YAML + API v1 support

mpapazog · web-flow · commit d7f8e7ddd3bb · 2021-03-02T17:03:49.000+02:00
The scripts now use YAML file format instead of CSV. Updated to be compatible with the Meraki Dashboard API v1 Python module
diff --git a/export_mx_s2svpn.py b/export_mx_s2svpn.py
@@ -4,24 +4,25 @@
 === PREREQUISITES ===
 Run in Python 3
 
-Install both requests & Meraki Dashboard API Python modules:
+Install Requests, PyYAML and Meraki Dashboard API Python modules:
 pip[3] install --upgrade requests
 pip[3] install --upgrade meraki
+pip[3] install --upgrade pyyaml
 
 === DESCRIPTION ===
-Exports CSV of MX site-to-site VPN rules from Dashboard network.
+Exports YAML of MX site-to-site VPN rules from Dashboard network.
 
 === USAGE ===
 python export_mx_s2svpn.py -k <api_key> -o <org_id>
 '''
 
 
-import csv
 from datetime import datetime
 import getopt
-import logging
 import sys
-from meraki import meraki
+import os
+import meraki
+import yaml
 
 # Prints READ_ME help message for user to read
 def print_help():
@@ -53,24 +54,28 @@ def main(argv):
     if api_key == None or org_id == None:
         print_help()
         sys.exit(2)
-
-    # Set the CSV output file and write the header row
+        
+    dashboard = meraki.DashboardAPI(
+        api_key=api_key,
+        base_url='https://api-mp.meraki.com/api/v1/',
+        output_log=True,
+        log_file_prefix=os.path.basename(__file__)[:-3],
+        log_path='',
+        print_console=False
+    )
+
+    # Set the output file
     timenow = '{:%Y%m%d_%H%M%S}'.format(datetime.now())
-    filename = 'mx_s2svpnfw_rules_{0}.csv'.format(timenow)
-    output_file = open(filename, mode='w', newline='\n')
-    field_names = ['policy','protocol','srcCidr','srcPort','destCidr','destPort','comment','logging']
-    csv_writer = csv.writer(output_file, delimiter=',', quotechar='"', quoting=csv.QUOTE_ALL)
-    csv_writer.writerow(field_names)
+    filename = 'mx_s2svpnfw_rules_{0}.yaml'.format(timenow)
 
     # Read Dashboard configuration of MX L3 firewall rules
-    fw_rules = meraki.getmxvpnfwrules(api_key, org_id)
-
-    # Loop through each firewall rule and write to CSV
-    for rule in fw_rules:
-        csv_row = [rule['policy'], rule['protocol'], rule['srcCidr'], rule['srcPort'],  rule['destCidr'], rule['destPort'], rule['comment'], rule['syslogEnabled']]
-        csv_writer.writerow(csv_row)
+    fw_rules = dashboard.appliance.getOrganizationApplianceVpnVpnFirewallRules(org_id)
+    
+    print(fw_rules)
+    
+    with open(filename, 'w') as file:
+        documents = yaml.dump(fw_rules, file)
 
-    output_file.close()
     print('Export completed to file {0}'.format(filename))
 
 
diff --git a/import_mx_s2svpn.py b/import_mx_s2svpn.py
@@ -4,46 +4,36 @@
 === PREREQUISITES ===
 Run in Python 3
 
-Install both requests & Meraki Dashboard API Python modules:
+Install Requests, PyYAML and Meraki Dashboard API Python modules:
 pip[3] install --upgrade requests
 pip[3] install --upgrade meraki
+pip[3] install --upgrade pyyaml
 
 === DESCRIPTION ===
-Imports CSV of MX site-to-site VPN firewall rules into Dashboard network. Note
+Imports YAML of MX site-to-site VPN firewall rules into Dashboard network. Note
 that if logging is enabled for any rule, then a syslog server needs to be
 configured on the Network-wide > General page.
 
 === USAGE ===
 python import_mx_s2svpn.py -k <api_key> -o <org_id> -f <file> [-m <mode>]
-The -f parameter is the path to the CSV file with MX S2S VPN firewall rules.
+The -f parameter is the path to the YAML file with MX S2S VPN firewall rules.
 The optional -m parameter is either "simulate" (default) to only print changes,
 or "commit" to also apply those changes to Dashboard.
 '''
 
-
-import csv
 from datetime import datetime
 import getopt
-import logging
 import sys
-from meraki import meraki
+import os
+import meraki
+import yaml
 
 # Prints READ_ME help message for user to read
 def print_help():
     lines = READ_ME.split('\n')
     for line in lines:
         print('# {0}'.format(line))
 
-logger = logging.getLogger(__name__)
-
-def configure_logging():
-    logging.basicConfig(
-        filename='{}_log_{:%Y%m%d_%H%M%S}.txt'.format(sys.argv[0].split('.')[0], datetime.now()),
-        level=logging.DEBUG,
-        format='%(asctime)s: %(levelname)7s: [%(name)s]: %(message)s',
-        datefmt='%Y-%m-%d %H:%M:%S'
-    )
-
 
 def main(argv):
     # Set default values for command line arguments
@@ -76,75 +66,52 @@ def main(argv):
     # Assign default mode to "simulate" unless "commit" specified
     if arg_mode != 'commit':
         arg_mode = 'simulate'
+                
+    dashboard = meraki.DashboardAPI(
+        api_key=api_key,
+        base_url='https://api-mp.meraki.com/api/v1/',
+        output_log=True,
+        log_file_prefix=os.path.basename(__file__)[:-3],
+        log_path='',
+        print_console=False
+    )
 
-    # Read CSV input file, and skip header row
-    input_file = open(arg_file)
-    csv_reader = csv.reader(input_file, delimiter=',', quotechar='"', quoting=csv.QUOTE_ALL)
-    next(csv_reader, None)
-    logger.info('Reading file {0}'.format(arg_file))
-
-    # Loop through each firewall rule from CSV file and build PUT data
-    fw_rules = []
-    for row in csv_reader:
-        rule = dict({'policy': row[0], 'protocol': row[1], 'srcCidr': row[2], 'srcPort': row[3], 'destCidr': row[4], 'destPort': row[5], 'comment': row[6], 'syslogEnabled': (row[7] == True or row[7] == 'True' or row[7] == 'true')})
-        fw_rules.append(rule)
-    old_rules = list(fw_rules)
-    logger.info('Processed all {0} rules of file {1}'.format(len(fw_rules), arg_file))
-
-    # Check if last (default) rule exists, and if so, remove and check for default logging
-    default_rule_exists = False
-    default_logging = False
-    last_rule = {'comment': 'Default rule', 'policy': 'allow', 'protocol': 'Any', 'srcPort': 'Any', 'srcCidr': 'Any', 'destPort': 'Any', 'destCidr': 'Any'}
-    if all(item in fw_rules[-1].items() for item in last_rule.items()):
-        default_rule_exists = True
-        default_logging = (fw_rules.pop()['syslogEnabled'] == True)
-
-    # Update MX site-to-site VPN firewall rules
+    # Read input file
+    with open(arg_file) as file:
+        loaded_rules = yaml.full_load(file)
+            
+    #Remove default allow rule, if it exists in loaded rules
+    default_allow_rule = {'comment': 'Default rule', 'destCidr': 'Any', 'destPort': 'Any',
+        'policy': 'allow', 'protocol': 'Any', 'srcCidr': 'Any', 'srcPort': 'Any'}
+        
+    last_line = loaded_rules['rules'][len(loaded_rules['rules'])-1]
+    
+    matched_default = True
+    for key in default_allow_rule:
+        if key in last_line:
+            if last_line[key] != default_allow_rule[key]:
+                matched_default = False
+                
+    if matched_default:
+        processed_rules = loaded_rules['rules'][:-1]
+    else:
+        processed_rules = loaded_rules['rules']
+        
     if arg_mode == 'commit':
-        meraki.updatemxvpnfwrules(api_key, org_id, fw_rules, default_logging)
-        logger.info('Attempting update of site-to-site VPN firewall rules to organization {0}'.format(org_id))
-
-        # Confirm whether changes were successfully made
-        new_rules = meraki.getmxvpnfwrules(api_key, org_id)
-        if default_rule_exists and new_rules[:-1] == old_rules[:-1]:
-            logger.info('Update successful!')
-        elif not(default_rule_exists) and new_rules[:-1] == old_rules:
-            logger.info('Update successful!')
-        else:
-            logger.error('Uh oh, something went wrong...')
+        print("\nCOMMIT MODE ENABLED\n")
+        result = dashboard.appliance.updateOrganizationApplianceVpnVpnFirewallRules(org_id, rules=processed_rules)
+        print("Configuration updated. Result:\n\n%s" % result)
     else:
-        logger.info('Simulating update of site-to-site VPN firewall rules to organization {0}'.format(org_id))
-
-
+        print("\nSIMULATION MODE ENABLED\n")
+        print('Use "-m commit" to apply the following VPN FW rules:\n')
+        print(processed_rules)
+    
 if __name__ == '__main__':
-    # Configure logging to stdout
-    configure_logging()
-    # Define a Handler which writes INFO messages or higher to the sys.stderr
-    console = logging.StreamHandler()
-    console.setLevel(logging.INFO)
-    # Set a format which is simpler for console use
-    formatter = logging.Formatter('%(name)-12s: %(levelname)-8s %(message)s')
-    # Tell the handler to use this format
-    console.setFormatter(formatter)
-    # Add the handler to the root logger
-    logging.getLogger('').addHandler(console)
-
-    # Output to logfile/console starting inputs
-    start_time = datetime.now()
-    logger.info('Started script at {0}'.format(start_time))
     inputs = sys.argv[1:]
     try:
         key_index = inputs.index('-k')
     except ValueError:
         print_help()
         sys.exit(2)
-    inputs.pop(key_index+1)
-    inputs.pop(key_index)
-    logger.info('Input parameters: {0}'.format(inputs))
 
     main(sys.argv[1:])
-
-    # Finish output to logfile/console
-    end_time = datetime.now()
-    logger.info('Ended script at {0}'.format(end_time))
-    logger.info(f'Total run time = {end_time - start_time}')
