catocli 2.0.4__py3-none-any.whl → 2.0.5__py3-none-any.whl

build/lib/catocli/parsers/custom/import_rules_to_tf/__init__.py

@@ -0,0 +1,58 @@
+import catocli.parsers.custom.import_rules_to_tf.import_rules_to_tf as import_rules_to_tf
+
+def rule_import_parse(subparsers):
+    """Create import command parsers"""
+    
+    # Create the main import parser
+    import_parser = subparsers.add_parser('import', help='Import data from various sources', usage='catocli import <operation> [options]')
+    import_subparsers = import_parser.add_subparsers(description='valid import operations', help='additional help')
+    
+    # Add if_rules_to_tf command
+    if_rules_parser = import_subparsers.add_parser(
+        'if_rules_to_tf', 
+        help='Import Internet Firewall rules to Terraform state',
+        usage='catocli import if_rules_to_tf <json_file> --module-name <module_name> [options]\n\nexample: catocli import if_rules_to_tf config_data/all_wf_rules_and_sections.json --module-name module.if_rules'
+    )
+    
+    if_rules_parser.add_argument('json_file', help='Path to the JSON file containing IFW rules and sections')
+    if_rules_parser.add_argument('--module-name', required=True, 
+                                help='Terraform module name to import resources into')
+    if_rules_parser.add_argument('-accountID', help='Account ID (required by CLI framework but not used for import)', required=False)
+    if_rules_parser.add_argument('--batch-size', type=int, default=10, 
+                                help='Number of imports per batch (default: 10)')
+    if_rules_parser.add_argument('--delay', type=int, default=2, 
+                                help='Delay between batches in seconds (default: 2)')
+    if_rules_parser.add_argument('--rules-only', action='store_true', 
+                                help='Import only rules, skip sections')
+    if_rules_parser.add_argument('--sections-only', action='store_true', 
+                                help='Import only sections, skip rules')
+    if_rules_parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
+    if_rules_parser.add_argument('--auto-approve', action='store_true', help='Skip confirmation prompt and proceed automatically')
+    
+    if_rules_parser.set_defaults(func=import_rules_to_tf.import_if_rules_to_tf)
+    
+    # Add wf_rules_to_tf command
+    wf_rules_parser = import_subparsers.add_parser(
+        'wf_rules_to_tf', 
+        help='Import WAN Firewall rules to Terraform state',
+        usage='catocli import wf_rules_to_tf <json_file> --module-name <module_name> [options]\n\nexample: catocli import wf_rules_to_tf config_data/all_wf_rules_and_sections.json --module-name module.wf_rules'
+    )
+    
+    wf_rules_parser.add_argument('json_file', help='Path to the JSON file containing WF rules and sections')
+    wf_rules_parser.add_argument('--module-name', required=True, 
+                                help='Terraform module name to import resources into')
+    wf_rules_parser.add_argument('-accountID', help='Account ID (required by CLI framework but not used for import)', required=False)
+    wf_rules_parser.add_argument('--batch-size', type=int, default=10, 
+                                help='Number of imports per batch (default: 10)')
+    wf_rules_parser.add_argument('--delay', type=int, default=2, 
+                                help='Delay between batches in seconds (default: 2)')
+    wf_rules_parser.add_argument('--rules-only', action='store_true', 
+                                help='Import only rules, skip sections')
+    wf_rules_parser.add_argument('--sections-only', action='store_true', 
+                                help='Import only sections, skip rules')
+    wf_rules_parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
+    wf_rules_parser.add_argument('--auto-approve', action='store_true', help='Skip confirmation prompt and proceed automatically')
+    
+    wf_rules_parser.set_defaults(func=import_rules_to_tf.import_wf_rules_to_tf)
+    
+    return import_parser

build/lib/catocli/parsers/custom/import_rules_to_tf/import_rules_to_tf.py

@@ -0,0 +1,451 @@
+#!/usr/bin/env python3
+"""
+Direct Terraform Import Script using Python
+Imports firewall rules and sections directly using subprocess calls to terraform import
+Reads from JSON structure exported from Cato API
+Adapted from scripts/import_if_rules_to_tfstate.py for CLI usage
+"""
+
+import json
+import subprocess
+import sys
+import re
+import time
+import glob
+from pathlib import Path
+from ..customLib import validate_terraform_environment
+
+
+def load_json_data(json_file):
+    """Load firewall data from JSON file"""
+    try:
+        with open(json_file, 'r') as f:
+            data = json.load(f)
+            return data['data']['policy']['internetFirewall']['policy']
+    except FileNotFoundError:
+        print(f"Error: JSON file '{json_file}' not found")
+        sys.exit(1)
+    except json.JSONDecodeError as e:
+        print(f"Error: Invalid JSON in '{json_file}': {e}")
+        sys.exit(1)
+    except KeyError as e:
+        print(f"Error: Expected JSON structure not found in '{json_file}': {e}")
+        sys.exit(1)
+
+
+def sanitize_name_for_terraform(name):
+    """Sanitize rule/section name to create valid Terraform resource key"""
+    # Replace spaces and special characters with underscores
+    sanitized = re.sub(r'[^a-zA-Z0-9_-]', '_', name)
+    # Remove multiple consecutive underscores
+    sanitized = re.sub(r'_+', '_', sanitized)
+    # Remove leading/trailing underscores
+    sanitized = sanitized.strip('_')
+    return sanitized
+
+
+def extract_rules_and_sections(policy_data):
+    """Extract rules and sections from the policy data"""
+    rules = []
+    sections = []
+    
+    # Extract rules
+    for rule_entry in policy_data.get('rules', []):
+        rule = rule_entry.get('rule', {})
+        if rule.get('id') and rule.get('name'):
+            rules.append({
+                'id': rule['id'],
+                'name': rule['name'],
+                'index': rule.get('index', 0),
+                'section_name': rule.get('section', {}).get('name', 'Default')
+            })
+    
+    # Extract sections
+    for section in policy_data.get('sections', []):
+        if section.get('section_name'):
+            sections.append({
+                'section_name': section['section_name'],
+                'section_index': section.get('section_index', 0),
+                'section_id': section.get('section_id', '')
+            })
+    return rules, sections
+
+
+def run_terraform_import(resource_address, resource_id, timeout=60, verbose=False):
+    """
+    Run a single terraform import command
+    
+    Args:
+        resource_address: The terraform resource address
+        resource_id: The actual resource ID to import
+        timeout: Command timeout in seconds
+        verbose: Whether to show verbose output
+    
+    Returns:
+        tuple: (success: bool, output: str, error: str)
+    """
+    cmd = ['terraform', 'import', resource_address, resource_id]
+    if verbose:
+        print(f"Command: {' '.join(cmd)}")
+    
+    try:
+        print(f"Importing: {resource_address} <- {resource_id}")
+        
+        result = subprocess.run(
+            cmd,
+            capture_output=True,
+            text=True,
+            timeout=timeout,
+            cwd=Path.cwd()
+        )
+        
+        if result.returncode == 0:
+            print(f"Success: {resource_address}")
+            return True, result.stdout, result.stderr
+        else:
+            print(f"Failed: {resource_address}")
+            print(f"Error: {result.stderr}")
+            return False, result.stdout, result.stderr
+            
+    except subprocess.TimeoutExpired:
+        print(f"Timeout: {resource_address} (exceeded {timeout}s)")
+        return False, "", f"Command timed out after {timeout} seconds"
+    except Exception as e:
+        print(f"Unexpected error for {resource_address}: {e}")
+        return False, "", str(e)
+
+
+def find_rule_index(rules, rule_name):
+    """Find rule index by name."""
+    for index, rule in enumerate(rules):
+        if rule['name'] == rule_name:
+            return index
+    return None
+
+
+def import_sections(sections, module_name, resource_type,
+                    resource_name="sections", verbose=False):
+    """Import all sections"""
+    print("\nStarting section imports...")
+    total_sections = len(sections)
+    successful_imports = 0
+    failed_imports = 0
+    
+    for i, section in enumerate(sections):
+        section_id = section['section_id']
+        section_name = section['section_name']
+        section_index = section['section_index']
+        resource_address = f'{module_name}.{resource_type}.{resource_name}["{section_name}"]'
+        print(f"\n[{i+1}/{total_sections}] Section: {section_name} (index: {section_index})")
+
+        # For sections, we use the section name as the ID since that's how Cato identifies them
+        success, stdout, stderr = run_terraform_import(resource_address, section_id, verbose=verbose)
+        
+        if success:
+            successful_imports += 1
+        else:
+            failed_imports += 1
+    
+    print(f"\nSection Import Summary: {successful_imports} successful, {failed_imports} failed")
+    return successful_imports, failed_imports
+
+
+def import_rules(rules, module_name, verbose=False,
+                resource_type="cato_if_rule", resource_name="rules",
+                batch_size=10, delay_between_batches=2, auto_approve=False):
+    """Import all rules in batches"""
+    print("\nStarting rule imports...")
+    successful_imports = 0
+    failed_imports = 0
+    total_rules = len(rules)
+    
+    for i, rule in enumerate(rules):
+        rule_id = rule['id']
+        rule_name = rule['name']
+        rule_index = find_rule_index(rules, rule_name)
+        terraform_key = sanitize_name_for_terraform(rule_name)
+        
+        # Use array index syntax instead of rule ID
+        resource_address = f'{module_name}.{resource_type}.{resource_name}["{str(rule_name)}"]'
+        print(f"\n[{i+1}/{total_rules}] Rule: {rule_name} (index: {rule_index})")
+        
+        success, stdout, stderr = run_terraform_import(resource_address, rule_id, verbose=verbose)
+        
+        if success:
+            successful_imports += 1
+        else:
+            failed_imports += 1
+            
+            # Ask user if they want to continue on failure (unless auto-approved)
+            if failed_imports <= 3 and not auto_approve:  # Only prompt for first few failures
+                response = input(f"\nContinue with remaining imports? (y/n): ").lower()
+                if response == 'n':
+                    print("Import process stopped by user.")
+                    break
+        
+        # Delay between batches
+        if (i + 1) % batch_size == 0 and i < total_rules - 1:
+            print(f"\n  Batch complete. Waiting {delay_between_batches}s before next batch...")
+            time.sleep(delay_between_batches)
+    
+    print(f"\n Rule Import Summary: {successful_imports} successful, {failed_imports} failed")
+    return successful_imports, failed_imports
+
+
+def import_if_rules_to_tf(args, configuration):
+    """Main function to orchestrate the import process"""
+    try:
+        print(" Terraform Import Tool - Cato IFW Rules & Sections")
+        print("=" * 60)
+        
+        # Load data
+        print(f" Loading data from {args.json_file}...")
+        policy_data = load_json_data(args.json_file)
+        
+        # Extract rules and sections
+        rules, sections = extract_rules_and_sections(policy_data)
+        
+        if hasattr(args, 'verbose') and args.verbose:
+            print(f"section_ids: {json.dumps(policy_data.get('section_ids', {}), indent=2)}")
+        
+        print(f" Found {len(rules)} rules")
+        print(f"  Found {len(sections)} sections")
+        
+        if not rules and not sections:
+            print(" No rules or sections found. Exiting.")
+            return [{"success": False, "error": "No rules or sections found"}]
+        
+        # Validate Terraform environment before proceeding
+        validate_terraform_environment(args.module_name, verbose=args.verbose)
+        
+        # Ask for confirmation (unless auto-approved)
+        if not args.rules_only and not args.sections_only:
+            print(f"\n Ready to import {len(sections)} sections and {len(rules)} rules.")
+        elif args.rules_only:
+            print(f"\n Ready to import {len(rules)} rules only.")
+        elif args.sections_only:
+            print(f"\n Ready to import {len(sections)} sections only.")
+        
+        if hasattr(args, 'auto_approve') and args.auto_approve:
+            print("\nAuto-approve enabled, proceeding with import...")
+        else:
+            confirm = input(f"\nProceed with import? (y/n): ").lower()
+            if confirm != 'y':
+                print("Import cancelled.")
+                return [{"success": False, "error": "Import cancelled by user"}]
+        
+        total_successful = 0
+        total_failed = 0
+        
+        # Import sections first (if not skipped)
+        if not args.rules_only and sections:
+            successful, failed = import_sections(sections, module_name=args.module_name, resource_type="cato_if_section", verbose=args.verbose)
+            total_successful += successful
+            total_failed += failed
+        
+        # Import rules (if not skipped)
+        if not args.sections_only and rules:
+            successful, failed = import_rules(rules, module_name=args.module_name, 
+                                            verbose=args.verbose, batch_size=args.batch_size, 
+                                            delay_between_batches=args.delay,
+                                            auto_approve=getattr(args, 'auto_approve', False))
+            total_successful += successful
+            total_failed += failed
+        
+        # Final summary
+        print("\n" + "=" * 60)
+        print(" FINAL IMPORT SUMMARY")
+        print("=" * 60)
+        print(f" Total successful imports: {total_successful}")
+        print(f" Total failed imports: {total_failed}")
+        print(f" Overall success rate: {(total_successful / (total_successful + total_failed) * 100):.1f}%" if (total_successful + total_failed) > 0 else "N/A")
+        print("\n Import process completed!")
+        
+        return [{
+            "success": True, 
+            "total_successful": total_successful,
+            "total_failed": total_failed,
+            "module_name": args.module_name
+        }]
+        
+    except Exception as e:
+        print(f"ERROR: {str(e)}")
+        return [{"success": False, "error": str(e)}]
+
+
+def load_wf_json_data(json_file):
+    """Load WAN Firewall data from JSON file"""
+    try:
+        with open(json_file, 'r') as f:
+            data = json.load(f)
+            return data['data']['policy']['wanFirewall']['policy']
+    except FileNotFoundError:
+        print(f"Error: JSON file '{json_file}' not found")
+        sys.exit(1)
+    except json.JSONDecodeError as e:
+        print(f"Error: Invalid JSON in '{json_file}': {e}")
+        sys.exit(1)
+    except KeyError as e:
+        print(f"Error: Expected JSON structure not found in '{json_file}': {e}")
+        sys.exit(1)
+
+
+def import_wf_sections(sections, module_name, verbose=False,
+                      resource_type="cato_wf_section", resource_name="sections"):
+    """Import all WAN Firewall sections"""
+    print("\nStarting WAN Firewall section imports...")
+    total_sections = len(sections)
+    successful_imports = 0
+    failed_imports = 0
+    
+    for i, section in enumerate(sections):
+        section_id = section['section_id']
+        section_name = section['section_name']
+        section_index = section['section_index']
+        # Add module. prefix if not present
+        if not module_name.startswith('module.'):
+            module_name = f'module.{module_name}'
+        resource_address = f'{module_name}.{resource_type}.{resource_name}["{section_name}"]'
+        print(f"\n[{i+1}/{total_sections}] Section: {section_name} (index: {section_index})")
+
+        # For sections, we use the section name as the ID since that's how Cato identifies them
+        success, stdout, stderr = run_terraform_import(resource_address, section_id, verbose=verbose)
+        
+        if success:
+            successful_imports += 1
+        else:
+            failed_imports += 1
+    
+    print(f"\nWAN Firewall Section Import Summary: {successful_imports} successful, {failed_imports} failed")
+    return successful_imports, failed_imports
+
+
+def import_wf_rules(rules, module_name, verbose=False,
+                   resource_type="cato_wf_rule", resource_name="rules",
+                   batch_size=10, delay_between_batches=2, auto_approve=False):
+    """Import all WAN Firewall rules in batches"""
+    print("\nStarting WAN Firewall rule imports...")
+    successful_imports = 0
+    failed_imports = 0
+    total_rules = len(rules)
+    
+    for i, rule in enumerate(rules):
+        rule_id = rule['id']
+        rule_name = rule['name']
+        rule_index = find_rule_index(rules, rule_name)
+        terraform_key = sanitize_name_for_terraform(rule_name)
+        
+        # Add module. prefix if not present
+        if not module_name.startswith('module.'):
+            module_name = f'module.{module_name}'
+
+        # Use array index syntax instead of rule ID
+        resource_address = f'{module_name}.{resource_type}.{resource_name}["{str(rule_name)}"]'
+        print(f"\n[{i+1}/{total_rules}] Rule: {rule_name} (index: {rule_index})")
+        
+        success, stdout, stderr = run_terraform_import(resource_address, rule_id, verbose=verbose)
+        
+        if success:
+            successful_imports += 1
+        else:
+            failed_imports += 1
+            
+            # Ask user if they want to continue on failure (unless auto-approved)
+            if failed_imports <= 3 and not auto_approve:  # Only prompt for first few failures
+                response = input(f"\nContinue with remaining imports? (y/n): ").lower()
+                if response == 'n':
+                    print("Import process stopped by user.")
+                    break
+        
+        # Delay between batches
+        if (i + 1) % batch_size == 0 and i < total_rules - 1:
+            print(f"\n   Batch complete. Waiting {delay_between_batches}s before next batch...")
+            time.sleep(delay_between_batches)
+    
+    print(f"\nWAN Firewall Rule Import Summary: {successful_imports} successful, {failed_imports} failed")
+    return successful_imports, failed_imports
+
+
+def import_wf_rules_to_tf(args, configuration):
+    """Main function to orchestrate the WAN Firewall import process"""
+    try:
+        print(" Terraform Import Tool - Cato WF Rules & Sections")
+        print("=" * 60)
+        
+        # Load data
+        print(f" Loading data from {args.json_file}...")
+        policy_data = load_wf_json_data(args.json_file)
+        
+        # Extract rules and sections
+        rules, sections = extract_rules_and_sections(policy_data)
+        
+        if hasattr(args, 'verbose') and args.verbose:
+            print(f"section_ids: {json.dumps(policy_data.get('section_ids', {}), indent=2)}")
+        
+        print(f" Found {len(rules)} rules")
+        print(f"  Found {len(sections)} sections")
+        
+        if not rules and not sections:
+            print(" No rules or sections found. Exiting.")
+            return [{"success": False, "error": "No rules or sections found"}]
+        
+        # Add module. prefix if not present
+        module_name = args.module_name
+        if not module_name.startswith('module.'):
+            module_name = f'module.{module_name}'
+        # Validate Terraform environment before proceeding
+        validate_terraform_environment(module_name, verbose=args.verbose)
+        
+        # Ask for confirmation (unless auto-approved)
+        if not args.rules_only and not args.sections_only:
+            print(f"\n Ready to import {len(sections)} sections and {len(rules)} rules.")
+        elif args.rules_only:
+            print(f"\n Ready to import {len(rules)} rules only.")
+        elif args.sections_only:
+            print(f"\n Ready to import {len(sections)} sections only.")
+        
+        if hasattr(args, 'auto_approve') and args.auto_approve:
+            print("\nAuto-approve enabled, proceeding with import...")
+        else:
+            confirm = input(f"\nProceed with import? (y/n): ").lower()
+            if confirm != 'y':
+                print("Import cancelled.")
+                return [{"success": False, "error": "Import cancelled by user"}]
+        
+        total_successful = 0
+        total_failed = 0
+        
+        # Import sections first (if not skipped)
+        if not args.rules_only and sections:
+            successful, failed = import_wf_sections(sections, module_name=args.module_name, verbose=args.verbose)
+            total_successful += successful
+            total_failed += failed
+        
+        # Import rules (if not skipped)
+        if not args.sections_only and rules:
+            successful, failed = import_wf_rules(rules, module_name=args.module_name, 
+                                                verbose=args.verbose, batch_size=args.batch_size, 
+                                                delay_between_batches=args.delay,
+                                                auto_approve=getattr(args, 'auto_approve', False))
+            total_successful += successful
+            total_failed += failed
+        
+        # Final summary
+        print("\n" + "=" * 60)
+        print(" FINAL IMPORT SUMMARY")
+        print("=" * 60)
+        print(f" Total successful imports: {total_successful}")
+        print(f" Total failed imports: {total_failed}")
+        print(f" Overall success rate: {(total_successful / (total_successful + total_failed) * 100):.1f}%" if (total_successful + total_failed) > 0 else "N/A")
+        print("\n Import process completed!")
+        
+        return [{
+            "success": True, 
+            "total_successful": total_successful,
+            "total_failed": total_failed,
+            "module_name": args.module_name
+        }]
+        
+    except Exception as e:
+        print(f"ERROR: {str(e)}")
+        return [{"success": False, "error": str(e)}]

build/lib/catocli/parsers/custom/import_sites_to_tf/__init__.py

@@ -0,0 +1,45 @@
+import catocli.parsers.custom.import_sites_to_tf.import_sites_to_tf as import_sites_to_tf
+
+def site_import_parse(subparsers, import_parser):
+    """Add socket sites import command to existing import parser"""
+    
+    if import_parser is None:
+        raise ValueError("Import parser not found. Make sure rule_import_parse is called before site_import_parse.")
+    
+    # Get the existing subparsers from the import parser
+    import_subparsers = None
+    for action in import_parser._subparsers._group_actions:
+        if hasattr(action, 'choices'):
+            import_subparsers = action
+            break
+    
+    if import_subparsers is None:
+        raise ValueError("Import subparsers not found in existing import parser.")
+    
+    # Add socket_sites_to_tf command
+    socket_sites_parser = import_subparsers.add_parser(
+        'socket_sites_to_tf', 
+        help='Import socket sites to Terraform state',
+        usage='catocli import socket_sites_to_tf <json_file> --module-name <module_name> [options]\n\nexample: catocli import socket_sites_to_tf config_data/socket_sites_11484.json --module-name module.sites'
+    )
+    
+    socket_sites_parser.add_argument('json_file', help='Path to the JSON file containing socket sites data')
+    socket_sites_parser.add_argument('--module-name', required=True, 
+                                help='Terraform module name to import resources into')
+    socket_sites_parser.add_argument('-accountID', help='Account ID (required by CLI framework but not used for import)', required=False)
+    socket_sites_parser.add_argument('--batch-size', type=int, default=10, 
+                                help='Number of imports per batch (default: 10)')
+    socket_sites_parser.add_argument('--delay', type=int, default=2, 
+                                help='Delay between batches in seconds (default: 2)')
+    socket_sites_parser.add_argument('--sites-only', action='store_true', 
+                                help='Import only sites, skip interfaces and network ranges')
+    socket_sites_parser.add_argument('--interfaces-only', action='store_true', 
+                                help='Import only WAN interfaces, skip sites and network ranges')
+    socket_sites_parser.add_argument('--network-ranges-only', action='store_true', 
+                                help='Import only network ranges, skip sites and interfaces')
+    socket_sites_parser.add_argument('-v', '--verbose', action='store_true', help='Verbose output')
+    socket_sites_parser.add_argument('--auto-approve', action='store_true', help='Skip confirmation prompt and proceed automatically')
+    
+    socket_sites_parser.set_defaults(func=import_sites_to_tf.import_socket_sites_to_tf)
+        
+    return import_parser