cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
wangh_97509
Historic F5 Account

Problem this snippet solves:

This script is an example of how to use the iControl interfaces provided by an ARX to retrieve all namespaces and their configuration on an ARX.

How to use this snippet:

ARXNamespaceExample.pl --url --user --pass

Prerequisites

  1. SOAP::Lite perl module
  2. An F5 ARX system running release V6.02.000 or later and configured with at least one configured namespace
  3. Management access on the ARX must be permitted for HTTPs-API or HTTP-API services.

Code :

#!/usr/bin/perl
#-------------------------------------------------------------------------------
# The contents of this file are subject to the "END USER LICENSE AGREEMENT 
# FOR F5 Software Development Kit for iControl"; you may not use this file 
# except in compliance with the License. The License is included in the 
# iControl Software Development Kit.
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
# the License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is iControl Code and related documentation
# distributed by F5.
#
# The Initial Developer of the Original Code is F5 Networks,
# Inc. Seattle, WA, USA. Portions created by F5 are Copyright (C) 1996-2012
# F5 Networks, Inc. All Rights Reserved.  iControl (TM) is a registered 
# trademark of F5 Networks, Inc.
#
# Alternatively, the contents of this file may be used under the terms
# of the GNU General Public License (the "GPL"), in which case the
# provisions of GPL are applicable instead of those above.  If you wish
# to allow use of your version of this file only under the terms of the
# GPL and not to allow others to use your version of this file under the
# License, indicate your decision by deleting the provisions above and
# replace them with the notice and other provisions required by the GPL.
# If you do not delete the provisions above, a recipient may use your
# version of this file under either the License or the GPL.
#-------------------------------------------------------------------------------
#
# Description
#
# This script is an example of how to use the iControl interfaces provided by
# an ARX to retrieve all namespaces and their configuration on an ARX.
#
# Usage: ARXNamespaceExample.pl --url  --user  --pass 
#
# Prerequisites:
#
# This script requires the following:
#
#   * SOAP::Lite perl module
#   * An F5 ARX system configured with at least one configured namespace.
#   * Management access on the ARX must be permitted for HTTP-API and HTTPS-API
#     services.
#
# For more information on ARX configuration, please consult the
# documentation that was provided with your ARX system.
#-------------------------------------------------------------------------------

# SOAP::Lite lets us send SOAP requests and parse them
use SOAP::Lite
    autotype => 0,
    default_ns => 'urn:iControl';

# If you need to debug problems with your script, you can use the +trace 
# option with SOAP::Lite and it will print the XML sent to and received from
# the server:
#
# use SOAP::Lite
#     autotype => 0,
#     default_ns => 'urn:iControl' + trace;

# Getopt::Long lets us easily parse command line options
use Getopt::Long;

use POSIX qw(strftime);

use Carp;

use strict;
use warnings;

#-------------------------------------------------------------------------------
# Main program logic
#-------------------------------------------------------------------------------

our ($url, $user, $pass);

# Load command line options - if the load fails, then we print the usage
# instructions and exit.
if (!GetOptions("url=s" =>  \$url,
                "user=s" => \$user,
                "pass=s" => \$pass)) {
    usage();
    exit(1);
}

# If any arguments were skipped, print the usage instructions and exit.
if (!defined $url || !defined $user || !defined $pass) {
    usage();
    exit(1);
}

# The service path for interface "Interface" is this:
#
# http://:/api/services/Interface
#
my $namespaceServiceUrl = $url . "/api/services/Namespace";

# In order for SOAP to access a web service, it needs to read the WSDL
# for the interface you want to use.  The WSDL file for an interface
# called "Interface" is available via http/https on the ARX at:
#
# http://:/api/services/Interface?wsdl
#
# If you need a WSDL 2.0 version, that is also available at:
#
# http://:/arx-api/wsdl/Interface.wsdl2
#
# In this case, we're using the Namespace interface and we're 
# interested in using the WSDL 1.1 version.
#
my $namespaceWsdlUrl = $namespaceServiceUrl . "?wsdl";

# Now we build our SOAP::Lite object using the service and WSDL
# URLs
my $namespaceSoap = SOAP::Lite->new(proxy   => $namespaceServiceUrl,
                                    service => $namespaceWsdlUrl);

print "Calling the \"get_list\" method of the ARX Namespace interface.\n\n";

# Get a list of namespaces configured on the ARX.

# Build a security header 
our $securityHeader = getSecurityHeader($user, $pass);

my $namespaceSoapResult = $namespaceSoap->get_list($securityHeader);

# Check if there were any faults encountered during the operation.
# We find this by checking if the fault member of the result object
# is set.  If there is a fault, then we can print the detailed 
# fault text using the faultstring member of the result object.
if (defined $namespaceSoapResult->fault && $namespaceSoapResult->fault) {
    confess("SOAP request failed:\n" . objdump($namespaceSoapResult->fault) . "\n");
}

print "Printing the results of the call to the \"get_list\" method of the ARX Namespace interface.\n\n";

# The get_list() call did not fail, so we build a list of namespace
# names from the result.  Note that the full result is a
# concatenation of the result and paramsout members of the SOAP
# result object.
my @namespaceList = ($namespaceSoapResult->result, 
                     $namespaceSoapResult->paramsout);

if ($#namespaceList < 0) {
    print("The list of namespaces returned from the call to the \"get_list\" method of the ARX Namespace interface was empty.\n");
    exit(0);
}

# We can now print the list of namespaces
print "Namespace list:\n";
foreach my $namespace (@namespaceList) {
    print " ", $namespace, "\n";
}
print "\n";

print "Calling the \"get_configuration\" method of the ARX Namespace interface.\n\n";

# get namespace configuration from API

# Build a security header 
$securityHeader = getSecurityHeader($user, $pass);

# In addition to printing the list of namespaces, we can actually
# use that list to retrieve configuration information
# for all of the namespaces using the same list by calling
# get_configuration().
$namespaceSoapResult = $namespaceSoap->get_configuration(SOAP::Data->name('namespaces')->value(@namespaceList),
                                                         $securityHeader);

if (defined $namespaceSoapResult->fault && $namespaceSoapResult->fault) {
    confess("SOAP request failed:\n" . objdump($namespaceSoapResult->fault) . "\n");
}

print "Printing the results of the call to the \"get_configuration\" method of the ARX Namespace interface.\n\n";

my @namespaceConfigs = ($namespaceSoapResult->result, $namespaceSoapResult->paramsout);

foreach my $namespaceConfig (@namespaceConfigs) {
    my $name = $namespaceConfig->{'name'};

    print "----------------------------------------------\n";
    print "Namespace: ", $name, "\n";
    print "----------------------------------------------\n\n";

    print "name: ", $name, "\n";

    my $description = $namespaceConfig->{'description'};
    print "description: ", $description, "\n";

    # Each namespace is configured with support for file access protocols like
    # CIFS and NFS.  For single protocol support, it's just a hash with the
    # type and version, but if there are multiple protocols supported, then
    # it's actually an array of hashes, so we need to unwrap it.
    if (exists $namespaceConfig->{'protocols'}) {
        print "protocols:\n";

        my @protocols = ();

        if (ref($namespaceConfig->{'protocols'}) eq "ARRAY") {
            @protocols = @{$namespaceConfig->{'protocols'}};
        } else {
            @protocols = $namespaceConfig->{'protocols'};
        }

        foreach my $protocol (@protocols) {
            print " ", $protocol, "\n";
        }

        print "\n";
    }

    my $character_encoding_nfs = $namespaceConfig->{'character_encoding_nfs'};
    print "character_encoding_nfs: ", $character_encoding_nfs, "\n";

    my $cifs_anonymous_access = $namespaceConfig->{'cifs_anonymous_access'};
    print "cifs_anonymous_access: ", $cifs_anonymous_access, "\n";

    if (exists $namespaceConfig->{'cifs_authentications'}) {
        print "cifs_authentications:\n";

        my @cifs_authentications = ();

        if (ref($namespaceConfig->{'cifs_authentications'}) eq "ARRAY") {
            @cifs_authentications = @{$namespaceConfig->{'cifs_authentications'}};
        } else {
            @cifs_authentications = $namespaceConfig->{'cifs_authentications'};
        }

        foreach my $cifs_authentication (@cifs_authentications) {
            print " ", $cifs_authentication, "\n";
        }

        print "\n";
    }

    my $cifs_filer_signatures = $namespaceConfig->{'cifs_filer_signatures'};
    print "cifs_filer_signatures: ", $cifs_filer_signatures, "\n";

    my $ntlm_auth_db = $namespaceConfig->{'ntlm_auth_db'};
    print "ntlm_auth_db: ", $ntlm_auth_db, "\n";

    if (exists $namespaceConfig->{'ntlm_auth_servers'}) {
        print "ntlm_auth_servers:\n";

        my @ntlm_auth_servers = ();

        if (ref($namespaceConfig->{'ntlm_auth_servers'}) eq "ARRAY") {
            @ntlm_auth_servers = @{$namespaceConfig->{'ntlm_auth_servers'}};
        } else {
            @ntlm_auth_servers = $namespaceConfig->{'ntlm_auth_servers'};
        }

        foreach my $ntlm_auth_server (@ntlm_auth_servers) {
            print " ", $ntlm_auth_server, "\n";
        }

        print "\n";
    }

    my $policy_migration_attempts = $namespaceConfig->{'policy_migration_attempts'};
    print "policy_migration_attempts: ", $policy_migration_attempts, "\n";

    my $policy_migration_delay = $namespaceConfig->{'policy_migration_delay'};
    print "policy_migration_delay: ", $policy_migration_delay, "\n";

    my $policy_migration_retry_delay = $namespaceConfig->{'policy_migration_retry_delay'};
    print "policy_migration_retry_delay: ", $policy_migration_retry_delay, "\n";

    my $policy_treewalk_threads = $namespaceConfig->{'policy_treewalk_threads'};
    print "policy_treewalk_threads: ", $policy_treewalk_threads, "\n";

    my $proxy_user = $namespaceConfig->{'proxy_user'};
    print "proxy_user: ", $proxy_user, "\n";

    if (exists $namespaceConfig->{'sam_references'}) {
        print "sam_references:\n";

        my @sam_references = ();

        if (ref($namespaceConfig->{'sam_references'}) eq "ARRAY") {
            @sam_references = @{$namespaceConfig->{'sam_references'}};
        } else {
            @sam_references = $namespaceConfig->{'sam_references'};
        }

        foreach my $sam_reference (@sam_references) {
            my $file_server = $sam_reference->{'file_server'};
            print " file_server: ", $file_server, "\n";

            my $cluster = $sam_reference->{'cluster'};
            print " cluster: ", $cluster, "\n";
            print "\n";
        }
    }

    if (exists $namespaceConfig->{'windows_mgmt_auths'}) {
        print "windows_mgmt_auths:\n";

        my @windows_mgmt_auths = ();

        if (ref($namespaceConfig->{'windows_mgmt_auths'}) eq "ARRAY") {
            @windows_mgmt_auths = @{$namespaceConfig->{'windows_mgmt_auths'}};
        } else {
            @windows_mgmt_auths = $namespaceConfig->{'windows_mgmt_auths'};
        }

        foreach my $windows_mgmt_auth (@windows_mgmt_auths) {
            print " ", $windows_mgmt_auth, "\n";
        }

        print "\n";
    }

    print "\n";
}

#-------------------------------------------------------------------------------
# End of main program logic
#-------------------------------------------------------------------------------


#-------------------------------------------------------------------------------
# sub usage
#-------------------------------------------------------------------------------
sub usage
{
    print "\nUsage: ARXNamespaceExample.pl --url  --user  --pass \n";
    print "\n";
    print "Argument  Description\n";
    print "--------  -----------\n";
    print "--url     The base URL of the web service on the ARX. Both http and https\n";
    print "          are supported. The format is:\n";
    print "\n";
    print "          http(s)://:\n";
    print "\n";
    print "          : DNS resolvable hostname or IP address\n";
    print "          :     83 for http or 843 for https\n";
    print "\n";
    print "--user    The username for authentication.\n";
    print "--pass    The password for authentication.\n";
    print "\n";
}

#-------------------------------------------------------------------------------
# sub getSecurityHeader(user, pass)
#
# This subroutine builds a security header that will be used for
# authentication.  This type of security header is required for all calls to
# iControl::ARX interfaces, so it makes sense to have this subroutine stored in
# a library for common access.
#-------------------------------------------------------------------------------
sub getSecurityHeader
{
    my $user = shift;
    my $pass = shift;
    my $now = time();
    my $then = time() + 60;
    my $created = strftime("%Y-%m-%dT%H:%M:%S", gmtime($now)) . 'Z';
    my $expires = strftime("%Y-%m-%dT%H:%M:%S", gmtime($then)) . 'Z';

    my $secExt = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd';
    my $secUtil = 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd';
    my $securityHeader = SOAP::Header->name("wsse:Security")->attr(
            {
                'xmlns:wsse'=> $secExt,
                'xmlns:wsu'=> $secUtil
            }
    );
    my $timestamp = SOAP::Data->name("wsu:Timestamp" =>
                            \SOAP::Data->value(
                                SOAP::Data->name('wsu:Created')->value($created)
                                                               ->type(''),
                                SOAP::Data->name('wsu:Expires')->value($expires)
                                                               ->type('')));
    my $usernameTokenType = 
        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    my $usernameToken = SOAP::Data->name("wsse:UsernameToken" =>
                            \SOAP::Data->value(
                                SOAP::Data->name('wsse:Username')->value($user)
                                                                 ->type(''),
                                SOAP::Data->name('wsse:Password')->value($pass)
                                                                 ->type('')
                                                                 ->attr({'Type'=>$usernameTokenType})));

    $securityHeader->value(\SOAP::Data->value($timestamp, $usernameToken));

    return $securityHeader;
}

sub objdump
{
    my ($obj, $indent) = @_;
    my $content = '';

    if (!defined $obj) {
        return $content;
    }

    if (!defined $indent) {
        $indent = '    ';
    }

    my $type = ref $obj;

    if (!defined $type || $type eq '' || $type eq 'SCALAR') {
        $content = $content . $indent . $obj . "\n";
    }
    elsif ($type eq 'ARRAY') {
        foreach my $node (@$obj) {
            $content = $content . objdump($node, $indent);
        }
    }
    else {
        my $key;
        my $value;

        while (($key, $value) = each %$obj) {
            my $type2 = ref $value;
            if (!defined $type2 || $type2 eq '' || $type2 eq 'SCALAR') {
                $content = $content . $indent . "\'$key\' => $value;\n";
            }
            else {
                $content = $content . $indent . "\'$key\' => {\n";
                $content = $content . objdump($value, $indent.'    ');
                $content = $content . $indent . "}\n";
            }
        }
    }

    return $content;
}
Version history
Last update:
‎24-Feb-2015 13:56
Updated by:
Contributors