def paths_allow_service(ctx, network, destination, source, port): """ Allow access from service to service. These must be names of services in the same network. """ source_service = get_service_for_cli(ctx, network, source) destination_service = get_service_for_cli(ctx, network, destination) ctx.obj['CLIENT'].paths.add(source_service, destination_service, port) click.echo('Added path from %s to %s in network %s for port %s' % (source, destination, network, port))
def paths_service_has_access(ctx, network, destination, source, port): """ Can this service access this service? """ source_service = get_service_for_cli(ctx, network, source) destination_service = get_service_for_cli(ctx, network, destination) if ctx.obj['CLIENT'].paths.has_access(source_service, destination_service, port): click.echo('Service %s has access to %s in network %s on port %s' % (source, destination, network, port)) else: click.echo( 'Service %s does not have access to %s in network %s on port %s' % (source, destination, network, port))
def service_destroy(ctx, network, name): """ Destroy a service in this profile. """ service = get_service_for_cli(ctx, network, name) ctx.obj['CLIENT'].service.destroy(service) click.echo('Destroyed service: %s in network: %s' % (name, network))
def paths_allow_network_block(ctx, network, destination, source, port): """ Allow access from network block to service. Destination must be a service and source must be a public network address block. For example, pass 0,0.0.0/0 to allow all addresses on the internet. """ source_block = cloudless.paths.CidrBlock(source) destination_service = get_service_for_cli(ctx, network, destination) ctx.obj['CLIENT'].paths.add(source_block, destination_service, port) click.echo('Added path from %s to %s in network %s for port %s' % (source, destination, network, port))
def paths_revoke_network_block(ctx, network, destination, source, port): """ Revoke access from network block to service. Destination must be a service and source must be a public network address block. For example, pass 0,0.0.0/0 to revoke all addresses on the internet. Does not revoke access for internal services. Use the "revoke_service" command for that. """ source_block = cloudless.paths.CidrBlock(source) destination_service = get_service_for_cli(ctx, network, destination) ctx.obj['CLIENT'].paths.remove(source_block, destination_service, port) click.echo('Removed path from %s to %s in network %s for port %s' % (source, destination, network, port))
def paths_is_internet_accessible(ctx, network, destination, port): """ Is this service reachable from the internet? """ destination_service = get_service_for_cli(ctx, network, destination) if ctx.obj['CLIENT'].paths.internet_accessible(destination_service, port): click.echo( 'Service %s in network %s is internet accessible on port %s' % (destination, network, port)) else: click.echo( 'Service %s in network %s is not internet accessible on port %s' % (destination, network, port))
def paths_network_block_has_access(ctx, network, destination, source, port): """ Can this network block access this service? """ source_block = cloudless.paths.CidrBlock(source) destination_service = get_service_for_cli(ctx, network, destination) if ctx.obj['CLIENT'].paths.has_access(source_block, destination_service, port): click.echo('Network %s has access to %s in network %s on port %s' % (source, destination, network, port)) else: click.echo( 'Network %s does not have access to %s in network %s on port %s' % (source, destination, network, port))
def service_get(ctx, network, name): """ Get details about a service in this profile. """ # See # https://stackoverflow.com/questions/16782112/can-pyyaml-dump-dict-items-in-non-alphabetical-order def represent_ordereddict(dumper, data): value = [] for item_key, item_value in data.items(): node_key = dumper.represent_data(item_key) node_value = dumper.represent_data(item_value) value.append((node_key, node_value)) return yaml.nodes.MappingNode(u'tag:yaml.org,2002:map', value) yaml.add_representer(OrderedDict, represent_ordereddict) def get_paths_info_for_service(service): paths = ctx.obj['CLIENT'].paths.list() has_access_to = ["default-all-outgoing-allowed"] is_accessible_from = [] for path in paths: if path.network.name != service.network.name: continue if path.destination.name == service.name: if path.source.name: is_accessible_from.append( "%s:%s:%s" % (path.network.name, path.source.name, path.port)) else: cidr_blocks = [ subnetwork.cidr_block for subnetwork in path.source.subnetworks ] cidr_blocks_string = ",".join(cidr_blocks) is_accessible_from.append( "external:%s:%s" % (cidr_blocks_string, path.port)) elif path.source.name == service.name: has_access_to.append( "%s:%s:%s" % (path.network.name, path.destination.name, path.port)) return { "has_access_to": has_access_to, "is_accessible_from": is_accessible_from } service = get_service_for_cli(ctx, network, name) paths_info = get_paths_info_for_service(service) service_info = OrderedDict() service_info['name'] = service.name service_info['has_access_to'] = paths_info['has_access_to'] service_info['is_accessible_from'] = paths_info['is_accessible_from'] network_info = OrderedDict() network_info['name'] = service.network.name network_info['id'] = service.network.network_id network_info['block'] = service.network.cidr_block network_info['region'] = service.network.region network_info['subnetworks'] = [] service_info['network'] = network_info for subnetwork in service.subnetworks: subnetwork_info = OrderedDict() subnetwork_info['name'] = subnetwork.name subnetwork_info['id'] = subnetwork.subnetwork_id subnetwork_info['block'] = subnetwork.cidr_block subnetwork_info['region'] = subnetwork.region subnetwork_info['availability_zone'] = subnetwork.availability_zone subnetwork_info['instances'] = [] for instance in subnetwork.instances: instance_info = OrderedDict() instance_info['id'] = instance.instance_id instance_info['public_ip'] = instance.public_ip instance_info['private_ip'] = instance.private_ip instance_info['state'] = instance.state instance_info['availability_zone'] = instance.availability_zone subnetwork_info["instances"].append(instance_info) service_info["network"]["subnetworks"].append(subnetwork_info) click.echo(yaml.dump(service_info, default_flow_style=False))