python 呼叫api 安全組規則管理
阿新 • • 發佈:2022-04-01
from ast import Return
from HwUser import HwUser
import json
'''
在雲伺服器的/root/huawei 目錄下編寫 create_security_group_rule.py 檔案,並匯入賽項提供的 HwUser.py 檔案獲取授權。基於上一題的安全組,編寫 Python 程式碼,參考官方相關的API呼叫文件,建立華為雲的安全組規則,具體要求為
(1)使用安全組名稱獲取其 ID(不允許直接填寫安全組 ID);
(2)刪除此安全組裡所有規則(保證程式碼可以重複執行);
(3)放通出方向規則:所有協議埠;
(4)放通入方向規則:TCP 協議 22 埠;
(5)放通入方向規則:ICMP 協議所有埠;
(6)新增成功後輸出此安全組的詳細資訊。
'''
if __name__ == "__main__":
# 1 獲取授權
ak = "7IJFH088K7ZHG6H7MJ7E"
sk = "ClkPa47PpNxEpiPzKQ3c5Nzcb1S5uSVGhQ13owge"
user = HwUser(ak, sk)
# 2 查詢安全組
print("正在查詢安全組。。。。", end="")
requestURL = "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-groups"
resp = user.httpRequest("GET", requestURL)
result = json.loads(str(resp.content, encoding="utf-8"))
## 2.1 查詢安全組 chinaskills_security_group 的ID
### 取出現有的安全組列表
now_net_list = result["security_groups"]
targetID = ""
for i in now_net_list:
if "chinaskills_security_group" == i["name"]:
targetID = i["id"]
break
if targetID == "":
exit("未找到安全組chinaskills_security_group")
else:
print("已找到 chinaskills_security_group ID為:"+ targetID)
print(" 正在嘗試刪除已存在的雲安全組chinaskills_security_group中的規則。。。")
## 2.2 檢視安全組規則
requestURL = "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-group-rules"+"?security_group_id="+targetID
resp = user.httpRequest("GET", requestURL,{ "content-type": "application/json" },"")
result = json.loads(str(resp.content, encoding="utf-8"))
## 2.3 刪除現有的安全組規則
now_rule_list = result["security_group_rules"]
for i in now_rule_list:
requestURL = "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-group-rules/" + i["id"]
resp = user.httpRequest("DELETE", requestURL,{ "content-type": "application/json" },"")
print(" 刪除完成")
# 3 建立安全組規則
print("正在建立安全組規則1--放通出方向規則:所有協議埠。。。",end="")
security_group_id = targetID
description = "放通出方向規則:所有協議埠"
direction = "egress"
bodys = json.dumps({"security_group_rule": {"security_group_id": security_group_id,"description": description, "direction": direction}})
resp = user.httpRequest("POST", "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-group-rules",{ "content-type": "application/json" },bodys)
print("建立完成")
print("正在建立安全組規則2--放通入方向規則:TCP 協議 22 埠。。。",end="")
security_group_id = targetID
description = "放通入方向規則:TCP 協議 22 埠"
direction = "ingress"
protocol = "tcp"
multiport = "22"
bodys = json.dumps({"dry_run":False,"security_group_rule": {"description": description, "direction": direction, "protocol": protocol, "multiport": multiport, "security_group_id": security_group_id}})
resp = user.httpRequest("POST", "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-group-rules",{ "content-type": "application/json" },bodys)
print("建立完成")
print("正在建立安全組規則3--放通入方向規則:ICMP 協議所有埠。。。",end="")
security_group_id = targetID
description = "放通入方向規則:ICMP 協議所有埠"
direction = "ingress"
protocol = "ICMP"
multiport = "1-65535"
bodys = json.dumps({"security_group_rule": {"description": description, "direction": direction, "protocol": protocol, "security_group_id": security_group_id}})
resp = user.httpRequest("POST", "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-group-rules",{ "content-type": "application/json" },bodys)
print("建立完成")
# 4 查詢
print("chinaskills_security_group安全組規則資訊查詢中。。。")
requestURL = "https://vpc.cn-east-2.myhuaweicloud.com/v3/0f4115bb9280f3192fa7c00e1c434035/vpc/security-group-rules"+"?security_group_id="+targetID
resp = user.httpRequest("GET", requestURL,{ "content-type": "application/json" },"")
result = json.loads(str(resp.content, encoding="utf-8"))
for i in result["security_group_rules"]:
print(" 安全組規則ID:"+str(i["id"]))
print(" 安全組規則描述:"+str(i["description"]))
print(" 安全組規則的出入控制方向:"+str(i["direction"]))
print(" 安全組規則的協議型別:"+str(i["protocol"]))
print(" 安全組規則的作用埠:"+str(i["multiport"]))
print(" 安全組規則動作:"+str(i["action"]))
print()