def cli(): """ Main CLI entrance """ parser = argparse.ArgumentParser(description='Security groups management tool') parser.add_argument('-c', '--config', help='Config file to use') parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit') parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)') parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output') parser.add_argument('-d', '--debug', action='store_true', help='Debug mode') parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add') parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add') parser.add_argument('-I', '--ec2-access-key', help='EC2 Access Key to use') parser.add_argument('-S', '--ec2-secret-key', help='EC2 Secret Key to use') parser.add_argument('-R', '--ec2-region', help='Region to use (default us-east-1)', default='us-east-1') parser.add_argument('-U', '--ec2-url', help='EC2 API URL to use (otherwise use default)') parser.add_argument('-t', '--timeout', type=int, default=120, help='Set socket timeout (default 120s)') parser.add_argument('--insecure', action='store_true', help='Do not validate SSL certs') args = parser.parse_args() if args.quiet: lg.setLevel(logging.WARN) lg_root.setLevel(logging.WARN) else: lg.setLevel(logging.INFO) lg_root.setLevel(logging.INFO) if args.debug: lg.setLevel(logging.DEBUG) lg_root.setLevel(logging.DEBUG) # Initialize SGManager ec2 = connect_ec2(args) manager = SGManager(ec2) manager.load_remote_groups() if args.dump: # Only dump remote groups and exit print manager.dump_remote_groups() sys.exit(0) if not args.config: lg.error('No config file supplied') sys.exit(1) manager.load_local_groups(args.config) # Parameters for manager.apply_diff() params = { 'dry' : not args.force, 'remove_rules' : False if args.no_remove else True, 'remove_groups' : False if args.no_remove_groups or args.no_remove else True, } manager.apply_diff(**params)
def cli(): """ Main CLI entrance """ parser = argparse.ArgumentParser(description='Security groups management tool') parser.add_argument('-c', '--config', help='Config file to use') parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit') parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)') parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output') parser.add_argument('-d', '--debug', action='store_true', help='Debug mode') parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add') parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add') parser.add_argument('--ec2-access-key', help='EC2 Access Key to use') parser.add_argument('--ec2-secret-key', help='EC2 Secret Key to use') parser.add_argument('--ec2-region', help='Region to use (default us-east-1)', default='us-east-1') parser.add_argument('--ec2-url', help='EC2 API URL to use (otherwise use default)') args = parser.parse_args() if args.quiet: lg.setLevel(logging.WARN) lg_root.setLevel(logging.WARN) else: lg.setLevel(logging.INFO) lg_root.setLevel(logging.INFO) if args.debug: lg.setLevel(logging.DEBUG) lg_root.setLevel(logging.DEBUG) # Initialize SGManager ec2 = connect_ec2(args) manager = SGManager(ec2) manager.load_remote_groups() if args.dump: # Only dump remote groups and exit print manager.dump_remote_groups() sys.exit(0) if not args.config: lg.error('No config file supplied') sys.exit(1) manager.load_local_groups(args.config) # Parameters for manager.apply_diff() params = { 'dry' : not args.force, 'remove_rules' : False if args.no_remove else True, 'remove_groups' : False if args.no_remove_groups or args.no_remove else True, } manager.apply_diff(**params)
def cli(): """ Main CLI entrance """ parser = argparse.ArgumentParser(description='Security groups management tool') parser.add_argument('-c', '--config', help='Config file to use') parser.add_argument('--vpc', action='store_true', help='Work with VPC groups, otherwise only non-VPC') parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit') parser.add_argument('--unused', action='store_true', help='Dump groups not used by any instance') parser.add_argument('--remove-unused', action='store_true', help='Only remove groups that are not used by any instance') parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)') parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output') parser.add_argument('-d', '--debug', action='store_true', help='Debug mode') parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add') parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add') parser.add_argument('--only-groups', nargs='+', help='Only manage following list of groups, space-separated') parser.add_argument('-I', '--ec2-access-key', help='EC2 Access Key to use') parser.add_argument('-S', '--ec2-secret-key', help='EC2 Secret Key to use') parser.add_argument('-R', '--ec2-region', help='Region to use (default us-east-1)', default='us-east-1') parser.add_argument('-U', '--ec2-url', help='EC2 API URL to use (otherwise use default)') parser.add_argument('-t', '--timeout', type=int, default=120, help='Set socket timeout (default 120s)') parser.add_argument('-m', '--mode', help='Mode for validating group name and description (default a)', default='a') parser.add_argument('--insecure', action='store_true', help='Do not validate SSL certs') parser.add_argument('--threshold', help='Maximum threshold to use for add/rm of groups/rules in percentage (default: 15)', default=15) parser.add_argument('--cert', help='Path to CA certificates (eg. /etc/pki/cacert.pem)') args = parser.parse_args() if args.quiet: lg.setLevel(logging.WARN) lg_root.setLevel(logging.WARN) else: lg.setLevel(logging.INFO) lg_root.setLevel(logging.INFO) if args.debug: lg.setLevel(logging.DEBUG) lg_root.setLevel(logging.DEBUG) # Initialize SGManager ec2 = connect_ec2(args) manager = SGManager(ec2, vpc=args.vpc, only_groups=args.only_groups) manager.load_remote_groups() if args.dump: # Only dump remote groups and exit print manager.dump_remote_groups() sys.exit(0) if args.unused: # Print unused remote groups for grp in manager.unused_groups(): print "- %s" % grp sys.exit(0) if args.remove_unused: manager.remove_unused_groups(dry=not args.force) sys.exit(0) if not args.config: lg.error('No config file supplied') sys.exit(1) mode = False if args.mode in ('a', 'ascii'): mode = 'ascii' if args.mode in ('s', 'strict'): mode = 'strict' if args.mode in ('v', 'vpc') or args.vpc: mode = 'vpc' if not mode: lg.error('Invalid mode "%s" selected' % args.mode) sys.exit(1) manager.load_local_groups(args.config, mode) # Parameters for manager.apply_diff() params = { 'dry' : not args.force, 'threshold': args.threshold, 'remove_rules' : False if args.no_remove else True, 'remove_groups' : False if args.no_remove_groups or args.no_remove else True, } manager.apply_diff(**params)
def cli(): """ Main CLI entrance """ parser = argparse.ArgumentParser( description='Security groups management tool') parser.add_argument('-c', '--config', help='Config file to use') parser.add_argument('--vpc', action='store_true', help='Work with VPC groups, otherwise only non-VPC') parser.add_argument('--dump', action='store_true', help='Dump remote groups and exit') parser.add_argument('--unused', action='store_true', help='Dump groups not used by any instance') parser.add_argument( '--remove-unused', action='store_true', help='Only remove groups that are not used by any instance') parser.add_argument('-f', '--force', action='store_true', help='Force action (otherwise run dry-run)') parser.add_argument('-q', '--quiet', action='store_true', help='Be quiet, print only WARN/ERROR output') parser.add_argument('-d', '--debug', action='store_true', help='Debug mode') parser.add_argument('--no-remove', action='store_true', help='Do not remove any groups or rules, only add') parser.add_argument('--no-remove-groups', action='store_true', help='Do not remove any groups, only add') parser.add_argument( '--only-groups', nargs='+', help='Only manage following list of groups, space-separated') parser.add_argument('-I', '--ec2-access-key', help='EC2 Access Key to use') parser.add_argument('-S', '--ec2-secret-key', help='EC2 Secret Key to use') parser.add_argument('-R', '--ec2-region', help='Region to use (default us-east-1)', default='us-east-1') parser.add_argument('-U', '--ec2-url', help='EC2 API URL to use (otherwise use default)') parser.add_argument('-t', '--timeout', type=int, default=120, help='Set socket timeout (default 120s)') parser.add_argument( '-m', '--mode', help='Mode for validating group name and description (default a)', default='a') parser.add_argument('--insecure', action='store_true', help='Do not validate SSL certs') parser.add_argument( '--threshold', help= 'Maximum threshold to use for add/rm of groups/rules in percentage (default: 15)', default=15) parser.add_argument( '--cert', help='Path to CA certificates (eg. /etc/pki/cacert.pem)') args = parser.parse_args() if args.quiet: lg.setLevel(logging.WARN) lg_root.setLevel(logging.WARN) else: lg.setLevel(logging.INFO) lg_root.setLevel(logging.INFO) if args.debug: lg.setLevel(logging.DEBUG) lg_root.setLevel(logging.DEBUG) # Initialize SGManager ec2 = connect_ec2(args) manager = SGManager(ec2, vpc=args.vpc, only_groups=args.only_groups) manager.load_remote_groups() if args.dump: # Only dump remote groups and exit print manager.dump_remote_groups() sys.exit(0) if args.unused: # Print unused remote groups for grp in manager.unused_groups(): print "- %s" % grp sys.exit(0) if args.remove_unused: manager.remove_unused_groups(dry=not args.force) sys.exit(0) if not args.config: lg.error('No config file supplied') sys.exit(1) mode = False if args.mode in ('a', 'ascii'): mode = 'ascii' if args.mode in ('s', 'strict'): mode = 'strict' if args.mode in ('v', 'vpc') or args.vpc: mode = 'vpc' if not mode: lg.error('Invalid mode "%s" selected' % args.mode) sys.exit(1) manager.load_local_groups(args.config, mode) # Parameters for manager.apply_diff() params = { 'dry': not args.force, 'threshold': args.threshold, 'remove_rules': False if args.no_remove else True, 'remove_groups': False if args.no_remove_groups or args.no_remove else True, } manager.apply_diff(**params)