Merge pull request #47 from akamai/bugfix_appsec_create

bugfix: appsec-create

CHANGELOG.md

@@ -7,3 +7,10 @@
 - Update origin behavior template to [match Jun 12 2024 release](https://techdocs.akamai.com/property-mgr/changelog)
 - Display API creation error but not visible on the UI
 - Fix script error when create property using fixed ruleformat (ie. vYYYY-MM-DD)
+
+## 2.3.6
+
+#### BUG FIXES:
+
+- appsec-create fail on brand new group without any config
+- appsec-create version/activation note is empty

bin/akamai-onboard.py

@@ -49,7 +49,7 @@
 from model.single_host import SingleHost
 from tabulate import tabulate
 
-PACKAGE_VERSION = '2.3.5'
+PACKAGE_VERSION = '2.3.6'
 logger = setup_logger()
 root = get_cli_root_directory()
 
@@ -879,8 +879,9 @@ def __init__(self, li_obj):
 @click.option('--by', metavar='', type=click.Choice(['hostname', 'propertyname']), default='hostname', required=False,
               help='by command depends on data in CSV input file.     Options: hostname, propertyname')
 @click.option('--email', metavar='', required=False, help='email for activation notifications')
+@click.option('--version-notes', 'note', metavar='', default='Onboard CLI Activation', help='config version notes')
 @pass_config
-def appsec_create(config, contract_id, group_id, by, activate, csv, email):
+def appsec_create(config, contract_id, group_id, by, activate, csv, email, note):
     """
     \b
     Batch create new security configuration, security policy, and policy match target
@@ -901,8 +902,10 @@ def appsec_create(config, contract_id, group_id, by, activate, csv, email):
 
     appsec_main = Generic(contract_id, group_id, csv, by)
     # override default
-    appsec_main.notification_emails = [email]
+    if email:
+        appsec_main.notification_emails = [email]
     appsec_main.activate = activate
+    appsec_main.version_notes = note
     _, selectable_hostnames, selectable_df = wrap_api.get_selectable_hostnames(contract_id[4:], group_id[4:], appsec_main.network)
     show_df = util.validate_appsec_pre_create(appsec_main, wrap_api, util_waf, selectable_df)
 
@@ -918,6 +921,7 @@ def appsec_create(config, contract_id, group_id, by, activate, csv, email):
             public_hostnames = show_df['hostname'][i]
             logger.debug(f'{waf_config} {policy} {public_hostnames}')
             onboard = Property(contract_id, group_id, waf_config, policy)
+            onboard.version_notes = note
             if len(public_hostnames) > 0:
                 onboard.public_hostnames = public_hostnames
                 if by == 'propertyname':
@@ -943,6 +947,7 @@ def appsec_create(config, contract_id, group_id, by, activate, csv, email):
                     if activate:
                         # popolate AppSec data
                         appsec = AppSec(waf_config, onboard.onboard_waf_config_id, onboard.onboard_waf_config_version, [email])
+                        appsec.version_notes = note
                         appsec_onboard.append(appsec)
                 else:
                     sys.exit(logger.error('Fail to create waf config'))
@@ -960,7 +965,7 @@ def appsec_create(config, contract_id, group_id, by, activate, csv, email):
                 payload['mode'] = 'append'
                 logger.debug(output)
                 resp = wrap_api.modifyWafHosts(onboard.onboard_waf_config_id, onboard.onboard_waf_config_version, json.dumps(payload))
-                if resp.status_code != 200:
+                if not resp.ok:
                     logger.error(resp.json())
 
             if util_waf.create_waf_policy(wrap_api, onboard):

bin/model/appsec.py

@@ -34,6 +34,7 @@ class AppSec:
     activation_status: str = ''
     activation_create: str = ''
     activation_end: str = ''
+    version_notes: str = ''
 
 
 @dataclass
@@ -47,7 +48,7 @@ class Property:
     waf_target_hostnames: list[str] = field(default_factory=list)
     property_name: str = ''
     target_id: int = 0
-    version_notes = ''
+    version_notes: str = ''
     onboard_waf_config_id: int = 0
     onboard_waf_config_version: int = 0
 
@@ -64,3 +65,4 @@ class Generic:
     network: str = 'staging'
     notification_emails: list = field(default_factory=lambda: ['[email protected]'])
     activate: str = None
+    version_notes: str = None

bin/utility_waf.py

@@ -79,9 +79,9 @@ def updateActivateAndPoll(self, wrap_api, onboard_object, network):
                                                 onboard_object.onboard_waf_config_version,
                                                 network,
                                                 onboard_object.notification_emails,
-                                                note='Onboard CLI Activation')
+                                                note=onboard_object.version_notes)
 
-        if act_response.status_code == 200:
+        if act_response.ok:
             activation_status = False
             activation_id = act_response.json()['activationId']
             while activation_status is False:
@@ -90,7 +90,7 @@ def updateActivateAndPoll(self, wrap_api, onboard_object, network):
 
                 logger.debug(json.dumps(polling_status_response.json(), indent=4))
                 logger.debug(polling_status_response.url)
-                if polling_status_response.status_code == 200:
+                if polling_status_response.ok:
                     if network in polling_status_response.json()['network']:
                         if 'status' not in polling_status_response.json():
                             time.sleep(30)
@@ -127,7 +127,7 @@ def addHostnames(self, wrapper_object, hostname_list, config_id, version):
         selected_hosts_response = wrapper_object.getWafSelectedHosts(config_id, version)
         logger.debug(selected_hosts_response.url)
         logger.debug(selected_hosts_response.status_code)
-        if selected_hosts_response.status_code == 200:
+        if selected_hosts_response.ok:
             # Update the hostnames here
             updated_json_data = selected_hosts_response.json()
             logger.debug(json.dumps(updated_json_data, indent=4))
@@ -140,8 +140,7 @@ def addHostnames(self, wrapper_object, hostname_list, config_id, version):
             modify_hosts_response = wrapper_object.modifyWafHosts(config_id,
                                                                   version,
                                                                   json.dumps(updated_json_data))
-            if modify_hosts_response.status_code == 200 or \
-                modify_hosts_response.status_code == 201:
+            if modify_hosts_response.ok:
                 logger.info(f'Created WAF configuration version: {version}')
                 return True
             else:
@@ -191,8 +190,7 @@ def createWafVersion(self, wrapper_object, onboard_obj, notes: str):
         version_creation_response = wrapper_object.createWafConfigVersion(onboard_obj.onboard_waf_config_id,
                                                                           onboard_obj.onboard_waf_prev_version,
                                                                           notes)
-        if version_creation_response.status_code == 200 or \
-            version_creation_response.status_code == 201:
+        if version_creation_response.ok:
             onboard_obj.onboard_waf_config_version = version_creation_response.json()['version']
             logger.info(f"'{onboard_obj.waf_config_name}'{dot:>8}"
                         f'id: {onboard_obj.onboard_waf_config_id:<5}{dot:>15}'
@@ -244,7 +242,7 @@ def create_waf_config(self, wrap_api, onboard_obj):
             resp.status_code == 201:
             logger.info(f"'{onboard_obj.waf_config_name}'{dot:>8}"
                         f'id: {onboard_obj.onboard_waf_config_id:<5}{dot:>15}'
-                        f'version: {onboard_obj.onboard_waf_config_version:<5}{dot:>5}'
+                        f'version: {onboard_obj.onboard_waf_config_version:<5}{dot:>4}'
                         f'valid Security Configuration')
             return True
         logger.error(json.dumps(resp.json(), indent=4))
@@ -315,8 +313,8 @@ def activation_detail(self, wrap_api, onboard_object, activate):
                                             onboard_object[i].onboard_waf_config_version,
                                             network='STAGING',
                                             emails=onboard_object[i].notification_emails,
-                                            note='Onboard CLI Activation')
-            if response.status_code in (200, 201):
+                                            note=onboard_object[i].version_notes)
+            if response.ok:
                 onboard_object[i].activation_id = response.json()['activationId']
                 onboard_object[i].activation_create = response.json()['createDate']
                 onboard_object[i].activation_status = response.json()['status']

bin/wrapper_api.py

@@ -550,8 +550,7 @@ def create_waf_configurations(self, ion):
         logger.debug(payload)
 
         resp = self.session.post(url, data=json.dumps(payload), headers=headers)
-        if resp.status_code == 200 or \
-            resp.status_code == 201:
+        if resp.ok:
             ion.onboard_waf_config_id = resp.json()['configId']
             ion.onboard_waf_config_version = resp.json()['version']
             self.update_waf_config_version_note(ion, notes=ion.version_notes)
@@ -670,12 +669,12 @@ def get_selectable_hostnames(self, contract_id: int, group_id: int, network: str
         url = f'https://{self.access_hostname}/appsec/v1/contracts/{contract_id}/groups/{group_id}/selectable-hostnames'
         url = self.formUrl(url)
         response = self.session.get(url)
-        if response.status_code == 200:
+        if response.ok:
             if len(response.json()['availableSet']) > 0:
                 df = pd.json_normalize(response.json()['availableSet'])
                 logger.debug(f'\n{df}')
                 if network == 'staging':
-                    selectable_df = df[(df['activeInStaging']) & (df['configNameInProduction'].isnull())]
+                    selectable_df = df[(df['activeInStaging'])]  # & (df['activeInProduction'].isnull())]
                 else:
                     selectable_df = df[df['activeInProduction']]
             if selectable_df.empty:

cli.json

@@ -8,7 +8,7 @@
       "aliases": [
         "onboard"
       ],
-      "version": "2.3.5",
+      "version": "2.3.6",
       "description": "Onboard Akamai delivery and WAF configuration"
     }
   ]