ansible-collections/phpipam_scan_agent
2
0
Fork 0
Code Issues 10 Pull Requests Actions Projects Releases 7 Wiki Activity
Files
5e655c6852b8f5199a93275b2d3c7b6cb13b0c8b
phpipam_scan_agent/playbooks/tasks/scan_subnet.yaml
nfc_bot 07947ab446 build: bump version 0.3.0 -> 0.4.0 
!15
2024-02-26 07:33:45 +00:00

182 lines
6.3 KiB
YAML
Raw Blame History

---
- name: Get subnets Address'
ansible.builtin.include_tasks:
file: tasks/api_call.yaml
vars:
api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
api_path: "{{ api_address }}"
api_query_string: "filter_by=subnetId&filter_value={{ subnet.id }}"
- name: Register Subnet API Call
ansible.builtin.set_fact:
cacheable: false
subnet_api_call: "{{ api_call }}"
subnet_cache_filepath: "{{ cache_filepath }}"
api_call: ''
- name: Get subnet Name Servers
ansible.builtin.include_tasks:
file: tasks/api_call.yaml
vars:
api_client_name: "{{ nofusscomputing_phpipam_scan_agent.client_name }}"
api_token: "{{ nofusscomputing_phpipam_scan_agent.client_token }}"
api_path: "{{ api_nameservers }}"
api_query_string: "filter_by=id&filter_value={{ subnet.nameserverId }}"
when: >
subnet.nameserverId is defined
and
subnet.resolveDNS | int == 1
- name: Load Nameservers - {{ subnet.address }}
ansible.builtin.set_fact:
subnet_name_servers: "{{ lookup('file', cache_filepath) }}"
cacheable: false
no_log: true
when: >
subnet.nameserverId is defined
and
subnet.resolveDNS | int == 1
and
api_call.status | default(0) | int != 404
- name: Scan subnet - {{ subnet.address }}
ansible.builtin.command:
cmd: >
nmap -sn "{{ subnet.address }}" {% if
subnet_name_servers is defined
and
subnet.resolveDNS | int == 1
-%}
--dns-servers {% for nameserver in subnet_name_servers -%}
{% for name_server in nameserver.namesrv1 | split(';') %}
{{ name_server }},
{%- endfor -%}
{%- endfor -%}
{%- elif subnet.resolveDNS | int == 1 -%}
--system-dns
{%- else -%}
-n
{%- endif %} -oX -
become: true
register: nmap_scan
- name: Load Subnet - {{ subnet.address }}
ansible.builtin.set_fact:
cached_subnet: "{{ lookup('file', subnet_cache_filepath) }}"
cacheable: false
no_log: true
when: >
subnet_api_call.status | default(0) | int != 404
- name: Process Scan Results - {{ subnet.address }}
ansible.builtin.set_fact:
subnet_scan_results: |-
[
{% for scanned_host in ((nmap_scan.stdout | ansible.utils.from_xml) | from_yaml).nmaprun.host | default([]) %}
{% if
scanned_host.address[0]['@addrtype'] | default('') == 'ipv4'
or
scanned_host.address['@addrtype'] | default('') == 'ipv4'
%}
{
{% for cached_host in cached_subnet | default([]) -%}
{%- if cached_host.ip == scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) -%}
"id": {{ cached_host.id }},
{%- endif -%}
{%- endfor %}
"subnetId": "{{ subnet.id }}",
"ip": "{{ scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) }}",
"lastSeen": "{{ (nmap_scan.start | split('.'))[0] }}",
{% if scanned_host.hostnames.hostname is defined %}
{% set ip_address = scanned_host.address['@addr'] | default(scanned_host.address[0]['@addr']) | split('.') %}
{% if
'.' in scanned_host.hostnames.hostname['@name'] | string
and
(ip_address[0] + '-' + ip_address[1] + '-' + ip_address[2] + '-' + ip_address[3]) not in scanned_host.hostnames.hostname['@name'] | string
and
(ip_address[3] + '-' + ip_address[2] + '-' + ip_address[1] + '-' + ip_address[0]) not in scanned_host.hostnames.hostname['@name'] | string
%}
"hostname": "{{ (scanned_host.hostnames.hostname['@name'] | split('.'))[0] }}",
{% elif
'.' not in scanned_host.hostnames.hostname['@name'] | string
and
(ip_address[0] + '-' + ip_address[1] + '-' + ip_address[2] + '-' + ip_address[3]) not in scanned_host.hostnames.hostname['@name'] | string
and
(ip_address[3] + '-' + ip_address[2] + '-' + ip_address[1] + '-' + ip_address[0]) not in scanned_host.hostnames.hostname['@name'] | string
%}
"hostname": "{{ scanned_host.hostnames.hostname['@name'] }}",
{% endif %}
{% endif %}
{% if scanned_host.address['@addrtype'] | default(scanned_host.address[1]['@addrtype']) == 'mac' %}
"mac": "{{ scanned_host.address['@addr'] | default(scanned_host.address[1]['@addr']) | upper }}"
{% endif %}
},
{% endif %}
{% endfor %}
]
- name: Force Failure for non-HTTPS Communication
ansible.builtin.assert:
that:
- |-
not
(
(
'http:' in (nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) | string)
and
'http://127.0.0.1' not in (nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server) | string)
)
and
nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') != 'no-token-set'
)
fail_msg: 'Failing task as an attempt was made to communicate with the server over a non-encrypted channel'
success_msg: 'OK'
- name: To JSON - {{ subnet.address }}
ansible.builtin.set_fact:
subnet_scan_results: "{{ subnet_scan_results | from_yaml }}"
# Note: Dont edit http_agent version as the build pipeline updates automagically!!
# see ci variable 'RELEASE_ADDITIONAL_ACTIONS_BUMP'
- name: Upload Scan Results - {{ subnet.address }}
ansible.builtin.uri:
headers:
Authorization: "Bearer {{ nofusscomputing_phpipam_scan_agent.auth_token | default('no-token-set') }}"
http_agent: nfc-phpipam-scan-agent/0.4.0
url: "{{
nofusscomputing_phpipam_scan_agent.http_server | default(nfc_c_http_server)
}}:{{ nofusscomputing_phpipam_scan_agent.http_port | default(nfc_c_http_port) }}/"
method: POST
body_format: json
body: {
"code": "{{ nofusscomputing_phpipam_scan_agent.scanagent_code }}",
"scan": {
"subnet": "{{ subnet.address }}",
"results": "{{ subnet_scan_results }}",
"tz": "{{ '%z' | strftime }}"
}
}
validate_certs: true # Ensure always true
Reference in New Issue View Git Blame Copy Permalink