml_file:
27 | 		models_object = yaml.load(yaml_file, yaml.UnsafeLoader)
28 | 
29 | 	return models_object
30 | 
31 | def process_policies():
32 | 	with open("{}/superloop_code/database/policies.yaml".format(get_home_directory()), 'r') as yaml_file:
33 | 		policy_object = yaml.load(yaml_file, yaml.UnsafeLoader)
34 | 
35 | 	return policy_object 
36 | 
37 | def process_json(hardware_vendor,opersys,device_type,policy_file):
38 | 	data = []
39 | 	if hardware_vendor == 'cisco' and  opersys == 'asa' and device_type == 'firewall':
40 | 		try:
41 | 			with open("{}{}".format(get_policy_directory(hardware_vendor,opersys,device_type),policy_file), 'r') as json_file:
42 | 				data = commentjson.load(json_file)
43 | 		except FileNotFoundError as error:
44 | 			print('+ Cannot locate file.')
45 | 			exit()
46 | 	elif hardware_vendor == 'juniper' and opersys == 'junos' and device_type == 'vfirewall':
47 | 		try:
48 | 			with open("{}{}".format(get_policy_directory(hardware_vendor,opersys,device_type),policy_file), 'r') as json_file:
49 | 				data = commentjson.load(json_file)
50 | 		except FileNotFoundError as error:
51 | 			print('+ Cannot locate file.')
52 | 			exit()
53 | 	return data
54 | 


--------------------------------------------------------------------------------
/pull_cfgs.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module controls the pulling of configs.
 3 | """
 4 | import initialize
 5 | import os
 6 | from processdb import process_nodes
 7 | from search import search_node
 8 | from search import node_element 
 9 | from render import render
10 | from node_create import node_create
11 | from multithread import multithread_engine
12 | from confirm import confirm
13 | 
14 | def pull_cfgs(args):
15 | 	argument_confirm = args.confirm
16 | 	argument_node = args.node 
17 | 	commands = initialize.configuration
18 | 	output = False
19 | 	redirect = []
20 | 	authentication = True
21 | 	"""
22 | 		:param argument_configm: Argument accepted as boolean
23 | 		:type augument_confirm: bool
24 | 
25 | 		:param argument_node: Argument accepted as regular expression.
26 | 		:type augument_node: str
27 | 		
28 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
29 | 		:type commands: list
30 | 
31 | 		:param output: Flag to output to stdout.  
32 | 		:type ext: bool 
33 | 		
34 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
35 | 		:type alt_key_file: list
36 | 	"""
37 | 	try:
38 | 		if argument_confirm is None or argument_confirm.lower() == 'true':
39 | 			confirm_flag = True 
40 | 		elif argument_confirm.lower() == 'false':
41 | 			confirm_flag = False
42 | 			authentication = False
43 | 			initialize.password = os.environ.get('NETWORK_PASSWORD')
44 | 		else:
45 | 			raise argparse.ArgumentTypeError('Boolean value expected.')
46 | 		node_object = process_nodes()
47 | 		match_node = search_node(argument_node,node_object)
48 | 		"""
49 | 			:param node_object: All node(s) in the database with all attributes.
50 | 			:type node_object: list
51 | 	
52 | 			:param match_node: Nodes that matches the arguements passed in by user.
53 | 			:type match_node: list
54 | 		"""
55 | 		if len(match_node) == 0:
56 | 			print('+ No matching node(s) found in database.')
57 | 			print('')
58 | 		else:
59 | 			node_element(match_node,node_object)
60 | 			node_create(match_node,node_object)	
61 | 			for index in initialize.element:
62 | 				redirect.append('pull_cfgs')
63 | 			if(confirm_flag):
64 | 				confirm(redirect,commands,authentication)
65 | 			else:
66 | 				multithread_engine(initialize.ntw_device,redirect,commands,authentication)
67 | 			print('')
68 | 	except Exception as error:
69 | 		print('ExceptionError: an exception occured')
70 | 		print(error)
71 | 
72 | 	return None
73 | 


--------------------------------------------------------------------------------
/push_acl.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module controls the pushing of the policies for firewalls.
 3 | """
 4 | import initialize
 5 | from confirm import confirm
 6 | from get_property import get_updated_list
 7 | from lib.objects.basenode import BaseNode
 8 | from node_create import node_create
 9 | from processdb import process_nodes
10 | from processdb import process_policies
11 | from render import process_json_template 
12 | from search import search_node
13 | from search import search_policy
14 | 
15 | def push_acl(args):
16 | 	argument_confirm = args.confirm
17 | 	argument_node = args.node
18 | 	auditcreeper = True
19 | 	commands = initialize.configuration
20 | 	ext = '.json'
21 | 	output = False 
22 | 	policy_list = []
23 | 	safe_push_list = []
24 | 	"""
25 | 		:param argument_node: Argument accepted as regular expression.
26 | 		:type augument_node: str
27 | 		
28 | 		:param auditcreeper: When auditcreeper is active/non-active.
29 | 		:type auditcreeper: bool
30 | 		
31 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
32 | 		:type commands: list
33 | 		
34 | 		:param ext: File extention
35 | 		:type ext: str 
36 | 		
37 | 		:param output: Flag to output to stdout.  
38 | 		:type ext: bool 
39 | 
40 | 		:param policy_list: This stores a collection of polic(y/ies).  
41 | 		:type ext: list
42 | 
43 | 		:param safe_push_list: A list of enable/disabled strings. This corresponds to templates that are safe to push (enable) vs. templates that are not safe to push (disabled).
44 | 		:type ext: list
45 | 	"""
46 | 	node_object = process_nodes()
47 | 	node_policy = process_policies()
48 | 	match_node = search_node(argument_node,node_object)
49 | 	match_policy = search_policy(policy_list,safe_push_list,match_node,node_policy,node_object,auditcreeper)
50 | 	"""
51 | 		:param node_object: All node(s) in the database with all attributes.
52 | 		:type node_object: list
53 | 
54 | 		:param node_template: All templates based on hardware_vendor and device type.
55 | 		:type node_template: list
56 | 
57 | 		:param match_node: Nodes that matches the arguements passed in by user.
58 | 		:type match_node: list
59 | 
60 | 		:param match_template: Return a list of 'match' and/or 'no match'.
61 | 		:type match_template: list 
62 | 	"""
63 | 	### THIS WILL PARSE OUT THE GENERATED CONFIGS FROM THE *.JINJA2 FILE TO A LIST
64 | 
65 | 	### POLICY_LIST_COPY TAKE A COPY OF THE CURRENT POLICY_LIST
66 | 	policy_list_original = policy_list[:]
67 | 	policy_list_copy = policy_list
68 | 	### THE BELOW LENGTH OF MATCH_POLICY != 0 WILL TAKE CARE OF INVALID MATCH OF FIREWALL NODES
69 | 	### AGAINST NONE ARGS.FILE ARGUEMENT
70 | 	if(auditcreeper and len(match_policy) != 0):
71 | 		policy_list = policy_list_copy[0]
72 | 	if len(match_node) == 0:
73 | 		print('+ No matching node(s) found in database.')
74 | 	elif 'NO MATCH' in match_policy:
75 | 		print('+ No matching policy(ies) found in database.')
76 | 	else:
77 | 		node_create(match_node,node_object)
78 | 		acl_render(policy_list,node_policy,policy_list_copy,auditcreeper)
79 | 		###UN-COMMENT THE BELOW PRINT STATEMENT FOR DEBUGING PURPOSES
80 | #		print("ELEMENT_POLICY: {}".format(initialize.element_policy))
81 | 
82 | #			for acl in acl_list:
83 | #				config_list = parse_firewall_acl(node_object[index],acl)
84 | #				commands.append(config_list)
85 | #
86 | #		print commands
87 | #
88 | #		confirm(redirect,commands)
89 | #		print("")
90 | 


--------------------------------------------------------------------------------
/push_cfgs.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module controls the push of the templates.
  3 | """
  4 | import initialize
  5 | import json
  6 | import os
  7 | from lib.objects.basenode import BaseNode
  8 | from processdb import process_nodes
  9 | from processdb import process_templates
 10 | from search import search_node
 11 | from search import search_template
 12 | from mediator import mediator
 13 | from multithread import multithread_engine
 14 | from render import render
 15 | from node_create import node_create
 16 | from confirm import confirm
 17 | 
 18 | def push_cfgs(args):
 19 | 	args.policy = None
 20 | 	argument_confirm = args.confirm
 21 | 	argument_node = args.node
 22 | 	auditcreeper = False
 23 | 	commands = initialize.configuration
 24 | 	config_counter = 0
 25 | 	debug = {}
 26 | 	ext = '.jinja2'
 27 | 	output = False 
 28 | 	redirect = []
 29 | 	safe_push_list = []
 30 | 	push_cfgs = True
 31 | 	with_remediation = True
 32 | 	authentication = False
 33 | 	"""
 34 | 		:param argument_node: Argument accepted as regular expression.
 35 | 		:type augument_node: str
 36 | 		
 37 | 		:param auditcreeper: When auditcreeper is active/non-active.
 38 | 		:type auditcreeper: bool
 39 | 		
 40 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
 41 | 		:type commands: list
 42 | 		
 43 | 		:param ext: File extention
 44 | 		:type ext: str
 45 | 		
 46 | 		:param output: Flag to output to stdout.
 47 | 		:type ext: bool
 48 | 		
 49 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
 50 | 		:type redirect: list
 51 | 		
 52 | 		:param safe_push_list: A list of enable/disabled strings. This corresponds to templates that are safe to push (enable) vs. templates that are not safe to push (disabled).
 53 | 		:type ext: list
 54 | 
 55 | 		:param push_cfgs: This flag is to determine if a push is required for Cisco like platforms. Juniper will continue to push configs no matter if there are no diffs. 
 56 | 		:type ext: bool 
 57 | 
 58 | 		:param with_remediation: Current function to remediate or not remediate.  
 59 | 		:type ext: bool 
 60 | 	"""
 61 | #	try:
 62 | 	if argument_confirm is None or argument_confirm.lower() == 'true':
 63 | 		confirm_flag = True 
 64 | 	elif argument_confirm.lower() == 'false':
 65 | 		confirm_flag = False
 66 | 		authentication = False
 67 | 		initialize.password = os.environ.get('NETWORK_PASSWORD')
 68 | 	if(args.file is None):
 69 | 		template_list = []
 70 | 		auditcreeper = True
 71 | 	else:
 72 | 		template = args.file + ext
 73 | 		template_list = []
 74 | 		template_list.append(template)
 75 | 	node_object = process_nodes()
 76 | 	node_template = process_templates()
 77 | 	match_node = search_node(argument_node,node_object)
 78 | 	match_template = search_template(template_list,safe_push_list,match_node,node_template,node_object,auditcreeper,push_cfgs)
 79 | 	"""
 80 | 		:param node_object: All node(s) in the database with all attributes.
 81 | 		:type node_object: list
 82 | 
 83 | 		:param node_template: All templates based on hardware_vendor and device type.
 84 | 		:type node_template: list
 85 | 
 86 | 		:param match_node: Nodes that matches the arguements passed in by user.
 87 | 		:type match_node: list
 88 | 
 89 | 		:param match_template: Return a list of 'match' and/or 'no match'.
 90 | 		:type match_template: list 
 91 | 	"""
 92 | 	if len(match_node) == 0:
 93 | 		print('[x] No matching node(s) found in database.')
 94 | 		print('')
 95 | 		exit()
 96 | 	elif 'NO MATCH' in match_template or len(match_template) == 0:
 97 | 		print('[x] No matching template(s) found in database.')
 98 | 		print('')
 99 | 		exit()
100 | 	else:
101 | 		node_create(match_node,node_object)
102 | 		mediator(args,template_list,node_object,auditcreeper,output,with_remediation)	
103 | 		for index in initialize.element:
104 | 			redirect.append('push_cfgs')
105 | 		if not any(initialize.configuration):
106 | 			print('[>] There are no diffs to be pushed. All configuration matches template(s).')
107 | 			print('')
108 | 			exit()
109 | 		for index in initialize.debug_element:
110 | 			debug[node_object[index]['name']] = [initialize.configuration[config_counter]]
111 | 			config_counter = config_counter + 1
112 | 		debug_json = json.dumps(debug, indent=4)
113 | 		print('[DEBUG]\n{}'.format(debug_json))
114 | #		for index in initialize.debug_element:
115 | #			print('[DEBUG] {{{} : {}}}'.format(node_object[index]['name'],initialize.configuration[config_counter]))
116 | #			config_counter = config_counter + 1
117 | 		for index in range(len(initialize.element)):
118 | 			if len(initialize.configuration) != 0:
119 | 				push_cfgs = True
120 | 				break
121 | 			else:
122 | 				push_cfgs = False
123 | 		if push_cfgs and confirm_flag:
124 | 			confirm(redirect,commands,authentication)
125 | 		elif push_cfgs and not confirm_flag:
126 | 			multithread_engine(initialize.ntw_device,redirect,commands,authentication)
127 | 		else:
128 | 			pass
129 | 		print('')
130 | #	except Exception as error:
131 | #		print('ExceptionError: an exception occured')
132 | #		print(error)
133 | 
134 | 	return None
135 | 


--------------------------------------------------------------------------------
/push_local.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module controls the pushing of local file.
 3 | """
 4 | import initialize
 5 | import os
 6 | from lib.objects.basenode import BaseNode
 7 | from processdb import process_nodes
 8 | from search import search_node
 9 | from search import node_element 
10 | from node_create import node_create
11 | from confirm import confirm
12 | from parse_cmd import parse_commands
13 | from get_property import get_home_directory
14 | 
15 | def push_local(args):
16 | 	argument_filename = args.filename
17 | 	argument_node = args.node
18 | 	commands = initialize.configuration
19 | 	redirect = [] 
20 | 	authentication = True
21 | 	"""
22 | 		:param argument_filename: Argument accepted as template name.
23 | 		:type augument_filename: str
24 | 		
25 | 		:param argument_node: Argument accepted as regular expression.
26 | 		:type augument_node: str
27 | 		
28 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
29 | 		:type commands: list
30 | 
31 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
32 | 		:type alt_key_file: list
33 | 	"""
34 | 	node_object = process_nodes()
35 | 	match_node = search_node(argument_node,node_object)
36 | 	"""
37 | 		:param node_object: All node(s) in the database with all attributes.
38 | 		:type node_object: list
39 | 
40 | 		:param match_node: Nodes that matches the arguements passed in by user.
41 | 		:type match_node: list
42 | 	"""
43 | 	if len(match_node) == 0:
44 | 		print('+ No matching node(s) found in database.')
45 | 		print('')
46 | 	else:
47 | 		node_element(match_node,node_object)
48 | 		node_create(match_node,node_object)
49 | 		for index in initialize.element:
50 | 			redirect.append('push_cfgs')
51 | 		for index in initialize.element:
52 | 			config_list = []
53 | 			with open('{}/{}'.format(get_home_directory(),argument_filename), 'r') as file:	
54 | 				init_config = file.readlines()
55 | 			parse_commands(node_object[index],init_config,set_notation=True)
56 | 		confirm(redirect,commands,authentication)
57 | 
58 | 	return None
59 | 


--------------------------------------------------------------------------------
/push_regex.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module provides ssh session for users.
 3 | """
 4 | from processdb import process_nodes
 5 | from search import node_element
 6 | from search import search_node
 7 | 
 8 | def push_regex(args):
 9 | 	argument_node = args.regex
10 | 	"""
11 | 		:param argument_node: Argument accepted as regular expression.
12 | 		:type augument_node: str
13 | 	"""
14 | 	node_object = process_nodes()
15 | 	match_node = search_node(argument_node,node_object)
16 | 	"""
17 | 		:param node_object: All node(s) in the database with all attributes.
18 | 		:type node_object: list
19 | 		:param match_node: Nodes that matches the arguements passed in by user.
20 | 		:type match_node: list
21 | 	"""
22 | 	if len(match_node) == 0:
23 | 		print('+ No matching nodes found in database.')
24 | 		print('')
25 | 	else:
26 | 		print('[>] Affected Nodes:')
27 | 		for node in match_node:
28 | 			print(node)
29 | 


--------------------------------------------------------------------------------
/push_render.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module controls the rendering of templates.
  3 | """
  4 | from get_property import get_secrets
  5 | from lib.objects.basenode import BaseNode
  6 | from processdb import process_nodes
  7 | from processdb import process_policies
  8 | from processdb import process_templates
  9 | from search import search_node
 10 | from search import search_policy
 11 | from search import search_template 
 12 | from render import render
 13 | from render import process_json_template
 14 | from node_create import node_create
 15 | from multithread import multithread_engine
 16 | import initialize
 17 | 
 18 | def push_render(args):
 19 | 	argument_node = args.node
 20 | 	argument_file = args.file
 21 | 	argument_policy = args.policy
 22 | 	auditcreeper = False
 23 | 	commands = initialize.configuration
 24 | 	ext = {
 25 | 		'jinja':'.jinja2',
 26 | 		'json':'.json'
 27 | 		}
 28 | 	output = True
 29 | 	push_cfgs = False
 30 | 	policy_list = []
 31 | 	safe_push_list = []
 32 | 	with_remediation = True 
 33 | 	"""
 34 | 		:param argument_node: Argument accepted as regular expression.
 35 | 		:type augument_node: str
 36 | 		
 37 | 		:param auditcreeper: When auditcreeper is active/non-active.
 38 | 		:type auditcreeper: bool
 39 | 		
 40 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
 41 | 		:type commands: list
 42 | 		
 43 | 		:param ext: File extention
 44 | 		:type ext: str 
 45 | 		
 46 | 		:param output: Flag to output to stdout.  
 47 | 		:type ext: bool 
 48 | 		
 49 | 		:param push_cfgs: This flag is to determine if a push is required for Cisco like platforms. Juniper will continue to push configs no matter if there are no diffs. 
 50 | 		:type ext: bool
 51 | 
 52 | 		:param safe_push_list: A list of enable/disabled strings. This corresponds to templates that are safe to push (enable) vs. templates that are not safe to push (disabled).
 53 | 		:type ext: list
 54 | 
 55 | 		:param with_remediation: Current function to remediate or not remediate.  
 56 | 		:type ext: bool 
 57 | 
 58 | 		:param node_object: All node(s) in the database with all attributes.
 59 | 		:type node_object: list
 60 | 
 61 | 		:param node_template: All templates based on hardware_vendor and device type.
 62 | 		:type node_template: list
 63 | 
 64 | 		:param match_node: Nodes that matches the arguements passed in by user.
 65 | 		:type match_node: list
 66 | 
 67 | 		:param match_template: Return a list of 'match' and/or 'no match'.
 68 | 		:type match_template: list 
 69 | 	"""
 70 | 	node_object = process_nodes()
 71 | 	match_node = search_node(argument_node,node_object)
 72 | 	if argument_policy is not None:
 73 | 		policy = argument_policy + ext['json']
 74 | 		policy_list = []
 75 | 		policy_list.append(policy)
 76 | 		node_policy = process_policies()
 77 | 		match_policy = search_policy(policy_list,safe_push_list,match_node,node_policy,node_object,auditcreeper,push_cfgs)
 78 | 		policy_list_original = policy_list[:]
 79 | 		policy_list_copy = policy_list
 80 | 		if len(match_policy) != 0:
 81 | 			policy_list = policy_list_copy
 82 | 		if len(match_node) == 0:
 83 | 			print('+ No matching node(s) found in database.')
 84 | 			exit()
 85 | 		elif 'NO MATCH' in match_policy:
 86 | 			print('+ No matching policy(ies) found in database.')
 87 | 			exit()
 88 | 		process_json_template(policy_list,node_object,policy_list_copy,output,auditcreeper)
 89 | 		exit()
 90 | 	if argument_file is None and argument_policy is None:
 91 | 		template_list = []
 92 | 		auditcreeper = True
 93 | 	else:
 94 | 		template = argument_file + ext['jinja']
 95 | 		template_list = []
 96 | 		template_list.append(template)
 97 | 	node_template = process_templates()
 98 | 	match_template = search_template(template_list,safe_push_list,match_node,node_template,node_object,auditcreeper,push_cfgs)
 99 | 	print(match_template)
100 | 	if len(match_node) == 0:
101 | 		print('[x] No matching node(s) found in database.')
102 | 		exit()
103 | 	elif 'NO MATCH' in match_template or len(match_template) == 0:
104 | 		print('[x] No matching templates found in database.')
105 | 		exit()
106 | 	"""
107 | 			Uncomment the secrets below if you are using hashicorp vault. You will need to setup the credentials.
108 | 	"""
109 | #	secrets = get_secrets()
110 | #	render(template_list,node_object,auditcreeper,output,with_remediation,secrets)
111 | 	render(template_list,node_object,auditcreeper,output,with_remediation)
112 | 
113 | 	return None
114 | 


--------------------------------------------------------------------------------
/render.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module processes the rendering of templates.
  3 | """
  4 | import initialize
  5 | import os
  6 | import re
  7 | from jinja2 import Environment, FileSystemLoader
  8 | from get_property import get_home_directory
  9 | from get_property import get_policy_directory
 10 | from get_property import get_template_directory
 11 | from get_property import get_standards_directory
 12 | from get_property import get_updated_list
 13 | from parse_cmd import parse_commands
 14 | 
 15 | with_remediate = None
 16 | def render(template_list,node_object,auditcreeper,output,with_remediation):
 17 | 	"""
 18 | 		Uncomment the below function and replace with the above define function to include secrets if hashicorp is used.
 19 | 	"""
 20 | #def render(template_list,node_object,auditcreeper,output,with_remediation,secrets):
 21 | 	global with_remediate
 22 | 	with_remediate = with_remediation
 23 | 	template_list_copy = template_list
 24 | 	if auditcreeper:
 25 | 	    template_list = template_list_copy[0]
 26 | 	for index in initialize.element:
 27 | 		get_hardware_vendor_template_directory = get_template_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
 28 | 		print ("{}".format(node_object[index]['name']))
 29 | 		for template in template_list:
 30 | 			config = process_jinja2_template(node_object,index,template,with_remediation)
 31 | 			print("{}{}".format(get_hardware_vendor_template_directory,template))
 32 | 			if(output):
 33 | 				print("{}".format(config))
 34 | 			with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],template.replace('jinja2','')) + 'conf','r') as file:
 35 | 				init_config = file.readlines()
 36 | 			"""
 37 | 				The below parse_commands() function will only get executed if
 38 | 				it needs to store commands in the global variable initialize.configuration
 39 | 				for push. push_cfgs(output = True) vs push_render(output = False) functions.
 40 | 			"""
 41 | 			if output!=True:
 42 | 				parse_commands(node_object[index],init_config,set_notation=False)
 43 | 			print()
 44 | 		if auditcreeper:
 45 | 			template_list = get_updated_list(template_list_copy)
 46 | 
 47 | 	return None
 48 | 
 49 | def process_jinja2_template(node_object,index,template,with_remediation):
 50 | 	hardware_vendor_template_directory = get_template_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
 51 | 	standards_directory = get_standards_directory(node_object[index]['name'],node_object[index]['hardware_vendor'],node_object[index]['type'])
 52 | 	env = Environment(
 53 | 						loader=FileSystemLoader([hardware_vendor_template_directory,standards_directory]),
 54 | 						lstrip_blocks = True,
 55 | 						trim_blocks=True
 56 | 				)
 57 | 	env.filters['remediate'] = remediate
 58 | 	baseline = env.get_template(template)
 59 | 	os.makedirs('{}/rendered-configs/'.format(get_home_directory()),exist_ok=True)
 60 | 	with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],template.replace('jinja2','')) + 'conf', 'w') as file:
 61 | 		config = baseline.render(
 62 | 							node = node_object[index],
 63 | 							with_remediation = with_remediation
 64 | 							#set = 'set ' ### for ZPE
 65 | 							#add = 'add ' ### for LTM
 66 | 							#delete = 'delete ' for LTM
 67 | 						)
 68 | 		file.write(config) 
 69 | 		file.close 
 70 | 
 71 | 	return config
 72 | 
 73 | def process_json_template(policy_list,node_object,policy_list_copy,output,auditcreeper):
 74 | 	commands = [] 
 75 | 	redirect = []
 76 | 	policy_list_copy = policy_list
 77 | 	if auditcreeper:
 78 | 		policy_list = policy_list_copy[0]
 79 | 		all_policies = policy_list_copy[0]
 80 | 	"""
 81 | 		:param redirect: A list of which method superloop will access. This variable is sent to the multithread_engine. Each element is a redirect per node.
 82 | 		:type alt_key_file: list
 83 | 
 84 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
 85 | 		:type commands: list
 86 | 	"""
 87 | 	for index in initialize.element:
 88 | 		if node_object[index]['type'] == 'vfirewall' or node_object[index]['type'] == 'firewall':
 89 | 			get_hardware_vendor_policy_directory = get_policy_directory(node_object[index]['hardware_vendor'],node_object[index]['opersys'],node_object[index]['type'])
 90 | 			print ("{}".format(node_object[index]['name']))
 91 | 			redirect.append('push_acl')
 92 | 			""" 
 93 | 				The below iteration takes care of the configs for each policy file per firewall node(s).
 94 | 			"""
 95 | 	#		if auditcreeper:
 96 | 	#			for policy in all_policies:
 97 | 	#				print('{}{}'.format(get_hardware_vendor_policy_directory,policy))
 98 | 	#			print('')
 99 | 	#			for policy in policy_list:
100 | 	#				commands = parse_firewall_acl(node_object[index],policy)
101 | 	#				policy_list = get_updated_list(policy_list_copy)
102 | 	#			os.makedirs('{}/rendered-configs/'.format(get_home_directory()),exist_ok=True)
103 | 	#			with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],policy_list[0].replace('json','')) + 'conf', 'w') as file:
104 | 	#				for config in commands:
105 | 	#					if output:
106 | 	#						print(config)
107 | 	#					file.write(config) 
108 | 	#					file.write('\n') 
109 | 	#				file.close 
110 | 	#			initialize.configuration.append(commands)
111 | 	#		else:
112 | 			for policy in policy_list:
113 | 				print('{}{}'.format(get_hardware_vendor_policy_directory,policy))
114 | 				commands = parse_firewall_acl(node_object[index],policy)
115 | 			os.makedirs('{}/rendered-configs/'.format(get_home_directory()),exist_ok=True)
116 | 			with open('{}/rendered-configs/{}.{}'.format(get_home_directory(),node_object[index]['name'],policy_list[0].replace('json','')) + 'conf', 'w') as file:
117 | 				for config in commands:
118 | 					if output:
119 | 						print(config)
120 | 					file.write(config) 
121 | 					file.write('\n') 
122 | 				file.close 
123 | 			initialize.configuration.append(commands)
124 | 		else:
125 | 			print('+ Node {} is not of type; firewall.'.format(node_object[index]['name']))
126 | 			exit()
127 | 	
128 | 	return commands
129 | 
130 | def remediate(input):
131 | 	"""
132 | 		Custom filter to process boolean.
133 | 	"""
134 | 	if with_remediate == True:
135 | 		return input
136 | 	else:
137 | 		return ''
138 | 


--------------------------------------------------------------------------------
/requirements.apt:
--------------------------------------------------------------------------------
1 | libyaml-dev
2 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
 1 | diffios==0.0.9
 2 | ciscoconfparse==1.7.15
 3 | commentjson==0.8.3
 4 | cryptography==36.0.2
 5 | edgegrid-python==1.3.1
 6 | hvac==0.11.2
 7 | Jinja2==2.11.3
 8 | markupsafe==2.0.1
 9 | netmiko==3.1.1
10 | pyOpenSSL==22.0.0
11 | pysnmp==4.4.12
12 | PyYAML==5.4
13 | 


--------------------------------------------------------------------------------
/search.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module controls the searching of nodes and templates.
  3 | """
  4 | import re
  5 | import initialize
  6 | from processdb import process_json
  7 | from get_property import get_template_directory
  8 | from get_property import get_policy_directory
  9 | from get_property import get_home_directory
 10 | 
 11 | def search_node(argument_node,node_object):
 12 | 	"""
 13 | 		The function search_node will search through the list of nodes 
 14 | 		from the user's query and match a single or multiple node(s).
 15 | 	"""
 16 | 	node_list = extract_nodes(node_object)
 17 | 	query = re.compile(argument_node)
 18 | 	search_result = list(filter(query.match,node_list))
 19 | 
 20 | 	return search_result
 21 | 
 22 | def extract_nodes(node_object):
 23 | 	"""
 24 | 		This function will extract all the nodes from the 
 25 | 		database of node_objects so that it can run the search against 
 26 | 		the list of node(s).
 27 | 
 28 | 	"""
 29 | 	node_list = []
 30 | 	index = 0
 31 | 	for node in node_object:
 32 | 		name = node_object[index]['name']
 33 | 		node_list.append(name)
 34 | 		index = index + 1
 35 | 
 36 | 	return node_list	
 37 | 
 38 | def search_template(template_list,safe_push_list,match_node,node_template,node_object,auditcreeper,push_cfgs):
 39 | 	"""
 40 | 		This function will take the search results from the list of nodes 
 41 | 		and run it against node_object to determine the hardware vendor and type 
 42 | 		and compare with the node_template database to match. Once matched, 
 43 | 		it will check to verify an existing template is available.
 44 | 	"""
 45 | 	search_result = []
 46 | 	index = 0
 47 | 	element = 0
 48 | 	for node in match_node:
 49 | 		for node_obj in node_object:
 50 | 			if node == node_obj['name']:
 51 | 				"""
 52 | 					index variable gets the position in the list and appends it to the global variable 'element'.
 53 | 				"""
 54 | 				index = node_object.index(node_obj)
 55 | 				initialize.element.append(index)
 56 | 				"""
 57 | 					This section will pull out all the templates belonging to the specific
 58 | 					hardware vendor, operating system and type from the template database.
 59 | 				"""
 60 | 				for node_temp in node_template:
 61 | 					if node_obj['hardware_vendor'] == node_temp['hardware_vendor'] and node_obj['opersys'] == node_temp['opersys'] and node_obj['type'] == node_temp['type']:
 62 | 						if auditcreeper:
 63 | 							template_node_list = []
 64 | 							for template_dir_name in node_temp['templates']:
 65 | 								template_name = list(template_dir_name)[0].split('/')[-1]
 66 | 								template_node_list.append(template_name)
 67 | 								safe_push = list(template_dir_name.values())[0]
 68 | 								safe_push_list.append(safe_push)
 69 | 							if 'disabled' in safe_push_list and push_cfgs:
 70 | 								run_time = 1
 71 | 								first_run = True
 72 | 								disabled_templates = disabled_safe_push_element(safe_push_list,template_node_list,node_obj)
 73 | 								for index in disabled_templates:
 74 | 									if first_run:
 75 | 										template_node_list.pop(index)
 76 | 										first_run = False
 77 | 									else:
 78 | 										template_node_list.pop(index - run_time)
 79 | 										run_time = run_time + 1
 80 | 							"""
 81 | 								If all templates are disabled, exit.
 82 | 							"""
 83 | 							if len(safe_push_list) and 'enabled' in safe_push_list and push_cfgs:
 84 | 								search_result.append("MATCH")	
 85 | 							if len(template_node_list) > 0 and not push_cfgs:
 86 | 								search_result.append("MATCH")	
 87 | 							if len(template_node_list) == 0 and push_cfgs:
 88 | 								exit()
 89 | 							template_list.append(template_node_list)
 90 | 							del safe_push_list[:]
 91 | 						else:
 92 | 							directory = get_template_directory(node_obj['hardware_vendor'],node_obj['opersys'],node_obj['type'])
 93 | 							file = directory + template_list[element]
 94 | 							template_index = 0
 95 | 							template_node_list = []
 96 | 							node_templates = node_temp['templates'].copy()
 97 | 							for template_path in node_temp['templates']:
 98 | 								template_name = list(template_path)[0].split('/')[-1]
 99 | 								template_node_list.append(template_name)
100 | 								node_temp['templates'][template_index] = list(template_path)[0].replace('~','{}'.format(get_home_directory()))
101 | 								safe_push = list(template_path.values())[0]
102 | 								safe_push_list.append(safe_push)
103 | 								template_index = template_index + 1
104 | 							try:
105 | 								template_index = template_node_list.index(template_list[element])
106 | 								if safe_push_list[template_index] != 'enabled' and push_cfgs:
107 | 									print('[x] {} ; {}'.format(node_obj['name']),template_node_list[template_index])
108 | 									exit()
109 | 							except Exception as error:
110 | 								pass
111 | 							if file in node_temp['templates']:
112 | 								search_result.append("MATCH")	
113 | 								node_temp['templates'] = node_templates.copy()
114 | 							else:
115 | 								print('[x] No associating template {}'.format(template_list[element]) + ' for node {}'.format(node))
116 | 								exit()
117 | 								search_result.append("NO MATCH")
118 | 								node_temp['templates'] = node_templates.copy()
119 | 							del safe_push_list[:]
120 | 					else:
121 | 						continue	
122 | 			else:
123 | 				continue	
124 | 	return search_result 
125 | 
126 | def search_policy(policy_list,safe_push_list,match_node,node_policy,node_object,auditcreeper,push_acl):
127 | 	"""
128 | 		This function will take the search results from the list of nodes 
129 | 		and run it against node_object to determine the hardware vendor, operating system and type 
130 | 		and compare with the node_policy database to match. If a node is not 
131 | 		deemed as a firewall, it will not allow a policy push.
132 | 	"""
133 | 	search_result = []
134 | 	index = 0
135 | 	element = 0
136 | 	for node in match_node:
137 | 		for node_obj in node_object:
138 | 			if node == node_obj['name']:
139 | 				"""
140 | 					index variable gets the position in the list and appends it to the global variable 'element'.
141 | 				"""
142 | 				index = node_object.index(node_obj)
143 | 				initialize.element.append(index)
144 | 				"""
145 | 					This section will pull out all the policies belonging to the specific
146 | 					hardware vendor, operating system and type from the policy database.
147 | 				"""
148 | 				if node_object[index]['type'] != 'firewall' or node_object[index]['type'] != 'vfirewall':
149 | 					pass
150 | 				else:
151 | 					for node_pol in node_policy:
152 | 						print(node,node_pol['name'])
153 | 						if node == node_pol['name']:
154 | 		#					policy_index = node_policy.index(node_pol)
155 | 		#					initialize.element_policy.append(policy_index)
156 | 							if auditcreeper:
157 | 								policy_node_list = []
158 | 								for policy_dir_name in node_pol['policy']:
159 | 									policy_name = list(policy_dir_name)[0].split('/')[-1]
160 | 									policy_node_list.append(policy_name)
161 | 									safe_push = list(policy_dir_name.values())[0]
162 | 									safe_push_list.append(safe_push)
163 | 								if 'disabled' in safe_push_list and push_acl:
164 | 									run_time = 1
165 | 									first_run = True
166 | 									disabled_policies = disabled_safe_push_element(safe_push_list,policy_node_list,node_obj)
167 | 									for index in disabled_policies:
168 | 										if first_run:
169 | 											policy_node_list.pop(index)
170 | 											first_run = False
171 | 										else:
172 | 											policy_node_list.pop(index - run_time)
173 | 											run_time = run_time + 1
174 | 								"""
175 | 									If all policies are disabled.
176 | 								"""
177 | 								if len(policy_node_list) == 0:
178 | 									exit()
179 | 								policy_list.append(policy_node_list)
180 | 								del safe_push_list[:]
181 | 							else:
182 | 								directory = get_policy_directory(node_obj['hardware_vendor'],node_obj['opersys'],node_obj['type'])
183 | 								file = directory + policy_list[element]
184 | 								policy_index = 0
185 | 								policy_node_list = []
186 | 								node_policy = node_pol['policy'].copy()
187 | 								for policy_path in node_pol['policy']:
188 | 									policy_name = list(policy_path)[0].split('/')[-1]
189 | 									policy_node_list.append(policy_name)
190 | 									node_pol['policy'][policy_index] = list(policy_path)[0].replace('~','{}'.format(get_home_directory()))
191 | 									safe_push = list(policy_path.values())[0]
192 | 									safe_push_list.append(safe_push)
193 | 									policy_index = policy_index + 1
194 | 								try:
195 | 									policy_index = policy_node_list.index(policy_list[element])
196 | 									if safe_push_list[policy_index] != 'enabled':
197 | 										print('[x] {} ; {}'.format(node_obj['name']),policy_node_list[policy_index])
198 | 										exit()
199 | 								except Exception as error:
200 | 									pass
201 | 								if file in node_pol['policy']:
202 | 									search_result.append("MATCH")
203 | 									node_pol['policy'] = node_policy.copy()
204 | 								else:
205 | 									print('[x] No associating policy {}'.format(policy_list[element]) + ' for node {}'.format(node))
206 | 									search_result.append("NO MATCH")
207 | 	#								node_pol['policy'] = node_policy.copy()
208 | 						else:
209 | 							continue
210 | 			else:
211 | 				continue	
212 | 	return search_result 
213 | 
214 | def node_element(match_node,node_object):
215 | 	"""
216 | 		This function appends the position index of the match results (match_node) against 
217 |  		the overall node_objects. This function call is only needed when search_template
218 |  		function is not used.
219 | 	"""
220 | 	index = 0
221 | 	for node in match_node:
222 | 		for node_obj in node_object:
223 | 			if node == node_obj['name']:
224 | 				index = node_object.index(node_obj)
225 | 				initialize.element.append(index)
226 | 
227 | 	return None
228 | 
229 | def disabled_safe_push_element(safe_push_list,template_node_list,node_obj):
230 | 	"""
231 | 		This function appends the position index of the match results (match_node) against 
232 |  		the overall node_objects. This function call is only needed when search_template
233 |  		function is not used.
234 | 	"""
235 | 	index = 0
236 | 	disabled_templates = []
237 | 	for element in safe_push_list:
238 | 		if element == 'disabled':
239 | 			print('[x] {} ; {}'.format(node_obj['name'],template_node_list[index]))
240 | 			disabled_templates.append(index)
241 | 		index = index + 1
242 | 
243 | 	return disabled_templates 
244 | 


--------------------------------------------------------------------------------
/snmp.py:
--------------------------------------------------------------------------------
  1 | """
  2 | 	This module fetches information from the device via snmp
  3 | """
  4 | from get_property import get_serial_oid
  5 | from snmp_helper import snmp_get_oid
  6 | from snmp_helper import snmp_extract 
  7 | from processdb import process_models
  8 | import datetime
  9 | import re
 10 | import subprocess
 11 | import socket
 12 | import time
 13 | import os
 14 | 
 15 | def snmp(argument_node):
 16 | 	index = 0
 17 | 	SNMP_COMMUNITY_STRING = os.environ.get('SNMP_COMMUNITY_STRING')
 18 | 	SNMP_PORT = 161
 19 | 	HOSTNAME_OID = '1.3.6.1.2.1.1.5.0'
 20 | 	PLATFORM_OID = '1.3.6.1.2.1.1.1.0' 
 21 | 	device = (argument_node,SNMP_COMMUNITY_STRING,SNMP_PORT)
 22 | 	snmp_name = snmp_data(device,HOSTNAME_OID,SNMP_PORT)
 23 | 	snmp_platform_name = snmp_data(device,PLATFORM_OID,SNMP_PORT)
 24 | 	platform_name = snmp_parse_platform_name(snmp_platform_name,device,SNMP_PORT)
 25 | 	hardware_vendor = get_hardware_vendor(snmp_platform_name)
 26 | 	mgmt_ip4 = snmp_ip(snmp_name)
 27 | 	operating_system = snmp_parse_opersys(snmp_platform_name)
 28 | 	type = snmp_parse_type(snmp_platform_name)
 29 | 	role_name = snmp_parse_role_name(snmp_platform_name)
 30 | 	SERIAL_NUM_OID = get_serial_oid(snmp_platform_name)
 31 | 	serial_num = snmp_data(device,SERIAL_NUM_OID,SNMP_PORT)
 32 | 	data = [{
 33 | #		'bgp':[snmp_bgp(SNMP_COMMUNITY_STRING,argument_node)][0],
 34 | 		'created_at': '{}'.format(timestamp()),
 35 | 		'created_by': '{}'.format(os.environ.get('USER')),
 36 | 		'domain_name': 'null',
 37 | 		'hardware_vendor':'{}'.format(hardware_vendor),
 38 | 		'location_name': 'null',
 39 | 		'lifecycle_status': 'null',
 40 | 		'mgmt_con_ip4': 'null',
 41 | 		'mgmt_ip4': "{}".format(mgmt_ip4),
 42 | 		'mgmt_oob_ip4': 'null',
 43 | 		'mgmt_snmp_community4': 'null',
 44 | 		'name': '{}'.format(snmp_name),
 45 | 		'oncall_team':'network',
 46 | 		'opersys':'{}'.format(operating_system),
 47 | #		'ospf':[snmp_ospf(SNMP_COMMUNITY_STRING,argument_node)][0],
 48 | 		'platform_name':'{}'.format(platform_name),
 49 | #		'ports':[snmp_interface(operating_system,argument_node,SNMP_COMMUNITY_STRING,snmp_name)][0],
 50 | 		'role_name':'{}'.format(role_name),
 51 | 		'serial_num':'{}'.format(serial_num),
 52 | 		'software_image':'null',
 53 | 		'software_version':'null',
 54 | 		'status':'online',
 55 | 		'type':'{}'.format(type),
 56 | 		'updated_at':'null',
 57 | 		'updated_by': 'null'
 58 | 		}
 59 | 	]
 60 | 
 61 | 	return data
 62 | 
 63 | def snmp_data(device,oid,port):
 64 | 	snmp_data = snmp_get_oid(device,oid,display_errors=True)
 65 | 	snmp_property = snmp_extract(snmp_data)
 66 | 
 67 | 	return snmp_property
 68 | 
 69 | def snmp_ip(snmp_name):
 70 | 	if snmp_name.lower() == 'netscaler':
 71 | 		MGMT_IP_ADDRESS_OID = {
 72 | 				'CITRIX_NETSCALER':'1.3.6.1.4.1.5951.4.1.1.2.0'
 73 | 			}
 74 | 		mgmt_ip4 = snmp_data(device,MGMT_IP_ADDRESS_OID['CITRIX_NETSCALER'],port)
 75 | 	else:
 76 | 		mgmt_ip4 = socket.gethostbyname(snmp_name)
 77 | 
 78 | 	return mgmt_ip4
 79 | 
 80 | def snmp_parse_platform_name(snmp_platform_name,device,SNMP_PORT):
 81 | 	PLATFORM_NAME_OID = {
 82 | 			'CISCO_ASA_OID':'1.3.6.1.2.1.47.1.1.1.1.13.1',
 83 | 			'CISCO_CATALYST_OID':'1.3.6.1.2.1.47.1.1.1.1.2.1001',
 84 | 			'NEXUS_OID':'1.3.6.1.2.1.47.1.1.1.1.2.149',
 85 | 			'CITRIX_NETSCALER':'1.3.6.1.4.1.5951.4.1.1.11.0',
 86 | 			'PALO_ALTO':'1.3.6.1.2.1.47.1.1.1.1.13.1',
 87 | 		}
 88 | 	platform_name = snmp_platform_name.lower() 
 89 | 	device_platform_name = ''
 90 | 	platforms = {
 91 | 			'firefly-perimeter':'firefly-perimeter',
 92 | 			'c3750':'{}'.format(snmp_data(device,PLATFORM_NAME_OID['CISCO_CATALYST_OID'],SNMP_PORT)),
 93 | 			'adaptive security appliance':'{}'.format(snmp_data(device,PLATFORM_NAME_OID['CISCO_ASA_OID'],SNMP_PORT)),
 94 |             'cisco nx-os':'{}'.format(snmp_data(device,PLATFORM_NAME_OID['NEXUS_OID'],SNMP_PORT)),
 95 | 			'big-ip':'f5',
 96 | 			'netscaler':'{}'.format(snmp_data(device,PLATFORM_NAME_OID['CITRIX_NETSCALER'],SNMP_PORT)),
 97 | 			'nsmpx-8900':'{}'.format(snmp_data(device,PLATFORM_NAME_OID['CITRIX_NETSCALER'],SNMP_PORT)),
 98 | 			'palo alto':'{}'.format(snmp_data(device,PLATFORM_NAME_OID['PALO_ALTO'],SNMP_PORT))
 99 | 		}
100 | 	for platform in platforms:
101 | 		if platform in platform_name:
102 | 			device_platform_name = platforms[platform]
103 | 			break
104 | 		else:
105 | 			device_platform_name = 'null'
106 | 	
107 | 	return device_platform_name
108 | 
109 | def get_hardware_vendor(snmp_platform_name):
110 | 	if 'netscaler' in snmp_platform_name.lower():
111 | 		vendor_name = 'citrix'
112 | 	elif 'palo alto' in snmp_platform_name.lower():
113 | 		vendor_name = 'palo alto'
114 | 	else:
115 | 		vendor_name = snmp_platform_name.split()[0].lower()
116 | 		device_vendor = vendor_name
117 | 
118 | 	return vendor_name
119 | 
120 | def snmp_parse_opersys(snmp_platform_name):
121 | 	platform_name = snmp_platform_name.lower() 
122 | 	device_opersys = ''
123 | 	operating_systems = {
124 | 			'juniper':'junos',
125 | 			'ios':'ios',
126 | 			'nx-os':'nxos',
127 | 			'adaptive security appliance':'asa',
128 | 			'vyatta':'vyos',
129 | 			'f5':'tmsh',
130 | 			'netscaler':'netscaler',
131 | 			'palo alto':'pan-os'
132 | 		}
133 | 	for vendor in operating_systems:
134 | 		if vendor in platform_name:
135 | 			device_opersys = operating_systems[vendor]
136 | 			break
137 | 		else:
138 | 			device_opersys = 'null'
139 | 
140 | 	return device_opersys
141 | 
142 | def snmp_parse_type(snmp_platform_name):
143 | 	platform_name = snmp_platform_name.lower() 
144 | 	device_type = ''
145 | 	models = {
146 | 			'firefly-perimeter':'vfirewall',
147 | 			'c3750':'switch',
148 | 			'adaptive security appliance':'firewall',
149 | 			'big-ip':'loadbalancer',
150 | 			'netscaler':'loadbalancer',
151 | 			'cisco nx-os':'switch',
152 | 			'palo alto':'firewall',
153 | 		}
154 | 	for model in models:
155 | 		if model in platform_name:
156 | 			device_type = models[model]
157 | 			break
158 | 		else:
159 | 			device_type = 'null'
160 | 
161 | 	return device_type
162 | 
163 | def snmp_parse_role_name(snmp_platform_name):
164 | 	platform_name = snmp_platform_name.lower() 
165 | 	device_role_name = ''
166 | 	role_names = {
167 | 			'c3750':'datacenter-switch',
168 | 			'adaptive security appliance':'datacenter-firewall',
169 | 			'big-ip':'datacenter-load-balancer',
170 | 			'netscaler':'datacenter-load-balancer',
171 | 			'palo alto':'datacenter-firewall',
172 | 		}
173 | 	for role_name in role_names:
174 | 		if role_name in platform_name:
175 | 			device_role_name = role_names[role_name]
176 | 			break
177 | 		else:
178 | 			device_role_name = 'null'
179 | 
180 | 	return device_role_name
181 | 
182 | def get_serial_oid(snmp_platform_name):
183 | 	platform_name = snmp_platform_name.lower()
184 | 	device_serial = ''
185 | 	SERIAL_OID = {
186 | 			'firefly-perimeter':'1.3.6.1.4.1.2636.3.1.3.0',
187 | 			'c3750':'1.3.6.1.4.1.9.5.1.2.19.0',
188 | 			'adaptive security appliance':'1.3.6.1.2.1.47.1.1.1.1.11.1',
189 | 			'cisco nx-os':'1.3.6.1.2.1.47.1.1.1.1.11.22',
190 | 			'netscaler':'1.3.6.1.4.1.5951.4.1.1.14.0',
191 | 			'palo alto':'1.3.6.1.4.1.25461.2.1.2.1.3'
192 | 		}
193 | 	for model in SERIAL_OID:
194 | 		if model in platform_name:
195 | 			device_serial_oid = SERIAL_OID[model]
196 | 			break
197 | 		else:
198 | 			device_serial_oid = 'null'
199 | 
200 | 	return device_serial_oid
201 | 
202 | def timestamp():
203 | 	time_stamp =time.time()
204 | 	date_time = datetime.datetime.fromtimestamp(time_stamp).strftime('%Y-%m-%d %H:%M:%S')
205 | 
206 | 	return date_time
207 | 
208 | """
209 | 	snmp_interface() performs a recursive lookup on OIDs to extract data
210 | 	for certain attributes.
211 | """
212 | 
213 | def snmp_interface(operating_system,argument_node,SNMP_COMMUNITY_STRING,snmp_name):
214 | 	print('+ Discovering switchport interfaces. ')
215 | 	interface = []
216 | 	arp_table = {}
217 | 	interface_admin_status_table = {}
218 | 	build_interface_admin_status_table(interface_admin_status_table,operating_system,SNMP_COMMUNITY_STRING,argument_node)
219 | 	build_arp_table(arp_table,operating_system,SNMP_COMMUNITY_STRING,argument_node)
220 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.2.2.1.2'.format(SNMP_COMMUNITY_STRING,argument_node),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
221 | 	oids = snmpwalk.stdout.read()
222 | 	oids = oids.decode().split('\n')
223 | 	while '' in oids:
224 | 		oids.remove('')
225 | 		print(oids)
226 | 	for index in oids:
227 | 		if operating_system == 'asa':
228 | 			interface_name = index.split()[6].strip('"')
229 | 		else:	
230 | 			interface_name = index.split()[3].strip('"')
231 | 		admin_status = interface_admin_status_table['{}'.format(interface_name)]
232 | 		if interface_name in arp_table.keys():
233 | 			ip4 = arp_table['{}'.format(interface_name)]
234 | 		else:
235 | 			ip4 = 'None'
236 | 		interface_data = {
237 | 			'access_vlan': 'null',
238 | 			'acl4_in': 'null',
239 | 			'acl4_out': 'null',
240 | 			'admin_status': '{}'.format(admin_status),
241 | 			'created_at': '{}'.format(timestamp()),
242 | 			'created_by': '{}'.format(os.environ.get('USER')),
243 | 			'data': 'null',
244 | 			'drain_status': 'none',
245 | 			'farend_name': 'null',
246 | 			'if_speed': 'null',
247 | 			'ip4': '{}'.format(ip4),
248 | 			'management': 'null',
249 | 			'mtu': 'null',
250 | 			'name': '{}'.format(interface_name),
251 | 			'node_name': '{}'.format(snmp_name),
252 | 			'portrole_name': 'null',
253 | 			'type': 'null',
254 | 			'updated_at': 'null',
255 | 			'updated_by': 'null',
256 | 			'wan_link': 'null'
257 | 		}
258 | 		interface.append(interface_data)
259 | 		print('+ .... {} [complete]'.format(interface_name))
260 | 
261 | 	return interface
262 | 
263 | def build_arp_table(arp_table,operating_system,SNMP_COMMUNITY_STRING,argument_node):
264 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.4.20.1.1'.format(SNMP_COMMUNITY_STRING,argument_node),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
265 | 	oids = snmpwalk.stdout.read()
266 | 	oids = oids.decode().split('\n')
267 | 	for index in oids:
268 | 		if '' == index:
269 | 			pass
270 | 		else:
271 | 			ip4 = index.split()[3]
272 | 			snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.4.20.1.2.{}'.format(SNMP_COMMUNITY_STRING,argument_node,ip4),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
273 | 			oids = snmpwalk.stdout.read()
274 | 			oids = oids.decode().split('\n')
275 | 			for index in oids:
276 | 				if '' == index:
277 | 					pass
278 | 				else:
279 | 					interface_index = index.split()[3]
280 | 					snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.2.2.1.2.{}'.format(SNMP_COMMUNITY_STRING,argument_node,interface_index),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
281 | 					oids = snmpwalk.stdout.read()
282 | 					oids = oids.decode().split('\n')
283 | 					for index in oids:
284 | 						if '' == index:
285 | 							pass
286 | 						else:
287 | 							if operating_system == 'asa':
288 | 								interface_name_lookup = index.split()[6].strip('"')
289 | 							else:
290 | 								interface_name_lookup = index.split()[3].strip('"')
291 | 							arp_table['{}'.format(interface_name_lookup)] = '{}'.format(ip4)
292 | 							break
293 | 					break
294 | 
295 | 	return 'None'
296 | 
297 | def build_interface_admin_status_table(interface_admin_status_table,operating_system,SNMP_COMMUNITY_STRING,argument_node):
298 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.2.2.1.7'.format(SNMP_COMMUNITY_STRING,argument_node),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
299 | 	oids = snmpwalk.stdout.read()
300 | 	oids = oids.decode().split('\n')
301 | 	for index in oids:
302 | 		if '' == index:
303 | 			pass
304 | 		else:
305 | 			interface_admin_status_index = index.split()[3]
306 | 			if interface_admin_status_index == '1':
307 | 				interface_admin_status = 'up'
308 | 			else:
309 | 				interface_admin_status = 'down'
310 | 			oids_split = index.split(' ')
311 | 			interface_index = oids_split[0].split('.')[10]
312 | 			snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.2.2.1.2.{}'.format(SNMP_COMMUNITY_STRING,argument_node,interface_index),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
313 | 			oids = snmpwalk.stdout.read()
314 | 			oids = oids.decode().split('\n')
315 | 			for index in oids:
316 | 				if '' == index:
317 | 					pass
318 | 				else:
319 | 					if operating_system == 'asa':
320 | 						interface_name_lookup = index.split()[6].strip('"')
321 | 					else:
322 | 						interface_name_lookup = index.split()[3].strip('"')
323 | 					interface_admin_status_table['{}'.format(interface_name_lookup)] = '{}'.format(interface_admin_status)
324 | 					break
325 | 
326 | 	return 'None'
327 | 
328 | """
329 | 	snmp_ospf() performs a recursive lookup on OIDs to extract data
330 | 	for certain attributes.
331 | """
332 | 
333 | def snmp_ospf(SNMP_COMMUNITY_STRING,argument_node):
334 | 	print('+ Discovering OSPF data. ')
335 | 	ospf=[]
336 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.14.10.1.1'.format(SNMP_COMMUNITY_STRING,argument_node),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
337 | 	oids = snmpwalk.stdout.read()
338 | 	oids = oids.decode().split('\n')
339 | 	for index in oids:
340 | 		if '' == index:
341 | 			break	
342 | 		elif 'No' in index:
343 | 			ospf_neighbor_id = '\'None\''
344 | 			ospf_data = {
345 | 				'neighbor_id': 'null',
346 | 				'area': 'null',
347 | 				'priority': 'null',
348 | 				'state': 'null'
349 | 			}
350 | 			ospf.append(ospf_data)
351 | 		else:
352 | 			ospf_neighbor_id = index.split()[3]
353 | 			ospf_data = {
354 | 				'neighbor_id': '{}'.format(ospf_neighbor_id),
355 | 				'area': '{}'.format(snmp_ospf_area(ospf_neighbor_id,SNMP_COMMUNITY_STRING,argument_node)),
356 | 				'priority': '{}'.format(snmp_ospf_priority(ospf_neighbor_id,SNMP_COMMUNITY_STRING,argument_node)),
357 | 				'state': '{}'.format(snmp_ospf_state(ospf_neighbor_id,SNMP_COMMUNITY_STRING,argument_node))
358 | 			}
359 | 			ospf.append(ospf_data)
360 | 		print('+ .... neighbor {} [complete]'.format(ospf_neighbor_id))
361 | 
362 | 	return ospf 
363 | 
364 | 
365 | def snmp_ospf_area(ospf_neighbor_id,SNMP_COMMUNITY_STRING,argument_node):
366 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.14.2.1.1'.format(SNMP_COMMUNITY_STRING,argument_node),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
367 | 	oids = snmpwalk.stdout.read()
368 | 	oids = oids.decode().split('\n')
369 | 	while '' in oids:
370 | 		oids.remove('')
371 | 	for index in oids:
372 | 		if '' == index:
373 | 			ospf_area = 'null'
374 | 		else:
375 | 			ospf_area = index.split()[3]
376 | 
377 | 	return ospf_area
378 | 
379 | def snmp_ospf_priority(ospf_neighbor_id,SNMP_COMMUNITY_STRING,argument_node):
380 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.14.10.1.5.{}'.format(SNMP_COMMUNITY_STRING,argument_node,ospf_neighbor_id) + '.0',shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
381 | 	oids = snmpwalk.stdout.read()
382 | 	oids = oids.decode().split('\n')
383 | 	while '' in oids:
384 | 		oids.remove('')
385 | 	for index in oids:
386 | 		if '' == index:
387 | 			ospf_area = 'null'
388 | 		else:
389 | 			ospf_priority = index.split()[3]
390 | 
391 | 	return ospf_priority
392 | 
393 | def snmp_ospf_state(ospf_neighbor_id,SNMP_COMMUNITY_STRING,argument_node):
394 | 	ospf_state_index = {
395 | 		'1':'Down',
396 | 		'2':'Attempt',
397 | 		'3':'Init',
398 | 		'4':'2Way',
399 | 		'5':'ExchangeStart',
400 | 		'6':'Exchange',
401 | 		'7':'Loading',
402 | 		'8':'Full'
403 | 	}
404 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.14.10.1.6.{}'.format(SNMP_COMMUNITY_STRING,argument_node,ospf_neighbor_id) + '.0',shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
405 | 	oids = snmpwalk.stdout.read()
406 | 	oids = oids.decode().split('\n')
407 | 	while '' in oids:
408 | 		oids.remove('')
409 | 	for index in oids:
410 | 		if '' == index:
411 | 			return 'null'
412 | 		else:
413 | 			ospf_state = index.split()[3]
414 | 
415 | 	return ospf_state_index['{}'.format(ospf_state)]
416 | 
417 | """
418 | 	snmp_bgp() performs a recursive lookup on OIDs to extract data
419 | 	for certain attributes.
420 | """
421 | 
422 | def snmp_bgp(SNMP_COMMUNITY_STRING,argument_node):
423 | 	print('+ Discovering BGP data. ')
424 | 	bgp = []
425 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.15.3.1.7'.format(SNMP_COMMUNITY_STRING,argument_node),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
426 | 	oids = snmpwalk.stdout.read()
427 | 	oids = oids.decode().split('\n')
428 | 	for index in oids:
429 | 		if '' == index:
430 | 			break	
431 | 		elif 'No' in index:
432 | 			bgp_peer = '\'None\''
433 | 			bgp_data = {
434 | 				'peer': 'null',
435 | 				'remote_as': 'null'
436 | 			}
437 | 			bgp.append(bgp_data)
438 | 		else:
439 | 			bgp_peer = index.split()[3]
440 | 			bgp_data = {
441 | 				'peer': '{}'.format(bgp_peer),
442 | 				'remote_as': '{}'.format(snmp_bgp_remote_as(bgp_peer,SNMP_COMMUNITY_STRING,argument_node))
443 | 			}
444 | 			bgp.append(bgp_data)
445 | 		print('+ .... peer {} [complete]'.format(bgp_peer))
446 | 
447 | 	return bgp
448 | 
449 | def snmp_bgp_remote_as(bgp_peer,SNMP_COMMUNITY_STRING,argument_node):
450 | 	snmpwalk = subprocess.Popen('snmpwalk -v 2c -c {} {} 1.3.6.1.2.1.15.3.1.9.{}'.format(SNMP_COMMUNITY_STRING,argument_node,bgp_peer),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
451 | 	oids = snmpwalk.stdout.read()
452 | 	oids = oids.decode().split('\n')
453 | 	while '' in oids:
454 | 		oids.remove('')
455 | 	for index in oids:
456 | 		if '' == index:
457 | 			remote_as = 'null'
458 | 		else:
459 | 			remote_as = index.split()[3]
460 | 
461 | 	return remote_as
462 | 


--------------------------------------------------------------------------------
/snmp_helper.py:
--------------------------------------------------------------------------------
  1 | from __future__ import print_function
  2 | from pysnmp.entity.rfc3413.oneliner import cmdgen
  3 | 
  4 | 
  5 | def snmp_get_oid_v3(snmp_device, snmp_user, oid='.1.3.6.1.2.1.1.1.0', auth_proto='sha',
  6 |                     encrypt_proto='aes128', display_errors=True):
  7 |     '''
  8 |     Retrieve the given OID
  9 | 
 10 |     Default OID is MIB2, sysDescr
 11 | 
 12 |     snmp_device is a tuple = (name_or_IP, snmp_port)
 13 |     snmp_user is a tuple = (user_name, auth_key, encrypt_key)
 14 | 
 15 |     Defaults to SHA1-AES128 for authentication + encryption
 16 | 
 17 |     auth_proto can be 'sha' or 'md5' or 'none'
 18 |     encrypt_proto can be 'aes128', 'aes192', 'aes256', '3des', 'des', or 'none'
 19 | 
 20 | 
 21 |     From PySNMP manuals:  http://pysnmp.sourceforge.net/docs/current/security-configuration.html
 22 | 
 23 |     Optional authProtocol parameter may be used to specify non-default hash function algorithm.
 24 |     Possible values include:
 25 |     usmHMACMD5AuthProtocol -- MD5-based authentication protocol
 26 |     usmHMACSHAAuthProtocol -- SHA-based authentication protocol
 27 |     usmNoAuthProtocol -- no authentication to use (default)
 28 | 
 29 |     Optional privProtocol parameter may be used to specify non-default ciphering algorithm.
 30 |     Possible values include:
 31 |     usmDESPrivProtocol -- DES-based encryption protocol
 32 |     usmAesCfb128Protocol -- AES128-based encryption protocol (RFC3826)
 33 |     usm3DESEDEPrivProtocol -- triple DES-based encryption protocol (Extended Security Options)
 34 |     usmAesCfb192Protocol -- AES192-based encryption protocol (Extended Security Options)
 35 |     usmAesCfb256Protocol -- AES256-based encryption protocol (Extended Security Options)
 36 |     usmNoPrivProtocol -- no encryption to use (default)
 37 | 
 38 |     '''
 39 | 
 40 |     # unpack snmp_user
 41 |     a_user, auth_key, encrypt_key = snmp_user
 42 | 
 43 |     auth_proto_map = {
 44 |         'sha':  cmdgen.usmHMACSHAAuthProtocol,
 45 |         'md5':  cmdgen.usmHMACMD5AuthProtocol,
 46 |         'none': cmdgen.usmNoAuthProtocol
 47 |     }
 48 | 
 49 |     if auth_proto in auth_proto_map.keys():
 50 |         auth_protocol = auth_proto_map[auth_proto]
 51 |     else:
 52 |         raise ValueError("Invalid authentication protocol specified: %s" % auth_proto)
 53 | 
 54 |     encrypt_proto_map = {
 55 |         'des':      cmdgen.usmDESPrivProtocol,
 56 |         '3des':     cmdgen.usm3DESEDEPrivProtocol,
 57 |         'aes128':   cmdgen.usmAesCfb128Protocol,
 58 |         'aes192':   cmdgen.usmAesCfb192Protocol,
 59 |         'aes256':   cmdgen.usmAesCfb256Protocol,
 60 |         'none':     cmdgen.usmNoPrivProtocol,
 61 |     }
 62 | 
 63 |     if encrypt_proto in encrypt_proto_map.keys():
 64 |         encrypt_protocol = encrypt_proto_map[encrypt_proto]
 65 |     else:
 66 |         raise ValueError("Invalid encryption protocol specified: %s" % encrypt_proto)
 67 | 
 68 | 
 69 |     # Create a PYSNMP cmdgen object
 70 |     cmd_gen = cmdgen.CommandGenerator()
 71 | 
 72 |     (error_detected, error_status, error_index, snmp_data) = cmd_gen.getCmd(
 73 | 
 74 |         cmdgen.UsmUserData(a_user, auth_key, encrypt_key,
 75 |                            authProtocol=auth_protocol,
 76 |                            privProtocol=encrypt_protocol, ),
 77 |         cmdgen.UdpTransportTarget(snmp_device),
 78 |         oid,
 79 |         lookupNames=True, lookupValues=True
 80 |     )
 81 | 
 82 |     if not error_detected:
 83 |         return snmp_data
 84 |     else:
 85 |         if display_errors:
 86 |             print('ERROR DETECTED: ')
 87 |             print('    %-16s %-60s' % ('error_message', error_detected))
 88 |             print('    %-16s %-60s' % ('error_status', error_status))
 89 |             print('    %-16s %-60s' % ('error_index', error_index))
 90 |         return None
 91 | 
 92 | 
 93 | def snmp_get_oid(a_device, oid='.1.3.6.1.2.1.1.1.0', display_errors=False):
 94 |     '''
 95 |     Retrieve the given OID
 96 | 
 97 |     Default OID is MIB2, sysDescr
 98 | 
 99 |     a_device is a tuple = (a_host, community_string, snmp_port)
100 |     '''
101 | 
102 |     a_host, community_string, snmp_port = a_device
103 |     snmp_target = (a_host, snmp_port)
104 | 
105 |     # Create a PYSNMP cmdgen object
106 |     cmd_gen = cmdgen.CommandGenerator()
107 | 
108 |     (error_detected, error_status, error_index, snmp_data) = cmd_gen.getCmd(
109 |         cmdgen.CommunityData(community_string),
110 |         cmdgen.UdpTransportTarget(snmp_target),
111 |         oid,
112 |         lookupNames=True, lookupValues=True
113 |     )
114 | 
115 |     if not error_detected:
116 |         return snmp_data
117 |     else:
118 |         if display_errors:
119 |             print('ERROR DETECTED: ')
120 |             print('    %-16s %-60s' % ('error_message', error_detected))
121 |             print('    %-16s %-60s' % ('error_status', error_status))
122 |             print('    %-16s %-60s' % ('error_index', error_index))
123 |         return None
124 | 
125 | 
126 | def snmp_extract(snmp_data):
127 |     '''
128 |     Unwrap the SNMP response data and return in a readable format
129 | 
130 |     Assumes only a single list element is returned
131 |     '''
132 | 
133 |     if len(snmp_data) > 1:
134 |         raise ValueError("snmp_extract only allows a single element")
135 | 
136 |     if len(snmp_data) == 0:
137 |         return None
138 |     else:
139 |         # Unwrap the data which is returned as a tuple wrapped in a list
140 |         return snmp_data[0][1].prettyPrint()
141 | 


--------------------------------------------------------------------------------
/ssh_connect.py:
--------------------------------------------------------------------------------
 1 | """
 2 | 	This module provides ssh session for users.
 3 | """
 4 | from lib.objects.basenode import BaseNode
 5 | from processdb import process_nodes
 6 | from processdb import process_templates
 7 | from search import node_element
 8 | from search import search_node
 9 | from search import search_template 
10 | from node_create import node_create
11 | from multithread import multithread_engine
12 | from get_property import get_port
13 | import initialize
14 | import subprocess
15 | import os
16 | 
17 | def ssh_connect(args):
18 | 	argument_node = args.name
19 | 	auditcreeper = False
20 | 	commands = initialize.configuration
21 | 	username = os.environ.get('USERNAME')
22 | 	"""
23 | 		:param argument_node: Argument accepted as regular expression.
24 | 		:type augument_node: str
25 | 		
26 | 		:param auditcreeper: When auditcreeper is active/non-active.
27 | 		:type auditcreeper: bool
28 | 		
29 | 		:param commands: Referenced to global variable commands which keeps track of all commands per node.
30 | 		:type commands: list
31 | 		
32 | 		:param username: Pulled from environment variable.  
33 | 		:type ext: str
34 | 	"""
35 | 	node_object = process_nodes()
36 | 	match_node = search_node(argument_node,node_object)
37 | 	"""
38 | 		:param node_object: All node(s) in the database with all attributes.
39 | 		:type node_object: list
40 | 
41 | 		:param match_node: Nodes that matches the arguements passed in by user.
42 | 		:type match_node: list
43 | 	"""
44 | 	try:
45 | 		if len(match_node) == 0:
46 | 			print('+ No matching nodes found in database.')
47 | 			print('')
48 | 		else:
49 | 			node_element(match_node,node_object)
50 | 			id = 1
51 | 			ssh_id = 0
52 | 			print('{} {: >27} {: >28} {: >26}'.format('id','name','address','platform'))
53 | 			for index in initialize.element:
54 | 				print('{id: {align}{space}} {name: {align}{space}} {mgmt_ip4: {align}{space}} {platform_name: {align}{space}}'.format(id = id,name = node_object[index]['name'],mgmt_ip4 = node_object[index]['mgmt_ip4'],platform_name = node_object[index]['hardware_vendor'],align = '<',space = 25))
55 | 				id = id + 1
56 | 			port = get_port(node_object,initialize.element,ssh_id)
57 | 			try:
58 | 				if(len(initialize.element) == 1):
59 | 					try:
60 | 						subprocess.call('ssh admin@{} -p {}'.format(node_object[initialize.element[ssh_id]]['mgmt_ip4'],port), shell=True)
61 | 					except KeyboardInterrupt as error:
62 | 						print('Terminating...')
63 | 				else:
64 | 					try:
65 | 						ssh_id = int(input('Enter ID to SSH to: '))
66 | 						ssh_id = ssh_id - 1
67 | 						if ssh_id + 1 < 1:
68 | 							print('IndexError: incorrect connection id')
69 | 					except KeyboardInterrupt as error:
70 | 						print('')
71 | 						print('Terminating...')
72 | 					else:
73 | 						port = get_port(node_object,initialize.element,ssh_id)
74 | 						subprocess.call('ssh admin@{} -p {}'.format(node_object[initialize.element[ssh_id]]['mgmt_ip4'],port), shell=True)
75 | 			except IndexError:
76 | 				print('IndexError: incorrect connection id')
77 | 	except ValueError as error:
78 | 		print('ValueError: expected an integer')
79 | 


--------------------------------------------------------------------------------
/superloop.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | """ 
  3 | 	Main executable file for superloop. A symbolic link should be created as a global command for ease of use.	
  4 | """
  5 | import sys
  6 | import argparse
  7 | import initialize
  8 | import os
  9 | from auditdiff import auditdiff
 10 | from pull_cfgs import pull_cfgs
 11 | from push_cfgs import push_cfgs
 12 | from push_local import push_local
 13 | from push_acl import push_acl
 14 | from push_regex import push_regex
 15 | from push_render import push_render 
 16 | from exec_cmd import exec_cmd 
 17 | from ssh_connect import ssh_connect
 18 | from modifydb import append
 19 | from modifydb import discover 
 20 | from modifydb import remove 
 21 | from modifydb import update 
 22 | from node_list import node_list
 23 | 
 24 | sys.path.append('/usr/local/superloop')
 25 | 
 26 | def main():
 27 | #	try:
 28 | 	initialize.variables()
 29 | 	parser = argparse.ArgumentParser()
 30 | 	subparsers = parser.add_subparsers()
 31 | 
 32 | #	acl_cmd = subparsers.add_parser('acl')
 33 | #	acl_subparsers = acl_cmd.add_subparsers(dest='parser_acl')
 34 | #	acl_render_cmd = acl_subparsers.add_parser('render')
 35 | #	acl_render_cmd.set_defaults(func=render_acl)
 36 | #	acl_render_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
 37 | 
 38 | 
 39 | 	audit_cmd = subparsers.add_parser('audit')
 40 | 	audit_subparser = audit_cmd.add_subparsers(dest='parser_audit')
 41 | 	audit_diff_cmd = audit_subparser.add_parser('diff')
 42 | 	audit_diff_cmd.set_defaults(func=auditdiff)
 43 | 	audit_diff_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.' )
 44 | 	audit_diff_cmd.add_argument('-f','--file', dest='file', help='Specify template file to audit against [exclude *.jinja2 extension].')
 45 | 	audit_diff_cmd.add_argument('-p','--policy', dest='policy', help='Specify policy file to audit against [exclude *.json extension].')
 46 | 
 47 | 	pull_cmd = subparsers.add_parser('pull')
 48 | 	pull_subparsers = pull_cmd.add_subparsers(dest='parser_pull')
 49 | 	pull_cfgs_cmd = pull_subparsers.add_parser('cfgs')
 50 | 	pull_cfgs_cmd.set_defaults(func=pull_cfgs)
 51 | 	pull_cfgs_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
 52 | 	pull_cfgs_cmd.add_argument('-c','--confirm', dest='confirm', help='Skip confirmation [default is True].')
 53 | 
 54 | 	push_cmd = subparsers.add_parser('push')
 55 | 	push_subparsers = push_cmd.add_subparsers(dest='parser_push')
 56 | 	push_acl_cmd = push_subparsers.add_parser('acl')
 57 | 	push_acl_cmd.set_defaults(func=push_acl)
 58 | 	push_acl_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
 59 | 	push_acl_cmd.add_argument('-c','--confirm', dest='confirm', help='Skip confirmation [default is True].')
 60 | 	push_regex_cmd = push_subparsers.add_parser('regex')
 61 | 	push_regex_cmd.set_defaults(func=push_regex)
 62 | 	push_regex_cmd.add_argument('regex', help='Specify regular expression to test/match against nodes.')
 63 | 	push_render_cmd = push_subparsers.add_parser('render')
 64 | 	push_render_cmd.set_defaults(func=push_render)
 65 | 	push_render_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
 66 | 	push_render_cmd.add_argument('-f','--file', dest='file', help='Specify template file to audit against [exclude *.jinja2 extension].')
 67 | 	push_render_cmd.add_argument('-p','--policy', dest='policy', help='Specify policy file to audit against [exclude *.json extension].')
 68 | 	push_cfgs_cmd = push_subparsers.add_parser('cfgs')
 69 | 	push_cfgs_cmd.set_defaults(func=push_cfgs)
 70 | 	push_cfgs_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
 71 | 	push_cfgs_cmd.add_argument('-f','--file', dest='file', help='Specify template file to audit against [exclude *.jinja2 extension].')
 72 | 	push_cfgs_cmd.add_argument('-c','--confirm', dest='confirm', help='Skip confirmation [default is True].')
 73 | 	push_local_cmd = push_subparsers.add_parser('local')
 74 | 	push_local_cmd.set_defaults(func=push_local)
 75 | 	push_local_cmd.add_argument('filename', help='Specify local filename to be pushed.')
 76 | 	push_local_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
 77 | 	
 78 | 	ssh_cmd = subparsers.add_parser('ssh')
 79 | 	ssh_cmd.set_defaults(func=ssh_connect)
 80 | 	ssh_cmd.add_argument('name', help='Specify name(s) to match against. Accepts regular expressions.')
 81 | 
 82 | 	host_cmd= subparsers.add_parser('host')
 83 | 	host_subparsers = host_cmd.add_subparsers(dest='parser_host')
 84 | 	host_add_cmd = host_subparsers.add_parser('add', help='Add node to database')
 85 | 	host_add_cmd.set_defaults(func=append)
 86 | 	host_add_cmd.add_argument('node', help='Specify IP address of host')
 87 | 	host_discover_cmd = host_subparsers.add_parser('discover', help='Re-discover existing node from database')
 88 | 	host_discover_cmd.set_defaults(func=discover)
 89 | 	host_discover_cmd.add_argument('node', help='Specify FQDN or IP address of host')
 90 | 	host_remove_cmd = host_subparsers.add_parser('remove', help='Remove node from database')
 91 | 	host_remove_cmd.set_defaults(func=remove)
 92 | 	host_remove_cmd.add_argument('node')
 93 | 	host_update_cmd = host_subparsers.add_parser('update', help='Update node attribute in database')
 94 | 	host_update_cmd.set_defaults(func=update)
 95 | 	host_update_cmd.add_argument('node')
 96 | 	host_update_cmd.add_argument('-a','--attribute', dest='attribute', help='Specify the attribute that requires updating')
 97 | 	host_update_cmd.add_argument('-am','--amend', dest='amend', help='The value that is being amended')
 98 | 	host_exec_cmd = host_subparsers.add_parser('exec')
 99 | 	host_exec_cmd.set_defaults(func=exec_cmd)
100 | 	host_exec_cmd.add_argument('command', help='Specify command to execute on device')
101 | 	host_exec_cmd.add_argument('-n','--node', dest='node', help='Specify node(s) to match against. Accepts regular expressions.')
102 | 
103 | 	node_cmd= subparsers.add_parser('node')
104 | 	node_subparsers = node_cmd.add_subparsers(dest='parser_node')
105 | 	node_list_cmd = node_subparsers.add_parser('list')
106 | 	node_list_cmd.set_defaults(func=node_list)
107 | 	node_list_cmd.add_argument('name', help='Specify name(s) to match again. Accepts regular expressions.')
108 | 	node_list_cmd.add_argument('-e','--extended', dest='attribute', help='Specify extended option for additional attributes. {ports|protocols}')
109 | 
110 | 	args = parser.parse_args()
111 | 	args.func(args)
112 | #	except AttributeError as error:
113 | #			print('Please check help menu for further operations; superloop --help')
114 | 
115 | if __name__ == '__main__':
116 |     main()
117 | 


--------------------------------------------------------------------------------