enfcli 4.0.0 → 4.1.0.pre.alpha
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.circleci/Dockerfile +2 -2
- data/.circleci/config.yml +5 -0
- data/Gemfile.lock +37 -25
- data/Makefile +7 -0
- data/README.md +52 -7
- data/enfcli.gemspec +28 -26
- data/format.sh +9 -0
- data/lib/enfapi.rb +86 -97
- data/lib/enfcli.rb +166 -94
- data/lib/enfcli/commands/captive.rb +149 -149
- data/lib/enfcli/commands/user.rb +23 -20
- data/lib/enfcli/commands/xcr.rb +95 -82
- data/lib/enfcli/commands/xdns.rb +53 -50
- data/lib/enfcli/commands/xfw.rb +37 -37
- data/lib/enfcli/commands/xiam.rb +87 -80
- data/lib/enfcli/version.rb +1 -1
- data/lib/enfthor.rb +38 -14
- metadata +62 -5
data/lib/enfcli/commands/xdns.rb
CHANGED
|
@@ -13,17 +13,16 @@
|
|
|
13
13
|
# See the License for the specific language governing permissions and
|
|
14
14
|
# limitations under the License.
|
|
15
15
|
#
|
|
16
|
-
require
|
|
17
|
-
require
|
|
16
|
+
require "enfthor"
|
|
17
|
+
require "enfapi"
|
|
18
18
|
|
|
19
19
|
module EnfCli
|
|
20
20
|
module Cmd
|
|
21
|
-
|
|
22
21
|
class Xdns < EnfThor
|
|
23
|
-
DnsRecordType_AAAA =
|
|
24
|
-
DnsRecordType_TXT =
|
|
25
|
-
DnsRecordType_SRV =
|
|
26
|
-
DnsRecordType_CNAME =
|
|
22
|
+
DnsRecordType_AAAA = "AAAA"
|
|
23
|
+
DnsRecordType_TXT = "TXT"
|
|
24
|
+
DnsRecordType_SRV = "SRV"
|
|
25
|
+
DnsRecordType_CNAME = "CNAME"
|
|
27
26
|
DnsRecordTypes = [DnsRecordType_AAAA, DnsRecordType_CNAME, DnsRecordType_SRV, DnsRecordType_TXT]
|
|
28
27
|
|
|
29
28
|
no_commands {
|
|
@@ -35,13 +34,10 @@ module EnfCli
|
|
|
35
34
|
case type
|
|
36
35
|
when DnsRecordType_AAAA
|
|
37
36
|
value = value[:ipv6]
|
|
38
|
-
|
|
39
37
|
when DnsRecordType_CNAME
|
|
40
38
|
value = value[:dname]
|
|
41
|
-
|
|
42
39
|
when DnsRecordType_SRV
|
|
43
40
|
value = "#{value[:priority]} #{value[:weight]} #{value[:port]} #{value[:target]}"
|
|
44
|
-
|
|
45
41
|
when DnsRecordType_TXT
|
|
46
42
|
value = value[:txt]
|
|
47
43
|
end
|
|
@@ -50,33 +46,33 @@ module EnfCli
|
|
|
50
46
|
end
|
|
51
47
|
|
|
52
48
|
def display_zones_table(zones)
|
|
53
|
-
headings = [
|
|
54
|
-
rows = zones.map{ |hash|
|
|
55
|
-
[
|
|
49
|
+
headings = ["Id", "Zone", "Description", "Enf Domain"]
|
|
50
|
+
rows = zones.map { |hash|
|
|
51
|
+
[hash[:id], hash[:zone_domain_name], hash[:description], hash[:enf_domain]]
|
|
56
52
|
}
|
|
57
53
|
render_table(headings, rows)
|
|
58
54
|
end
|
|
59
55
|
|
|
60
56
|
def display_networks_table(networks)
|
|
61
|
-
headings = [
|
|
62
|
-
rows = networks.map{ |hash|
|
|
63
|
-
[
|
|
57
|
+
headings = ["Id", "Network"]
|
|
58
|
+
rows = networks.map { |hash|
|
|
59
|
+
[hash[:rowid], hash[:enf_network]]
|
|
64
60
|
}
|
|
65
61
|
render_table(headings, rows)
|
|
66
62
|
end
|
|
67
63
|
|
|
68
64
|
def display_records_table(records)
|
|
69
|
-
headings = [
|
|
70
|
-
rows = records.map{ |hash|
|
|
71
|
-
[
|
|
65
|
+
headings = ["Id", "Name", "Type", "Value", "TTL"]
|
|
66
|
+
rows = records.map { |hash|
|
|
67
|
+
[hash[:id], hash[:name], hash[:type], get_record_value(hash[:type], hash[:value]), hash[:ttl]]
|
|
72
68
|
}
|
|
73
69
|
render_table(headings, rows)
|
|
74
70
|
end
|
|
75
71
|
|
|
76
72
|
def display_servers_table(servers)
|
|
77
|
-
headings = [
|
|
78
|
-
rows = servers.map{ |hash|
|
|
79
|
-
[
|
|
73
|
+
headings = ["Id", "IPv6", "Network", "Description"]
|
|
74
|
+
rows = servers.map { |hash|
|
|
75
|
+
[hash[:id], hash[:ipv6], hash[:enf_network], hash[:description]]
|
|
80
76
|
}
|
|
81
77
|
render_table(headings, rows)
|
|
82
78
|
end
|
|
@@ -86,19 +82,19 @@ module EnfCli
|
|
|
86
82
|
method_option :'zone-domain-name', :type => :string, :required => true
|
|
87
83
|
method_option :description, :type => :array, :banner => "DESCRIPTION"
|
|
88
84
|
method_option :'enf-domain', :type => :string, :banner => "/48 Enf Domain"
|
|
85
|
+
|
|
89
86
|
def create_zone
|
|
90
87
|
try_with_rescue_in_session do
|
|
91
88
|
## session
|
|
92
89
|
session = EnfCli::CTX.instance.session
|
|
93
90
|
|
|
94
91
|
## Gather parameters
|
|
95
|
-
zone_domain_name = options[
|
|
92
|
+
zone_domain_name = options["zone-domain-name"]
|
|
96
93
|
description = array_option_to_string(options.description) if options.description
|
|
97
94
|
case session[:type]
|
|
98
|
-
when
|
|
99
|
-
enf_domain = options[
|
|
95
|
+
when "XAPTUM_ADMIN"
|
|
96
|
+
enf_domain = options["enf-domain"]
|
|
100
97
|
raise "No value provided for required options '--enf-domain'" unless enf_domain
|
|
101
|
-
|
|
102
98
|
else
|
|
103
99
|
enf_domain = session[:domain_network]
|
|
104
100
|
end
|
|
@@ -107,7 +103,7 @@ module EnfCli
|
|
|
107
103
|
new_zone = {
|
|
108
104
|
:zone_domain_name => zone_domain_name,
|
|
109
105
|
:description => description,
|
|
110
|
-
:enf_domain => enf_domain
|
|
106
|
+
:enf_domain => enf_domain,
|
|
111
107
|
}
|
|
112
108
|
|
|
113
109
|
## call api
|
|
@@ -123,16 +119,16 @@ module EnfCli
|
|
|
123
119
|
|
|
124
120
|
desc "list-zones", "List DNS Zones"
|
|
125
121
|
method_option :'enf-domain', :type => :string, :banner => "/48 Enf Domain"
|
|
122
|
+
|
|
126
123
|
def list_zones
|
|
127
124
|
try_with_rescue_in_session do
|
|
128
125
|
## session
|
|
129
126
|
session = EnfCli::CTX.instance.session
|
|
130
127
|
|
|
131
128
|
case session[:type]
|
|
132
|
-
when
|
|
133
|
-
enf_domain = options[
|
|
129
|
+
when "XAPTUM_ADMIN"
|
|
130
|
+
enf_domain = options["enf-domain"]
|
|
134
131
|
raise "No value provided for required options '--enf-domain'" unless enf_domain
|
|
135
|
-
|
|
136
132
|
else
|
|
137
133
|
enf_domain = session[:domain_network]
|
|
138
134
|
end
|
|
@@ -148,6 +144,7 @@ module EnfCli
|
|
|
148
144
|
|
|
149
145
|
desc "delete-zone", "Delete a DNS zone"
|
|
150
146
|
method_option :'zone-id', :type => :string, :required => true
|
|
147
|
+
|
|
151
148
|
def delete_zone
|
|
152
149
|
try_with_rescue_in_session do
|
|
153
150
|
zone_id = options[:'zone-id']
|
|
@@ -162,6 +159,7 @@ module EnfCli
|
|
|
162
159
|
desc "update-zone", "Update a DNS zone description"
|
|
163
160
|
method_option :'zone-id', :type => :string, :required => true
|
|
164
161
|
method_option :description, :type => :array, :banner => "DESCRIPTION", :required => true
|
|
162
|
+
|
|
165
163
|
def update_zone
|
|
166
164
|
try_with_rescue_in_session do
|
|
167
165
|
## get parameters
|
|
@@ -169,7 +167,7 @@ module EnfCli
|
|
|
169
167
|
|
|
170
168
|
## update request
|
|
171
169
|
update_zone_req = {
|
|
172
|
-
:description => description
|
|
170
|
+
:description => description,
|
|
173
171
|
}
|
|
174
172
|
|
|
175
173
|
## call api
|
|
@@ -184,15 +182,16 @@ module EnfCli
|
|
|
184
182
|
desc "add-networks-to-zone", "Add /64 networks to DNS zone"
|
|
185
183
|
method_option :'zone-id', :type => :string, :required => true
|
|
186
184
|
method_option :networks, :type => :array, :banner => "NETWORKS", :required => true
|
|
185
|
+
|
|
187
186
|
def add_networks_to_zone
|
|
188
187
|
try_with_rescue_in_session do
|
|
189
188
|
## gather parameters
|
|
190
189
|
zone_id = options[:'zone-id']
|
|
191
|
-
networks = array_option_to_string(options[:networks]).split(",").map{ |x| x.strip }
|
|
190
|
+
networks = array_option_to_string(options[:networks]).split(",").map { |x| x.strip }
|
|
192
191
|
|
|
193
192
|
## add networks request
|
|
194
193
|
add_networks_req = {
|
|
195
|
-
:networks => networks
|
|
194
|
+
:networks => networks,
|
|
196
195
|
}
|
|
197
196
|
|
|
198
197
|
## call api
|
|
@@ -207,6 +206,7 @@ module EnfCli
|
|
|
207
206
|
|
|
208
207
|
desc "list-networks-in-zone", "List /64 networks in DNS zone"
|
|
209
208
|
method_option :'zone-id', :type => :string, :required => true
|
|
209
|
+
|
|
210
210
|
def list_networks_in_zone
|
|
211
211
|
try_with_rescue_in_session do
|
|
212
212
|
## gather parameters
|
|
@@ -224,6 +224,7 @@ module EnfCli
|
|
|
224
224
|
desc "delete-networks-from-zone", "Delete /64 networks from DNS zone"
|
|
225
225
|
method_option :'zone-id', :type => :string, :required => true
|
|
226
226
|
method_option :networks, :type => :array, :banner => "NETWORKS", :required => true
|
|
227
|
+
|
|
227
228
|
def delete_networks_from_zone
|
|
228
229
|
try_with_rescue_in_session do
|
|
229
230
|
## gather parameters
|
|
@@ -241,15 +242,16 @@ module EnfCli
|
|
|
241
242
|
desc "replace-networks-in-zone", "Replace /64 networks in DNS zone"
|
|
242
243
|
method_option :'zone-id', :type => :string, :required => true
|
|
243
244
|
method_option :networks, :type => :array, :banner => "NETWORKS", :required => true
|
|
245
|
+
|
|
244
246
|
def replace_networks_in_zone
|
|
245
247
|
try_with_rescue_in_session do
|
|
246
248
|
## gather parameters
|
|
247
249
|
zone_id = options[:'zone-id']
|
|
248
|
-
networks = array_option_to_string(options[:networks]).split(",").map{ |x| x.strip }
|
|
250
|
+
networks = array_option_to_string(options[:networks]).split(",").map { |x| x.strip }
|
|
249
251
|
|
|
250
252
|
## replace networks request
|
|
251
253
|
replace_networks_req = {
|
|
252
|
-
:networks => networks
|
|
254
|
+
:networks => networks,
|
|
253
255
|
}
|
|
254
256
|
|
|
255
257
|
## call api
|
|
@@ -262,6 +264,7 @@ module EnfCli
|
|
|
262
264
|
|
|
263
265
|
desc "list-zones-in-network", "List DNS Zones in /64 Network"
|
|
264
266
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
267
|
+
|
|
265
268
|
def list_zones_in_network
|
|
266
269
|
try_with_rescue_in_session do
|
|
267
270
|
## gather parameters
|
|
@@ -278,11 +281,12 @@ module EnfCli
|
|
|
278
281
|
|
|
279
282
|
desc "create-record", "Create a DNS record"
|
|
280
283
|
method_option :'zone-id', :type => :string, :required => true
|
|
281
|
-
method_option :name, :type => :string, :banner =>
|
|
282
|
-
|
|
283
|
-
method_option :'type',
|
|
284
|
+
method_option :name, :type => :string, :banner => "<name>",
|
|
285
|
+
:desc => "<name> is DNS record name. Enter . to create a record with the zone domain name"
|
|
286
|
+
method_option :'type', :type => :string, :required => true, :enum => DnsRecordTypes
|
|
284
287
|
method_option :ttl, :type => :numeric, :required => true
|
|
285
|
-
method_option :value, :type => :array, :required => true, :banner =>
|
|
288
|
+
method_option :value, :type => :array, :required => true, :banner => "VALUE"
|
|
289
|
+
|
|
286
290
|
def create_record
|
|
287
291
|
try_with_rescue_in_session do
|
|
288
292
|
## gather parameters
|
|
@@ -297,28 +301,23 @@ module EnfCli
|
|
|
297
301
|
when DnsRecordType_AAAA
|
|
298
302
|
ipv6 = EnfCli::IPV6.new(value).to_s
|
|
299
303
|
value = { :ipv6 => ipv6 }
|
|
300
|
-
|
|
301
304
|
when DnsRecordType_CNAME
|
|
302
305
|
value = { :dname => value }
|
|
303
|
-
|
|
304
306
|
when DnsRecordType_SRV
|
|
305
307
|
raise "Invalid value for #{DnsRecordType_SRV} record" unless options.value.length == 4
|
|
306
308
|
value = { :priority => Integer(options.value[0]),
|
|
307
309
|
:weight => Integer(options.value[1]),
|
|
308
310
|
:port => Integer(options.value[2]),
|
|
309
|
-
:target => options.value[3]
|
|
310
|
-
}
|
|
311
|
-
|
|
311
|
+
:target => options.value[3] }
|
|
312
312
|
when DnsRecordType_TXT
|
|
313
313
|
value = { :txt => value }
|
|
314
314
|
end
|
|
315
315
|
|
|
316
|
-
|
|
317
316
|
## create request hash
|
|
318
317
|
new_record = {
|
|
319
318
|
:type => type,
|
|
320
319
|
:ttl => ttl,
|
|
321
|
-
:value => value
|
|
320
|
+
:value => value,
|
|
322
321
|
}
|
|
323
322
|
|
|
324
323
|
## optionally add name to request hash
|
|
@@ -336,6 +335,7 @@ module EnfCli
|
|
|
336
335
|
|
|
337
336
|
desc "list-records", "List DNS records in a DNS zone"
|
|
338
337
|
method_option :'zone-id', :type => :string, :required => true
|
|
338
|
+
|
|
339
339
|
def list_records
|
|
340
340
|
try_with_rescue_in_session do
|
|
341
341
|
## gather parameters
|
|
@@ -353,7 +353,8 @@ module EnfCli
|
|
|
353
353
|
desc "query", "Query DNS for a record"
|
|
354
354
|
method_option :'network', :type => :string, :required => true, :banner => "/64 Enf Network"
|
|
355
355
|
method_option :name, :type => :string, :required => true
|
|
356
|
-
method_option :'type',
|
|
356
|
+
method_option :'type', :type => :string, :required => true, :enum => DnsRecordTypes
|
|
357
|
+
|
|
357
358
|
def query
|
|
358
359
|
try_with_rescue_in_session do
|
|
359
360
|
## gather parameters
|
|
@@ -372,6 +373,7 @@ module EnfCli
|
|
|
372
373
|
|
|
373
374
|
desc "delete-record", "Delete a DNS record"
|
|
374
375
|
method_option :'id', :type => :string, :required => true
|
|
376
|
+
|
|
375
377
|
def delete_record
|
|
376
378
|
try_with_rescue_in_session do
|
|
377
379
|
## gather parameters
|
|
@@ -389,6 +391,7 @@ module EnfCli
|
|
|
389
391
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
390
392
|
method_option :'ipv6', :type => :string
|
|
391
393
|
method_option :description, :type => :array, :banner => "DESCRIPTION"
|
|
394
|
+
|
|
392
395
|
def provision_server
|
|
393
396
|
try_with_rescue_in_session do
|
|
394
397
|
## gather parameters
|
|
@@ -398,7 +401,7 @@ module EnfCli
|
|
|
398
401
|
|
|
399
402
|
new_server = {
|
|
400
403
|
:ipv6 => ipv6,
|
|
401
|
-
:description => description
|
|
404
|
+
:description => description,
|
|
402
405
|
}
|
|
403
406
|
|
|
404
407
|
## call API
|
|
@@ -412,6 +415,7 @@ module EnfCli
|
|
|
412
415
|
|
|
413
416
|
desc "list-servers", "List DNS server in /64 network"
|
|
414
417
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
418
|
+
|
|
415
419
|
def list_servers
|
|
416
420
|
try_with_rescue_in_session do
|
|
417
421
|
## gather parameters
|
|
@@ -429,6 +433,7 @@ module EnfCli
|
|
|
429
433
|
desc "delete-server", "Delete DNS server in /64 network"
|
|
430
434
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
431
435
|
method_option :'ipv6', :type => :string, :banner => "Server Ipv6", :required => true
|
|
436
|
+
|
|
432
437
|
def delete_server
|
|
433
438
|
try_with_rescue_in_session do
|
|
434
439
|
## gather parameters
|
|
@@ -442,8 +447,6 @@ module EnfCli
|
|
|
442
447
|
say "Delete DNS server with ipv6 #{ipv6} in #{network}!", :green
|
|
443
448
|
end
|
|
444
449
|
end
|
|
445
|
-
|
|
446
450
|
end # Xdns
|
|
447
|
-
|
|
448
451
|
end # Cmd module
|
|
449
452
|
end # EnfCli module
|
data/lib/enfcli/commands/xfw.rb
CHANGED
|
@@ -13,27 +13,26 @@
|
|
|
13
13
|
# See the License for the specific language governing permissions and
|
|
14
14
|
# limitations under the License.
|
|
15
15
|
#
|
|
16
|
-
require
|
|
17
|
-
require
|
|
18
|
-
require
|
|
19
|
-
require
|
|
20
|
-
require
|
|
21
|
-
require
|
|
16
|
+
require "enfthor"
|
|
17
|
+
require "enfapi"
|
|
18
|
+
require "base64"
|
|
19
|
+
require "digest"
|
|
20
|
+
require "openssl"
|
|
21
|
+
require "ipaddr"
|
|
22
22
|
|
|
23
23
|
module EnfCli
|
|
24
24
|
module Cmd
|
|
25
|
-
|
|
26
25
|
class Xfw < EnfThor
|
|
27
26
|
no_commands {
|
|
28
|
-
def display_firewall_rules
|
|
29
|
-
headings = [
|
|
30
|
-
rows = rules.map{ |hash|
|
|
31
|
-
[
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
27
|
+
def display_firewall_rules(rules)
|
|
28
|
+
headings = ["Id", "Priority", "Protocol", "Direction", "Source", "Source Port", "Destination", "Destination Port", "Action"]
|
|
29
|
+
rows = rules.map { |hash|
|
|
30
|
+
[hash[:id], hash[:priority], hash[:protocol], hash[:direction],
|
|
31
|
+
hash[:source_ip] == "" ? "*" : hash[:source_ip],
|
|
32
|
+
hash[:source_port] == 0 ? "*" : hash[:source_port],
|
|
33
|
+
hash[:dest_ip] == "" ? "*" : hash[:dest_ip],
|
|
34
|
+
hash[:dest_port] == 0 ? "*" : hash[:dest_port],
|
|
35
|
+
hash[:action]]
|
|
37
36
|
}
|
|
38
37
|
render_table(headings, rows)
|
|
39
38
|
end
|
|
@@ -41,40 +40,41 @@ module EnfCli
|
|
|
41
40
|
|
|
42
41
|
desc "list-firewall-rules", "List all firewall rules in a /64 network"
|
|
43
42
|
method_option :network, :type => :string, :required => true
|
|
43
|
+
|
|
44
44
|
def list_firewall_rules
|
|
45
45
|
try_with_rescue_in_session do
|
|
46
46
|
# call the api
|
|
47
47
|
rules = EnfApi::Firewall.instance.list_firewall_rules options[:network]
|
|
48
48
|
|
|
49
49
|
# display empty table and return
|
|
50
|
-
if rules.length == 0
|
|
50
|
+
if rules.length == 0
|
|
51
51
|
display_firewall_rules rules
|
|
52
52
|
return
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
# sort the rules by direction, priority
|
|
56
|
-
sorted_rules = rules.sort{ |x,y|
|
|
56
|
+
sorted_rules = rules.sort { |x, y|
|
|
57
57
|
r = x[:direction] <=> y[:direction]
|
|
58
|
-
if r == 0
|
|
58
|
+
if r == 0
|
|
59
59
|
x[:priority] <=> y[:priority]
|
|
60
60
|
else
|
|
61
61
|
r
|
|
62
62
|
end
|
|
63
63
|
}
|
|
64
|
-
|
|
64
|
+
|
|
65
65
|
# chunk them into egress/ingress arrays
|
|
66
66
|
egress_rules = Array.new
|
|
67
67
|
ingress_rules = Array.new
|
|
68
|
-
sorted_rules.each{ |rule|
|
|
69
|
-
if rule[:direction] ==
|
|
68
|
+
sorted_rules.each { |rule|
|
|
69
|
+
if rule[:direction] == "INGRESS"
|
|
70
70
|
ingress_rules << rule
|
|
71
71
|
else
|
|
72
72
|
egress_rules << rule
|
|
73
73
|
end
|
|
74
74
|
}
|
|
75
|
-
|
|
75
|
+
|
|
76
76
|
# display data
|
|
77
|
-
if egress_rules.length > 0
|
|
77
|
+
if egress_rules.length > 0
|
|
78
78
|
say "Egress firewall rules(Endpoint -> ENF)", :yellow
|
|
79
79
|
display_firewall_rules egress_rules
|
|
80
80
|
|
|
@@ -82,7 +82,7 @@ module EnfCli
|
|
|
82
82
|
say ""
|
|
83
83
|
end
|
|
84
84
|
|
|
85
|
-
if ingress_rules.length > 0
|
|
85
|
+
if ingress_rules.length > 0
|
|
86
86
|
say "Ingress firewall rules(ENF -> Endpoint)", :yellow
|
|
87
87
|
display_firewall_rules ingress_rules
|
|
88
88
|
end
|
|
@@ -92,28 +92,28 @@ module EnfCli
|
|
|
92
92
|
desc "add-firewall-rule", "Add a firewall rule to a /64 network"
|
|
93
93
|
method_option :network, :type => :string, :required => true
|
|
94
94
|
method_option :priority, :type => :numeric, :required => true
|
|
95
|
-
method_option :protocol, :type => :string, :required => true, :enum => [
|
|
95
|
+
method_option :protocol, :type => :string, :required => true, :enum => ["TCP", "UDP", "ICMP6", "6", "17", "58"]
|
|
96
96
|
method_option :source_ip, :type => :string
|
|
97
97
|
method_option :source_port, :type => :numeric
|
|
98
98
|
method_option :dest_ip, :type => :string
|
|
99
99
|
method_option :dest_port, :type => :numeric
|
|
100
|
-
method_option :direction, :type => :string, :required => true, :enum => [
|
|
101
|
-
method_option :action, :type => :string, :required => true, :enum => [
|
|
102
|
-
|
|
100
|
+
method_option :direction, :type => :string, :required => true, :enum => ["EGRESS", "INGRESS"]
|
|
101
|
+
method_option :action, :type => :string, :required => true, :enum => ["ACCEPT", "DROP"]
|
|
102
|
+
|
|
103
103
|
def add_firewall_rule
|
|
104
|
-
protocol_map = {
|
|
104
|
+
protocol_map = { "TCP" => "TCP", "UDP" => "UDP", "ICMP6" => "ICMP6", "6" => "TCP", "17" => "UDP", "58" => "ICMP6" }
|
|
105
105
|
try_with_rescue_in_session do
|
|
106
106
|
# get options
|
|
107
107
|
rule = {
|
|
108
|
-
:ip_family =>
|
|
108
|
+
:ip_family => "IP6",
|
|
109
109
|
:priority => options[:priority],
|
|
110
|
-
:protocol => protocol_map[
|
|
111
|
-
:source_ip => options[:source_ip] ? options[:source_ip] :
|
|
110
|
+
:protocol => protocol_map[options[:protocol]],
|
|
111
|
+
:source_ip => options[:source_ip] ? options[:source_ip] : "*",
|
|
112
112
|
:source_port => options[:source_port] ? options[:source_port] : 0,
|
|
113
|
-
:dest_ip => options[:dest_ip] ? options[:dest_ip] :
|
|
113
|
+
:dest_ip => options[:dest_ip] ? options[:dest_ip] : "*",
|
|
114
114
|
:dest_port => options[:dest_port] ? options[:dest_port] : 0,
|
|
115
115
|
:direction => options[:direction],
|
|
116
|
-
:action => options[:action]
|
|
116
|
+
:action => options[:action],
|
|
117
117
|
}
|
|
118
118
|
|
|
119
119
|
# call the api
|
|
@@ -127,6 +127,7 @@ module EnfCli
|
|
|
127
127
|
desc "delete-firewall-rule", "Delete a firewall rule"
|
|
128
128
|
method_option :network, :type => :string, :required => true
|
|
129
129
|
method_option :id, :type => :string, :required => true
|
|
130
|
+
|
|
130
131
|
def delete_firewall_rule
|
|
131
132
|
try_with_rescue_in_session do
|
|
132
133
|
# call the api
|
|
@@ -144,8 +145,7 @@ module EnfCli
|
|
|
144
145
|
# raise EnfCli::ERROR, "User Session not establised!" if !session
|
|
145
146
|
# EnfApi::Firewall.instance.delete_firewall_rules options[:network]
|
|
146
147
|
# end
|
|
147
|
-
|
|
148
|
-
end
|
|
149
148
|
|
|
149
|
+
end
|
|
150
150
|
end
|
|
151
151
|
end
|