Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-01-04 19:40:48 -05:00
Code Issues Packages Projects Releases Wiki Activity

ovh-mitigation: add checking/toggling firewall

Browse Source
This commit is contained in:
Daniel Micay 2024-07-05 00:35:51 -04:00
parent e8403c3098
commit e3c2c1565d
1 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
ovh-mitigation.py
View File

@ -8,14 +8,15 @@ def err(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs) print(*args, file=sys.stderr, **kwargs)
sys.exit(1) sys.exit(1)
if len(sys.argv) != 3: if len(sys.argv) != 4:
err("expected 2 arguments") err("expected 3 arguments")
with open("ovh-mitigation.json") as config: with open("ovh-mitigation.json") as config:
config = json.load(config) config = json.load(config)
action = sys.argv[1] system = sys.argv[1]
ip = sys.argv[2] action = sys.argv[2]
ip = sys.argv[3]
client = ovh.Client( client = ovh.Client(
endpoint=config["endpoint"], endpoint=config["endpoint"],
@ -24,28 +25,42 @@ client = ovh.Client(
consumer_key=config["consumer_key"], consumer_key=config["consumer_key"],
) )
if action == "status": if system == "mitigation":
result = client.get(f"/ip/{ip}/mitigation") if action == "status":
if len(result) == 0: result = client.get(f"/ip/{ip}/mitigation")
print("mitigation disabled") if len(result) == 0:
elif len(result) == 1: print("mitigation disabled")
result = client.get(f"/ip/{ip}/mitigation/{result[0]}") elif len(result) == 1:
print("automatic: " + str(result["auto"])) result = client.get(f"/ip/{ip}/mitigation/{result[0]}")
print("permanent: " + str(result["permanent"])) print("automatic: " + str(result["auto"]))
print("permanent: " + str(result["permanent"]))
print("state: " + result["state"])
else:
err("expected single result")
elif action == "enable":
result = client.post(f'/ip/{ip}/mitigation', ipOnMitigation=ip)
if result["permanent"] is True and result["state"] == "creationPending":
print("enabling permanent mitigation")
else:
err(json.dumps(result, indent=4) + "\nunexpected result")
elif action == "disable":
result = client.delete(f"/ip/{ip}/mitigation/{ip}")
if result["permanent"] is True and result["state"] == "removalPending":
print("disabling permanent mitigation")
else:
err(json.dumps(result, indent=4) + "\nunexpected result")
else:
err("unknown action: " + action)
elif system == "firewall":
if action == "status":
result = client.get(f"/ip/{ip}/firewall/{ip}")
print("enabled: " + str(result["enabled"]))
print("state: " + result["state"]) print("state: " + result["state"])
elif action == "enable":
client.put(f'/ip/{ip}/firewall/{ip}', enabled=True)
elif action == "disable":
client.put(f"/ip/{ip}/firewall/{ip}", enabled=False)
else: else:
err("expected single result") err("unknown action: " + action)
elif action == "enable":
result = client.post(f'/ip/{ip}/mitigation', ipOnMitigation=ip)
if result["permanent"] is True and result["state"] == "creationPending":
print("enabling permanent mitigation")
else:
err(json.dumps(result, indent=4) + "\nunexpected result")
elif action == "disable":
result = client.delete(f"/ip/{ip}/mitigation/{ip}")
if result["permanent"] is True and result["state"] == "removalPending":
print("disabling permanent mitigation")
else:
err(json.dumps(result, indent=4) + "\nunexpected result")
else: else:
err("unknown action: " + action) err("unknown system: " + system)