mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-22 12:50:22 -07:00
Create common waf module for use by future waf modules (#33003)
Move waf common code into waf module_utils. This will be used by future waf modules
This commit is contained in:
Will Thames
ansibot
parent
a95894dfcb
commit
3283f46ffa
2 changed files with 187 additions and 105 deletions
|
|
@ -101,104 +101,9 @@ wafs:
|
|||
]
|
||||
'''
|
||||
|
||||
import traceback
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.aws.core import AnsibleAWSModule
|
||||
from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info
|
||||
from ansible.module_utils.ec2 import camel_dict_to_snake_dict, HAS_BOTO3, AWSRetry
|
||||
|
||||
|
||||
try:
|
||||
import botocore
|
||||
except ImportError:
|
||||
pass # caught by imported HAS_BOTO3
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_rule_with_backoff(client, rule_id):
|
||||
return client.get_rule(RuleId=rule_id)
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_byte_match_set_with_backoff(client, byte_match_set_id):
|
||||
return client.get_byte_match_set(ByteMatchSetId=byte_match_set_id)['ByteMatchSet']
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_ip_set_with_backoff(client, ip_set_id):
|
||||
return client.get_ip_set(IPSetId=ip_set_id)['IPSet']
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_size_constraint_set_with_backoff(client, size_constraint_set_id):
|
||||
return client.get_size_constraint_set(SizeConstraintSetId=size_constraint_set_id)['SizeConstraintSet']
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_sql_injection_match_set_with_backoff(client, sql_injection_match_set_id):
|
||||
return client.get_sql_injection_match_set(SqlInjectionMatchSetId=sql_injection_match_set_id)['SqlInjectionMatchSet']
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_xss_match_set_with_backoff(client, xss_match_set_id):
|
||||
return client.get_xss_match_set(XssMatchSetId=xss_match_set_id)['XssMatchSet']
|
||||
|
||||
|
||||
def get_rule(client, rule_id):
|
||||
rule = get_rule_with_backoff(client, rule_id)['Rule']
|
||||
match_sets = {
|
||||
'ByteMatch': get_byte_match_set_with_backoff,
|
||||
'IPMatch': get_ip_set_with_backoff,
|
||||
'SizeConstraint': get_size_constraint_set_with_backoff,
|
||||
'SqlInjectionMatch': get_sql_injection_match_set_with_backoff,
|
||||
'XssMatch': get_xss_match_set_with_backoff
|
||||
}
|
||||
if 'Predicates' in rule:
|
||||
for predicate in rule['Predicates']:
|
||||
if predicate['Type'] in match_sets:
|
||||
predicate.update(match_sets[predicate['Type']](client, predicate['DataId']))
|
||||
# replaced by Id from the relevant MatchSet
|
||||
del(predicate['DataId'])
|
||||
return rule
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def get_web_acl_with_backoff(client, web_acl_id):
|
||||
return client.get_web_acl(WebACLId=web_acl_id)
|
||||
|
||||
|
||||
def get_web_acl(client, module, web_acl_id):
|
||||
try:
|
||||
web_acl = get_web_acl_with_backoff(client, web_acl_id)
|
||||
except botocore.exceptions.ClientError as e:
|
||||
module.fail_json(msg="Couldn't obtain web acl",
|
||||
exception=traceback.format_exc(),
|
||||
**camel_dict_to_snake_dict(e.response))
|
||||
|
||||
if web_acl['WebACL']:
|
||||
try:
|
||||
for rule in web_acl['WebACL']['Rules']:
|
||||
rule.update(get_rule(client, rule['RuleId']))
|
||||
except botocore.exceptions.ClientError as e:
|
||||
module.fail_json(msg="Couldn't obtain web acl rule",
|
||||
exception=traceback.format_exc(),
|
||||
**camel_dict_to_snake_dict(e.response))
|
||||
return camel_dict_to_snake_dict(web_acl['WebACL'])
|
||||
|
||||
|
||||
@AWSRetry.backoff(tries=5, delay=5, backoff=2.0)
|
||||
def list_web_acls_with_backoff(client):
|
||||
paginator = client.get_paginator('list_web_acls')
|
||||
return paginator.paginate().build_full_result()['WebACLs']
|
||||
|
||||
|
||||
def list_web_acls(client, module):
|
||||
try:
|
||||
return list_web_acls_with_backoff(client)
|
||||
except botocore.exceptions.ClientError as e:
|
||||
module.fail_json(msg="Couldn't obtain web acls",
|
||||
exception=traceback.format_exc(),
|
||||
**camel_dict_to_snake_dict(e.response))
|
||||
from ansible.module_utils.aws.waf import list_web_acls, get_web_acl
|
||||
|
||||
|
||||
def main():
|
||||
|
|
@ -208,15 +113,10 @@ def main():
|
|||
name=dict(required=False),
|
||||
)
|
||||
)
|
||||
module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True)
|
||||
|
||||
if not HAS_BOTO3:
|
||||
module.fail_json(msg='boto3 and botocore are required.')
|
||||
try:
|
||||
region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True)
|
||||
client = boto3_conn(module, conn_type='client', resource='waf', region=region, endpoint=ec2_url, **aws_connect_kwargs)
|
||||
except botocore.exceptions.NoCredentialsError as e:
|
||||
module.fail_json(msg="Can't authorize connection - " + str(e))
|
||||
region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True)
|
||||
client = boto3_conn(module, conn_type='client', resource='waf', region=region, endpoint=ec2_url, **aws_connect_kwargs)
|
||||
|
||||
web_acls = list_web_acls(client, module)
|
||||
name = module.params['name']
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue