-
Notifications
You must be signed in to change notification settings - Fork 1
/
maintenance-python2.py
executable file
·120 lines (88 loc) · 3.34 KB
/
maintenance-python2.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/usr/bin/env python2
# coding=utf-8
"""
version 1.0
Script to activate maintenance page on a WAF mapping
"""
import urllib2
import ssl
import json
import os
import sys
from argparse import ArgumentParser
from cookielib import CookieJar
from signal import *
API_KEY_FILE = "./api_key"
parser = ArgumentParser(add_help=False)
parser.add_argument("-h", dest="host", metavar="<WAF hostname>",
required=True, help="Alrock WAF hostname")
parser.add_argument("-m", dest="mapping", metavar="<mapping name>",
required=True, help="Logical name of the WAF mapping")
parser.add_argument("-a", choices=['enable', 'disable'], dest="action",
required=True, help="Enable or disable maintenance page")
args = parser.parse_args()
TARGET_WAF = "https://{}".format(args.host)
CONFIG_COMMENT = "Script: set maintenance page "\
"for mapping {} to {}".format(args.mapping, args.action)
api_key = open(API_KEY_FILE, 'r').read().strip()
DEFAULT_HEADERS = {"Accept": "application/json",
"Content-Type": "application/json",
"Authorization": "Bearer {}".format(api_key)}
# we need a cookie store
cj = CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
# if you have configured an invalid SSL cert on the WAF management interface
if (not os.environ.get('PYTHONHTTPSVERIFY', '') and
getattr(ssl, '_create_unverified_context', None)):
ssl._create_default_https_context = ssl._create_unverified_context
# method to send REST calls
def send_request(method, path, body={}):
req = urllib2.Request(TARGET_WAF + "/airlock/rest/" + path,
body, DEFAULT_HEADERS)
req.get_method = lambda: method
r = opener.open(req)
return r.read()
def terminate_and_exit(text):
send_request("POST", "session/terminate")
sys.exit(text)
# create session
send_request("POST", "session/create")
# signal handler
def cleanup(signum, frame):
terminate_and_exit("Terminate session")
for sig in (SIGABRT, SIGILL, SIGINT, SIGSEGV, SIGTERM):
signal(sig, cleanup)
# get active config id
resp = json.loads(send_request("GET", "configuration/configurations"))
id = [x["id"] for x in resp["data"]
if(x['attributes']["configType"] == "CURRENTLY_ACTIVE")][0]
# load active config
send_request("POST", "configuration/configurations/{}/load".format(id))
# get all mappings
resp = json.loads(send_request("GET", "configuration/mappings"))
# get mapping with correct name
m_ids = [x['id'] for x in resp['data']
if(x['attributes']['name'] == args.mapping)]
if not m_ids:
terminate_and_exit("Mapping '{}' not found".format(args.mapping))
else:
mapping_id = m_ids[0]
enable_maintenance_page = "true" if args.action == "enable" else "false"
data = {
"data": {
"attributes": {
"enableMaintenancePage": enable_maintenance_page
},
"id": mapping_id,
"type": "mapping"
}
}
# patch the config
send_request("PATCH", "configuration/mappings/{}"
.format(mapping_id), json.dumps(data))
data = {"comment": CONFIG_COMMENT}
# save config
# send_request("POST", "configuration/configurations/save", json.dumps(data))
# activate config
send_request("POST", "configuration/configurations/activate", json.dumps(data))
terminate_and_exit(0)