Link11/sync_security_policies_link11.py

#!/bin/python
from env import *
import requests
import json
import pprint

# === Konfiguration ===
CONFIG_ID = "prod"

# Proxy Templates – nur einen aktiv lassen
PROXY_TEMPLATE = "f4bf25a205a5"
# PROXY_TEMPLATE = "andere_template_id"

# Security Policies – nur einen aktiv lassen, dieses dient als Vorlage
SECURITY_POLICY = "secpol-p414-jtl-hosting-de"  # z. B. Shop022
# SECURITY_POLICY = "3f7a521c6570"  # Shop023
# SECURITY_POLICY = "9cc8dd695d5c"  # Shop024
# SECURITY_POLICY = "1f707fb18483"  # Shop028

# Backend Services, nur einen aktiv lassen

# === Header für alle Requests ===
HEADERS = {
    "Authorization": f"Bearer {API_TOKEN}",
    "Content-Type": "application/json"
}

def domain_to_id(domain):
    return domain.replace(".", "-")

def domain_to_secpol_id(domain):
    return f"secpol-{domain_to_id(domain)}"

def domain_to_backend_id(domain):
    return f"backend-{domain_to_id(domain)}"


def get_all_security_policies():
    url = f"https://jtlwaap.app.reblaze.io/api/v4.0/conf/{CONFIG_ID}/security-policies"
    response = requests.get(url, headers=HEADERS,)
    
    if response.status_code == 200:
        print(f"[✓] Abfrage von Security policies erfolgreich.")
    else:
        print(f"[✗] Fehler bei ({policy}): {response.status_code} → {response.text}")
        return
    res=json.loads(response.text)
    #pprint.pp(res)

    policies=[]
    for item in res['items']:
        policies+={item['id']}
    #pprint.pp(policies)
    return(policies)
        
def sync_security_policies(policy, destination):
    url = f"https://jtlwaap.app.reblaze.io/api/v4.0/conf/{CONFIG_ID}/security-policies/{policy}"

    response = requests.get(url, headers=HEADERS,)

    if response.status_code == 200:
        print(f"[✓] Abfrage von Security policy '{policy}' erfolgreich.")
    else:
        print(f"[✗] Fehler bei ({policy}): {response.status_code} → {response.text}")
        return
    #print(response.text)
    # Hier ist die Source Security Policy
    template=json.loads(response.text)

    # Nun wird die Ziel-Security-Policy eingelesen
    url = f"https://jtlwaap.app.reblaze.io/api/v4.0/conf/{CONFIG_ID}/security-policies/{destination}"

    response = requests.get(url, headers=HEADERS,)

    if response.status_code == 200:
        print(f"[✓] Abfrage von Security policy '{destination}' erfolgreich.")
    else:
        print(f"[✗] Fehler bei ({destination}): {response.status_code} → {response.text}")
        return

    target=json.loads(response.text)
   
    # die Pfad-Mappings werden auf die vom Template gesetzt, alles andere bleibt wie es war
    target['map'] = template['map']

    backendservice = domain_to_backend_id(target['name'])

    # Neuen Backend-Service in allen Pfaden der Security Policy setzen
    for mapitem in target['map']:
        if (mapitem['id'] != "__site_level__"):
            mapitem['backend_service'] = backendservice


    #print(target)
    # Speichern der Target Security Policy
    url = f"https://jtlwaap.app.reblaze.io/api/v4.0/conf/{CONFIG_ID}/security-policies/{destination}"
    
    response = requests.put(url, headers=HEADERS,data=json.dumps(target))

    if response.status_code == 200:
        print(f"[✓] Security Policy '{destination}' erfolgreich gespeichert.")
    else:
        print(f"[✗] Fehler bei {destination}: {response.status_code} → {response.text} {response.json()}")


def main():
    #sync_security_policies(SECURITY_POLICY, 'secpol-shop051-jtl-hosting-de')
    
    policies=get_all_security_policies()
    print(f"The following security policies are synced to {SECURITY_POLICY}. Is this what you want?")
    for policy in policies:
        if ( policy != '__default__' ) and ( policy != SECURITY_POLICY ):
            print(policy)
    yesno = input("Enter yes or no:")
    if ( yesno == "yes" ):
        for policy in policies:
            if ( policy != '__default__' ) and ( policy != SECURITY_POLICY ):
                sync_security_policies(SECURITY_POLICY, policy)
    
# === CSV-Datei einlesen ===
if __name__ == "__main__":
    main()