Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify README to say how to use it with databricks labs sandbox command #25

Merged
merged 1 commit into from
Dec 14, 2023
Merged

Modify README to say how to use it with databricks labs sandbox command #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 4 additions & 28 deletions ip_access_list_analyzer/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,14 @@ Only enabled IP Access Lists are analyzed (and fixed).
## Installation

* You need to have Python 3.8+ installed
* Clone the repository or download current directory
* Install dependencies with `pip install -U -r requirements.txt`
* The code and dependencies are installed as part of the `databricks labs install sandbox` command.

## Usage

To run the tool just execute:

```sh
python ip_acl_analyzer.py [options]
databricks labs sandbox ip-access-list-analyzer [options]
```

Pass `--help` command-line flag to obtain built-in help. Specify `--debug` option to get detailed log output.
Expand All @@ -52,39 +51,16 @@ This tool works in two modes:
If you execute following command:

```sh
python ip_acl_analyzer.py --json_file=test.json --debug
databricks labs sandbox ip-access-list-analyzer --json_file=test.json
```

Then you will receive following output:

```
DEBUG:root:Performing only analysis...
DEBUG:root:Going to load IP Access Lists from JSON file: test.json
INFO:root:There are duplicates in the IP Access lists! len(all_ips)=241, len(uniq_ips)=237
DEBUG:root:Processing list 'list1' (0f209622-ca20-455a-bdc4-4de3bed8a1ed)
DEBUG:root: Found intersection with list list1 dup
DEBUG:root: Modifying current list...
DEBUG:root: Removing from list1: ['54.81.134.249', '52.22.161.231', '52.45.144.63']
DEBUG:root:Processing list 'list1 dup' (1f209622-ca20-455a-bdc4-4de3bed8a1ed)
DEBUG:root: Found intersection with list list2
DEBUG:root: Modifying current list...
DEBUG:root: 52.55.144.63 is part of 52.55.144.0/24, removing...
DEBUG:root: Removing from list1 dup: ['52.55.144.63']
DEBUG:root:Processing list 'list2' (1f209623-ca20-455a-bdc4-4de3bed8a1ed)
DEBUG:root: We can ignore 10.0.1.0 because it's local or private...
DEBUG:root: We can ignore 10.1.2.0/24 because it's local or private...
DEBUG:root: We can ignore 192.168.10.11 because it's local or private...
DEBUG:root: 52.55.144.63 is part of 52.55.144.0/24, removing...
DEBUG:root: Removing from list2: ['192.168.10.11', '10.0.1.0', '10.1.2.0/24', '52.55.144.63']
DEBUG:root:Processing list 'github_actions' (d798c5f5-3b53-4dc7-85b7-75dd67056512)
DEBUG:root:Skipping not enabled list Disabled list (fc594781-60cb-4b46-b0f7-ee9d951e3c3f)
INFO:root:Going to remove list 'list1' (0f209622-ca20-455a-bdc4-4de3bed8a1ed) as it's empty
INFO:root:Going to modify list 'list1 dup' (1f209622-ca20-455a-bdc4-4de3bed8a1ed). Entries to remove: ['52.55.144.63']
DEBUG:root: from: IpAccessListInfo(address_count=3, created_at=1651523910411, created_by=5381669867036714, enabled=True, ip_addresses=['52.45.144.63', '52.55.144.63', '54.81.134.249', '52.22.161.231'], label='list1 dup', list_id='1f209622-ca20-455a-bdc4-4de3bed8a1ed', list_type=<ListType.ALLOW: 'ALLOW'>, updated_at=1651523910411, updated_by=5381669867036714)
DEBUG:root: to : IpAccessListInfo(address_count=3, created_at=None, created_by=None, enabled=True, ip_addresses=['52.45.144.63', '54.81.134.249', '52.22.161.231'], label='list1 dup', list_id='1f209622-ca20-455a-bdc4-4de3bed8a1ed', list_type=<ListType.ALLOW: 'ALLOW'>, updated_at=None, updated_by=None)
INFO:root:Going to modify list 'list2' (1f209623-ca20-455a-bdc4-4de3bed8a1ed). Entries to remove: ['192.168.10.11', '10.0.1.0', '10.1.2.0/24', '52.55.144.63']
DEBUG:root: from: IpAccessListInfo(address_count=7, created_at=1651523910411, created_by=5381669867036714, enabled=True, ip_addresses=['52.55.144.63', '52.55.144.0/24', '54.91.134.249', '52.12.161.231', '10.0.1.0', '10.1.2.0/24', '192.168.10.11'], label='list2', list_id='1f209623-ca20-455a-bdc4-4de3bed8a1ed', list_type=<ListType.ALLOW: 'ALLOW'>, updated_at=1651523910411, updated_by=5381669867036714)
DEBUG:root: to : IpAccessListInfo(address_count=3, created_at=None, created_by=None, enabled=True, ip_addresses=['52.55.144.0/24', '54.91.134.249', '52.12.161.231'], label='list2', list_id='1f209623-ca20-455a-bdc4-4de3bed8a1ed', list_type=<ListType.ALLOW: 'ALLOW'>, updated_at=None, updated_by=None)
INFO:root:Going to modify list 'list2' (1f209623-ca20-455a-bdc4-4de3bed8a1ed). Entries to remove: ['10.1.2.0/24', '192.168.10.11', '52.55.144.63', '10.0.1.0']
INFO:root:List 'github_actions' (d798c5f5-3b53-4dc7-85b7-75dd67056512) isn't modified or not enabled
INFO:root:List 'Disabled list' (fc594781-60cb-4b46-b0f7-ee9d951e3c3f) isn't modified or not enabled
```
Expand Down
2 changes: 1 addition & 1 deletion ip_access_list_analyzer/ip_acl_analyzer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ def str2bool(v):
raise argparse.ArgumentTypeError('Boolean value expected.')


def main(args):
def main(args=None):
parser = argparse.ArgumentParser(description='Analyze and fix Databricks IP Access Lists')
parser.add_argument('--apply', help="Do analysis and apply changes", default=False, type=str2bool, nargs='?', const=True)
parser.add_argument('--debug', help="Allow debug output",
Expand Down