def profile_tag_show(name):
"""Show the tags on the profile."""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
for tag in profile.tags:
print tag
def _load_profile(self, name):
"""
Load the profile from the datastore.
If the profile exists under the supplied name, return the profile as
is.
If the profile does not exist under the supplied name, perform a docker
network inspect to determine if this is a network name and to look up
the network ID. Look up the profile based on the network ID, and map
the profile name and the tags to the appropriate network name. This
assumes the tags and profiles names are the same (which by default they
are).
:param name: The profile or network name.
:return: The loaded and (if required) translated profile.
"""
try:
# Load and store the profile.
profile = client.get_profile(name)
except KeyError as e:
# Profile is not found, check to see if it configured as a Docker
# network, and if so use the network ID to locate the profile. The
# The profile will need converting to use network names rather than
# profile names and tags.
try:
network_id = self._get_id_from_name(name)
except NoDockerNetwork:
raise e
else:
# Found the network, get the profile and translate from IDs
# to names.
profile = client.get_profile(network_id)
profile = self._translate_profile(profile,
self._get_name_from_id)
return profile
def profile_tag_add(name, tag):
"""
Add a tag to the profile.
:param name: Profile name
:param tag: Tag name
:return: None
"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
profile.tags.add(tag)
client.profile_update_tags(profile)
print "Tag %s added to profile %s" % (tag, name)
def profile_rule_show(name, human_readable=False):
"""Show the rules on the profile."""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
if human_readable:
print "Inbound rules:"
for i, rule in enumerate(profile.rules.inbound_rules, start=1):
print " %3d %s" % (i, rule.pprint())
print "Outbound rules:"
for i, rule in enumerate(profile.rules.outbound_rules, start=1):
print " %3d %s" % (i, rule.pprint())
else:
print profile.rules.to_json(indent=2)
print ""
def profile_rule_update(name):
"""Update the rules on the profile"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
# Read in the JSON from standard in.
rules_str = sys.stdin.read()
rules = Rules.from_json(rules_str)
if rules.id != name:
print 'Rules JSON "id"=%s doesn\'t match profile name %s.' % \
(rules.id, name)
sys.exit(1)
profile.rules = rules
client.profile_update_rules(profile)
print "Successfully updated rules on profile %s" % name
def profile_tag_remove(name, tag):
"""
Remove a tag from the profile.
:param name: Profile name
:param tag: Tag name
:return: None
"""
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
try:
profile.tags.remove(tag)
except KeyError:
print "Tag %s is not on profile %s" % (tag, name)
sys.exit(1)
client.profile_update_tags(profile)
print "Tag %s removed from profile %s" % (tag, name)
def profile_rule_add_remove(operation,
name,
position,
action,
direction,
protocol=None,
icmp_type=None,
icmp_code=None,
src_net=None,
src_tag=None,
src_ports=None,
dst_net=None,
dst_tag=None,
dst_ports=None):
"""
Add or remove a rule from a profile.
Arguments not documented below are passed through to the rule.
:param operation: "add" or "remove".
:param name: Name of the profile.
:param position: Position to insert/remove rule or None for the default.
:param action: Rule action: "allow" or "deny".
:param direction: "inbound" or "outbound".
:return:
"""
if icmp_type is not None:
icmp_type = int(icmp_type)
if icmp_code is not None:
icmp_code = int(icmp_code)
# Convert the input into a Rule.
rule_dict = {
k: v
for (k, v) in locals().iteritems()
if k in Rule.ALLOWED_KEYS and v is not None
}
rule_dict["action"] = action
if (protocol not in ("tcp", "udp")) and (src_ports is not None
or dst_ports is not None):
print "Ports are not valid with protocol %r" % protocol
sys.exit(1)
rule = Rule(**rule_dict)
# Get the profile.
try:
profile = client.get_profile(name)
except KeyError:
print "Profile %s not found." % name
sys.exit(1)
if direction == "inbound":
rules = profile.rules.inbound_rules
else:
rules = profile.rules.outbound_rules
if operation == "add":
if position is None:
# Default to append.
position = len(rules) + 1
if not 0 < position <= len(rules) + 1:
print "Position %s is out-of-range." % position
if rule in rules:
print "Rule already present, skipping."
return
rules.insert(position - 1, rule) # Accepts 0 and len(rules).
else:
# Remove.
if position is not None:
# Position can only be used on its own so no need to examine the
# rule.
if 0 < position <= len(rules): # 1-indexed
rules.pop(position - 1)
else:
print "Rule position out-of-range."
else:
# Attempt to match the rule.
try:
rules.remove(rule)
except ValueError:
print "Rule not found."
sys.exit(1)
client.profile_update_rules(profile)
