Home Update Security Lists on multiple OCI accounts
Post
Cancel

Update Security Lists on multiple OCI accounts

Code to update security lists on multiple OCI tenancies. This assumes that you have already setup the configs in the respective locations (check out the config_loc variable below.)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
import urllib.request
import requests
import oci

run_code = True
config_loc = ["/home/nevin/.oci/config", "/home/nevin/.oci/config_india"]
if (run_code):
    external_ip = urllib.request.urlopen(
            'https://checkip.amazonaws.com/').read().decode('utf8')
    for config_f in config_loc:
        config = oci.config.from_file(config_f, "DEFAULT")
        core_client = oci.core.VirtualNetworkClient(config)
        ports = {'ssh':22,  'http':80, 'https':443}
        ingress_security_rules = []
        for description, port in ports.items():
            setter = oci.core.models.IngressSecurityRule(
                protocol="6",
                source=f"{external_ip}/32",
                is_stateless=False,
                source_type="CIDR_BLOCK",
                tcp_options=oci.core.models.TcpOptions(
                    destination_port_range=oci.core.models.PortRange(max=port, min=port)
                    ),
                description=description,
                )
            ingress_security_rules.append(setter)
        if config_f == '/home/nevin/.oci/config_india':
            setter = oci.core.models.IngressSecurityRule(
                protocol="6",
                source=f"{external_ip}/32",
                is_stateless=False,
                source_type="CIDR_BLOCK",
                tcp_options=oci.core.models.TcpOptions(
                    destination_port_range=oci.core.models.PortRange(max=55, min=55)
                    ),
                description='india portainer from home',
                )
            ingress_security_rules.append(setter)
        ipranges = []
        response = requests.get("https://www.cloudflare.com/ips-v4")
        response = iter(response.text.splitlines())
        for ipv4 in response:
            ipranges.append(ipv4)
        response = requests.get("https://www.cloudflare.com/ips-v6")
        response = iter(response.text.splitlines())
        for ipv6 in response:
            ipranges.append(ipv6)
        cloudflare_ports = [80,443]
        for iprange in ipranges:
            for port in cloudflare_ports:
                description = 'cf_http' if port == 80 else 'cf_https'
                setter = oci.core.models.IngressSecurityRule(
                    protocol="6",
                    source=f"{iprange}",
                    is_stateless=False,
                    source_type="CIDR_BLOCK",
                    tcp_options=oci.core.models.TcpOptions(
                        destination_port_range=oci.core.models.PortRange(max=port, min=port)
                        ),
                    description=description,
                    )
                ingress_security_rules.append(setter)
        print (ingress_security_rules)
        if config_f == "/home/nevin/.oci/config":
            update_security_list_response = core_client.update_security_list(
                security_list_id="ocid1.securitylist.oc1.<clipped>",
                update_security_list_details=oci.core.models.UpdateSecurityListDetails(
                    defined_tags={
                        "Oracle-Tags": {
                            "CreatedBy": "default/nevin",
                            "CreatedOn": "2022-09-20T12:56:57.328Z",
                        }
                    },
                    display_name="nevins-security-list",
                    egress_security_rules=[],
                    freeform_tags={},
                    ingress_security_rules=ingress_security_rules,
                ),
            )
        else:
            update_security_list_response = core_client.update_security_list(
                security_list_id="ocid1.securitylist.oc1.<clipped>",
                update_security_list_details=oci.core.models.UpdateSecurityListDetails(
                    defined_tags={
                        "Oracle-Tags": {
                            "CreatedBy": "default/neo",
                            "CreatedOn": "2022-12-11T12:56:57.328Z",
                        }
                    },
                    display_name="NevinsSecurityList",
                    egress_security_rules=[],
                    freeform_tags={},
                    ingress_security_rules=ingress_security_rules,
                ),
            )

else:
    print("not required.")

This post is licensed under CC BY 4.0 by the author.