def profile_tag_show(name):
"""Show the tags on the profile."""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
for tag in profile.tags:
print tag
def profile_tag_show(name):
"""Show the tags on the profile."""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
for tag in profile.tags:
print tag
def profile_tag_add(name, tag):
"""
Add a tag to the profile.
:param name: Profile name
:param tag: Tag name
:return: None
"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
profile.tags.add(tag)
client.profile_update_tags(profile)
print "Tag %s added to profile %s" % (tag, name)
def profile_tag_add(name, tag):
"""
Add a tag to the profile.
:param name: Profile name
:param tag: Tag name
:return: None
"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
profile.tags.add(tag)
client.profile_update_tags(profile)
print "Tag %s added to profile %s" % (tag, name)
def profile_rule_show(name, human_readable=False):
"""Show the rules on the profile."""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
if human_readable:
print "Inbound rules:"
for i, rule in enumerate(profile.rules.inbound_rules, start=1):
print " %3d %s" % (i, rule.pprint())
print "Outbound rules:"
for i, rule in enumerate(profile.rules.outbound_rules, start=1):
print " %3d %s" % (i, rule.pprint())
else:
print profile.rules.to_json(indent=2)
print ""
def profile_rule_update(name):
"""Update the rules on the profile"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
# Read in the JSON from standard in.
rules_str = sys.stdin.read()
rules = Rules.from_json(rules_str)
if rules.id != name:
print 'Rules JSON "id"=%s doesn\'t match profile name %s.' % (rules.id, name)
sys.exit(1)
profile.rules = rules
client.profile_update_rules(profile)
print "Successfully updated rules on profile %s" % name
def profile_rule_show(name, human_readable=False):
"""Show the rules on the profile."""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
if human_readable:
print "Inbound rules:"
for i, rule in enumerate(profile.rules.inbound_rules, start=1):
print " %3d %s" % (i, rule.pprint())
print "Outbound rules:"
for i, rule in enumerate(profile.rules.outbound_rules, start=1):
print " %3d %s" % (i, rule.pprint())
else:
print profile.rules.to_json(indent=2)
print ""
def profile_rule_update(name):
"""Update the rules on the profile"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
# Read in the JSON from standard in.
rules_str = sys.stdin.read()
rules = Rules.from_json(rules_str)
if rules.id != name:
print 'Rules JSON "id"=%s doesn\'t match profile name %s.' % \
(rules.id, name)
sys.exit(1)
profile.rules = rules
client.profile_update_rules(profile)
print "Successfully updated rules on profile %s" % name
def profile_tag_remove(name, tag):
"""
Remove a tag from the profile.
:param name: Profile name
:param tag: Tag name
:return: None
"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
try:
profile.tags.remove(tag)
except KeyError:
print "Tag %s is not on profile %s" % (tag, name)
sys.exit(1)
client.profile_update_tags(profile)
print "Tag %s removed from profile %s" % (tag, name)
def profile_tag_remove(name, tag):
"""
Remove a tag from the profile.
:param name: Profile name
:param tag: Tag name
:return: None
"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
try:
profile.tags.remove(tag)
except KeyError:
print "Tag %s is not on profile %s" % (tag, name)
sys.exit(1)
client.profile_update_tags(profile)
print "Tag %s removed from profile %s" % (tag, name)
def profile_rule_add_remove(operation,
name,
position,
action,
direction,
protocol=None,
icmp_type=None,
icmp_code=None,
src_net=None,
src_tag=None,
src_ports=None,
dst_net=None,
dst_tag=None,
dst_ports=None):
"""
Add or remove a rule from a profile.
Arguments not documented below are passed through to the rule.
:param operation: "add" or "remove".
:param name: Name of the profile.
:param position: Position to insert/remove rule or None for the default.
:param action: Rule action: "allow" or "deny".
:param direction: "inbound" or "outbound".
:return:
"""
if icmp_type is not None:
icmp_type = int(icmp_type)
if icmp_code is not None:
icmp_code = int(icmp_code)
# Convert the input into a Rule.
rule_dict = {
k: v
for (k, v) in locals().iteritems()
if k in Rule.ALLOWED_KEYS and v is not None
}
rule_dict["action"] = action
if (protocol not in ("tcp", "udp")) and (src_ports is not None
or dst_ports is not None):
print "Ports are not valid with protocol %r" % protocol
sys.exit(1)
rule = Rule(**rule_dict)
# Get the profile.
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
if direction == "inbound":
rules = profile.rules.inbound_rules
else:
rules = profile.rules.outbound_rules
if operation == "add":
if position is None:
# Default to append.
position = len(rules) + 1
if not 0 < position <= len(rules) + 1:
print "Position %s is out-of-range." % position
if rule in rules:
print "Rule already present, skipping."
return
rules.insert(position - 1, rule) # Accepts 0 and len(rules).
else:
# Remove.
if position is not None:
# Position can only be used on its own so no need to examine the
# rule.
if 0 < position <= len(rules): # 1-indexed
rules.pop(position - 1)
else:
print "Rule position out-of-range."
else:
# Attempt to match the rule.
try:
rules.remove(rule)
except ValueError:
print "Rule not found."
sys.exit(1)
client.profile_update_rules(profile)
def profile_rule_add_remove(
operation,
name,
position,
action,
direction,
protocol=None,
icmp_type=None,
icmp_code=None,
src_net=None,
src_tag=None,
src_ports=None,
dst_net=None,
dst_tag=None,
dst_ports=None,
):
"""
Add or remove a rule from a profile.
Arguments not documented below are passed through to the rule.
:param operation: "add" or "remove".
:param name: Name of the profile.
:param position: Position to insert/remove rule or None for the default.
:param action: Rule action: "allow" or "deny".
:param direction: "inbound" or "outbound".
:return:
"""
if icmp_type is not None:
icmp_type = int(icmp_type)
if icmp_code is not None:
icmp_code = int(icmp_code)
# Convert the input into a Rule.
rule_dict = {k: v for (k, v) in locals().iteritems() if k in Rule.ALLOWED_KEYS and v is not None}
rule_dict["action"] = action
if (protocol not in ("tcp", "udp")) and (src_ports is not None or dst_ports is not None):
print "Ports are not valid with protocol %r" % protocol
sys.exit(1)
rule = Rule(**rule_dict)
# Get the profile.
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
if direction == "inbound":
rules = profile.rules.inbound_rules
else:
rules = profile.rules.outbound_rules
if operation == "add":
if position is None:
# Default to append.
position = len(rules) + 1
if not 0 < position <= len(rules) + 1:
print "Position %s is out-of-range." % position
if rule in rules:
print "Rule already present, skipping."
return
rules.insert(position - 1, rule) # Accepts 0 and len(rules).
else:
# Remove.
if position is not None:
# Position can only be used on its own so no need to examine the
# rule.
if 0 < position <= len(rules): # 1-indexed
rules.pop(position - 1)
else:
print "Rule position out-of-range."
else:
# Attempt to match the rule.
try:
rules.remove(rule)
except ValueError:
print "Rule not found."
sys.exit(1)
client.profile_update_rules(profile)
