-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathAS3_export_script_JSON_for_API_post
More file actions
6 lines (6 loc) · 19.6 KB
/
AS3_export_script_JSON_for_API_post
File metadata and controls
6 lines (6 loc) · 19.6 KB
1
2
3
4
5
6
{
"name": "tmpl_export",
"partition": "Common",
"apiAnonymous": "proc load_profile {p_typ list} {\n\nupvar $list profs\n#tmsh::cd /AS3demo2/DemoApplication\n#foreach partition [tmsh::get_config /sys folder] {\n# tmsh::cd /$partition\n# puts \"Partition: $partition\"\n\nforeach typ $p_typ {\n foreach profile [tmsh::get_config /ltm profile $typ] {\n set profile_name [tmsh::get_name $profile]\n set profile_type [string range [tmsh::get_type $profile] 12 end]\n #puts \"$profile_name $profile_type\"\n set profs($profile_name) $profile_type\n }\n}\n#}\n}\n\n\nproc load_WAF_pol {list} {\n\n upvar $list waf_pols\n foreach pol [tmsh::get_config /asm policy] {\n set pol_name [tmsh::get_name $pol]\n foreach virt [tmsh::get_field_value [lindex [tmsh::get_config /asm policy $pol_name virtual-servers] 0] virtual-servers] {\n set waf_pols($virt) $pol_name\n }\n\n }\n\n}\n\n\nproc load_pool {pool_name decl} {\n\n upvar $decl pool_JSON\n set pool [lindex [tmsh::get_config /ltm pool $pool_name all-properties] 0]\n set monitor [string trimright [tmsh::get_field_value $pool monitor]]\n if { $monitor eq \"none\" } { set monitor \"tcp\" }\n set retries [tmsh::get_field_value $pool reselect-tries]\n set lb_method [tmsh::get_field_value $pool load-balancing-mode]\n set action [tmsh::get_field_value $pool service-down-action]\n set members [tmsh::get_field_value $pool members]\n # puts \"$pool_name $monitor $retries $lb_method $action\"\n\n set addresses \"\"\n set port \"80\"\n get_addr_port [tmsh::get_name [lindex $members 0]] ip port\n foreach mbr $members {\n set addresses $addresses\"[tmsh::get_field_value $mbr address]\",\n }\n set addresses [string trimright $addresses ,]\n set list_of_changes [list POOL_NAME_HERE $pool_name MONITOR_HERE $monitor RETRIES_HERE $retries LB_MODE_HERE $lb_method ACTION_DOWN_HERE $action SERVER_ADDRESSES_HERE $addresses PORT_HERE $port]\n\n set pool_JSON \"$pool_JSON,\\n[string map $list_of_changes $::pool_decl]\"\n\n return pool_JSON\n}\n\nproc get_addr_port {s ip prt} {\n\n upvar $ip IP $prt port\n regexp {(((\\S+)\\/)*)(\\S+):(\\S+)} $s foobar foobar foobar partition IP port\n\n #puts \"--- $partition $IP $port\"\n\n switch $port {\n https { set port \"443\" }\n http { set port \"80\" }\n ftp { set port \"21\" }\n ssh { set port \"22\" }\n telnet { set port \"23\" }\n }\n\n}\n\n\nproc get_irule_json {rule json ptr} { \n set rule [regsub -all -line {\\n} $rule \"\\\\n\"]\n\n regexp {^ltm rule (\\S+) \\{(.*)\\}} $rule p0 rulename irulebody\n set irulebody [regsub -all -line {\\\"} $irulebody {\\\"} ]\n\n# puts $irulebody\n set rule_json \"$json,\\n$::white_spaces\\\"$rulename\\\": \\{\\n$::white_spaces \\\"class\\\":\\\"iRule\\\",\\n$::white_spaces \\\"iRule\\\":\\\"$irulebody\\\",\\n$::white_spaces \\\"expand\\\": true\\n$::white_spaces\\}\"\n set rule_pointer \"$ptr \\\"$rulename\\\",\"\n return [list $rule_json $rule_pointer]\n\n}\n\n\nproc script::run {} {\n\n if { $tmsh::argc <= 1 } {\n puts \"Usage: run tmpl_export -k keyword -p partition\"\n exit\n }\n\n puts \"Command line: $tmsh::argv\"\n regexp -all -nocase {\\-p (\\w+)} $tmsh::argv var1 partition \n regexp -all -nocase {\\-k (\\w+)} $tmsh::argv var1 keyword\n\n if {![info exists keyword] } {\n puts \"Must specify keyword.\"\n puts \"Usage: run tmpl_export -k keyword -p partition\"\n exit\n }\n\n if { [info exists partition] && $partition ne \"\" } {\n puts \"$var1 + $partition + $keyword\" \n declar $partition $keyword\n } else {\n foreach {folder} [tmsh::get_config /auth partition] {\n declar [tmsh::get_name $folder] $keyword\n }\n }\n\n}\n\n\n\nproc declar { partition keyword} {\n\n\nputs \"Partition: $partition\"\n\ntmsh::cd /$partition\n\n\nload_profile {tcp fastl4 client-ssl server-ssl http web-security} profiles\nload_WAF_pol waf_pol\n\nset AS3_host \"BigIP\"\n#if {$tmsh::argc >0 } {\n# set cmd1 [string trimleft [lindex $tmsh::argv 1] '-']\n# switch $cmd1 {\n# k { \n if { $keyword ne \"\" } {\n #set keyword [lindex $tmsh::argv 2]\n set virtual_to_export \"\"\n set application_name \"App_${keyword}\"\n set tenant_name $partition\n } else {\n return\n }\n # puts \"Exporting virtuals using keyword $keyword\"\n# }\n# default {\n# set virtual_to_export [lindex $tmsh::argv 1]\n# puts \"Exporting: [lindex $tmsh::argv 1] \"\n# }\n# }\n#} else {\n# set virtual_to_export \"\"\n#}\n\nset tenant_name $partition\n\nregexp {(\\S+)\\/(\\S+)} [tmsh::get_name [lindex [tmsh::get_config /sys management-ip] 0]] foobar mgmt_IP mask\nset systemTime [clock seconds]\nset id [clock format $systemTime -format %m-%d-%Y_%H:%M:%S]\n\nset AS3_class_changes [list \"ID_HERE\" $id \"MANAGEMENT_IP_HERE\" $mgmt_IP] \n\nforeach virt [tmsh::get_config /ltm virtual $virtual_to_export all-properties] {\n set snatpoolJSON \"\" \n #if \\{ \\[catch \\{\n set virt_name [tmsh::get_name $virt]\n set virt_dest_IP [tmsh::get_field_value $virt \"destination\"]\n set description [tmsh::get_field_value $virt description]\n\n set kw_srch $virt_name$virt_dest_IP$description\n # puts \"\\n[tmsh::get_name $virt] $virt_dest_IP $description\\n\"\n\n\n if { ([info exists keyword] && [string first $keyword $kw_srch]<0) } {\n puts \"[string first $keyword $kw_srch] $kw_srch $keyword\"\n continue\n }\n\n\n set snat_ptr \",\\n$::white_spaces\\\"snat\\\" : \"\n set snat_type [tmsh::get_field_value $virt \"source-address-translation.type\"]\n switch $snat_type {\n automap {\n append snat_ptr \"\\\"auto\\\"\"\n set snat_type \"auto\" }\n none {\n append snat_ptr \"\\\"none\\\"\"\n }\n snat { \n set snat_pool [tmsh::get_field_value $virt \"source-address-translation.pool\"]\n append snat_ptr \"\\{\\\"use\\\": \\\"$snat_pool\\\"\\}\"\n set snat_type $snat_pool\n set snat_pool_cfg [lindex [tmsh::get_config /ltm snatpool $snat_pool members] 0]\n set snat_pool_members [tmsh::get_field_value $snat_pool_cfg \"members\"]\n set snatpoolJSON \",\\n$::white_spaces \\\"snatAddresses\\\" : \\[\"\n foreach mbr $snat_pool_members {\n set snatpoolJSON \"$snatpoolJSON \\\"$mbr\\\" ,\"\n }\n set snatpoolJSON \"[string trimright $snatpoolJSON ,]\\]\"\n set snatpoolJSON \",\\n$::white_spaces\\\"$snat_pool\\\" : \\{\\n$::white_spaces \\\"class\\\" : \\\"SNAT_Pool\\\"$snatpoolJSON\\n$::white_spaces\\}\"\n #puts $snatpoolJSON\n }\n }\n\n set IP \"\"\n set port \"\"\n get_addr_port $virt_dest_IP IP port\n\n set partition [tmsh::get_field_value $virt \"partition\"]\n set list_of_changes [list \"VIRTUAL_NAME_HERE\" $virt_name]\n set app_class_changes [list \"TENANT_NAME_HERE\" $tenant_name]\n\n lappend list_of_changes \"DESTINATION_IP_HERE\" $IP\n lappend list_of_changes \"MANAGEMENT_IP_HERE\" $mgmt_IP\n #lappend list_of_changes \"SNAT_TYPE_HERE\" $snat_type\n\n\n # Add pool name\n set pool_name \"[tmsh::get_field_value $virt pool]\"\n set pool_JSON \"\"\n if { $pool_name ne \"none\" } {\n lappend list_of_changes \"POOL_NAME_HERE\" $pool_name\n load_pool $pool_name pool_JSON\n }\n\n lappend list_of_changes \"ID_HERE\" $id\n lappend list_of_changes \"DESCRIPTION_HERE\" \"$virt_name - [string map {\\\" \" \"} [tmsh::get_field_value $virt description]]\"\n lappend list_of_changes \"PORT_HERE\" $port\n\n set irule_json \"\"\n set irule_ptr \",\\n \\\"iRules\\\": \\[\"\n set rules [tmsh::get_field_value $virt \"rules\"]\n if { $rules ne \"none\" } {\n foreach irule $rules {\n set irule [lindex [tmsh::get_config ltm rule $irule] 0]\n set i 0\n foreach item [regexp -all -inline { pool (\\S+)} $irule] {\n if { $i == 1 } {\n load_pool $item pool_JSON\n puts $item\n set i 0\n } else {\n set i 1\n }\n }\n\n set irule [get_irule_json $irule $irule_json $irule_ptr]\n set irule_ptr [lindex $irule 1]\n set irule_json [lindex $irule 0]\n\n set irule_ptr [string trimright $irule_ptr ,]\n set irule_ptr \"$irule_ptr\\]\"\n\n\n #puts \"\\n----\\n$irule_json\"\n }\n } else {\n set irule_ptr \"\"\n }\n\n set wafpol_out \"\"\n set cltTLS_ptr \"\"\n set srvTLS_ptr \"\"\n set cltTLS_JSON \"\"\n set srvTLS_JSON \"\"\n\n\n foreach virt_profile [tmsh::get_field_value [lindex [tmsh::get_config /ltm virtual $virt_name profiles] 0] profiles] {\n set string \"\"\n set profil_type \"\"\n\n if { [catch { set profil_type $profiles([tmsh::get_name $virt_profile]) } ] } {\n set string \"\"\n set profil_type \"\"\n }\n set profil_name \"/$partition/[tmsh::get_name $virt_profile]\"\n switch $profil_type {\n tcp { set string \"TCP_PROFILE_HERE\"\n switch [tmsh::get_field_value $virt_profile context] {\n clientside { set string \"CLIENTSIDE_TCP_PROFILE_HERE\" }\n serverside { set string \"SERVERSIDE_TCP_PROFILE_HERE\" }\n all { lappend list_of_changes SERVERSIDE_TCP_PROFILE_HERE \"wan\"\n set string \"CLIENTSIDE_TCP_PROFILE_HERE\"\n }\n }\n }\n fastl4 {}\n http { set string \"HTTP_PROFILE_HERE\"\n foreach feature [tmsh::get_config /ltm profile $profil_type $profil_name non-default-properties] {\n # puts \"$feature\"\n }\n }\n client-ssl { \n set l [list CLIENT_SSL_PROFILE_HERE $profil_name] \n set srvTLS_ptr ,\\n[string map $l $::srvTLS]\n if { $profil_name ne \"\"} {\n set prof [lindex [tmsh::get_config /ltm profile client-ssl $profil_name all-properties] 0]\n set l [list CLIENT_SSL_PROFILE_HERE $profil_name]\n set cert_chain [lindex [tmsh::get_field_value $prof cert-key-chain] 0]\n set cert_name [tmsh::get_field_value $cert_chain cert]\n lappend l CERT_NAME_HERE $cert_name\n set cert_name [string map {\\/ :} $cert_name]\n\n set cert_file_name [glob /config/filestore/files_d/Common_d/certificate_d/:Common:${cert_name}_*]\n set fileid [open $cert_file_name r]\n set cert [read -nonewline $fileid]\n lappend l CERT_BODY_HERE [string map {\\n \\\\n} $cert]\n unset cert cert_chain fileid cert_file_name\n\n set key_file_name [glob /config/filestore/files_d/Common_d/certificate_key_d/:Common:${cert_name}_*]\n set fileid [open $key_file_name r]\n set key [read -nonewline $fileid]\n lappend l KEY_BODY_HERE [string map {\\n \\\\n} $key] \n unset key fileid key_file_name\n\n\n\n lappend l SNI_SETTING_HERE [tmsh::get_field_value $prof sni-require]\n lappend l CLIENT_CIPHERS_HERE [tmsh::get_field_value $prof ciphers]\n set cltTLS_JSON ,\\n[string map $l $::cltTLS_profile_class]\n }\n }\n server-ssl {\n set l [list SERVER_SSL_PROFILE_HERE $profil_name] \n set cltTLS_ptr ,\\n[string map $l $::cltTLS]\n }\n web-security { set string \"LTM_POLICY_HERE\" }\n default {\n set string \"xxx\"\n if { [info exists waf_pol($virt_name)] } {\n set string \"WAF_POLICY_HERE\"\n set profil_name \"/Common/$waf_pol($virt_name)\"\n if { $waf_pol($virt_name) ne \"\" } {\n set l [list WAF_POLICY_HERE /Common/$waf_pol($virt_name)]\n set wafpol_out ,\\n[string map $l $::WAF_pol]\n }\n }\n }\n }\n lappend list_of_changes $string $profil_name\n\n }\n\n #puts $list_of_changes\n\n\n\n set new_declaration [string trimright [string map $list_of_changes $::declaration] \\}\\}\\}\\}]\n #puts $new_declaration,$pool_JSON\\}\\}\\}\\}\n set logpol_out [tmsh::get_field_value $virt security-log-profiles]\n if { $logpol_out ne \"\" && $logpol_out ne \"none\"} {\n set logpol_out /Common/[string map {\\\" \"\"} $logpol_out]\n set l [list \"LOG_POLICY_HERE\" $logpol_out]\n set logpol_out [string map $l $::log_pol]\n set logpol_out ,\\n$logpol_out\n } else {\n set logpol_out \"\"\n }\n if { [info exists keyword]} {\n set service_class [string trimright $::service_class \\} ]\n set new_declaration [string map $list_of_changes $service_class]\n append services_declar $new_declaration\\n$cltTLS_ptr$srvTLS_ptr$snat_ptr$irule_ptr $wafpol_out$logpol_out\\n$::white_spaces\\}$cltTLS_JSON$irule_json$snatpoolJSON$pool_JSON\\n$::white_spaces\\n,\\n\n } else {\n# puts \"--------------------------------------------------------------------------\"\n puts [string trimright $new_declaration$cltTLS_ptr$srvTLS_ptr$snat_ptr$irule_ptr \\}]$wafpol_out$logpol_out\\n$::white_spaces\\}$irule_json$snatpoolJSON$pool_JSON\\n\\}\\n\\}\\n\\}\\n\\}\n# puts \"--------------------------------------------------------------------------\"\n }\n # \\} err\\] \\} \\{\n # puts \"Error with [tmsh::get_name $virt].\\n$err\"\n #\\}\n\n\n\n}\n\nset services_declar [string trimright $services_declar ,\\n ]\n\n if { [info exists keyword]} {\n\n #lappend $AS3_class_changes $app_class_changes\n #set ls [list $AS3_class_changes $app_class_changes]\n set ls \"$AS3_class_changes $app_class_changes APPLICATION_NAME_HERE $application_name\"\n\n\n set st $::AS3_class$::tenant_class$::application_class\n set new_declar [string map $ls $st]\n\n # puts \"--------------------------------------------------------------------------\"\n puts \"$new_declar$services_declar\\n \\}\\n \\}\\n \\}\\n\\}\"\n # puts \"--------------------------------------------------------------------------\"\n }\n\n\ntmsh::cd /Common\n\n\n}\n\n\n\nproc script::init {} {\n\n # \"target\": {\n # \"hostname\": \"MANAGEMENT_IP_HERE\" },\n\n set ::white_spaces \" \"\n set ::AS3_class {{\n \"class\": \"AS3\",\n \"action\": \"deploy\",\n \"persist\": true,\n \"declaration\": {\n \"class\": \"ADC\",\n \"schemaVersion\": \"3.2.0\",\n \"id\": \"Export_Date:_ID_HERE\"\n }}}\n set ::AS3_class [string trimright $::AS3_class \\}\\}]\n\n set ::tenant_class {\n \"TENANT_NAME_HERE\": {\n \"class\": \"Tenant\",\n \"defaultRouteDomain\": 0,\n\n }}\n set ::tenant_class [string trimright $::tenant_class \\}]\n\n set ::application_class {\n \"APPLICATION_NAME_HERE\": {\n \"class\": \"Application\",\n \"template\": \"generic\",\n }}\n set ::application_class [string trimright $::application_class \\}]\n\n\n set ::service_class {\n \"VIRTUAL_NAME_HERE\": {\n \"class\": \"Service_generic\",\n \"remark\": \"DESCRIPTION_HERE\",\n \"virtualPort\": PORT_HERE,\n \"virtualAddresses\": [\"DESTINATION_IP_HERE\"],\n \"redirect80\": false,\n \"pool\": \"POOL_NAME_HERE\",\n \"profileTCP\": {\n \"egress\": \"SERVERSIDE_TCP_PROFILE_HERE\",\n \"ingress\": { \"bigip\": \"CLIENTSIDE_TCP_PROFILE_HERE\" }\n },\n \"profileHTTP\": { \"bigip\": \"HTTP_PROFILE_HERE\" },\n \"persistenceMethods\": [] }}\n\n set ::cltTLS_profile_class {\n \"CLIENT_SSL_PROFILE_HERE\": {\n \"class\": \"TLS_Server\",\n \"certificates\": [{\n \"certificate\": \"CERT_NAME_HERE\"\n }],\n \"requireSNI\": SNI_SETTING_HERE,\n \"ciphers\": \"CLIENT_CIPHERS_HERE\",\n \"authenticationMode\": \"ignore\",\n \"authenticationFrequency\": \"one-time\"\n },\n \"CERT_NAME_HERE\": {\n \"class\": \"Certificate\",\n \"remark\": \"Please add passphrase manually\",\n \"certificate\": \"CERT_BODY_HERE\",\n \"privateKey\": \"KEY_BODY_HERE\"\n }\n }\n\n\n\n set ::declaration {{\n \"class\": \"AS3\",\n \"action\": \"deploy\",\n \"persist\": true,\n \"declaration\": {\n \"class\": \"ADC\",\n \"schemaVersion\": \"3.2.0\",\n \"id\": \"Export_Date:_ID_HERE\"\n \"AS3_Exports\": {\n \"class\": \"Tenant\",\n \"defaultRouteDomain\": 0,\n \"VIRTUAL_NAME_HERE\": {\n \"class\": \"Application\",\n \"template\": \"https\",\n \"serviceMain\": {\n \"class\": \"Service_HTTPS\",\n \"remark\": \"DESCRIPTION_HERE\",\n \"virtualPort\": PORT_HERE,\n \"virtualAddresses\": [\"DESTINATION_IP_HERE\"],\n \"redirect80\": false,\n \"pool\": \"POOL_NAME_HERE\",\n \"profileTCP\": {\n \"egress\": \"SERVERSIDE_TCP_PROFILE_HERE\",\n \"ingress\": { \"bigip\": \"CLIENTSIDE_TCP_PROFILE_HERE\" }\n },\n \"profileHTTP\": { \"bigip\": \"HTTP_PROFILE_HERE\" },\n \"persistenceMethods\": [] }}}}}}\n\n\n set ::pool_decl {\n \"POOL_NAME_HERE\": { \n \"class\": \"Pool\", \n \"monitors\": [ \"MONITOR_HERE\" ],\n \"reselectTries\": RETRIES_HERE, \n \"loadBalancingMode\": \"LB_MODE_HERE\",\n \"serviceDownAction\": \"ACTION_DOWN_HERE\",\n \"members\": [{\n \"servicePort\": PORT_HERE,\n \"serverAddresses\": [ SERVER_ADDRESSES_HERE ] } ]\n } }\n\n set ::cltTLS { \"clientTLS\": {\n \"bigip\": \"SERVER_SSL_PROFILE_HERE\"\n }\n }\n set ::srvTLS { \"serverTLS\": {\n \"bigip\": \"CLIENT_SSL_PROFILE_HERE\"\n }\n }\n\n\n set ::WAF_pol { \"policyWAF\": {\n \"bigip\": \"WAF_POLICY_HERE\"\n }\n }\n\n\n set ::log_pol { \"securityLogProfiles\": [{ \"bigip\":\"LOG_POLICY_HERE\"}]}\n\n\n # puts [string trimright $::declaration \\}\\}\\}\\}\\}],\\n$::WAF_pol\\},\\n$::log_pol\\n\\}\\}\\}\\}\n\n\n}\n",
"ignoreVerification": "false"
}