def modify_sg_policy(sg_id, accesskey_id, accesskey_secret, region_id):
while True:
print("Now, we will modify safe group ingress policy...")
print("First, we need to REVOKE the policy...")
ip_protocal = raw_input("Please select protocal:")
port_range = raw_input("Please select port range:")
source_cidr = raw_input("Please select source CiDr block:")
clt = client.AcsClient(accesskey_id, accesskey_secret, region_id)
request = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest()
request.set_accept_format('json')
request.set_SecurityGroupId(sg_id)
request.set_IpProtocol(ip_protocal)
request.set_PortRange(port_range)
request.set_SourceCidrIp(source_cidr)
result = clt.do_action_with_exception(request)
print result
print("Do you want to create a new policy?")
selection = upper(raw_input("Y/N:"))
if selection == "Y":
create_sg_policy(sg_id, accesskey_id, accesskey_secret, region_id)
print("Do you want to modify another safe group policy?")
choice = upper(raw_input("Y/N:"))
if choice == "N":
break
return
def revokeIngress(groupId, permission):
requestRevoke = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest()
requestRevoke.set_SecurityGroupId(groupId)
requestRevoke.set_SourceCidrIp(permission['SourceCidrIp'])
requestRevoke.set_IpProtocol(permission['IpProtocol'])
requestRevoke.set_PortRange(permission['PortRange'])
responseRevoke = client.do_action_with_exception(requestRevoke)
return json.loads(responseRevoke)
def revokeSecurityGroupRequest(self,SecurityGroupID,IpProtocol,PortRange,SourceCidrIp,Priority):
'''撤销安全组内规则'''
request = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest()
request.set_SecurityGroupId(SecurityGroupID)
request.add_query_param('RegionId', 'cn-shenzhen') #需改为华东1(cn-hangzhou
request.set_IpProtocol(IpProtocol)
request.set_PortRange(PortRange)
request.set_SourceCidrIp(SourceCidrIp)
request.set_Priority(Priority)
request.set_accept_format('json')
return request
def deloldRULE(func):
global clt
# 设置参数
for port in ['3000/3000','34872/34872']:
request = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest()
request.set_accept_format('json')
request.add_query_param('RegionId', 'cn-hangzhou')
request.add_query_param('SecurityGroupId', '目标安全组ID')
request.add_query_param('IpProtocol', 'tcp')
request.add_query_param('PortRange', port)
request.add_query_param('SourceCidrIp', func())
request.add_query_param('NicType', 'intranet') #如果不加这句话就是公网删除
# 发起请求
response = clt.do_action(request)
print (response)
def revokeSecurityGroupRequest(self,
SecurityGroupId,
IpProtocol,
PortRange,
NicType='internet',
Policy='accept',
Priority='1'):
'''删除一条安全组入方向规则
'''
request = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest()
request.set_SecurityGroupId(SecurityGroupId)
request.set_NicType(NicType)
request.set_IpProtocol(IpProtocol)
request.set_PortRange(PortRange)
request.set_Policy(Policy)
request.set_Priority(Priority)
request.set_accept_format('json')
return request