Cisco SD-WAN SD-AVC 사용자 지정 앱으로 Zoom 주소 자동 입력

16045 단어 파이썬SD-WAN

소개



아래 기사를 최신 Cisco SD-WAN에서 지원하는 SD-AVC를 사용하여 Zoom을 IP 주소에서 앱 식별하도록 만들었습니다.

업데이트 포인트



이 스크립트의 설명



Zoom의 주소 세트를 Scraping하여 접두사(10.0.0.0/24와 같은 기재)를 픽업하여 이것을 API로 설정한다. 취득한 접두사 세트를 이전에는 Data-Plefix-list로 업데이트했지만, 이번에는 SD-AVC의 커스텀 앱으로 설정한다. 맞춤 앱은 정책 설정이 실행 중이더라도 앱 정보를 동적으로 변경할 수 있는 점이 이전부터 업데이트된 점입니다.

코드 샘플


#!/usr/local/bin/python3
import re
import sys
import requests
import json
import urllib3
from urllib3.exceptions import InsecureRequestWarning
urllib3.disable_warnings(InsecureRequestWarning)

# Enter your vManage credentials, data-prefix-list-uuid, vSmart-polocy-uuid
vManage_IP = "vManageのFQDNもしくはIPを書いてね"
vManage_ID = "admin"
vManage_Password = "admin"
CustmonApp_uuid = "c1be4143-306a-4621-b9fa-9a2639cbc671" 

//カスタムアプリのUUIDはご自身のものをあらかじめダミーで作ってUUIDを作成してください
//https://vManage Address/apidocs/ 
//Configuration - Policy Custom Application BuilderのGETでUUIDを確認できます

def get_addresslist(url):
    response = requests.get(url)
    return response.content

def export_file(content, list_file_name):
    with open(list_file_name, "wb") as list_file:
        list_file.write(content)

def create_scrape_destination_list(sourcefile):
    result = []
    with open(sourcefile, "r") as f:
        fin = f.read()
        found = re.findall(r'(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\.(?:[\d]{1,3})\/(?:[\d]{1,2})',fin)
        if found not in result:
            result = json.dumps(found)
    return json.loads(result)

def login(vmanage_ip, username, password):
    session = {}
    base_url_str = 'https://%s:443/'%vmanage_ip
    login_action = '/j_security_check'
    login_data = {'j_username' : username, 'j_password' : password}
    login_url = base_url_str + login_action
    url = base_url_str
    sess = requests.session()
    #URL for retrieving client token
    token_url = base_url_str + 'dataservice/client/token'
    # If the vmanage has a certificate signed by a trusted authority change verify to True
    login_response = sess.post(url=login_url, data=login_data, verify=False)
    login_token  = sess.get(url=token_url, verify=False)
    try:
        if login_response.status_code == 200 and login_token.status_code == 200 :
            sess.headers['X-XSRF-TOKEN'] = login_token.content
            session[vmanage_ip] = sess
            return session[vmanage_ip]
        elif '<html>' in login_response.content:
            print ("Login Failed")
            sys.exit(0)
        else:
            print("Unknown exception")
    except Exception as err:
        return

def put_prefix_list_builder(list_IPv4):
    lst = []
    for pn in list_IPv4:
        d = {}
        d['ipAddresses'] = pn,
        lst.append(d)
    json.dumps(list_IPv4)
    payload = {
                "appName": "zoom",
                "serverNames": [
                               "*zoom.us"
                ],
                "L3L4":lst
                }
    test = json.dumps(payload)
    headers = {'Content-Type': 'application/json'}
    sessions = login(vManage_IP, vManage_ID, vManage_Password)
    url = 'https://'+vManage_IP+':443/dataservice/template/policy/customapp/'+CustmonApp_uuid
    print('vManage API URL :'+url)
    r = sessions.put(url, data=test, headers=headers, verify=False)
    if r.status_code != 200:
        print(r.raise_for_status)
    else:
        return

if __name__ == "__main__":
    MASTER_FILE_NAME = "webex-address-range.txt"
    URL = 'https://onlinezoomappdownload.com/about-firewall-or-proxy-server-configuration-requirements-in-zoom-app/'
    print('webex URL :'+URL)
    address_list_file = get_addresslist(URL)
    export = export_file(address_list_file, MASTER_FILE_NAME)
    list_IPv4 = create_scrape_destination_list(MASTER_FILE_NAME)
    put_prefix_list_builder(list_IPv4)
    print(f"Process Completed!! , check https://{vManage_IP}:443/#/app/config/policy/custom/centralizedPolicy/define_lists/application , move to CustomApplications TAB.")

명령 실행 결과


webex URL :https://onlinezoomappdownload.com/about-firewall-or-proxy-server-configuration-requirements-in-zoom-app/
vManage API URL :https://vManage Address:443/dataservice/template/policy/customapp/c1be4143-306a-4621-b9fa-9a2639cbc671
Process Completed!! , check https://vManage Address:443/#/app/config/policy/custom/centralizedPolicy/define_lists/application , move to CustomApplications TAB.

실행 결과 이미지





결론



SD-AVC의 JSON으로 주소를 사전 형식으로 성형하여 페이로드에 입력하는 부분이 조금 까다롭지만 형식을 알면 간단합니다.

참고문헌



SD-WAN SD-AVC 관련 링크를 붙여 둡니다.

좋은 웹페이지 즐겨찾기