search

oracle / oci-python-sdk

Oracle Cloud Infrastructure SDK for Python
https://cloud.oracle.com/cloud-infrastructure
Other
386 stars 276 forks source link

how we will get IP address which is whitelisted into ruleset #355

Closed kapdevl closed 3 years ago

kapdevl commented 3 years ago

Hi Team i am using lbaas_client=oci.load_balancer.LoadBalancerClient(config) all_lbs = oci.pagination.list_call_get_all_results_generator(lbaas_client.list_load_balancers, "data",comparment, display_name=lb_display_name) list_rule_sets_response = lbaas_client.get_rule_set(load_balancer_id=lb.id,rule_set_name="ruleset name") get_rule_set method return onlu ruleset details. I need IP address that is whitelist in particular Rule set.

adizohar commented 3 years ago

HI Kapdevl

Please take a look at my code - https://github.com/oracle/oci-python-sdk/blob/master/examples/showoci/showoci_service.py

Check line 5204 - __load_load_balancer_ruleset

It will help you to obtain what you need

kapdevl commented 3 years ago

Hi adizohar, i use this __load_load_balancer_ruleset fucntion it will return header details and rule set but its not return the IP address for particular ruleset. Thanks

adizohar commented 3 years ago

Please see below: Please make sure you are using latest OCI SDK - you can upgrade using pip3 install --upgrade oci

##########################################################################
# lb_rule.py
##########################################################################
import oci

config_file="~/.oci/config"
config = oci.config.from_file(config_file,"DEFAULT")

load_balancer_id = "ocid1.loadbalancer.oc1.iad.aaaaaaaa6x2g6qs6schhbrjg45lhu3mysoo2fm6qatmiep6tm3kihbxgllvq"
load_balancer_client = oci.load_balancer.LoadBalancerClient(config)
my_rule_set = load_balancer_client.get_rule_set(load_balancer_id, "address_rule_set").data

for ri in my_rule_set.items:
    valitem = {}
    if ri.action == oci.load_balancer.models.Rule.ACTION_ADD_HTTP_REQUEST_HEADER:
        valitem = {'action': str(ri.action), 'header': str(ri.header), 'value': str(ri.value)}
    elif ri.action == oci.load_balancer.models.Rule.ACTION_ADD_HTTP_RESPONSE_HEADER:
        valitem = {'action': str(ri.action), 'header': str(ri.header)}
    elif ri.action == oci.load_balancer.models.Rule.ACTION_ALLOW:
        valitem = {'action': str(ri.action)}
        if ri.conditions:
            valitem['conditions'] = [str(item.attribute_name) + ":" + str(item.attribute_value) for item in ri.conditions]
    elif ri.action == oci.load_balancer.models.Rule.ACTION_CONTROL_ACCESS_USING_HTTP_METHODS:
        valitem = {'action': str(ri.action), 'allowed_methods': str(ri.allowed_methods), 'status_code': str(ri.status_code)}
    elif ri.action == oci.load_balancer.models.Rule.ACTION_EXTEND_HTTP_RESPONSE_HEADER_VALUE:
        valitem = {'action': str(ri.action), 'header': str(ri.header), 'prefix': str(ri.prefix), 'suffix': str(ri.suffix)}
    elif ri.action == oci.load_balancer.models.Rule.ACTION_HTTP_HEADER:
        valitem = {'action': str(ri.action), 'are_invalid_characters_allowed': str(ri.are_invalid_characters_allowed), 'http_large_header_size_in_kb': str(ri.http_large_header_size_in_kb)}
    elif ri.action == oci.load_balancer.models.Rule.ACTION_REDIRECT:
        valitem = {'action': str(ri.action), 'response_code': str(ri.response_code)}
        if ri.conditions:
            valitem['conditions'] = [str(item.attribute_name) + ":" + str(item.attribute_value) for item in ri.conditions]
        valitem['redirect_host'] = str(ri.redirect_uri.host) + ":" + str(ri.redirect_uri.port)
    elif ri.action == oci.load_balancer.models.Rule.ACTION_REMOVE_HTTP_REQUEST_HEADER:
        valitem = {'action': str(ri.action), 'header': str(ri.header)}
    elif ri.action == oci.load_balancer.models.Rule.ACTION_REMOVE_HTTP_RESPONSE_HEADER:
        valitem = {'action': str(ri.action), 'header': str(ri.header)}
    else:
        valitem = {'action': str(ri.action)}
    print(valitem)

python3 lb_rule.py
{'action': 'ALLOW', 'conditions': ['SOURCE_IP_ADDRESS:192.168.0.0/16']}
kapdevl commented 3 years ago

Hi adizohar, Yes its working. previous code is also working(Check line 5204 - __load_load_balancer_ruleset) i gave the wrong input.now check your latest code its working fine. Thanks

kapdevl commented 3 years ago

Hi adizohar, Using above solution we got common IP list fro rulset if some rule set manage the IP list using "cidr" how we get the IP address in "cidr" block

adizohar commented 3 years ago

Hi , My code should return the CIDR block as well, if not, please let me know which ruleset do you use and I will test it and add Please specify the way you create it on the console Thank you .

kapdevl commented 3 years ago

Hi Yes your code get the CIDR block as well but its not return the IP??? your code is return {'action': 'ALLOW', 'conditions': ['migratClientCidrs']}

adizohar commented 3 years ago

You we need to find network packages to do it It is not part of OCI sdk The value that added to the rule will be returned, Please give me an example if the api does not do that

kapdevl commented 3 years ago

Hi Adi, Thanks Adi. yes if value is added into rule set it will be returned using your Example. For CIDR Block IP Address list network cli document is available for CIDR. for python sdk i will check https://docs.oracle.com/en-us/iaas/tools/oci-cli/2.25.2/oci_cli_docs/cmdref/network/vcn.html

adizohar commented 3 years ago

So what exactly required ?

kapdevl commented 3 years ago

this issue is closed we got the details using different API.