enfcli 4.0.0 → 5.0.0.pre.alpha
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/Dockerfile +2 -2
- data/.circleci/config.yml +5 -0
- data/Gemfile.lock +38 -26
- data/Makefile +7 -0
- data/README.md +52 -7
- data/enfcli.gemspec +28 -26
- data/format.sh +9 -0
- data/lib/enfapi.rb +184 -237
- data/lib/enfapi/dns.rb +95 -0
- data/lib/enfapi/firewall.rb +37 -0
- data/lib/enfapi/user.rb +75 -0
- data/lib/enfcli.rb +211 -111
- data/lib/enfcli/commands/captive.rb +518 -157
- data/lib/enfcli/commands/user.rb +208 -160
- data/lib/enfcli/commands/xcr.rb +151 -119
- data/lib/enfcli/commands/xdns.rb +65 -55
- data/lib/enfcli/commands/xfw.rb +37 -37
- data/lib/enfcli/commands/xiam.rb +87 -80
- data/lib/enfcli/version.rb +2 -2
- data/lib/enfthor.rb +38 -14
- metadata +65 -5
data/lib/enfcli/commands/xdns.rb
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
#
|
|
2
|
-
# Copyright 2019 Xaptum,Inc
|
|
2
|
+
# Copyright 2019-2020 Xaptum,Inc
|
|
3
3
|
#
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
# you may not use this file except in compliance with the License.
|
|
@@ -13,17 +13,16 @@
|
|
|
13
13
|
# See the License for the specific language governing permissions and
|
|
14
14
|
# limitations under the License.
|
|
15
15
|
#
|
|
16
|
-
require
|
|
17
|
-
require
|
|
16
|
+
require "enfthor"
|
|
17
|
+
require "enfapi/dns"
|
|
18
18
|
|
|
19
19
|
module EnfCli
|
|
20
20
|
module Cmd
|
|
21
|
-
|
|
22
21
|
class Xdns < EnfThor
|
|
23
|
-
DnsRecordType_AAAA =
|
|
24
|
-
DnsRecordType_TXT =
|
|
25
|
-
DnsRecordType_SRV =
|
|
26
|
-
DnsRecordType_CNAME =
|
|
22
|
+
DnsRecordType_AAAA = "AAAA"
|
|
23
|
+
DnsRecordType_TXT = "TXT"
|
|
24
|
+
DnsRecordType_SRV = "SRV"
|
|
25
|
+
DnsRecordType_CNAME = "CNAME"
|
|
27
26
|
DnsRecordTypes = [DnsRecordType_AAAA, DnsRecordType_CNAME, DnsRecordType_SRV, DnsRecordType_TXT]
|
|
28
27
|
|
|
29
28
|
no_commands {
|
|
@@ -35,13 +34,10 @@ module EnfCli
|
|
|
35
34
|
case type
|
|
36
35
|
when DnsRecordType_AAAA
|
|
37
36
|
value = value[:ipv6]
|
|
38
|
-
|
|
39
37
|
when DnsRecordType_CNAME
|
|
40
38
|
value = value[:dname]
|
|
41
|
-
|
|
42
39
|
when DnsRecordType_SRV
|
|
43
40
|
value = "#{value[:priority]} #{value[:weight]} #{value[:port]} #{value[:target]}"
|
|
44
|
-
|
|
45
41
|
when DnsRecordType_TXT
|
|
46
42
|
value = value[:txt]
|
|
47
43
|
end
|
|
@@ -50,33 +46,33 @@ module EnfCli
|
|
|
50
46
|
end
|
|
51
47
|
|
|
52
48
|
def display_zones_table(zones)
|
|
53
|
-
headings = [
|
|
54
|
-
rows = zones.map{ |hash|
|
|
55
|
-
[
|
|
49
|
+
headings = ["Id", "Zone", "Description", "Privileged", "Enf Domain"]
|
|
50
|
+
rows = zones.map { |hash|
|
|
51
|
+
[hash[:id], hash[:zone_domain_name], hash[:description], hash[:privileged], hash[:enf_domain]]
|
|
56
52
|
}
|
|
57
53
|
render_table(headings, rows)
|
|
58
54
|
end
|
|
59
55
|
|
|
60
56
|
def display_networks_table(networks)
|
|
61
|
-
headings = [
|
|
62
|
-
rows = networks.map{ |hash|
|
|
63
|
-
[
|
|
57
|
+
headings = ["Id", "Network"]
|
|
58
|
+
rows = networks.map { |hash|
|
|
59
|
+
[hash[:rowid], hash[:enf_network]]
|
|
64
60
|
}
|
|
65
61
|
render_table(headings, rows)
|
|
66
62
|
end
|
|
67
63
|
|
|
68
64
|
def display_records_table(records)
|
|
69
|
-
headings = [
|
|
70
|
-
rows = records.map{ |hash|
|
|
71
|
-
[
|
|
65
|
+
headings = ["Id", "Name", "Type", "Value", "TTL"]
|
|
66
|
+
rows = records.map { |hash|
|
|
67
|
+
[hash[:id], hash[:name], hash[:type], get_record_value(hash[:type], hash[:value]), hash[:ttl]]
|
|
72
68
|
}
|
|
73
69
|
render_table(headings, rows)
|
|
74
70
|
end
|
|
75
71
|
|
|
76
72
|
def display_servers_table(servers)
|
|
77
|
-
headings = [
|
|
78
|
-
rows = servers.map{ |hash|
|
|
79
|
-
[
|
|
73
|
+
headings = ["Id", "IPv6", "Network", "Description"]
|
|
74
|
+
rows = servers.map { |hash|
|
|
75
|
+
[hash[:id], hash[:ipv6], hash[:enf_network], hash[:description]]
|
|
80
76
|
}
|
|
81
77
|
render_table(headings, rows)
|
|
82
78
|
end
|
|
@@ -86,30 +82,38 @@ module EnfCli
|
|
|
86
82
|
method_option :'zone-domain-name', :type => :string, :required => true
|
|
87
83
|
method_option :description, :type => :array, :banner => "DESCRIPTION"
|
|
88
84
|
method_option :'enf-domain', :type => :string, :banner => "/48 Enf Domain"
|
|
85
|
+
method_option :'enf-network', :type => :string, :banner => "/64 Enf Network"
|
|
86
|
+
|
|
89
87
|
def create_zone
|
|
90
88
|
try_with_rescue_in_session do
|
|
91
89
|
## session
|
|
92
90
|
session = EnfCli::CTX.instance.session
|
|
93
91
|
|
|
94
92
|
## Gather parameters
|
|
95
|
-
zone_domain_name = options[
|
|
93
|
+
zone_domain_name = options["zone-domain-name"]
|
|
96
94
|
description = array_option_to_string(options.description) if options.description
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
enf_domain = options['enf-domain']
|
|
95
|
+
if EnfCli::CTX.instance.xaptum_admin?
|
|
96
|
+
enf_domain = options["enf-domain"]
|
|
100
97
|
raise "No value provided for required options '--enf-domain'" unless enf_domain
|
|
101
|
-
|
|
102
98
|
else
|
|
103
|
-
enf_domain = session[:
|
|
99
|
+
enf_domain = session[:domain]
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
enf_network = options["enf-network"]
|
|
103
|
+
unless EnfCli::CTX.instance.edit_domain_role?
|
|
104
|
+
raise "No value provided for required option '--enf-network'" unless enf_network
|
|
104
105
|
end
|
|
105
106
|
|
|
106
107
|
## create request hash
|
|
107
108
|
new_zone = {
|
|
108
109
|
:zone_domain_name => zone_domain_name,
|
|
109
110
|
:description => description,
|
|
110
|
-
:enf_domain => enf_domain
|
|
111
|
+
:enf_domain => enf_domain,
|
|
111
112
|
}
|
|
112
113
|
|
|
114
|
+
## add enf_network to request if present
|
|
115
|
+
new_zone[:enf_network] = enf_network if enf_network
|
|
116
|
+
|
|
113
117
|
## call api
|
|
114
118
|
data = EnfApi::Dns.instance.create_dns_zone new_zone
|
|
115
119
|
zones = data[:data]
|
|
@@ -123,18 +127,17 @@ module EnfCli
|
|
|
123
127
|
|
|
124
128
|
desc "list-zones", "List DNS Zones"
|
|
125
129
|
method_option :'enf-domain', :type => :string, :banner => "/48 Enf Domain"
|
|
130
|
+
|
|
126
131
|
def list_zones
|
|
127
132
|
try_with_rescue_in_session do
|
|
128
133
|
## session
|
|
129
134
|
session = EnfCli::CTX.instance.session
|
|
130
135
|
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
enf_domain = options['enf-domain']
|
|
136
|
+
if EnfCli::CTX.instance.xaptum_admin?
|
|
137
|
+
enf_domain = options["enf-domain"]
|
|
134
138
|
raise "No value provided for required options '--enf-domain'" unless enf_domain
|
|
135
|
-
|
|
136
139
|
else
|
|
137
|
-
enf_domain = session[:
|
|
140
|
+
enf_domain = session[:domain]
|
|
138
141
|
end
|
|
139
142
|
|
|
140
143
|
## call api
|
|
@@ -148,6 +151,7 @@ module EnfCli
|
|
|
148
151
|
|
|
149
152
|
desc "delete-zone", "Delete a DNS zone"
|
|
150
153
|
method_option :'zone-id', :type => :string, :required => true
|
|
154
|
+
|
|
151
155
|
def delete_zone
|
|
152
156
|
try_with_rescue_in_session do
|
|
153
157
|
zone_id = options[:'zone-id']
|
|
@@ -162,6 +166,7 @@ module EnfCli
|
|
|
162
166
|
desc "update-zone", "Update a DNS zone description"
|
|
163
167
|
method_option :'zone-id', :type => :string, :required => true
|
|
164
168
|
method_option :description, :type => :array, :banner => "DESCRIPTION", :required => true
|
|
169
|
+
|
|
165
170
|
def update_zone
|
|
166
171
|
try_with_rescue_in_session do
|
|
167
172
|
## get parameters
|
|
@@ -169,7 +174,7 @@ module EnfCli
|
|
|
169
174
|
|
|
170
175
|
## update request
|
|
171
176
|
update_zone_req = {
|
|
172
|
-
:description => description
|
|
177
|
+
:description => description,
|
|
173
178
|
}
|
|
174
179
|
|
|
175
180
|
## call api
|
|
@@ -184,15 +189,16 @@ module EnfCli
|
|
|
184
189
|
desc "add-networks-to-zone", "Add /64 networks to DNS zone"
|
|
185
190
|
method_option :'zone-id', :type => :string, :required => true
|
|
186
191
|
method_option :networks, :type => :array, :banner => "NETWORKS", :required => true
|
|
192
|
+
|
|
187
193
|
def add_networks_to_zone
|
|
188
194
|
try_with_rescue_in_session do
|
|
189
195
|
## gather parameters
|
|
190
196
|
zone_id = options[:'zone-id']
|
|
191
|
-
networks = array_option_to_string(options[:networks]).split(",").map{ |x| x.strip }
|
|
197
|
+
networks = array_option_to_string(options[:networks]).split(",").map { |x| x.strip }
|
|
192
198
|
|
|
193
199
|
## add networks request
|
|
194
200
|
add_networks_req = {
|
|
195
|
-
:networks => networks
|
|
201
|
+
:networks => networks,
|
|
196
202
|
}
|
|
197
203
|
|
|
198
204
|
## call api
|
|
@@ -207,6 +213,7 @@ module EnfCli
|
|
|
207
213
|
|
|
208
214
|
desc "list-networks-in-zone", "List /64 networks in DNS zone"
|
|
209
215
|
method_option :'zone-id', :type => :string, :required => true
|
|
216
|
+
|
|
210
217
|
def list_networks_in_zone
|
|
211
218
|
try_with_rescue_in_session do
|
|
212
219
|
## gather parameters
|
|
@@ -224,6 +231,7 @@ module EnfCli
|
|
|
224
231
|
desc "delete-networks-from-zone", "Delete /64 networks from DNS zone"
|
|
225
232
|
method_option :'zone-id', :type => :string, :required => true
|
|
226
233
|
method_option :networks, :type => :array, :banner => "NETWORKS", :required => true
|
|
234
|
+
|
|
227
235
|
def delete_networks_from_zone
|
|
228
236
|
try_with_rescue_in_session do
|
|
229
237
|
## gather parameters
|
|
@@ -241,15 +249,16 @@ module EnfCli
|
|
|
241
249
|
desc "replace-networks-in-zone", "Replace /64 networks in DNS zone"
|
|
242
250
|
method_option :'zone-id', :type => :string, :required => true
|
|
243
251
|
method_option :networks, :type => :array, :banner => "NETWORKS", :required => true
|
|
252
|
+
|
|
244
253
|
def replace_networks_in_zone
|
|
245
254
|
try_with_rescue_in_session do
|
|
246
255
|
## gather parameters
|
|
247
256
|
zone_id = options[:'zone-id']
|
|
248
|
-
networks = array_option_to_string(options[:networks]).split(",").map{ |x| x.strip }
|
|
257
|
+
networks = array_option_to_string(options[:networks]).split(",").map { |x| x.strip }
|
|
249
258
|
|
|
250
259
|
## replace networks request
|
|
251
260
|
replace_networks_req = {
|
|
252
|
-
:networks => networks
|
|
261
|
+
:networks => networks,
|
|
253
262
|
}
|
|
254
263
|
|
|
255
264
|
## call api
|
|
@@ -262,6 +271,7 @@ module EnfCli
|
|
|
262
271
|
|
|
263
272
|
desc "list-zones-in-network", "List DNS Zones in /64 Network"
|
|
264
273
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
274
|
+
|
|
265
275
|
def list_zones_in_network
|
|
266
276
|
try_with_rescue_in_session do
|
|
267
277
|
## gather parameters
|
|
@@ -278,11 +288,12 @@ module EnfCli
|
|
|
278
288
|
|
|
279
289
|
desc "create-record", "Create a DNS record"
|
|
280
290
|
method_option :'zone-id', :type => :string, :required => true
|
|
281
|
-
method_option :name, :type => :string, :banner =>
|
|
282
|
-
|
|
283
|
-
method_option :'type',
|
|
291
|
+
method_option :name, :type => :string, :banner => "<name>",
|
|
292
|
+
:desc => "<name> is DNS record name. Enter . to create a record with the zone domain name"
|
|
293
|
+
method_option :'type', :type => :string, :required => true, :enum => DnsRecordTypes
|
|
284
294
|
method_option :ttl, :type => :numeric, :required => true
|
|
285
|
-
method_option :value, :type => :array, :required => true, :banner =>
|
|
295
|
+
method_option :value, :type => :array, :required => true, :banner => "VALUE"
|
|
296
|
+
|
|
286
297
|
def create_record
|
|
287
298
|
try_with_rescue_in_session do
|
|
288
299
|
## gather parameters
|
|
@@ -297,28 +308,23 @@ module EnfCli
|
|
|
297
308
|
when DnsRecordType_AAAA
|
|
298
309
|
ipv6 = EnfCli::IPV6.new(value).to_s
|
|
299
310
|
value = { :ipv6 => ipv6 }
|
|
300
|
-
|
|
301
311
|
when DnsRecordType_CNAME
|
|
302
312
|
value = { :dname => value }
|
|
303
|
-
|
|
304
313
|
when DnsRecordType_SRV
|
|
305
314
|
raise "Invalid value for #{DnsRecordType_SRV} record" unless options.value.length == 4
|
|
306
315
|
value = { :priority => Integer(options.value[0]),
|
|
307
316
|
:weight => Integer(options.value[1]),
|
|
308
317
|
:port => Integer(options.value[2]),
|
|
309
|
-
:target => options.value[3]
|
|
310
|
-
}
|
|
311
|
-
|
|
318
|
+
:target => options.value[3] }
|
|
312
319
|
when DnsRecordType_TXT
|
|
313
320
|
value = { :txt => value }
|
|
314
321
|
end
|
|
315
322
|
|
|
316
|
-
|
|
317
323
|
## create request hash
|
|
318
324
|
new_record = {
|
|
319
325
|
:type => type,
|
|
320
326
|
:ttl => ttl,
|
|
321
|
-
:value => value
|
|
327
|
+
:value => value,
|
|
322
328
|
}
|
|
323
329
|
|
|
324
330
|
## optionally add name to request hash
|
|
@@ -336,6 +342,7 @@ module EnfCli
|
|
|
336
342
|
|
|
337
343
|
desc "list-records", "List DNS records in a DNS zone"
|
|
338
344
|
method_option :'zone-id', :type => :string, :required => true
|
|
345
|
+
|
|
339
346
|
def list_records
|
|
340
347
|
try_with_rescue_in_session do
|
|
341
348
|
## gather parameters
|
|
@@ -353,7 +360,8 @@ module EnfCli
|
|
|
353
360
|
desc "query", "Query DNS for a record"
|
|
354
361
|
method_option :'network', :type => :string, :required => true, :banner => "/64 Enf Network"
|
|
355
362
|
method_option :name, :type => :string, :required => true
|
|
356
|
-
method_option :'type',
|
|
363
|
+
method_option :'type', :type => :string, :required => true, :enum => DnsRecordTypes
|
|
364
|
+
|
|
357
365
|
def query
|
|
358
366
|
try_with_rescue_in_session do
|
|
359
367
|
## gather parameters
|
|
@@ -372,6 +380,7 @@ module EnfCli
|
|
|
372
380
|
|
|
373
381
|
desc "delete-record", "Delete a DNS record"
|
|
374
382
|
method_option :'id', :type => :string, :required => true
|
|
383
|
+
|
|
375
384
|
def delete_record
|
|
376
385
|
try_with_rescue_in_session do
|
|
377
386
|
## gather parameters
|
|
@@ -389,6 +398,7 @@ module EnfCli
|
|
|
389
398
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
390
399
|
method_option :'ipv6', :type => :string
|
|
391
400
|
method_option :description, :type => :array, :banner => "DESCRIPTION"
|
|
401
|
+
|
|
392
402
|
def provision_server
|
|
393
403
|
try_with_rescue_in_session do
|
|
394
404
|
## gather parameters
|
|
@@ -398,7 +408,7 @@ module EnfCli
|
|
|
398
408
|
|
|
399
409
|
new_server = {
|
|
400
410
|
:ipv6 => ipv6,
|
|
401
|
-
:description => description
|
|
411
|
+
:description => description,
|
|
402
412
|
}
|
|
403
413
|
|
|
404
414
|
## call API
|
|
@@ -412,6 +422,7 @@ module EnfCli
|
|
|
412
422
|
|
|
413
423
|
desc "list-servers", "List DNS server in /64 network"
|
|
414
424
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
425
|
+
|
|
415
426
|
def list_servers
|
|
416
427
|
try_with_rescue_in_session do
|
|
417
428
|
## gather parameters
|
|
@@ -429,6 +440,7 @@ module EnfCli
|
|
|
429
440
|
desc "delete-server", "Delete DNS server in /64 network"
|
|
430
441
|
method_option :'network', :type => :string, :banner => "/64 Enf Network", :required => true
|
|
431
442
|
method_option :'ipv6', :type => :string, :banner => "Server Ipv6", :required => true
|
|
443
|
+
|
|
432
444
|
def delete_server
|
|
433
445
|
try_with_rescue_in_session do
|
|
434
446
|
## gather parameters
|
|
@@ -442,8 +454,6 @@ module EnfCli
|
|
|
442
454
|
say "Delete DNS server with ipv6 #{ipv6} in #{network}!", :green
|
|
443
455
|
end
|
|
444
456
|
end
|
|
445
|
-
|
|
446
457
|
end # Xdns
|
|
447
|
-
|
|
448
458
|
end # Cmd module
|
|
449
459
|
end # EnfCli module
|
data/lib/enfcli/commands/xfw.rb
CHANGED
|
@@ -13,27 +13,26 @@
|
|
|
13
13
|
# See the License for the specific language governing permissions and
|
|
14
14
|
# limitations under the License.
|
|
15
15
|
#
|
|
16
|
-
require
|
|
17
|
-
require
|
|
18
|
-
require
|
|
19
|
-
require
|
|
20
|
-
require
|
|
21
|
-
require
|
|
16
|
+
require "enfthor"
|
|
17
|
+
require "enfapi/firewall"
|
|
18
|
+
require "base64"
|
|
19
|
+
require "digest"
|
|
20
|
+
require "openssl"
|
|
21
|
+
require "ipaddr"
|
|
22
22
|
|
|
23
23
|
module EnfCli
|
|
24
24
|
module Cmd
|
|
25
|
-
|
|
26
25
|
class Xfw < EnfThor
|
|
27
26
|
no_commands {
|
|
28
|
-
def display_firewall_rules
|
|
29
|
-
headings = [
|
|
30
|
-
rows = rules.map{ |hash|
|
|
31
|
-
[
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
27
|
+
def display_firewall_rules(rules)
|
|
28
|
+
headings = ["Id", "Priority", "Protocol", "Direction", "Source", "Source Port", "Destination", "Destination Port", "Action"]
|
|
29
|
+
rows = rules.map { |hash|
|
|
30
|
+
[hash[:id], hash[:priority], hash[:protocol], hash[:direction],
|
|
31
|
+
hash[:source_ip] == "" ? "*" : hash[:source_ip],
|
|
32
|
+
hash[:source_port] == 0 ? "*" : hash[:source_port],
|
|
33
|
+
hash[:dest_ip] == "" ? "*" : hash[:dest_ip],
|
|
34
|
+
hash[:dest_port] == 0 ? "*" : hash[:dest_port],
|
|
35
|
+
hash[:action]]
|
|
37
36
|
}
|
|
38
37
|
render_table(headings, rows)
|
|
39
38
|
end
|
|
@@ -41,40 +40,41 @@ module EnfCli
|
|
|
41
40
|
|
|
42
41
|
desc "list-firewall-rules", "List all firewall rules in a /64 network"
|
|
43
42
|
method_option :network, :type => :string, :required => true
|
|
43
|
+
|
|
44
44
|
def list_firewall_rules
|
|
45
45
|
try_with_rescue_in_session do
|
|
46
46
|
# call the api
|
|
47
47
|
rules = EnfApi::Firewall.instance.list_firewall_rules options[:network]
|
|
48
48
|
|
|
49
49
|
# display empty table and return
|
|
50
|
-
if rules.length == 0
|
|
50
|
+
if rules.length == 0
|
|
51
51
|
display_firewall_rules rules
|
|
52
52
|
return
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
# sort the rules by direction, priority
|
|
56
|
-
sorted_rules = rules.sort{ |x,y|
|
|
56
|
+
sorted_rules = rules.sort { |x, y|
|
|
57
57
|
r = x[:direction] <=> y[:direction]
|
|
58
|
-
if r == 0
|
|
58
|
+
if r == 0
|
|
59
59
|
x[:priority] <=> y[:priority]
|
|
60
60
|
else
|
|
61
61
|
r
|
|
62
62
|
end
|
|
63
63
|
}
|
|
64
|
-
|
|
64
|
+
|
|
65
65
|
# chunk them into egress/ingress arrays
|
|
66
66
|
egress_rules = Array.new
|
|
67
67
|
ingress_rules = Array.new
|
|
68
|
-
sorted_rules.each{ |rule|
|
|
69
|
-
if rule[:direction] ==
|
|
68
|
+
sorted_rules.each { |rule|
|
|
69
|
+
if rule[:direction] == "INGRESS"
|
|
70
70
|
ingress_rules << rule
|
|
71
71
|
else
|
|
72
72
|
egress_rules << rule
|
|
73
73
|
end
|
|
74
74
|
}
|
|
75
|
-
|
|
75
|
+
|
|
76
76
|
# display data
|
|
77
|
-
if egress_rules.length > 0
|
|
77
|
+
if egress_rules.length > 0
|
|
78
78
|
say "Egress firewall rules(Endpoint -> ENF)", :yellow
|
|
79
79
|
display_firewall_rules egress_rules
|
|
80
80
|
|
|
@@ -82,7 +82,7 @@ module EnfCli
|
|
|
82
82
|
say ""
|
|
83
83
|
end
|
|
84
84
|
|
|
85
|
-
if ingress_rules.length > 0
|
|
85
|
+
if ingress_rules.length > 0
|
|
86
86
|
say "Ingress firewall rules(ENF -> Endpoint)", :yellow
|
|
87
87
|
display_firewall_rules ingress_rules
|
|
88
88
|
end
|
|
@@ -92,28 +92,28 @@ module EnfCli
|
|
|
92
92
|
desc "add-firewall-rule", "Add a firewall rule to a /64 network"
|
|
93
93
|
method_option :network, :type => :string, :required => true
|
|
94
94
|
method_option :priority, :type => :numeric, :required => true
|
|
95
|
-
method_option :protocol, :type => :string, :required => true, :enum => [
|
|
95
|
+
method_option :protocol, :type => :string, :required => true, :enum => ["TCP", "UDP", "ICMP6", "6", "17", "58"]
|
|
96
96
|
method_option :source_ip, :type => :string
|
|
97
97
|
method_option :source_port, :type => :numeric
|
|
98
98
|
method_option :dest_ip, :type => :string
|
|
99
99
|
method_option :dest_port, :type => :numeric
|
|
100
|
-
method_option :direction, :type => :string, :required => true, :enum => [
|
|
101
|
-
method_option :action, :type => :string, :required => true, :enum => [
|
|
102
|
-
|
|
100
|
+
method_option :direction, :type => :string, :required => true, :enum => ["EGRESS", "INGRESS"]
|
|
101
|
+
method_option :action, :type => :string, :required => true, :enum => ["ACCEPT", "DROP"]
|
|
102
|
+
|
|
103
103
|
def add_firewall_rule
|
|
104
|
-
protocol_map = {
|
|
104
|
+
protocol_map = { "TCP" => "TCP", "UDP" => "UDP", "ICMP6" => "ICMP6", "6" => "TCP", "17" => "UDP", "58" => "ICMP6" }
|
|
105
105
|
try_with_rescue_in_session do
|
|
106
106
|
# get options
|
|
107
107
|
rule = {
|
|
108
|
-
:ip_family =>
|
|
108
|
+
:ip_family => "IP6",
|
|
109
109
|
:priority => options[:priority],
|
|
110
|
-
:protocol => protocol_map[
|
|
111
|
-
:source_ip => options[:source_ip] ? options[:source_ip] :
|
|
110
|
+
:protocol => protocol_map[options[:protocol]],
|
|
111
|
+
:source_ip => options[:source_ip] ? options[:source_ip] : "*",
|
|
112
112
|
:source_port => options[:source_port] ? options[:source_port] : 0,
|
|
113
|
-
:dest_ip => options[:dest_ip] ? options[:dest_ip] :
|
|
113
|
+
:dest_ip => options[:dest_ip] ? options[:dest_ip] : "*",
|
|
114
114
|
:dest_port => options[:dest_port] ? options[:dest_port] : 0,
|
|
115
115
|
:direction => options[:direction],
|
|
116
|
-
:action => options[:action]
|
|
116
|
+
:action => options[:action],
|
|
117
117
|
}
|
|
118
118
|
|
|
119
119
|
# call the api
|
|
@@ -127,6 +127,7 @@ module EnfCli
|
|
|
127
127
|
desc "delete-firewall-rule", "Delete a firewall rule"
|
|
128
128
|
method_option :network, :type => :string, :required => true
|
|
129
129
|
method_option :id, :type => :string, :required => true
|
|
130
|
+
|
|
130
131
|
def delete_firewall_rule
|
|
131
132
|
try_with_rescue_in_session do
|
|
132
133
|
# call the api
|
|
@@ -144,8 +145,7 @@ module EnfCli
|
|
|
144
145
|
# raise EnfCli::ERROR, "User Session not establised!" if !session
|
|
145
146
|
# EnfApi::Firewall.instance.delete_firewall_rules options[:network]
|
|
146
147
|
# end
|
|
147
|
-
|
|
148
|
-
end
|
|
149
148
|
|
|
149
|
+
end
|
|
150
150
|
end
|
|
151
151
|
end
|