-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMoveNSGRules.py
101 lines (90 loc) · 3.7 KB
/
MoveNSGRules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/usr/bin/env python
import sys
import argparse
import oci
import subprocess
import time
# Arguments Options
parser = argparse.ArgumentParser(description='Move NSG Rules from one OCID to another one')
parser.add_argument('-t','--ticket', type=str, help='Ticket number, TICKET-XXXX', required=True )
parser.add_argument('-os','--sourceocid', type=str, help='Put the SOURCE OCID of the NSG', required=True)
parser.add_argument('-od','--destinationocid', type=str, help='Put the DESTINATION OCID of the NSG', required=True)
args = parser.parse_args()
# Variables Assignment
ticket=args.ticket
sourceocid=args.sourceocid
destinationocid=args.destinationocid
# Variables
maxrules = 240
# Functions
def get_displayName(ocid):
result = subprocess.check_output(f"oci network nsg get --nsg-id {ocid} | jq '.data.\"display-name\"' | tr -d '\"'", shell=True, encoding="utf8")
result = result.replace("\n","")
return result
def get_numberOfRules(ocid,name):
rules = subprocess.check_output(f"oci network nsg rules list --all --nsg-id {ocid} | jq '.data | length'", shell=True, encoding="utf8")
rules = rules.replace("\n","")
if not rules:
rules = "0"
print ("The NSG "+ name +" contain "+ rules +" rules")
return int(rules)
def get_concatenate(sourcenumber,destinationnumber):
total = sourcenumber + destinationnumber
if total <= maxrules:
print ("Merging is possible")
answer = input("Continue? [y/n]")
if answer.lower() in ["y","yes"]:
print("Confirmed")
status = True
elif answer.lower() in ["n","no"]:
print ("Aborting")
status = False
else:
print ("Wrong input")
status = False
else:
status = False
exceed = maxrules - total
print("Cannot merge as the total rules are exceded by "+ str(exceed))
return bool(status)
def set_concatenate(status):
if status == True:
filename = str(ticket) + "_export.json"
file_ = open(filename, "w")
#REMOVE useless key --> time-created + id + is-valid
subprocess.Popen(f"oci network nsg rules list --all --nsg-id {sourceocid} | jq '.data' | jq 'del(.[].id)' | jq 'del(.[].\"time-created\")' | jq 'del(.[].\"is-valid\")'", shell=True, encoding="utf8", stdout=file_)
time.sleep(10)
subprocess.check_output(f"oci network nsg rules add --nsg-id {destinationocid} --security-rules file://{filename}", shell=True, encoding="utf8")
task = True
else:
print ("Exiting as the merge is not allowed / possible, please fix it")
task = False
sys.exit()
return task
def set_clean(task):
if task == True:
answer = input("Do you want to remove the source NSG ? [y/n]")
if answer.lower() in ["y","yes"]:
print("REMOVAL CONFIRMED")
subprocess.check_output(f"oci network nsg delete --nsg-id {sourceocid} --force", shell=True, encoding="utf8")
elif answer.lower() in ["n","no"]:
print ("SOURCE NSG WILL REMAIN UNTOUCHED")
else:
print ("Wrong input")
set_clean(True)
else:
print("Something went wrong, I cannot help more, I'm just a script dude")
return
# Code
print("Checking source...")
print("The source OCID is "+ sourceocid)
sourcename = get_displayName(sourceocid)
sourcenumber = get_numberOfRules(sourceocid,sourcename)
print("Checking destination...")
print("The destination OCID is "+ destinationocid)
destinationname = get_displayName(destinationocid)
destinationnumber = get_numberOfRules(destinationocid,destinationname)
print("Checking if we can merge...")
status = get_concatenate(sourcenumber,destinationnumber)
task = set_concatenate(status)
set_clean(task)