Skip to content

Commit

Permalink
type=gcp | introdruce $namespace | improve handling for tenant like t…
Browse files Browse the repository at this point in the history 
…ogglesvc
  • Loading branch information
@swaschkut
swaschkut committed Oct 5, 2023
1 parent d6c8994 commit 3eb5b36
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 11 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ UTIL:
* type=rule | introduce new actions=stats-appid-fastapi:-90days/stats-service-fastapi:/stats-address-source-fastapi/stats-address-destination-fastapi/stats-address-fastapi/stats-traffic-fastapi
* type=routing | introduce actions=exporttoexcel:file.html
* type=routing | introduce 'filter=(protocol.bgp is.enabled)'
* type=gcp | introdruce $namespace | improve handling for tenant like togglesvc

BUGFIX:
* class PANConf|VirtualSystem | bugfix to support SharedGateway also for Tag objects correctly
Expand Down
29 changes: 18 additions & 11 deletions utils/lib/GCP.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ public function main()

if( $action == "grep" )
{
$kubectlArray = $this->createKubectl( $tenantID );
$kubectlArray = $this->createKubectl( $tenantID, $namespace );

if( $kubectlArray !== null )
foreach( $kubectlArray as $kubectlString )
Expand All @@ -203,7 +203,7 @@ public function main()
}
elseif( $action == "expedition-log" )
{
$tmpArray = $this->createKubectl( "expedition", "-- cat /var/log/expedition.log" );
$tmpArray = $this->createKubectl( "expedition", $namespace, "-- cat /var/log/expedition.log" );
$cliArray2[] = $tmpArray[0];


Expand Down Expand Up @@ -239,7 +239,7 @@ public function main()

PH::print_stdout( $tmpTenantid );

$tenant_exec_array = $this->createKubectl( $tmpTenantid );
$tenant_exec_array = $this->createKubectl( $tmpTenantid, $namespace );
if( $tenant_exec_array === null )
{
PH::print_stdout( "Tenant: '".$tmpTenantid."' not FOUND as a pod on cluster: ".$cluster );
Expand Down Expand Up @@ -375,7 +375,7 @@ public function main()
PH::print_stdout( "mgmtsvc tenantID: '".$mgmtsvc_tenantID[0]."'");


$mgmtsvc = "kubectl exec -it ".$mgmtsvc_tenantID[0]." -c mgmtsvc --insecure-skip-tls-verify=true -- ";
$mgmtsvc = "kubectl exec -it ".$mgmtsvc_tenantID[0]." -c mgmtsvc -n ".$namespace." --insecure-skip-tls-verify=true -- ";

#$tenant = "swaschkut-2";
#$cluster = "paas-f4";
Expand All @@ -389,7 +389,7 @@ public function main()
$this->execCLIWithOutput( $get_auth );

$mgmtsvc_tenantID = $this->grepAllPods( "mgmtsvc" );
$mgmtsvc = "kubectl exec -it ".$mgmtsvc_tenantID[0]." -c mgmtsvc --insecure-skip-tls-verify=true -- ";
$mgmtsvc = "kubectl exec -it ".$mgmtsvc_tenantID[0]." -c mgmtsvc -n ".$namespace." --insecure-skip-tls-verify=true -- ";

$offboard_string = 'curl --header "Content-Type: application/json; charset=UTF-8" --request POST --data \'{"id":"'.$tenantID.'", "r":"false", "mig":"false"}\' http://127.0.0.1:8085/api/v1/src/mgmtsvc/customer/offboard';
$this->execCLIWithOutput( $mgmtsvc.$offboard_string );
Expand Down Expand Up @@ -420,7 +420,7 @@ public function main()
$this->execCLIWithOutput( $get_auth );

$mgmtsvc_tenantID = $this->grepAllPods( "mgmtsvc" );
$mgmtsvc = "kubectl exec -it ".$mgmtsvc_tenantID[0]." -c mgmtsvc --insecure-skip-tls-verify=true -- ";
$mgmtsvc = "kubectl exec -it ".$mgmtsvc_tenantID[0]." -c mgmtsvc -n ".$namespace." --insecure-skip-tls-verify=true -- ";


$username = "paloalto";
Expand Down Expand Up @@ -522,7 +522,7 @@ private function extractTenentID( $line, $command = "-- bash" )
}


private function createKubectl( $tenantID, $command = "-- bash" )
private function createKubectl( $tenantID, $namespace, $command = "-- bash" )
{
$return = array();
//get correct onprem tenant
Expand All @@ -533,11 +533,13 @@ private function createKubectl( $tenantID, $command = "-- bash" )
foreach( $tenantIDarray as $tenantID )
{
if( strpos( $tenantID, "expedition" ) !== FALSE )
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c expedition";
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c expedition -n ".$namespace;
elseif( strpos( $tenantID, "mgmtsvc" ) !== FALSE )
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c mgmtsvc";
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c mgmtsvc -n ".$namespace;
elseif( strpos( $tenantID, "togglesvc" ) !== FALSE )
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c togglesvc -n ".$namespace;
else
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c ".substr($tenantID, 0, -2);
$tenant_exec = "kubectl ".$this->insecureValue." exec -it " . $tenantID . " -c ".substr($tenantID, 0, -2). " -n ".$namespace;

$return[] = $tenant_exec." ".$command;
}
Expand Down Expand Up @@ -595,6 +597,7 @@ private function MFAAuthenticationCheck()
"code": 403
}';


$curl = curl_init($this->http_auth);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
Expand All @@ -604,6 +607,9 @@ private function MFAAuthenticationCheck()
$response = curl_exec($curl);
curl_close($curl);

$exec = 'open -a "Google Chrome" '.$this->http_auth;
exec( $exec );
/*
if( $expectedResponse !== $response )
{
$counter = 0;
Expand All @@ -624,6 +630,7 @@ private function MFAAuthenticationCheck()
}
while( $expectedResponse !== $response && $counter < 2 );
}
*/

if( $expectedResponse === $response )
{
Expand All @@ -634,7 +641,7 @@ private function MFAAuthenticationCheck()
else
{
$message = "please open: ".$this->http_auth." in WebBrowser for MFA authentication. Then rerun this script";
derr( $message, null, FALSE );
#derr( $message, null, FALSE );
}
}

Expand Down

0 comments on commit 3eb5b36

Please sign in to comment.