def paths_allow_service(ctx, network, destination, source, port):
"""
Allow access from service to service. These must be names of services in the same network.
"""
source_service = get_service_for_cli(ctx, network, source)
destination_service = get_service_for_cli(ctx, network, destination)
ctx.obj['CLIENT'].paths.add(source_service, destination_service, port)
click.echo('Added path from %s to %s in network %s for port %s' %
(source, destination, network, port))
def paths_service_has_access(ctx, network, destination, source, port):
"""
Can this service access this service?
"""
source_service = get_service_for_cli(ctx, network, source)
destination_service = get_service_for_cli(ctx, network, destination)
if ctx.obj['CLIENT'].paths.has_access(source_service,
destination_service, port):
click.echo('Service %s has access to %s in network %s on port %s' %
(source, destination, network, port))
else:
click.echo(
'Service %s does not have access to %s in network %s on port %s'
% (source, destination, network, port))
def service_destroy(ctx, network, name):
"""
Destroy a service in this profile.
"""
service = get_service_for_cli(ctx, network, name)
ctx.obj['CLIENT'].service.destroy(service)
click.echo('Destroyed service: %s in network: %s' % (name, network))
def paths_allow_network_block(ctx, network, destination, source, port):
"""
Allow access from network block to service. Destination must be a service and source must
be a public network address block.
For example, pass 0,0.0.0/0 to allow all addresses on the internet.
"""
source_block = cloudless.paths.CidrBlock(source)
destination_service = get_service_for_cli(ctx, network, destination)
ctx.obj['CLIENT'].paths.add(source_block, destination_service, port)
click.echo('Added path from %s to %s in network %s for port %s' %
(source, destination, network, port))
def paths_revoke_network_block(ctx, network, destination, source, port):
"""
Revoke access from network block to service. Destination must be a service and source must
be a public network address block.
For example, pass 0,0.0.0/0 to revoke all addresses on the internet. Does not revoke access
for internal services. Use the "revoke_service" command for that.
"""
source_block = cloudless.paths.CidrBlock(source)
destination_service = get_service_for_cli(ctx, network, destination)
ctx.obj['CLIENT'].paths.remove(source_block, destination_service, port)
click.echo('Removed path from %s to %s in network %s for port %s' %
(source, destination, network, port))
def paths_is_internet_accessible(ctx, network, destination, port):
"""
Is this service reachable from the internet?
"""
destination_service = get_service_for_cli(ctx, network, destination)
if ctx.obj['CLIENT'].paths.internet_accessible(destination_service,
port):
click.echo(
'Service %s in network %s is internet accessible on port %s' %
(destination, network, port))
else:
click.echo(
'Service %s in network %s is not internet accessible on port %s'
% (destination, network, port))
def paths_network_block_has_access(ctx, network, destination, source,
port):
"""
Can this network block access this service?
"""
source_block = cloudless.paths.CidrBlock(source)
destination_service = get_service_for_cli(ctx, network, destination)
if ctx.obj['CLIENT'].paths.has_access(source_block,
destination_service, port):
click.echo('Network %s has access to %s in network %s on port %s' %
(source, destination, network, port))
else:
click.echo(
'Network %s does not have access to %s in network %s on port %s'
% (source, destination, network, port))
def service_get(ctx, network, name):
"""
Get details about a service in this profile.
"""
# See
# https://stackoverflow.com/questions/16782112/can-pyyaml-dump-dict-items-in-non-alphabetical-order
def represent_ordereddict(dumper, data):
value = []
for item_key, item_value in data.items():
node_key = dumper.represent_data(item_key)
node_value = dumper.represent_data(item_value)
value.append((node_key, node_value))
return yaml.nodes.MappingNode(u'tag:yaml.org,2002:map', value)
yaml.add_representer(OrderedDict, represent_ordereddict)
def get_paths_info_for_service(service):
paths = ctx.obj['CLIENT'].paths.list()
has_access_to = ["default-all-outgoing-allowed"]
is_accessible_from = []
for path in paths:
if path.network.name != service.network.name:
continue
if path.destination.name == service.name:
if path.source.name:
is_accessible_from.append(
"%s:%s:%s" %
(path.network.name, path.source.name, path.port))
else:
cidr_blocks = [
subnetwork.cidr_block
for subnetwork in path.source.subnetworks
]
cidr_blocks_string = ",".join(cidr_blocks)
is_accessible_from.append(
"external:%s:%s" % (cidr_blocks_string, path.port))
elif path.source.name == service.name:
has_access_to.append(
"%s:%s:%s" %
(path.network.name, path.destination.name, path.port))
return {
"has_access_to": has_access_to,
"is_accessible_from": is_accessible_from
}
service = get_service_for_cli(ctx, network, name)
paths_info = get_paths_info_for_service(service)
service_info = OrderedDict()
service_info['name'] = service.name
service_info['has_access_to'] = paths_info['has_access_to']
service_info['is_accessible_from'] = paths_info['is_accessible_from']
network_info = OrderedDict()
network_info['name'] = service.network.name
network_info['id'] = service.network.network_id
network_info['block'] = service.network.cidr_block
network_info['region'] = service.network.region
network_info['subnetworks'] = []
service_info['network'] = network_info
for subnetwork in service.subnetworks:
subnetwork_info = OrderedDict()
subnetwork_info['name'] = subnetwork.name
subnetwork_info['id'] = subnetwork.subnetwork_id
subnetwork_info['block'] = subnetwork.cidr_block
subnetwork_info['region'] = subnetwork.region
subnetwork_info['availability_zone'] = subnetwork.availability_zone
subnetwork_info['instances'] = []
for instance in subnetwork.instances:
instance_info = OrderedDict()
instance_info['id'] = instance.instance_id
instance_info['public_ip'] = instance.public_ip
instance_info['private_ip'] = instance.private_ip
instance_info['state'] = instance.state
instance_info['availability_zone'] = instance.availability_zone
subnetwork_info["instances"].append(instance_info)
service_info["network"]["subnetworks"].append(subnetwork_info)
click.echo(yaml.dump(service_info, default_flow_style=False))