def add_rules_to_secgroup(self, name=None, rules=None):
if name is None and rules is None:
raise ValueError("name or rules are None")
cgroups = self.list_secgroups(name)
if len(cgroups) == 0:
raise ValueError("group does not exist")
groups = DictList(Secgroup().list())
rules_details = DictList(SecgroupRule().list())
try:
group = groups[name]
except:
raise ValueError("group does not exist")
for rule in rules:
try:
found = rules_details[rule]
self.add_secgroup_rule(name=name,
port=found["ports"],
protocol=found["protocol"],
ip_range=found["ip_range"])
except:
ValueError("rule can not be found")
def remove_rules_from_secgroup(self, name=None, rules=None):
if name is None and rules is None:
raise ValueError("name or rules are None")
cgroups = self.list_secgroups(name)
if len(cgroups) == 0:
raise ValueError("group does not exist")
groups = DictList(Secgroup().list())
rules_details = DictList(SecgroupRule().list())
try:
group = groups[name]
except:
raise ValueError("group does not exist")
for rule in rules:
try:
found = rules_details[rule]
try:
pmin, pmax = rules['ports'].split(":")
except:
pmin = None
pmax = None
except:
ValueError("rule can not be found")
for r in cgroups['security_group_rules']:
test = \
r["port_range_max"] == pmin and \
r["port_range_min"] == pmax and \
r["protocol"] == found["protocol"] and \
r["remote_ip_prefix"] == found["ports"]
# r["direction"] == "egress" \
# r["ethertype"] == "IPv6" \
# r["id"] == "1234e4e3-ba72-4e33-9844-..." \
# r["remote_group_id"]] == null \
# r["tenant_id"]] == "CH-12345"
if test:
id = r["security_group_id"]
list_test = [test]
self.virtual_network.remove_network_security_group_security_rules(
id,
oci.core.models.
RemoveNetworkSecurityGroupSecurityRulesDetails(
list_test))
def remove_rules_from_secgroup(self, name=None, rules=None):
if name is None and rules is None:
raise ValueError("name or rules are None")
sec_group = self.list_secgroups(name)
if len(sec_group) == 0:
raise ValueError("group does not exist")
sec_group_rules = DictList(self.list_secgroup_rules(name))
VERBOSE(sec_group_rules)
'''
To do match rules with each sec_group_rules and if found remove it as below
Values below like protocol, portmin etc. are just default as of now
'''
try:
data = self.ec2_client.revoke_security_group_ingress(
GroupName=name,
IpPermissions=[
{'IpProtocol': 'protocol',
'FromPort': 'portmin',
'ToPort': 'portmax',
'IpRanges': [{'CidrIp': 'ip_range'}]},
])
Console.ok(f'Ingress Successfully Set as {data}')
except ClientError as e:
Console.error(e)
def add(self,
name=None,
services=None,
category=None):
# check if non and raise error
if type(services) == str:
services = Parameter.expand(services)
# cm = CmDatabase()
entry = {
'cm': {
"name": name,
"cloud": self.cloud,
"kind": self.kind
}
}
entry['members'] = [] # find in db
old = DictList(entry['members'])
entries = [{'name': service, 'kind': category} for
service in services]
for entry in old:
if entry not in entries:
entries.append(old[entry])
entry['members'] = entries
return [entry]