-
Notifications
You must be signed in to change notification settings - Fork 35
/
f5-awaf-export-policies.py
121 lines (88 loc) · 3.98 KB
/
f5-awaf-export-policies.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
import requests
import json
import urllib3
import argparse
import sys
if sys.version_info < (3, 5):
print('Please upgrade your Python version to 3.5 or higher')
sys.exit(1)
def export_awaf_policies(device,username,password,format,output):
if not(format == "xml" or format == "json" or format == "plc"):
print("ERROR: invalid format specified", file=sys.stderr)
sys.exit(1)
session = requests.Session()
session.verify=False
session.auth = (username,password)
#get all awaf policies
try:
req = session.get("https://%s/mgmt/tm/asm/policies?$select=name,id,fullPath,link" % device)
req.raise_for_status()
except requests.exceptions.RequestException as error:
print("ERROR: %s" % error, file=sys.stderr)
sys.exit(1)
awaf_policies = req.json()['items']
for policy in awaf_policies:
filename = policy['fullPath'][1:].replace("/","-") + "." + format
data = {}
data['filename'] = filename
if format == "plc":
data['format'] = "binary"
else:
data['format'] = format
data['policyReference'] = {}
data['policyReference']['link'] = policy['selfLink']
#export awaf policy
try:
req = session.post("https://%s/mgmt/tm/asm/tasks/export-policy" % device, json=data)
req.raise_for_status()
except requests.exceptions.RequestException as error:
print("ERROR: %s" % error, file=sys.stderr)
sys.exit(1)
task_link = req.json()['selfLink'].replace("localhost",device)
#wait for the export task finished
while True:
try:
req = session.get(task_link)
req.raise_for_status()
except requests.exceptions.RequestException as error:
print("ERROR: %s" % error, file=sys.stderr)
sys.exit(1)
task_status = req.json()['status']
if task_status == "COMPLETED":
task_message = req.json()['result']['message']
break
#if the policy was successfully exported, save in the file
if "was successfully exported" in task_message:
try:
req = session.get("https://%s/mgmt/tm/asm/file-transfer/downloads/%s" % (device,filename))
req.raise_for_status()
except requests.exceptions.RequestException as error:
print("ERROR: %s" % error, file=sys.stderr)
sys.exit(1)
filepath = "%s/%s" % (output,filename)
if format == "json" or format == "xml":
exportedPolicy = open(filepath, "w")
else:
exportedPolicy = open(filepath, "wb")
if format == "json":
exportedPolicy.write(json.dumps(req.json(), indent=2, sort_keys=True))
elif format == "xml":
exportedPolicy.write(str(req.text))
else:
exportedPolicy.write(req.content)
exportedPolicy.close()
print("AWAF Policy %s saved to file %s." % (policy["fullPath"], filepath))
else:
print("ERROR: failed to export AWAF Policy %s" % policy["fullPath"], file=sys.stderr)
def main():
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
parser = argparse.ArgumentParser(description = 'A small script to export all AWAF policies from a BIG-IP device.')
parser.add_argument('--device', '-d', type=str, required=True)
parser.add_argument('--username', '-u', type=str, required=True)
parser.add_argument('--password', '-p', type=str, required=True)
parser.add_argument('--format', '-f', type=str, required=False, default="xml", choices=['json','xml','plc'])
parser.add_argument('--output', '-o', type=str, required=False, default=".")
args = parser.parse_args()
export_awaf_policies(args.device,args.username,args.password,args.format,args.output)
if __name__ == "__main__":
main()