require 'net/scp' require 'date' require 'imperituroard/projects/ukaz60/ukaz60_add_func' class FortiUkaz60_2 attr_accessor :ansible_tmp_folder, :local_tmp_directory, :ansible_ssh_user, :ansible_ssh_password, :ansible_host, :add_func_connector, :add_functions_full, :url_backup_dir def initialize(ansible_tmp_folder, local_tmp_directory, ansible_ssh_user, ansible_ssh_password, ansible_host, url_backup_dir) @ansible_tmp_folder = ansible_tmp_folder @local_tmp_directory = local_tmp_directory @ansible_ssh_user = ansible_ssh_user @ansible_ssh_password = ansible_ssh_password @ansible_host = ansible_host @add_func_connector = AddFuncUkaz60_2.new @add_functions_full = LogAddFunctions_2.new @url_backup_dir = url_backup_dir end #1 Function for upload data to ansible server # Full ready def upload_url(url_list) input_data = {:url_list => url_list} output_data = {} begin write_data = JSON.pretty_generate(url_list) date_time = DateTime.now.to_s add_date_name = date_time.gsub("+03:00", "").gsub("-", "_").gsub(":", "_") local_url_file = "#{local_tmp_directory}/urls.json" remote_url_file = "#{ansible_tmp_folder}/urls.json" backup_url_file = "#{url_backup_dir}/urls_#{add_date_name}.json" #create local file gg = File.open(local_url_file, "w:UTF-8") {|f| f.write(write_data)} #create backup begin gg1 = Net::SCP.upload!(ansible_host, ansible_ssh_user, local_url_file, backup_url_file, :ssh => {:password => ansible_ssh_password}) rescue nil end #upload local file gg1 = Net::SCP.upload!(ansible_host, ansible_ssh_user, local_url_file, remote_url_file, :ssh => {:password => ansible_ssh_password}) output_data = {:code => 200, :result => "upload_url: Data uploaded"} rescue output_data = {:code => 507, :result => "upload_url: Unknown SDK error"} end add_functions_full.printer_texter(output_data, "debug") output_data end #2 function for process data to fortigate directly by ansible # Full ready def update_weburl_fortigate output_data = {} begin command = "/bin/bash /scripts/temp_fortigate_url_upload.sh" ansible_answer = "" Net::SSH.start(ansible_host, ansible_ssh_user, :password => ansible_ssh_password) do |ssh| ansible_answer = ssh.exec!(command) end p "ansible_answer: #{ansible_answer}" #hh = "\nPLAY [ha_master] ***************************************************************\n\nTASK [set url table] ***********************************************************\nchanged: [gom32sg1]\nchanged: [bre32sg1]\nchanged: [min32sg1]\nchanged: [vit32sg1]\nchanged: [min32sg3]\nchanged: [gro32sg1]\nchanged: [mog32sg1]\n\nTASK [check current url table] *************************************************\nok: [min32sg1]\nok: [bre32sg1]\nok: [min32sg3]\nok: [vit32sg1]\nok: [gom32sg1]\nok: [gro32sg1]\nok: [mog32sg1]\n\nTASK [debug] *******************************************************************\nok: [min32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [min32sg3] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [bre32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [vit32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [gom32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [gro32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [mog32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\n\nPLAY RECAP *********************************************************************\nbre32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \ngom32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \ngro32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nmin32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nmin32sg3 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nmog32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nvit32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \n\n" answ_pr = add_func_connector.ansible_answer_parse(ansible_answer) output_data = {:code => 200, :result => "update_weburl_fortigate: Request completed", :body => answ_pr} rescue output_data = {:code => 507, :result => "update_weburl_fortigate: Unknown SDK error"} end add_functions_full.printer_texter(output_data, "debug") output_data end #2.1 function for process data to fortigate by fortimanager by ansible # Full ready def update_weburl_fortimanager output_data = {} begin command = "/bin/bash /scripts/temp_fortimanager_url_upload.sh" ansible_answer = "" Net::SSH.start(ansible_host, ansible_ssh_user, :password => ansible_ssh_password) do |ssh| ansible_answer = ssh.exec!(command) end p "ansible_answer: #{ansible_answer}" #hh = "\nPLAY [ha_master] ***************************************************************\n\nTASK [set url table] ***********************************************************\nchanged: [gom32sg1]\nchanged: [bre32sg1]\nchanged: [min32sg1]\nchanged: [vit32sg1]\nchanged: [min32sg3]\nchanged: [gro32sg1]\nchanged: [mog32sg1]\n\nTASK [check current url table] *************************************************\nok: [min32sg1]\nok: [bre32sg1]\nok: [min32sg3]\nok: [vit32sg1]\nok: [gom32sg1]\nok: [gro32sg1]\nok: [mog32sg1]\n\nTASK [debug] *******************************************************************\nok: [min32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [min32sg3] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [bre32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [vit32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [gom32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [gro32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\nok: [mog32sg1] => {\n \"msg\": \"URL loaded/in-file: [1273 / 1273]\"\n}\n\nPLAY RECAP *********************************************************************\nbre32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \ngom32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \ngro32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nmin32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nmin32sg3 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nmog32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \nvit32sg1 : ok=3 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 \n\n" answ_pr = add_func_connector.ansible_answer_parse(ansible_answer) output_data = {:code => 200, :result => "update_weburl_fortigate: Request completed", :body => answ_pr} rescue output_data = {:code => 507, :result => "update_weburl_fortigate: Unknown SDK error"} end add_functions_full.printer_texter(output_data, "debug") output_data end #3 Clean all temp files # Full ready def clean_tmp_folders out_data = {} folder = "#{ansible_tmp_folder}/" path_to_local_file = "#{local_tmp_directory}/urls.json" if folder != "/" && folder != "" && folder != nil && folder != "//" && folder.split("/").length > 2 begin Net::SSH.start(ansible_host, ansible_ssh_user, :password => ansible_ssh_password) do |ssh| comm_delete = "rm -rf #{folder}*" result = ssh.exec!(comm_delete) end File.delete(path_to_local_file) if File.exist?(path_to_local_file) out_data = {:code => 200, :result => "clean_tmp_folders: Cleared successfully"} rescue out_data = {:code => 500, :result => "clean_tmp_folders: ssh_failed"} end else out_data = {:code => 404, :result => "clean_tmp_folders: invalid and danger temp path"} end add_functions_full.printer_texter(out_data, "debug") out_data end #4 process belgim data parse function # and do list for Fortigate upload # Full ready def prepare_url_config_fortigate(data_belgim) to_fortigate = [] output_data = {} begin for ipv4 in data_belgim[:ipv4_parsed] to_fortigate.push({ "url" => ipv4, "action" => "block" }) end for ipv6 in data_belgim[:ipv6_parsed] to_fortigate.push({ "url" => "[#{ipv6}]", "action" => "block" }) end for dns in data_belgim[:domains_for_block] to_fortigate.push({ "url" => dns, "action" => "block" }) end #for url in data_belgim[:url_for_block] for url in data_belgim[:url_for_block] format_url1 = add_func_connector.http_to_forti_prep(url) to_fortigate.push({ "url" => format_url1, "action" => "block" }) end for https in data_belgim[:https_parsed] format_url2 = add_func_connector.https_to_forti_prep(https) to_fortigate.push({ "url" => format_url2, "action" => "block" }) end num_list = to_fortigate.length output_data = {:code => 200, :result => "Request completed", :body => {:num_list => num_list, :to_fortigate => to_fortigate}} rescue output_data = {:code => 507, :result => "Unknown error"} p "ERROR !!! prepare_url_config_fortigate" end output_data end end