Fix create pipeline mode fail #21 (#22)

#### BUG FIXES:
* create pipeline mode fail
* additional validations prevent cli to move on to create config
* create mode using mode new_standard_tls_edgehostname
* handle security match target update when match target is already 'ALL HOSTNAMES'

bin/akamai-onboard.py

@@ -149,16 +149,19 @@ def single_host(config, file):
         onboard.use_existing_enrollment_id = True
         onboard.edge_hostname_mode = 'new_enhanced_tls_edgehostname'
         onboard.existing_enrollment_id = setup.existing_enrollment_id
-    if setup.version_notes is not None:
+    if not (setup.version_notes == ''):
         onboard.version_notes = setup.version_notes
     if not setup.activate_production:
         onboard.activate_property_production = False
         onboard.activate_waf_policy_production = False
 
     # Validate setup and akamai cli and cli pipeline are installed
     util = utility.utility()
-    util.installedCommandCheck('akamai')
-    util.executeCommand(['akamai', 'pipeline'])
+    cli_installed = util.installedCommandCheck('akamai')
+    pipeline_installed = util.executeCommand(['akamai', 'pipeline'])
+
+    if not (pipeline_installed and (cli_installed or pipeline_installed)):
+        sys.exit()
 
     # Load business rule for delivery and security
     util_papi = utility_papi.papiFunctions()
@@ -259,8 +262,11 @@ def create(config, file):
 
     # Validate setup and akamai cli and cli pipeline are installed
     utility_object = utility.utility()
-    utility_object.installedCommandCheck('akamai')
-    utility_object.executeCommand(['akamai', 'pipeline'])
+    cli_installed = utility_object.installedCommandCheck('akamai')
+    pipeline_installed = utility_object.executeCommand(['akamai', 'pipeline'])
+
+    if not (pipeline_installed and (cli_installed or pipeline_installed)):
+        sys.exit()
 
     # Validate akamai cli and cli pipeline are installed
     utility_papi_object = utility_papi.papiFunctions()

bin/utility.py

@@ -10,6 +10,8 @@
 
 from distutils.dir_util import copy_tree
 from exceptions import setup_logger
+from pyisemail import is_email
+
 
 logger = setup_logger()
 space = ' '
@@ -79,8 +81,9 @@ def validateSetupSteps(self, onboard_object, wrapper_object, cli_mode='create')
         Function to validate the input values of setup.json
         """
         count = 0
+        valid_waf = True
         print()
-        logger.warning('Validating setup file information')
+        logger.warning('Validating setup file information. Please wait, may take a few moments')
 
         # check if property name exists
         if wrapper_object.property_exists(onboard_object.property_name):
@@ -166,8 +169,8 @@ def validateSetupSteps(self, onboard_object, wrapper_object, cli_mode='create')
             logger.info('valid options: use_existing_edgehostname, new_standard_tls_edgehostname, new_enhanced_tls_edgehostname')
         elif onboard_object.edge_hostname_mode == 'use_existing_edgehostname':
             ehn_id = 0
-            if onboard_object.edge_hostname is None:
-                logger.error(f'edge_hostname{space:>20}missing')
+            if onboard_object.edge_hostname == '':
+                logger.error(f'{onboard_object.edge_hostname:<30}{space:>20}missing edge hostname')
                 count += 1
             else:
                 try:
@@ -244,6 +247,7 @@ def validateSetupSteps(self, onboard_object, wrapper_object, cli_mode='create')
                     else:
                         count += 1
                         logger.error(f'{onboard_object.waf_config_name:<30}{space:>20}invalid waf_config_name, not found')
+                        valid_waf = False
 
                     if onboard_object.onboard_waf_config_id is not None:
                         logger.debug(f'{onboard_object.onboard_waf_config_id} {onboard_object.onboard_waf_prev_version}')
@@ -282,10 +286,36 @@ def validateSetupSteps(self, onboard_object, wrapper_object, cli_mode='create')
                 else:
                     # valid means this waf name doesn't exists
                     logger.info(f'{onboard_object.waf_config_name:<30}{space:>20}new waf_config_name')
+                    valid_waf = False
 
         else:
             pass
 
+        # valid notify_emails is required
+        emails = onboard_object.notification_emails
+        if len(emails) == 0:
+            logger.error('At least one valid notification email is required')
+            count += 1
+        else:
+            for email in emails:
+                if not is_email(email):
+                    logger.error(f'{email:<30}{space:>20}invalid email address')
+                    count += 1
+
+        # maximum active security config per network is 10
+        '''
+        if onboard_object.activate_waf_policy_staging and valid_waf:
+            stg_active_count, prd_active_count = self.get_active_sec_config(wrapper_object)
+            msg = 'Deactivate another one, or contact support to raise limits.'
+            if stg_active_count >= 10:
+                logger.error(f'You reached your maximum allowed number of security configurations on STAGING. {msg}')
+                count += 1
+
+            if onboard_object.activate_waf_policy_staging and prd_active_count >= 10:
+                logger.error(f'You reached your maximum allowed number of security configurations on PRODUCTION. {msg}')
+                count += 1
+        '''
+
         if count == 0:
             self.valid is True
             print()

bin/utility_papi.py

@@ -129,7 +129,7 @@ def createAndUpdateProperty(self, config, onboard_object, wrapper_object, utilit
         elif onboard_object.use_folder:
             # Do Akamai pipeline merge from folder path
             logger.info('Trying to create property rules json from merging files specified in folder_info')
-            if utility_object.doCliPipelineMerge(onboard_object, create_mode=False, merge_type='pm'):
+            if utility_object.doCliPipelineMerge(config, onboard_object, create_mode=False, merge_type='pm'):
                 logger.info('Successfully merged variables and values from folder_info')
 
                 # Update property with value substituted json
@@ -209,7 +209,6 @@ def processEdgeHostnameInput(self, onboard_object, wrapper_object, utility_objec
                                                                 domain_prefix,
                                                                 onboard_object.secure_network,
                                                                 '',
-                                                                '',
                                                                 onboard_object.contract_id,
                                                                 onboard_object.group_id)
             # Response will be either the edgeHostnameId of -1 in case of failure

bin/utility_waf.py

@@ -107,18 +107,24 @@ def updateMatchTarget(self, wrapper_object, hostname_list, config_id, version, t
         if match_target_response.status_code == 200:
             # Update the hostnames here
             updated_json_data = match_target_response.json()
-            for every_hostname in hostname_list:
-                updated_json_data['hostnames'].append(every_hostname)
-            logger.debug(json.dumps(updated_json_data, indent=4))
-            # Now update the match target
-            modify_match_target_response = wrapper_object.modifyMatchTarget(config_id,
-                                                          version, target_id,
-                                                          json.dumps(updated_json_data))
-            if modify_match_target_response.status_code == 200:
-                return True
+            if 'hostnames' in updated_json_data.keys():
+
+                for every_hostname in hostname_list:
+                    updated_json_data['hostnames'].append(every_hostname)
+                logger.debug(json.dumps(updated_json_data, indent=4))
+
+                # Now update the match target
+                modify_match_target_response = wrapper_object.modifyMatchTarget(config_id,
+                                                                                version, target_id,
+                                                                                json.dumps(updated_json_data))
+                if modify_match_target_response.status_code == 200:
+                    return True
+                else:
+                    logger.error(json.dumps(modify_match_target_response.json(), indent=4))
+                    return False
             else:
-                logger.error(json.dumps(modify_match_target_response.json(), indent=4))
-                return False
+                logger.info('This WAF policy already uses "ALL HOSTNAMES" as match target.')
+                return True
         else:
             logger.error(json.dumps(match_target_response.json(), indent=4))
             return False

bin/wrapper_api.py

@@ -543,3 +543,10 @@ def create_waf_match_target(self, ion):
         resp = self.session.post(url, data=json.dumps(payload), headers=headers)
         logger.debug(resp.url)
         return resp
+
+    def get_waf_sec_detail(self, config_id: int):
+        url = self.formUrl(f'https://{self.access_hostname}/appsec/v1/configs/{config_id}/versions')
+        resp = self.session.get(url, headers=headers)
+        if resp.status_code != 200:
+            logger.info(json.dumps(resp.json(), indent=4))
+        return resp

requirements.txt

@@ -2,5 +2,6 @@ chardet==3.0.4
 click==7.1.1
 coloredlogs==15.0.1
 edgegrid-python==1.1.1
+pyIsEmail==2.0.1
 requests>=2.25.1,<3.0
 urllib3>=1.26.5

templates/sample_setup_files/setup.json

@@ -13,7 +13,7 @@
 
         },
         "file_info": {
-            "use_file": false,
+            "use_file": true,
             "source_template_file": "",
             "source_values_file": ""
         },
@@ -27,7 +27,7 @@
         ""
     ],
     "edge_hostname": {
-        "mode": "use_existing_edgehostname",
+        "mode": "new_enhanced_tls_edgehostname",
         "use_existing_edgehostname": {
             "edge_hostname": ""
         },