1- import os
2- import time
3-
4- import sys
5-
6- from importing .import_objects import import_objects , add_tag_to_object_payload
7- from utils import debug_log , generate_import_error_report , count_global_layers , compare_versions
8-
9-
10- def import_package (client , args ):
11-
12- if not os .path .isfile (args .file ):
13- debug_log ("No file named " + args .file + " found!" , True , True )
14- sys .exit (1 )
15-
16- timestamp = time .strftime ("%Y_%m_%d_%H_%M" )
17-
18- if not args .name :
19- try :
20- package = '__' .join (args .file .split ('__' )[2 :- 1 ])
21- except (KeyError , ValueError ):
22- package = "Imported_Package_" + timestamp
23- else :
24- package = args .name
25-
26- if len (package ) == 0 :
27- debug_log ("A package name for import was not provided!" , True , True )
28- sys .exit (1 )
29-
30- debug_log ("Checking if package already exists..." )
31- show_package = client .api_call ("show-package" , {"name" : package , "details-level" : "full" })
32- if "code" in show_package .data and "not_found" in show_package .data ["code" ]:
33- debug_log ("Creating a Policy Package named [" + package + "]" , True )
34- package_payload = {"name" : package , "access" : True , "threat-prevention" : True }
35- if args .tag_objects_on_import != "" :
36- add_tag_to_object_payload (args .tag_objects_on_import , package_payload , "package" , client )
37- client .api_call ("add-package" , package_payload )
38- client .api_call ("publish" , wait_for_task = True )
39- else :
40- if not args .force :
41- print ("A package named " + package + " already exists. Are you sure you want to import?" )
42- print ("1.Yes" )
43- print ("2.No" )
44- choice = ""
45- chosen = False
46- while not chosen :
47- choice = input ()
48- if choice not in "1" , "2" ]:
49- print ("Please enter either '1' or '2'" )
50- else :
51- chosen = True
52- if choice == '2' :
53- exit (0 )
54-
55- debug_log ("Importing general objects" , True )
56- machine_version = client .api_version
57- layers_to_attach = import_objects (args .file , client , {}, package , None , args )
58-
59- num_global_access , num_global_threat = count_global_layers (client , package )
60-
61- access_layer_position = num_global_access + 1
62- threat_layer_position = num_global_threat + 3
63-
64- access_layers = []
65- threat_layers = []
66-
67- for access_layer in layers_to_attach ["access" ]:
68- access_layers .append ({"name" : access_layer , "position" : access_layer_position })
69- access_layer_position += 1
70-
71- for threat_layer in layers_to_attach ["threat" ]:
72- threat_layers .append ({"name" : threat_layer , "position" : threat_layer_position })
73- threat_layer_position += 1
74-
75- set_package_payload = {"name" : package , "access-layers" : {"add" : access_layers },
76- "threat-layers" : {"add" : threat_layers }}
77-
78- if "https" in layers_to_attach :
79- # If the imported package's version < 2
80- if compare_versions (client .api_version , '2' ) == - 1 :
81- outbound_layer_name = layers_to_attach ["https" ][0 ]
82- # If the version of the machine importing the package < 2
83- if compare_versions (machine_version , '2' ) == - 1 :
84- set_package_payload ["https-layer" ] = outbound_layer_name
85-
86- else :
87- inbound_layer_name = layers_to_attach ["https" ][0 ]
88- outbound_layer_name = layers_to_attach ["https" ][1 ]
89- set_package_payload ["https-inspection-layers" ] = {"inbound-https-layer" : inbound_layer_name ,
90- "outbound-https-layer" : outbound_layer_name }
91-
92- # Remove default 'Predefined Rule'
93- https_rulebase_reply = client .api_call ("show-https-rulebase" ,
94- {"name" : outbound_layer_name , "details-level" : "uid" })
95- if https_rulebase_reply .success and "total" in https_rulebase_reply .data :
96- last_rule_number = int (https_rulebase_reply .data ["total" ])
97- if last_rule_number > 1 :
98- delete_https_rule = client .api_call ("delete-https-rule" ,
99- {"rule-number" : last_rule_number , "layer" : outbound_layer_name })
100- if not delete_https_rule .success :
101- debug_log ("Failed to remove default Predefined Rule in https layer [" + outbound_layer_name + "]" ,
102- True , True )
103-
104- debug_log ("Attaching layers to package" )
105- layer_attachment_reply = client .api_call ("set-package" , set_package_payload )
106- if not layer_attachment_reply .success :
107- debug_log ("Failed to attach layers to package! "
108- "Error: " + layer_attachment_reply .error_message + ". Import operation aborted." , True , True )
109- publish_reply = client .api_call ("publish" , wait_for_task = True )
110- if not publish_reply .success :
111- debug_log ("Failed to attach layers to package! "
112- "Error: " + publish_reply .error_message + ". Import operation aborted." , True , True )
113- sys .exit (1 )
114-
1+ import os
2+ import time
3+
4+ import sys
5+
6+ from importing .import_objects import import_objects , add_tag_to_object_payload
7+ from utils import debug_log , generate_import_error_report , count_global_layers , compare_versions
8+
9+
10+ def import_package (client , args ):
11+
12+ if not os .path .isfile (args .file ):
13+ debug_log ("No file named " + args .file + " found!" , True , True )
14+ sys .exit (1 )
15+
16+ timestamp = time .strftime ("%Y_%m_%d_%H_%M" )
17+
18+ if not args .name :
19+ try :
20+ package = '__' .join (args .file .split ('__' )[2 :- 1 ])
21+ except (KeyError , ValueError ):
22+ package = "Imported_Package_" + timestamp
23+ else :
24+ package = args .name
25+
26+ if len (package ) == 0 :
27+ debug_log ("A package name for import was not provided!" , True , True )
28+ sys .exit (1 )
29+
30+ debug_log ("Checking if package already exists..." )
31+ show_package = client .api_call ("show-package" , {"name" : package , "details-level" : "full" })
32+ if "code" in show_package .data and "not_found" in show_package .data ["code" ]:
33+ debug_log ("Creating a Policy Package named [" + package + "]" , True )
34+ package_payload = {"name" : package , "access" : True , "threat-prevention" : True }
35+ if args .tag_objects_on_import != "" :
36+ add_tag_to_object_payload (args .tag_objects_on_import , package_payload , "package" , client )
37+ client .api_call ("add-package" , package_payload )
38+ client .api_call ("publish" , wait_for_task = True )
39+ else :
40+ if not args .force :
41+ print ("A package named " + package + " already exists. Are you sure you want to import?" )
42+ print ("1.Yes" )
43+ print ("2.No" )
44+ choice = ""
45+ chosen = False
46+ while not chosen :
47+ choice = input ()
48+ if choice not in "1" , "2" ]:
49+ print ("Please enter either '1' or '2'" )
50+ else :
51+ chosen = True
52+ if choice == '2' :
53+ exit (0 )
54+
55+ debug_log ("Importing general objects" , True )
56+ machine_version = client .api_version
57+ layers_to_attach = import_objects (args .file , client , {}, package , None , args )
58+
59+ num_global_access , num_global_threat = count_global_layers (client , package )
60+
61+ access_layer_position = num_global_access + 1
62+ threat_layer_position = num_global_threat + 3
63+
64+ access_layers = []
65+ threat_layers = []
66+
67+ for access_layer in layers_to_attach ["access" ]:
68+ access_layers .append ({"name" : access_layer , "position" : access_layer_position })
69+ access_layer_position += 1
70+
71+ for threat_layer in layers_to_attach ["threat" ]:
72+ threat_layers .append ({"name" : threat_layer , "position" : threat_layer_position })
73+ threat_layer_position += 1
74+
75+ set_package_payload = {"name" : package , "access-layers" : {"add" : access_layers },
76+ "threat-layers" : {"add" : threat_layers }}
77+
78+ if "https" in layers_to_attach and len ( layers_to_attach [ "https" ]) > 0 :
79+ # If the imported package's version < 2
80+ if compare_versions (client .api_version , '2' ) == - 1 :
81+ outbound_layer_name = layers_to_attach ["https" ][0 ]
82+ # If the version of the machine importing the package < 2
83+ if compare_versions (machine_version , '2' ) == - 1 :
84+ set_package_payload ["https-layer" ] = outbound_layer_name
85+
86+ else :
87+ inbound_layer_name = layers_to_attach ["https" ][0 ]
88+ outbound_layer_name = layers_to_attach ["https" ][1 ]
89+ set_package_payload ["https-inspection-layers" ] = {"inbound-https-layer" : inbound_layer_name ,
90+ "outbound-https-layer" : outbound_layer_name }
91+
92+ # Remove default 'Predefined Rule'
93+ https_rulebase_reply = client .api_call ("show-https-rulebase" ,
94+ {"name" : outbound_layer_name , "details-level" : "uid" })
95+ if https_rulebase_reply .success and "total" in https_rulebase_reply .data :
96+ last_rule_number = int (https_rulebase_reply .data ["total" ])
97+ if last_rule_number > 1 :
98+ delete_https_rule = client .api_call ("delete-https-rule" ,
99+ {"rule-number" : last_rule_number , "layer" : outbound_layer_name })
100+ if not delete_https_rule .success :
101+ debug_log ("Failed to remove default Predefined Rule in https layer [" + outbound_layer_name + "]" ,
102+ True , True )
103+
104+ debug_log ("Attaching layers to package" )
105+ layer_attachment_reply = client .api_call ("set-package" , set_package_payload )
106+ if not layer_attachment_reply .success :
107+ debug_log ("Failed to attach layers to package! "
108+ "Error: " + layer_attachment_reply .error_message + ". Import operation aborted." , True , True )
109+ publish_reply = client .api_call ("publish" , wait_for_task = True )
110+ if not publish_reply .success :
111+ debug_log ("Failed to attach layers to package! "
112+ "Error: " + publish_reply .error_message + ". Import operation aborted." , True , True )
113+ sys .exit (1 )
114+
115115 generate_import_error_report ()
0 commit comments