diff --git a/ip_access_list_analyzer/README.md b/ip_access_list_analyzer/README.md index e6b3569..f0628a5 100644 --- a/ip_access_list_analyzer/README.md +++ b/ip_access_list_analyzer/README.md @@ -28,15 +28,14 @@ Only enabled IP Access Lists are analyzed (and fixed). ## Installation * You need to have Python 3.8+ installed -* Clone the repository or download current directory -* Install dependencies with `pip install -U -r requirements.txt` +* The code and dependencies are installed as part of the `databricks labs install sandbox` command. ## Usage To run the tool just execute: ```sh -python ip_acl_analyzer.py [options] +databricks labs sandbox ip-access-list-analyzer [options] ``` Pass `--help` command-line flag to obtain built-in help. Specify `--debug` option to get detailed log output. @@ -52,39 +51,16 @@ This tool works in two modes: If you execute following command: ```sh -python ip_acl_analyzer.py --json_file=test.json --debug +databricks labs sandbox ip-access-list-analyzer --json_file=test.json ``` Then you will receive following output: ``` -DEBUG:root:Performing only analysis... -DEBUG:root:Going to load IP Access Lists from JSON file: test.json INFO:root:There are duplicates in the IP Access lists! len(all_ips)=241, len(uniq_ips)=237 -DEBUG:root:Processing list 'list1' (0f209622-ca20-455a-bdc4-4de3bed8a1ed) -DEBUG:root: Found intersection with list list1 dup -DEBUG:root: Modifying current list... -DEBUG:root: Removing from list1: ['54.81.134.249', '52.22.161.231', '52.45.144.63'] -DEBUG:root:Processing list 'list1 dup' (1f209622-ca20-455a-bdc4-4de3bed8a1ed) -DEBUG:root: Found intersection with list list2 -DEBUG:root: Modifying current list... -DEBUG:root: 52.55.144.63 is part of 52.55.144.0/24, removing... -DEBUG:root: Removing from list1 dup: ['52.55.144.63'] -DEBUG:root:Processing list 'list2' (1f209623-ca20-455a-bdc4-4de3bed8a1ed) -DEBUG:root: We can ignore 10.0.1.0 because it's local or private... -DEBUG:root: We can ignore 10.1.2.0/24 because it's local or private... -DEBUG:root: We can ignore 192.168.10.11 because it's local or private... -DEBUG:root: 52.55.144.63 is part of 52.55.144.0/24, removing... -DEBUG:root: Removing from list2: ['192.168.10.11', '10.0.1.0', '10.1.2.0/24', '52.55.144.63'] -DEBUG:root:Processing list 'github_actions' (d798c5f5-3b53-4dc7-85b7-75dd67056512) -DEBUG:root:Skipping not enabled list Disabled list (fc594781-60cb-4b46-b0f7-ee9d951e3c3f) INFO:root:Going to remove list 'list1' (0f209622-ca20-455a-bdc4-4de3bed8a1ed) as it's empty INFO:root:Going to modify list 'list1 dup' (1f209622-ca20-455a-bdc4-4de3bed8a1ed). Entries to remove: ['52.55.144.63'] -DEBUG:root: from: IpAccessListInfo(address_count=3, created_at=1651523910411, created_by=5381669867036714, enabled=True, ip_addresses=['52.45.144.63', '52.55.144.63', '54.81.134.249', '52.22.161.231'], label='list1 dup', list_id='1f209622-ca20-455a-bdc4-4de3bed8a1ed', list_type=, updated_at=1651523910411, updated_by=5381669867036714) -DEBUG:root: to : IpAccessListInfo(address_count=3, created_at=None, created_by=None, enabled=True, ip_addresses=['52.45.144.63', '54.81.134.249', '52.22.161.231'], label='list1 dup', list_id='1f209622-ca20-455a-bdc4-4de3bed8a1ed', list_type=, updated_at=None, updated_by=None) -INFO:root:Going to modify list 'list2' (1f209623-ca20-455a-bdc4-4de3bed8a1ed). Entries to remove: ['192.168.10.11', '10.0.1.0', '10.1.2.0/24', '52.55.144.63'] -DEBUG:root: from: IpAccessListInfo(address_count=7, created_at=1651523910411, created_by=5381669867036714, enabled=True, ip_addresses=['52.55.144.63', '52.55.144.0/24', '54.91.134.249', '52.12.161.231', '10.0.1.0', '10.1.2.0/24', '192.168.10.11'], label='list2', list_id='1f209623-ca20-455a-bdc4-4de3bed8a1ed', list_type=, updated_at=1651523910411, updated_by=5381669867036714) -DEBUG:root: to : IpAccessListInfo(address_count=3, created_at=None, created_by=None, enabled=True, ip_addresses=['52.55.144.0/24', '54.91.134.249', '52.12.161.231'], label='list2', list_id='1f209623-ca20-455a-bdc4-4de3bed8a1ed', list_type=, updated_at=None, updated_by=None) +INFO:root:Going to modify list 'list2' (1f209623-ca20-455a-bdc4-4de3bed8a1ed). Entries to remove: ['10.1.2.0/24', '192.168.10.11', '52.55.144.63', '10.0.1.0'] INFO:root:List 'github_actions' (d798c5f5-3b53-4dc7-85b7-75dd67056512) isn't modified or not enabled INFO:root:List 'Disabled list' (fc594781-60cb-4b46-b0f7-ee9d951e3c3f) isn't modified or not enabled ``` diff --git a/ip_access_list_analyzer/ip_acl_analyzer.py b/ip_access_list_analyzer/ip_acl_analyzer.py index a499041..33fa093 100644 --- a/ip_access_list_analyzer/ip_acl_analyzer.py +++ b/ip_access_list_analyzer/ip_acl_analyzer.py @@ -151,7 +151,7 @@ def str2bool(v): raise argparse.ArgumentTypeError('Boolean value expected.') -def main(args): +def main(args=None): parser = argparse.ArgumentParser(description='Analyze and fix Databricks IP Access Lists') parser.add_argument('--apply', help="Do analysis and apply changes", default=False, type=str2bool, nargs='?', const=True) parser.add_argument('--debug', help="Allow debug output",