-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathimport-assets-from-tpam.sh
executable file
·136 lines (117 loc) · 4.39 KB
/
import-assets-from-tpam.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
print_usage()
{
cat <<EOF
USAGE: import-assets-from-tpam.sh [-h]
import-assets-from-tpam.sh [-a appliance] [-t accesstoken] [-T tpam_appliance] [-I tpam_cli_ssh_key] [-P asset_partition_id]
-h Show help and exit
-a Network address of the appliance
-t Safeguard access token
-T Network address of the TPAM appliance
-I SSH key for TPAM CLI access
-P ID of asset partition to put new assets
Download all TPAM systems and import them into Safeguard.
NOTE: Install jq to get pretty-printed JSON output.
EOF
exit 0
}
set -e
ScriptDir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
SgBashDir="$(dirname $(which connect-safeguard.sh))"
. "$SgBashDir/utils/loginfile.sh"
# This script is meant to be run from within a fresh safeguard-bash Docker container
if test -t 1; then
YELLOW='\033[1;33m'
NC='\033[0m'
fi
Appliance=
AccessToken=
Tpam=
TpamKey=
PartitionId=-1
require_args()
{
require_login_args
if [ -z "$Tpam" ]; then
read -p "Tpam network address: " Tpam
fi
if [ -z "$TpamKey" ]; then
read -p "Tpam CLI SSH key file path: " TpamKey
fi
}
while getopts ":t:a:T:I:P:h" opt; do
case $opt in
t)
AccessToken=$OPTARG
;;
a)
Appliance=$OPTARG
;;
T)
Tpam=$OPTARG
;;
I)
TpamKey=$OPTARG
;;
P)
PartitionId=$OPTARG
;;
h)
print_usage
;;
esac
done
if [ -z "$(which jq 2> /dev/null)" ]; then
>&2 echo "This script requires extensive JSON parsing, so you must download and install jq to use it."
exit 1
fi
if [ -z "$(which sed)" ]; then
>&2 echo "This script requires special parsing, so you must download and install sed to use it."
exit 1
fi
require_args
# this could easily be extended--it makes sense to use "Other" versions
PlatformMapping="{
\"Linux\": $($SgBashDir/get-platform.sh -n 'Other Linux Other' | jq .[].Id),
\"Windows Desktop\": $($SgBashDir/get-platform.sh -n 'Windows Other' | jq .[].Id),
\"Windows\": $($SgBashDir/get-platform.sh -n 'Windows Other' | jq .[].Id),
\"MacOSX\": $($SgBashDir/get-platform.sh -n 'OS X Other' | jq .[].Id),
\"AIX\": $($SgBashDir/get-platform.sh -n 'AIX Other' | jq .[].Id),
\"HP-UX\": $($SgBashDir/get-platform.sh -n 'HP-UX Other' | jq .[].Id)
}"
PlatformFilter="select( $(echo $PlatformMapping | jq -r 'to_entries[] | "(.PlatformId | contains(\"" + .key + "\")) or"' | tr '\n' ' ' | sed 's/...$//'))"
migrate_platform_id()
{
SgRemoved=$(echo $1 | jq ".[] | $PlatformFilter" | jq -s .)
>&2 echo -e "${YELLOW}Found platform matches for $(echo $SgRemoved | jq '. | length') records${NC}"
echo $SgRemoved | jq --argjson mapping "$PlatformMapping" '.[] | with_entries(
if (.key == "PlatformId") then
.value |= (. as $val | ($mapping | to_entries[] | select(.key == $val) | .value))
else . end )
' | jq -s .
}
>&2 echo -e "${YELLOW}Fetching systems from TPAM...${NC}"
Output=$(ssh -i $TpamKey -oStrictHostKeyChecking=no $Tpam ListSystems -MaxRows 0)
TpamJson=$(while read -r OutputLine; do echo "$OutputLine" | sed 's/\r//' | jq -R 'split("\t")'; done <<< "$Output" | jq -s -f "$ScriptDir/csv2json-helper.jq")
TpamJsonFiltered=$(echo $TpamJson \
| jq '.[] | {SystemName,NetworkAddress,PlatformName,PortNumber,Description}' \
| jq ". + { \"AssetPartitionId\": $PartitionId }" | jq -s .)
SgJsonPre=$(echo $TpamJsonFiltered \
| jq '.[] | with_entries(
if (.key == "SystemName") then
.key |= "Name"
elif (.key == "PortNumber") then
.key |= "ConnectionProperties"
elif (.key == "PlatformName") then
.key |= "PlatformId"
else . end )' \
| jq 'with_entries(
if ((.key == "ConnectionProperties") and (.value == null)) then
.value |= { ServiceAccountCredentialType: "None" }
elif (.key == "ConnectionProperties") then
.value |= { ServiceAccountCredentialType: "None", Port: . }
else . end )' | jq -s .)
>&2 echo -e "${YELLOW}Found $(echo $SgJsonPre | jq '. | length') records${NC}"
SgJson=$(migrate_platform_id "$SgJsonPre")
>&2 echo -e "${YELLOW}Adding new records to Safeguard...${NC}"
invoke-safeguard-method.sh -a "$Appliance" -t "$AccessToken" -s core -m POST -U "Assets/Batch" -N -b "$SgJson"