5
from ..main import Command, parse_version_arg
8
class FirewallRulesOutput(object):
9
"""Outputs a set of YAML firewall rules matching checks."""
11
def __init__(self, output):
14
self.fqdn = socket.getfqdn()
16
def notify_skip(self, name):
19
Should pass everything when using the skipping_strategy, directly to
25
def write(self, data):
26
"""Filters out non-TCP/UDP checks.
28
Stores host/port/proto info for output later as YAML.
31
# We only need TCP/UDP checks
32
if not any(x in data for x in ('tcp', 'udp')):
35
# Here we take the list of colon separated values in reverse order, so
36
# we should get just the host/port/proto for the check without the
37
# specific prefix (e.g. memcache, http)
38
port, host, protocol = reversed(data.split(':')[-3:])
39
protocol = protocol.strip()
41
key = "{}:{}".format(host, protocol)
42
if key not in self.output_data:
43
self.output_data[key] = {
44
'from_host': self.fqdn,
51
if port not in self.output_data[key]['ports']:
52
self.output_data[key]['ports'].append(port)
55
"""Outputs our structured egress firewall info as YAML."""
57
self.output.write(yaml.dump({'egress': self.output_data.values()}))
60
class FirewallExportCommand(Command):
61
"""CLI command runner for conn-check-export-fw"""
63
def wrap_output(self, output):
64
"""Wraps output stream.
66
Override some options in order to just output fw rules without
69
# We don't want to actually perform the checks
70
self.options.dry_run = True
71
self.options.buffer_output = False
72
self.options.show_duration = False
74
super(FirewallExportCommand, self).wrap_output(output)
76
self.output = FirewallRulesOutput(self.output)
77
self.results.output = self.output
81
if parse_version_arg():
84
cmd = FirewallExportCommand(args)
89
sys.exit(run(*sys.argv[1:]))
92
if __name__ == '__main__':
added
removed
conn_check/utils/firewall_rules.py
