Radware Cloud WAF command-line tool
Project description
cwafctl
cwafctl is a commandline utility that allows to manage cloud waf objects from the client. It allows to perform several actions from the cli, such as retrieving objects such as certificates, application configuration, etc. In addition, it allows to update and modify existing protections within a given cloud waf account. The first step before using cwafctl is to update the file settings.py to include api credentials that must be created in your Radware Cloud WAF account prior to using this tool.
cwafctl works with yaml, it allows you to retrieve information in yaml format, that you can save to a file, modify and later on re-use to update the object. The yaml objects used by cwafctl are mapped directly to the JSON format supported by Cloud WAF for API calls.
cwafctl requires python 3.8 to run and was tested using windows 10.
How to install
pip install cwafctl
How to use
cwafctl basically implements the commands below:
- get : Allows to retrieve a configuration
- create: Allows to deploy new configurations (ex.:new application,certificate,etc.)
- delete: Allows to delete an object
- set: Allows to modify an existing configuration
- utils: Misc utilities
Retrieving objects using the "get" command
In order to list applications currently onboarded on your cloud waf account and dump it to a yaml file:
cwafctl get applications > applications.yaml
In order to list certificates deployed in your account and dump it to a yaml file:
cwafctl get certificates > certificates.yaml
In order to get a specific application configuration and dump it to a yaml file:
cwafctl get application "HacmeBank" > hacmebankapp.yaml
To get the full list of available commands and objects that are retrievable:
cwafctl get --help"
To get help on a specific command, you can use the following syntax:
cwafctl get application --help
CLI Output:
python cwafctl.py get application --help
INFO: Showing help with the command 'cwafctl.py get application -- --help'.
NAME
cwafctl.py get application - Gets an application configuration by name in YAML
SYNOPSIS
cwafctl.py get application NAME
DESCRIPTION
Gets an application configuration by name in YAML
POSITIONAL ARGUMENTS
NAME
NOTES
You can also use flags syntax for POSITIONAL ARGUMENTS
Deploying objects using the "create" command
In order to deploy an application: cwafctl create application < newapp.yaml [see yaml folder for an example of a yaml file used to onboard an application]
In order to deploy a certificate: cwafctl create certificate < certificate.yaml [see the yaml folder for an example of how to onboard a certificate]
Deleting objects using the "delete" command
To delete a certificate: cwafctl delete certificate FINGERPRINT
where FINGERPRINT can be obtained by listing the certificates using the command cwafctl.py get certificates"
To delete an application: cwafctl delete application APPNAME
where APPNAME is the application name.
Modifying existing configuration using the "get" and "set" command
Any "get" command can be used to retrieve an object that can be stored and edited locally and later pushed using the "set" command.
For example:
The following commands retrieve the "general information section of an application" and wil store it to a yaml file
cwafctl get application_generalinfo "HacmeBank" > generalInfo.yaml
The content of the yaml file is the following:
description: null
externalID: null
ownerEmail: null
ownerName: Christian Shink
The field "description" can be modified and edited and the content becomes the folowing :
description: HacmeBank application
externalID: null
ownerEmail: null
ownerName: Christian Shink
once the field has been edited, the new General Info for the application "HacmeBank" can be set using the following command:
**cwafctl set application_generalinfo "HacmeBank" < generalInfo.yaml
Deploying a new application using cwafctl
The "yaml files" folder contains yaml files that are usable to deploy a certificate specified in the certificate.yaml file along with a newapp.yaml file that specifies where to deploy the app. In order to get the regions code for the available regions that you can deploy in, you can use the following files:
newapp.yaml file content:
applicationName: My application
mainDomain: www.test.com
protocol: BOTH
region: CANADA_1
originServers:
- address: 2.2.2.2
addressType: IP
- address: 3.3.3.3
addressType: IP
generalInfo:
ownerName: Christian Shink
ownerEmail: christian.shink@test.com
externalID: '123445'
description: test
fingerprint: 87FE361698CB3F47683245984DDAF08E334818D3
Please note that the "fingerprint" field here can be calculated using the following command:
cwafctl utils get_certificate_fingerprint < ./"yaml files"/certificate.yaml
Please note that the available region codes can be obtained from cloud waf using the following commands:
cwafctl get available_regions
CLI output:
- CANADA_1
- US_EAST_1
- US_CENTRAL_1
cert.yaml file content:
certificate: |-
-----BEGIN CERTIFICATE-----
MIICzDCCAbSgAwIBAgIJAOg5uU72jLpRMA0GCSqGSIb3DQEBBQUAMBcxFTATBgNV
BAMTDHd3dy50ZXN0LmNvbTAeFw0yMTA1MDMwODI3MTZaFw0zMTA1MDEwODI3MTZa
MBcxFTATBgNVBAMTDHd3dy50ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKMB23DlAYI5sX5AumYVr1k1GF4ASLmC2kbJfKi6Qq7pLN7qZiz6
IA/VhWrCr6GOBEPSG93ICxW/D2x/3B4MyEmFu9cSkeht+5RoJjFX43uEGnVMWC+o
j2sr62sBXz68O+XRzeVAxWBnJj4rstj+1RgZulYn+/6dTyvkfLuWBM0GJlTtxGf6
Y09xGWXwxyTmiHIcNsn1BkRRDcXMr0mZogK+UWdqMXVq6dRuQN315r4HdEZ8xlCM
eWC9EufIbtl1tm3mjSEQ1jhZWeIAKrpdIMytAdtoymDHUgfkcQWo1iTvnYcQ4OVf
0wlCmIJUJLw9WjOKSsJW06us6Z8ZXWltMucCAwEAAaMbMBkwFwYDVR0RBBAwDoIM
d3d3LnRlc3QuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQB4phluspkjLvLOxGw9Yycw
V97gvwpqr+JuEIVJL2W3eDsUbLmIpMQ5AhjedJV6z8rjugJJF6/c7slboKj/Awr4
+l/Gjnkgt7yuOJ4reghiQvveGp9iIKlo2S76juLVxg1pKTLGm7Ult3Z+kz1aQaxS
o38y3Yqy+b8MO8/mjOOTkm1atvif2XZAn2LiNaApk0kVaJcLov/oxJbzQPwjdxge
1rN0Mk+qPexa46iP7vJLpVd4BHqf7s0kY5FuiqFmwsGdcHqAmUgmsp3SPHxgCUgC
Z1pVtB4uciEpLdYesA2cy9kAy1wLJuz9JbdTT1k/ViyreBGdu8mkH7OiqCwJcn+l
-----END CERTIFICATE-----
chain: ''
key: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAowHbcOUBgjmxfkC6ZhWvWTUYXgBIuYLaRsl8qLpCruks3upm
LPogD9WFasKvoY4EQ9Ib3cgLFb8PbH/cHgzISYW71xKR6G37lGgmMVfje4QadUxY
L6iPayvrawFfPrw75dHN5UDFYGcmPiuy2P7VGBm6Vif7/p1PK+R8u5YEzQYmVO3E
Z/pjT3EZZfDHJOaIchw2yfUGRFENxcyvSZmiAr5RZ2oxdWrp1G5A3fXmvgd0RnzG
UIx5YL0S58hu2XW2beaNIRDWOFlZ4gAqul0gzK0B22jKYMdSB+RxBajWJO+dhxDg
5V/TCUKYglQkvD1aM4pKwlbTq6zpnxldaW0y5wIDAQABAoIBAGnTQ9aoJfGYaP3R
IfIyc9NTYA1u28fsBq9cEZ0sxyvs35+cx1a9z+DXuzUTTZhxrZ0mI8c5HtEwZ+AF
pi6wF7t7ofY/7Q/bjy/K6bixGVNP8SljtgDCytFGAyFGE8KTy8MpESWbhkhOzwof
ro2n60opMcrLTJMBJ6wUO1JBU76SDRP2/061SXbdC4MBgO/Ea2J42GjbTtWkTvCp
sjBKpZbwLJPyIe6eQeqBA9eCgjEFc20owLva6eW/+KSI7sY6t6kAW8EQLAjT3BFa
1+3AuWTfo2kgXGFO8eYbRE5IYfXAOdI+7laGAGme5Wk1gB4OEgBRmEILDiLesksx
b9K1l8kCgYEA1CorQ2eAyly6YYAeS/6SWDozugUnTXVMjRCR1uqqfr2Y213HMeUw
+Q6eIh0xlsEow8HKYHhmZ4uPRStmctm2QpbBCzPl8dpdmcQo5n7ouNELPeSVznmH
eMnx3b3mtL48PkXziWKm8IoJ/qWFheZjZz5ymhRGzFFiPv4JQVpnl8MCgYEAxK+l
5eaOhepzEwqDVFPEIy4zmMRfQQHH9qahDHogGQmzdlZ3yrZwOLfJvXskuomVKqhB
aeDEWd/zLcrQU3QNFTiBZhJgWGutrp/MxwR5ft4Wvm4Xj7EaAdl9Iq1cdLKvyeHw
8JbYu4KHTTNtNIzIAy0yQdhiKHIq6hucOXfhqg0CgYB1RoH3lkTolu0na+xTUXqP
bkydbK/W7xnLd/dFdx2bRS4zQ9kRyYCSivP6I2z/yfHAk2RMgwEIB2rAb0cIATPw
BujaSmu2jl/i2T1Ke6gkUNkH80yjfyXVLLuXOJtIGUevnHcL4A4rNAJmUhRGeZ1E
uo4agU7JLctCyqVPDKvqhQKBgDnCk2eWc5hkJ3MaDUNAbkMemExursJ6cWy/tl/h
pXd0390Ku5cuSHp/jqE0fq7BJKsoSj17om36VIHII7G+TPFEbMu67cxJovG7P/na
GIvnUKqPzh+GlOqiIhuC6bnjl7gjwAwHYJKAXJeRWKqsBTjZlv67OuhBztR9Uz2V
NRIpAoGBANIn8QeRhIpTx4IOtn+MEI/cHbGHfHjwkidm9KVbyuOgHKSHPZ1jCbTA
Tr6dWkpbMIkxhkbuTED6UqXmvPxui0ZXgM+MozRgkOEvKaMEjTit7D6xM4ba1wl8
pbrcUEXSdSRp89NDRUAsyRPCRvMNspGDOqJKXxLus1u3YpiHkD7a
-----END RSA PRIVATE KEY-----
passphrase: test
Please note that the "certificate.yaml" file can either be created manually or be generated using the following command:
cwafctl utils generate_yaml_cert_file certificate.pem key.pem certchain.pem test
where certificate.pem is the file containing the public key
where key.pem is the file containing the private key
where certchain.pem is the file containing the certificate chain
where test is the passphrase that was used to encrypt the certificate
To deploy the certificate:
cwafctl create certificate < ./"yaml files"/certificate.yaml
To deploy the application:
cwafctl create application < ./"yaml files"/newapp.yaml
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.