python3修改安全组
场景:办公网络访问云资源,公司出口IP会变,试试更新到安全组
脚本如下:
#!/usr/bin/env python # -*- coding: utf-8 -*- # @Time : 2023/11/15 13:12 # @File : security_group.py # @Author : zk_linux # @Software: PyCharm # @Description: import json import socket from aliyunsdkecs.request.v20140526 import DescribeSecurityGroupAttributeRequest, RevokeSecurityGroupRequest, AuthorizeSecurityGroupRequest from aliyunsdkcore.client import AcsClient from aliyunsdkecs.request.v20140526 import RevokeSecurityGroupRequest from aliyunsdkcore.acs_exception.exceptions import ServerException import logging import time # 认证信息 access_key_id = "" access_key_secret = "" # 地域 region_id = "cn-hangzhou" # 安全组 ID security_group_id = "sg-" port = "80/80" # 公司出口域名 hostname = "www.abc.cn" # hostname = "baidu.com" # 初始化实例 client = AcsClient(access_key_id, access_key_secret, 'cn-hangzhou') # 日志路径 file_path = '/tmp/ip_address.log' logging.basicConfig(level=logging.INFO, filename=file_path, filemode='a', format='%(asctime)s - %(pathname)s[line:%(lineno)d] - %(levelname)s: %(message)s' ) class Domain_name_resolution: def __init__(self, name): self.name = name def domain_name(self): ''' 解析域名--> IP :return: IP ''' try: ip_address = socket.gethostbyname(self.name) return ip_address except socket.error as e: print(f"Error: {e}") return None class Query_rule: def __init__(self, sg_id, client): self.sg_id = sg_id self.client = client def query_rule(self): ''' 查询安全组80规则 :return: 0 规则不存在 ''' describe_request = DescribeSecurityGroupAttributeRequest.DescribeSecurityGroupAttributeRequest() describe_request.set_SecurityGroupId(self.sg_id) describe_response = self.client.do_action_with_exception(describe_request) current_ip_ranges = describe_response.decode('utf-8') data = json.loads(current_ip_ranges) source_cidr_ip = data.get('Permissions', {}).get('Permission', [{}]) for i in source_cidr_ip: if i.get('PortRange') != "80/80": return 0 else: return i.get('SourceCidrIp') class Delete_old_rules: def __init__(self, sg_id, port, old_public_ip): self.security_group_id = sg_id self.port = port self.old_public_ip = old_public_ip def Delete_old_ip(self): ''' 删除规则 :return: ''' revoke_request = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest() revoke_request.set_SecurityGroupId(self.security_group_id) revoke_request.set_IpProtocol("tcp") revoke_request.set_PortRange(self.port) revoke_request.set_SourceCidrIp(self.old_public_ip) revoke_response = client.do_action_with_exception(revoke_request) return revoke_response class Add_an_access_rule: def __init__(self, sg_id, port, new_ip): self.sg_id = sg_id self.port = port self.new_ip = new_ip def Add_rule(self): ''' 出口IP变动更新到安全组 :return: ''' authorize_request = AuthorizeSecurityGroupRequest.AuthorizeSecurityGroupRequest() authorize_request.set_SecurityGroupId(self.sg_id) authorize_request.set_IpProtocol("tcp") authorize_request.set_PortRange(self.port) authorize_request.set_SourceCidrIp(self.new_ip) authorize_response = client.do_action_with_exception(authorize_request) return authorize_response class Check_public_ip: @classmethod def Check_ip_is_updated(cls): # 获取当前出口新IP ojb1 = Domain_name_resolution(hostname) new_ip = ojb1.domain_name() # 获取安全组中失效IP obj = Query_rule(security_group_id, client) old_ip = obj.query_rule() # 入网80端口存在,先删除,在添加 if old_ip != 0: logging.warning("规则存在") if old_ip != new_ip: logging.warning("删除规则") del_ip = Delete_old_rules(security_group_id, port, old_ip) del_response = del_ip.Delete_old_ip() logging.warning("删除响应:{}".format(del_response)) Add = Add_an_access_rule(security_group_id, port, new_ip) add_response = Add.Add_rule() logging.info("80入网IP更新,更新IP:{}响应:{}".format(new_ip, add_response)) else: logging.info("出口IP未更新.") else: logging.error("80入网规则不存在") if __name__ == '__main__': while True: zk_net = Check_public_ip() zk_net.Check_ip_is_updated() time.sleep(3)