Giter VIP home page Giter VIP logo

prismasdwan_policy_config's Introduction

prismasdwan_policy_config

Scripts for Prisma SD-WAN policy management. The policy management scripts are a set of 4 scripts that can be used to manage Prisma SD-WAN policies and the resources that make up the policy rules.

Prisma SD-WAN policy rules are reference resources such as applications, prefix filters, security zones, circuit labels, service and DC groups, etc. These resources can be entirely managed using the pull_resources.py and push_resources.py scripts.

The scripts pull_resources.py and push_resources.py can be used to:

  • Take backup of existing resources viz. custom apps, prefix filters, security zones, service and DC groups, circuit labels, etc.
  • Create, update and delete resources viz. custom apps, prefix filters, security zones, service and DC groups, circuit labels, etc.

Once the resources are in the desired state, the pull_policy.py and push_policy.py scripts can be used for policy management viz. stacks, sets and rules.

The scripts pull_policy.py and push_policy.py can be used to:

  • Take backup of existing policy rules, sets and stacks
  • Create, update and delete policy rules, sets and stacks

Important Note (Please read before using this utility!!!):

When using push_resources.py or push_policy.py, please note that the YAML file acts as the source of truth. The configuration state in the YAML will be replicated on the controller. What that means is:

  • If a configuration object exists in the YAML but not on the controller, the configuration object will be created on the controller.
  • If a configuration object exists on the contorller but not in the YAML, the configuration object will be deleted from the controller.
  • If a configuration object exists both in the YAML and on the contorller, the configuration object will be updated on the controller to the values defined in the YAML file.

Partial Resource Management: This script can also be used to create a subset of the resources. Once a coniguration YAML is generated using pull_resources.py, for resource object you don't intend to manage, delete the resource section including the resource key from the YAML file and only retain the resource section you intend to manage.

It is important to take the resource object key out, else the utility assumes no resource object exists for the given resource key and any configuration present on the controller will be deleted.

Please contact the author of this script if you have any questions or concerns for partial resource management.

Requirements

License

MIT

Installation:

  • Github: Download files to a local directory, manually run the scripts

Usage:

Resource Management

Pull resource configuration into YAML file:

./pull_resource.py

Push resource updates to the Prisma SD-WAN Controller

./push_resources.py -F <yaml file name>

Path Policy Management

Pull Path Policy configuration into YAML:

./pull_policy.py -PT path

Push Path Policy configuration to Prisma SD-WAN Controlelr:

./push_policy.py -PT path -F <yaml config file>

QoS Policy Management

Pull QoS Policy configuration into YAML:

./pull_policy.py -PT qos

Push QoS Policy configuration to Prisma SD-WAN Controlelr:

./push_policy.py -PT qos -F <yaml config file>

NAT Policy Management

Pull NAT Policy configuration into YAML:

./pull_policy.py -PT nat

Push NAT Policy configuration to Prisma SD-WAN Controlelr:

./push_policy.py -PT nat -F <yaml config file>

Security Policy Management

Pull Security Policy configuration into YAML:

./pull_policy.py -PT security

Push Security Policy configuration to Prisma SD-WAN Controlelr:

./push_policy.py -PT security -F <yaml config file>

Download ALL Policies

Pull ALL Policy configuration into a single YAML file:

./pull_policy.py -PT all --output allpolicyconfig.yml

Pull ALL Policy configuration into a separate YAML files:

./pull_policy.py -PT all

Help Text:

pull_resources.py

(base) Tanushree's Macbook Pro:policy_config tkamath$ ./pull_resources.py -h
usage: pull_resources.py [-h] [--controller CONTROLLER] [--output OUTPUT]

Policy Tool: Pull Resources.

optional arguments:
  -h, --help            show this help message and exit

API:
  These options change how this program connects to the API.

  --controller CONTROLLER, -C CONTROLLER
                        Controller URI, ex. C-Prod: https://api.elcapitan.cloudgenix.com

Resource Properties:
  Information shared here will be used to query resources

  --output OUTPUT       Output file name
(base) Tanushree's Macbook Pro:policy_config tkamath$

push_resources.py

(base)Tanushree's Macbook Pro:policy_config tkamath$ ./push_resources.py -h
usage: push_resources.py [-h] [--controller CONTROLLER] [--filename FILENAME]

Policy Tool: Push Resources.

optional arguments:
  -h, --help            show this help message and exit

API:
  These options change how this program connects to the API.

  --controller CONTROLLER, -C CONTROLLER
                        Controller URI, ex. C-Prod: https://api.elcapitan.cloudgenix.com

Resource Properties:
  Information shared here will be used to configure resources

  --filename FILENAME, -F FILENAME
                        File name. Provide the entire path
(base)Tanushree's Macbook Pro:policy_config tkamath$

pull_policy.py

(base)Tanushree's Macbook Pro:policy_config tkamath$ ./pull_policy.py -h
usage: pull_policy.py [-h] [--controller CONTROLLER] [--policytype POLICYTYPE] [--output OUTPUT]

Policy Tool: Pull Policy.

optional arguments:
  -h, --help            show this help message and exit

API:
  These options change how this program connects to the API.

  --controller CONTROLLER, -C CONTROLLER
                        Controller URI, ex. C-Prod: https://api.elcapitan.cloudgenix.com

Policy Properties:
  Information shared here will be used to query policies

  --policytype POLICYTYPE, -PT POLICYTYPE
                        Policy Type. Allowed values: path, qos, nat, security, all
  --output OUTPUT       Output file name
(base)Tanushree's Macbook Pro:policy_config tkamath$

push_policy.py

(base)Tanushree's Macbook Pro:policy_config tkamath$ ./push_policy.py -h
usage: push_policy.py [-h] [--controller CONTROLLER] [--policytype POLICYTYPE] [--filename FILENAME]

Policy Tool: Push Policy.

optional arguments:
  -h, --help            show this help message and exit

API:
  These options change how this program connects to the API.

  --controller CONTROLLER, -C CONTROLLER
                        Controller URI, ex. C-Prod: https://api.elcapitan.cloudgenix.com

Policy Properties:
  Information shared here will be used to query policies

  --policytype POLICYTYPE, -PT POLICYTYPE
                        Policy Type. Allowed values: path, qos, nat, security, all
  --filename FILENAME, -F FILENAME
                        File name. Provide the entire path
(base)Tanushree's Macbook Pro:policy_config tkamath$

Version

Version Build Changes
1.0.0 b4 Bug fix for git issue#3
1.0.0 b3 Bug fixes for git issue #1 and #2. Added fix to manage customapps
1.0.0 b2 Added support for all policy types. Bug fixes
1.0.0 b1 Initial Release

prismasdwan_policy_config's People

Contributors

ktanushree avatar

Stargazers

avatar Richard Gallagher avatar

Watchers

Richard Gallagher avatar avatar avatar

Forkers

malladhiraj

prismasdwan_policy_config's Issues

Running ./pull_policy.py for any such (path, Qos, security) getting error

Running ./pull_policy.py for any such (path, qos, nat security) getting error

(prismasdwan_policy_config) root@ubuntuserver:/home/ubuntu/Hemant/katanushree_policysdwan/orangeshop_sdwan/prismasdwan_policy_config# ./pull_policy.py -PT all --output allpolicyconfig.yml
INFO: Building translation dicts
Traceback (most recent call last):
File "./pull_policy.py", line 2209, in
go()
File "./pull_policy.py", line 2186, in go
pull_policy_path(cgx_session=cgx_session, config_file=filename, reset_config=False)
File "./pull_policy.py", line 1862, in pull_policy_path
CONFIG[NETWORK_POLICY_STACKS] = [{stackname: stack_name_config[stackname]} for stackname in
UnboundLocalError: local variable 'CONFIG' referenced before assignment

(prismasdwan_policy_config) root@ubuntuserver:/home/ubuntu/Hemant/katanushree_policysdwan/orangeshop_sdwan/prismasdwan_policy_config# ./pull_policy.py -PT qos
INFO: Building translation dicts
Traceback (most recent call last):
File "./pull_policy.py", line 2209, in
go()
File "./pull_policy.py", line 2170, in go
pull_policy_qos(cgx_session=cgx_session, config_file=filename, reset_config=False)
File "./pull_policy.py", line 1920, in pull_policy_qos
CONFIG[PRIORITY_POLICY_STACKS] = [{stackname: stack_name_config[stackname]} for stackname in
UnboundLocalError: local variable 'CONFIG' referenced before assignment

(prismasdwan_policy_config) root@ubuntuserver:/home/ubuntu/Hemant/katanushree_policysdwan/orangeshop_sdwan/prismasdwan_policy_config# ./pull_policy.py -PT security
INFO: Building translation dicts
Traceback (most recent call last):
File "./pull_policy.py", line 2209, in
go()
File "./pull_policy.py", line 2180, in go
pull_policy_security(cgx_session=cgx_session, config_file=filename, reset_config=False)
File "./pull_policy.py", line 2039, in pull_policy_security
CONFIG[SECURITY_POLICY_STACKS] = [{stackname: stack_name_config[stackname]} for stackname in
UnboundLocalError: local variable 'CONFIG' referenced before assignment

(prismasdwan_policy_config) root@ubuntuserver:/home/ubuntu/Hemant/katanushree_policysdwan/orangeshop_sdwan/prismasdwan_policy_config# ./pull_policy.py -PT nat
INFO: Building translation dicts
Traceback (most recent call last):
File "./pull_policy.py", line 2209, in
go()
File "./pull_policy.py", line 2175, in go
pull_policy_nat(cgx_session=cgx_session, config_file=filename, reset_config=False)
File "./pull_policy.py", line 1979, in pull_policy_nat
CONFIG[NAT_POLICY_STACKS] = [{stackname: stack_name_config[stackname]} for stackname in stack_name_config.keys()]
UnboundLocalError: local variable 'CONFIG' referenced before assignment

pull_config.py: Missing required arguments when calling "pull" functions under go() function

The following functions require an argument called reset_config pull_policy_path, pull_policy_qos, pull_policy_security, pull_policy_nat, but under the go() function starting at line 2160 these functions are called without the required argument, producing the error below:

$ python3 pull_policy.py -PT path --output production_policy.yml
INFO: Building translation dicts
Traceback (most recent call last):
  File "/home/ec2-user/prismasdwan_policy_config/pull_policy.py", line 2207, in <module>
    go()
  File "/home/ec2-user/prismasdwan_policy_config/pull_policy.py", line 2163, in go
    pull_policy_path(cgx_session=cgx_session, config_file=filename)
TypeError: pull_policy_path() missing 1 required positional argument: 'reset_config'

Globalisation issue in pull_config.py

When running the following script I got the corresponding error:

$ python3 pull_policy.py -PT path --output production_path_policy.yml
INFO: Building translation dicts
Traceback (most recent call last):
  File "/home/ec2-user/prismasdwan_policy_config/pull_policy.py", line 2207, in <module>
    go()
  File "/home/ec2-user/prismasdwan_policy_config/pull_policy.py", line 2163, in go
    pull_policy_path(cgx_session=cgx_session, config_file=filename, reset_config=False)
  File "/home/ec2-user/prismasdwan_policy_config/pull_policy.py", line 1863, in pull_policy_path
    CONFIG[NETWORK_POLICY_STACKS] = [{stackname: stack_name_config[stackname]} for stackname in
UnboundLocalError: local variable 'CONFIG' referenced before assignment

I was able to fix this in my local repo by adding "global CONFIG" so that the pull_policy_path function is able to write to the CONFIG variable. The same issue can be observed in the other functions (pull_policy_qos, pull_policy_security, pull_policy_nat) because global isn't declared before trying to write to CONFIG which is declared outside the scope of the function.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.