def cli():
"""
Main CLI entrance
"""
parser = argparse.ArgumentParser(description='Security groups management tool')
parser.add_argument('-c', '--config', help='Config file to use')
parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit')
parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)')
parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output')
parser.add_argument('-d', '--debug', action='store_true', help='Debug mode')
parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add')
parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add')
parser.add_argument('-I', '--ec2-access-key', help='EC2 Access Key to use')
parser.add_argument('-S', '--ec2-secret-key', help='EC2 Secret Key to use')
parser.add_argument('-R', '--ec2-region', help='Region to use (default us-east-1)', default='us-east-1')
parser.add_argument('-U', '--ec2-url', help='EC2 API URL to use (otherwise use default)')
parser.add_argument('-t', '--timeout', type=int, default=120, help='Set socket timeout (default 120s)')
parser.add_argument('--insecure', action='store_true', help='Do not validate SSL certs')
args = parser.parse_args()
if args.quiet:
lg.setLevel(logging.WARN)
lg_root.setLevel(logging.WARN)
else:
lg.setLevel(logging.INFO)
lg_root.setLevel(logging.INFO)
if args.debug:
lg.setLevel(logging.DEBUG)
lg_root.setLevel(logging.DEBUG)
# Initialize SGManager
ec2 = connect_ec2(args)
manager = SGManager(ec2)
manager.load_remote_groups()
if args.dump:
# Only dump remote groups and exit
print manager.dump_remote_groups()
sys.exit(0)
if not args.config:
lg.error('No config file supplied')
sys.exit(1)
manager.load_local_groups(args.config)
# Parameters for manager.apply_diff()
params = {
'dry' : not args.force,
'remove_rules' : False if args.no_remove else True,
'remove_groups' : False if args.no_remove_groups or args.no_remove else True,
}
manager.apply_diff(**params)
def cli():
"""
Main CLI entrance
"""
parser = argparse.ArgumentParser(description='Security groups management tool')
parser.add_argument('-c', '--config', help='Config file to use')
parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit')
parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)')
parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output')
parser.add_argument('-d', '--debug', action='store_true', help='Debug mode')
parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add')
parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add')
parser.add_argument('--ec2-access-key', help='EC2 Access Key to use')
parser.add_argument('--ec2-secret-key', help='EC2 Secret Key to use')
parser.add_argument('--ec2-region', help='Region to use (default us-east-1)', default='us-east-1')
parser.add_argument('--ec2-url', help='EC2 API URL to use (otherwise use default)')
args = parser.parse_args()
if args.quiet:
lg.setLevel(logging.WARN)
lg_root.setLevel(logging.WARN)
else:
lg.setLevel(logging.INFO)
lg_root.setLevel(logging.INFO)
if args.debug:
lg.setLevel(logging.DEBUG)
lg_root.setLevel(logging.DEBUG)
# Initialize SGManager
ec2 = connect_ec2(args)
manager = SGManager(ec2)
manager.load_remote_groups()
if args.dump:
# Only dump remote groups and exit
print manager.dump_remote_groups()
sys.exit(0)
if not args.config:
lg.error('No config file supplied')
sys.exit(1)
manager.load_local_groups(args.config)
# Parameters for manager.apply_diff()
params = {
'dry' : not args.force,
'remove_rules' : False if args.no_remove else True,
'remove_groups' : False if args.no_remove_groups or args.no_remove else True,
}
manager.apply_diff(**params)
def cli():
"""
Main CLI entrance
"""
parser = argparse.ArgumentParser(description='Security groups management tool')
parser.add_argument('-c', '--config', help='Config file to use')
parser.add_argument('--vpc', action='store_true', help='Work with VPC groups, otherwise only non-VPC')
parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit')
parser.add_argument('--unused', action='store_true', help='Dump groups not used by any instance')
parser.add_argument('--remove-unused', action='store_true', help='Only remove groups that are not used by any instance')
parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)')
parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output')
parser.add_argument('-d', '--debug', action='store_true', help='Debug mode')
parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add')
parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add')
parser.add_argument('--only-groups', nargs='+', help='Only manage following list of groups, space-separated')
parser.add_argument('-I', '--ec2-access-key', help='EC2 Access Key to use')
parser.add_argument('-S', '--ec2-secret-key', help='EC2 Secret Key to use')
parser.add_argument('-R', '--ec2-region', help='Region to use (default us-east-1)', default='us-east-1')
parser.add_argument('-U', '--ec2-url', help='EC2 API URL to use (otherwise use default)')
parser.add_argument('-t', '--timeout', type=int, default=120, help='Set socket timeout (default 120s)')
parser.add_argument('-m', '--mode', help='Mode for validating group name and description (default a)', default='a')
parser.add_argument('--insecure', action='store_true', help='Do not validate SSL certs')
parser.add_argument('--threshold', help='Maximum threshold to use for add/rm of groups/rules in percentage (default: 15)', default=15)
parser.add_argument('--cert', help='Path to CA certificates (eg. /etc/pki/cacert.pem)')
args = parser.parse_args()
if args.quiet:
lg.setLevel(logging.WARN)
lg_root.setLevel(logging.WARN)
else:
lg.setLevel(logging.INFO)
lg_root.setLevel(logging.INFO)
if args.debug:
lg.setLevel(logging.DEBUG)
lg_root.setLevel(logging.DEBUG)
# Initialize SGManager
ec2 = connect_ec2(args)
manager = SGManager(ec2, vpc=args.vpc, only_groups=args.only_groups)
manager.load_remote_groups()
if args.dump:
# Only dump remote groups and exit
print manager.dump_remote_groups()
sys.exit(0)
if args.unused:
# Print unused remote groups
for grp in manager.unused_groups():
print "- %s" % grp
sys.exit(0)
if args.remove_unused:
manager.remove_unused_groups(dry=not args.force)
sys.exit(0)
if not args.config:
lg.error('No config file supplied')
sys.exit(1)
mode = False
if args.mode in ('a', 'ascii'):
mode = 'ascii'
if args.mode in ('s', 'strict'):
mode = 'strict'
if args.mode in ('v', 'vpc') or args.vpc:
mode = 'vpc'
if not mode:
lg.error('Invalid mode "%s" selected' % args.mode)
sys.exit(1)
manager.load_local_groups(args.config, mode)
# Parameters for manager.apply_diff()
params = {
'dry' : not args.force,
'threshold': args.threshold,
'remove_rules' : False if args.no_remove else True,
'remove_groups' : False if args.no_remove_groups or args.no_remove else True,
}
manager.apply_diff(**params)
def cli():
"""
Main CLI entrance
"""
parser = argparse.ArgumentParser(
description='Security groups management tool')
parser.add_argument('-c', '--config', help='Config file to use')
parser.add_argument('--vpc',
action='store_true',
help='Work with VPC groups, otherwise only non-VPC')
parser.add_argument('--dump',
action='store_true',
help='Dump remote groups and exit')
parser.add_argument('--unused',
action='store_true',
help='Dump groups not used by any instance')
parser.add_argument(
'--remove-unused',
action='store_true',
help='Only remove groups that are not used by any instance')
parser.add_argument('-f',
'--force',
action='store_true',
help='Force action (otherwise run dry-run)')
parser.add_argument('-q',
'--quiet',
action='store_true',
help='Be quiet, print only WARN/ERROR output')
parser.add_argument('-d',
'--debug',
action='store_true',
help='Debug mode')
parser.add_argument('--no-remove',
action='store_true',
help='Do not remove any groups or rules, only add')
parser.add_argument('--no-remove-groups',
action='store_true',
help='Do not remove any groups, only add')
parser.add_argument(
'--only-groups',
nargs='+',
help='Only manage following list of groups, space-separated')
parser.add_argument('-I', '--ec2-access-key', help='EC2 Access Key to use')
parser.add_argument('-S', '--ec2-secret-key', help='EC2 Secret Key to use')
parser.add_argument('-R',
'--ec2-region',
help='Region to use (default us-east-1)',
default='us-east-1')
parser.add_argument('-U',
'--ec2-url',
help='EC2 API URL to use (otherwise use default)')
parser.add_argument('-t',
'--timeout',
type=int,
default=120,
help='Set socket timeout (default 120s)')
parser.add_argument(
'-m',
'--mode',
help='Mode for validating group name and description (default a)',
default='a')
parser.add_argument('--insecure',
action='store_true',
help='Do not validate SSL certs')
parser.add_argument(
'--threshold',
help=
'Maximum threshold to use for add/rm of groups/rules in percentage (default: 15)',
default=15)
parser.add_argument(
'--cert', help='Path to CA certificates (eg. /etc/pki/cacert.pem)')
args = parser.parse_args()
if args.quiet:
lg.setLevel(logging.WARN)
lg_root.setLevel(logging.WARN)
else:
lg.setLevel(logging.INFO)
lg_root.setLevel(logging.INFO)
if args.debug:
lg.setLevel(logging.DEBUG)
lg_root.setLevel(logging.DEBUG)
# Initialize SGManager
ec2 = connect_ec2(args)
manager = SGManager(ec2, vpc=args.vpc, only_groups=args.only_groups)
manager.load_remote_groups()
if args.dump:
# Only dump remote groups and exit
print manager.dump_remote_groups()
sys.exit(0)
if args.unused:
# Print unused remote groups
for grp in manager.unused_groups():
print "- %s" % grp
sys.exit(0)
if args.remove_unused:
manager.remove_unused_groups(dry=not args.force)
sys.exit(0)
if not args.config:
lg.error('No config file supplied')
sys.exit(1)
mode = False
if args.mode in ('a', 'ascii'):
mode = 'ascii'
if args.mode in ('s', 'strict'):
mode = 'strict'
if args.mode in ('v', 'vpc') or args.vpc:
mode = 'vpc'
if not mode:
lg.error('Invalid mode "%s" selected' % args.mode)
sys.exit(1)
manager.load_local_groups(args.config, mode)
# Parameters for manager.apply_diff()
params = {
'dry':
not args.force,
'threshold':
args.threshold,
'remove_rules':
False if args.no_remove else True,
'remove_groups':
False if args.no_remove_groups or args.no_remove else True,
}
manager.apply_diff(**params)
