mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2025-01-17 17:27:06 -05:00
ovh-mitigation: add checking/toggling firewall
This commit is contained in:
parent
e8403c3098
commit
e3c2c1565d
@ -8,14 +8,15 @@ def err(*args, **kwargs):
|
|||||||
print(*args, file=sys.stderr, **kwargs)
|
print(*args, file=sys.stderr, **kwargs)
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
if len(sys.argv) != 3:
|
if len(sys.argv) != 4:
|
||||||
err("expected 2 arguments")
|
err("expected 3 arguments")
|
||||||
|
|
||||||
with open("ovh-mitigation.json") as config:
|
with open("ovh-mitigation.json") as config:
|
||||||
config = json.load(config)
|
config = json.load(config)
|
||||||
|
|
||||||
action = sys.argv[1]
|
system = sys.argv[1]
|
||||||
ip = sys.argv[2]
|
action = sys.argv[2]
|
||||||
|
ip = sys.argv[3]
|
||||||
|
|
||||||
client = ovh.Client(
|
client = ovh.Client(
|
||||||
endpoint=config["endpoint"],
|
endpoint=config["endpoint"],
|
||||||
@ -24,28 +25,42 @@ client = ovh.Client(
|
|||||||
consumer_key=config["consumer_key"],
|
consumer_key=config["consumer_key"],
|
||||||
)
|
)
|
||||||
|
|
||||||
if action == "status":
|
if system == "mitigation":
|
||||||
result = client.get(f"/ip/{ip}/mitigation")
|
if action == "status":
|
||||||
if len(result) == 0:
|
result = client.get(f"/ip/{ip}/mitigation")
|
||||||
print("mitigation disabled")
|
if len(result) == 0:
|
||||||
elif len(result) == 1:
|
print("mitigation disabled")
|
||||||
result = client.get(f"/ip/{ip}/mitigation/{result[0]}")
|
elif len(result) == 1:
|
||||||
print("automatic: " + str(result["auto"]))
|
result = client.get(f"/ip/{ip}/mitigation/{result[0]}")
|
||||||
print("permanent: " + str(result["permanent"]))
|
print("automatic: " + str(result["auto"]))
|
||||||
|
print("permanent: " + str(result["permanent"]))
|
||||||
|
print("state: " + result["state"])
|
||||||
|
else:
|
||||||
|
err("expected single result")
|
||||||
|
elif action == "enable":
|
||||||
|
result = client.post(f'/ip/{ip}/mitigation', ipOnMitigation=ip)
|
||||||
|
if result["permanent"] is True and result["state"] == "creationPending":
|
||||||
|
print("enabling permanent mitigation")
|
||||||
|
else:
|
||||||
|
err(json.dumps(result, indent=4) + "\nunexpected result")
|
||||||
|
elif action == "disable":
|
||||||
|
result = client.delete(f"/ip/{ip}/mitigation/{ip}")
|
||||||
|
if result["permanent"] is True and result["state"] == "removalPending":
|
||||||
|
print("disabling permanent mitigation")
|
||||||
|
else:
|
||||||
|
err(json.dumps(result, indent=4) + "\nunexpected result")
|
||||||
|
else:
|
||||||
|
err("unknown action: " + action)
|
||||||
|
elif system == "firewall":
|
||||||
|
if action == "status":
|
||||||
|
result = client.get(f"/ip/{ip}/firewall/{ip}")
|
||||||
|
print("enabled: " + str(result["enabled"]))
|
||||||
print("state: " + result["state"])
|
print("state: " + result["state"])
|
||||||
|
elif action == "enable":
|
||||||
|
client.put(f'/ip/{ip}/firewall/{ip}', enabled=True)
|
||||||
|
elif action == "disable":
|
||||||
|
client.put(f"/ip/{ip}/firewall/{ip}", enabled=False)
|
||||||
else:
|
else:
|
||||||
err("expected single result")
|
err("unknown action: " + action)
|
||||||
elif action == "enable":
|
|
||||||
result = client.post(f'/ip/{ip}/mitigation', ipOnMitigation=ip)
|
|
||||||
if result["permanent"] is True and result["state"] == "creationPending":
|
|
||||||
print("enabling permanent mitigation")
|
|
||||||
else:
|
|
||||||
err(json.dumps(result, indent=4) + "\nunexpected result")
|
|
||||||
elif action == "disable":
|
|
||||||
result = client.delete(f"/ip/{ip}/mitigation/{ip}")
|
|
||||||
if result["permanent"] is True and result["state"] == "removalPending":
|
|
||||||
print("disabling permanent mitigation")
|
|
||||||
else:
|
|
||||||
err(json.dumps(result, indent=4) + "\nunexpected result")
|
|
||||||
else:
|
else:
|
||||||
err("unknown action: " + action)
|
err("unknown system: " + system)
|
||||||
|
Loading…
Reference in New Issue
Block a user