-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathGCP_vciNetworkTools.py
152 lines (146 loc) · 5.77 KB
/
GCP_vciNetworkTools.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
import GCP_clients
import GCP_vciTools
import vci_networkTools
import re
import json
def getVpc(projectId, name):
request = GCP_clients.compute.networks().get(project = projectId, network = name)
response = request.execute()
return(response)
def createVpc(projectId, name, autoCreateSubnetworks = False, routing = 'global'):
# create network body
networkBody = {
"name": name,
"kind": "compute#network",
"routingConfig": {
"routingMode": routing.upper()
},
"autoCreateSubnetworks": autoCreateSubnetworks
}
# Make the vpc create request
vpcInsertRequest = GCP_clients.compute.networks().insert(project=projectId, body=networkBody)
vpcInsertResponse = vpcInsertRequest.execute()
print('Creating network: %s in projectId: %s' % (name, projectId))
return(vpcInsertResponse)
def createVpcSubnet(projectId, region, ipNetwork, networkPrefix, vpc, name):
if re.search("^https://",vpc):
vpcUrl = vpc
else:
vpcObj = getVpc(projectId = projectId, name = vpc)
vpcUrl = vpcObj['selfLink']
# Verify Regions
try:
GCP_vciTools.verifyRegions(projectId = projectId, regions = [region])
except ValueError, e:
# display error message if necessary e.g. print str(e)
print str(e)
cidr = ipNetwork+'/'+str(networkPrefix)
gateway = vci_networkTools.getNetworkGateway(network = cidr)
regionObj = GCP_vciTools.getRegion(projectId = projectId, region = region)
regionUrl = regionObj['selfLink']
# cidr = ipNetwork+'/'+str(networkPrefix)
subnetBody = {
"kind": "compute#subnetwork",
"name": name,
"network": vpcUrl,
"ipCidrRange": cidr,
"gatewayAddress": str(gateway),
"region": regionUrl,
"privateIpGoogleAccess": True
}
vpcSubnetInsertRequest = GCP_clients.compute.subnetworks().insert(project=projectId, body=subnetBody, region=region)
vpcSubnetInsertResponse = vpcSubnetInsertRequest.execute()
print('Creating %s with network: %s and gateway: %s' %(subnetBody['name'], cidr, gateway))
def createVpcFirewallRule(projectId, vpc, name, protocol, direction, priority, source = [], port = '', tag = ''):
if re.search("^https://",vpc):
vpcUrl = vpc
else:
vpcObj = getVpc(projectId = projectId, name = vpc)
vpcUrl = vpcObj['selfLink']
# Set rule type (allowed/denied)
if 'allow' in name:
ruleType = "allowed"
if 'deny' in name:
ruleType = "denied"
# set rule direction (ingress/egress)
if direction.lower() == 'egress':
targetRanges = "destinationRanges"
if direction.lower() == 'ingress':
targetRanges = "sourceRanges"
# create body
fwBody = {
"kind":"compute#firewall",
"name": name,
"network": vpcUrl,
"priority": priority,
targetRanges:
source,
ruleType:[
{
"IPProtocol":protocol,
}
],
"direction": direction
}
# if rule applies to tag
if tag:
fwBody.update({"targetTags": tag})
# if specifying port
if port:
fwBody[ruleType][0].update({"ports":[port]})
fwRuleReq = GCP_clients.compute.firewalls().insert(project=projectId,body=fwBody)
fwRuleResponse = fwRuleReq.execute()
print('Creating firewall rule: {}' .format(name))
def createUmVpc(projectId, purpose, ipNetwork, networkPrefix = 24, regions = []):
# create VPC Name
VPCPrefix = 'um'
networkName = VPCPrefix + '-' + purpose # + VPCSuffix
# create VPC
vpcInfo = createVpc(projectId = projectId, name = networkName)
# Wait for VPC creation to complete
networkOpertation = vpcInfo['name']
GCP_vciTools.waitForNetworkOperation(project=projectId,operation=networkOpertation)
# print(vpcInfo)
# create subnets
cidr = ipNetwork+'/'+str(networkPrefix)
subnets = vci_networkTools.getNetworkSubnets(network = cidr, subnetNumber = len(regions))
for r in regions:
subnet = str(subnets[regions.index(r)])
subnetName = networkName + '-' + r
createVpcSubnet(projectId = projectId, name = subnetName, vpc = vpcInfo['targetLink'], region = r, ipNetwork = subnet.split('/')[0], networkPrefix = subnet.split('/')[1])
networkObj = {
"network":networkName,
"cidr": cidr
}
return(networkObj)
def createUmFirewall(projectId, vpc, customerNetwork, campusNetworksFile, iaNetworksFile, firewallListFile):
# import Campus Networks from file
with open(campusNetworksFile) as filehandle:
campusNetworks = json.load(filehandle)
with open (firewallListFile, "r") as filehandle:
firewallRuleList = json.load(filehandle)
with open (iaNetworksFile) as filehandle:
iaNetwork = json.load(filehandle)
# loop rules
for rule in firewallRuleList:
ruleName = rule['name']+'-'+ vpc
if 'port' in rule:
port = rule['port']
else:
port = ''
if 'tag' in rule:
tag = rule['tag']
else:
tag = ''
# check if rule contains these values
checkSource = ['customer_network', 'campus_networks','ia_network']
if [i for i in rule['source'] if i in checkSource]:
if 'customer_network' in rule['source']:
source = customerNetwork
if 'campus_networks' in rule['source']:
source = campusNetworks
if 'ia_network' in rule['source']:
source = iaNetwork
else:
source = rule['source']
createVpcFirewallRule(projectId = projectId, vpc = vpc, name = ruleName, protocol = rule['protocol'], port = port, direction = rule['direction'], priority = rule['priority'], source = source, tag = tag)