|
1 |
#this file is generated by EOLE, don't modify this file
|
| 1 |
2 |
µµµµµµµµµµ
|
| 2 |
3 |
µµµµµµµµµµ
|
| 3 |
4 |
µµµµµµµµµµ build restrictions dictionary used to limit access to a service
|
| 4 |
5 |
µµµµµµµµµµ
|
|
6 |
%if %%mode_conteneur_actif == "oui"
|
|
7 |
ALL:%%adresse_network_br0/%%adresse_netmask_br0
|
|
8 |
%end if
|
| 5 |
9 |
%set global %%restrictions = dict()
|
| 6 |
|
%def add_restriction(%%service, %%container, %%ip, %%netmask)
|
|
10 |
%def add_restriction(%%service, %%container, %%ip, %%netmask, %%interface)
|
| 7 |
11 |
%if %%netmask != '255.255.255.255'
|
| 8 |
12 |
%set %%ip_restriction = %%ip + '/' + %%netmask
|
| 9 |
13 |
%else
|
| 10 |
14 |
%set %%ip_restriction = %%ip
|
| 11 |
15 |
%end if
|
| 12 |
|
%%restrictions.setdefault(%%service, {}).setdefault(%%container, []).append(%%ip_restriction)
|
|
16 |
%%restrictions.setdefault(%%service, {}).setdefault(%%container, {}).setdefault(%%interface, []).append(%%ip_restriction) %slurp
|
| 13 |
17 |
%end def
|
| 14 |
18 |
%for %%restriction in %%creole_client.get_service_restrictions()
|
| 15 |
19 |
%set %%container = %%restriction['container_group']
|
| 16 |
20 |
%set %%service = %%restriction['service']
|
|
21 |
%set %%interface=%%restriction.get('interface', None)
|
| 17 |
22 |
%if 'activate' in %%restriction and 'name' in %%restriction
|
| 18 |
23 |
%if %%isinstance(%%restriction['name'], list)
|
| 19 |
24 |
%if %%restriction['name'] == []
|
| 20 |
|
%%restrictions.setdefault(%%service, {}).setdefault(%%container, []).append(None)
|
|
25 |
%%restrictions.setdefault(%%service, {}).setdefault(%%container, {}).setdefault(%%interface, []).append(None) %slurp
|
| 21 |
26 |
%end if
|
| 22 |
27 |
%set %%netmask = %%restriction['netmask']
|
| 23 |
28 |
%for %%idx, %%rest in %%enumerate(%%restriction['name'])
|
| ... | ... | |
| 26 |
31 |
%else
|
| 27 |
32 |
%set %%l_netmask = %%netmask
|
| 28 |
33 |
%end if
|
| 29 |
|
%%add_restriction(%%service, %%container, %%restriction['name'][idx], %%l_netmask)
|
|
34 |
%%add_restriction(%%service, %%container, %%restriction['name'][idx], %%l_netmask, %%interface) %slurp
|
| 30 |
35 |
%end for
|
| 31 |
36 |
%else
|
| 32 |
|
%%add_restriction(%%service, %%container, %%restriction['name'], %%restriction['netmask'])
|
|
37 |
%%add_restriction(%%service, %%container, %%restriction['name'], %%restriction['netmask'], %%interface) %slurp
|
| 33 |
38 |
%end if
|
| 34 |
39 |
%else
|
| 35 |
|
%%restrictions.setdefault(%%service, {}).setdefault(%%container, []).append(None)
|
|
40 |
%%restrictions.setdefault(%%service, {}).setdefault(%%container, {}).setdefault(%%interface, []).append(None) %slurp
|
| 36 |
41 |
%end if
|
| 37 |
42 |
%end for
|
|
43 |
|
| 38 |
44 |
%for access in %%creole_client.get_service_accesss()
|
| 39 |
45 |
%if 'activate' in %%access and 'name' in %%access and %%access['node_name'] == 'tcpwrapper'
|
| 40 |
46 |
%set %%container_ip = %%getVar('container_ip_' + %%access['container'])
|
| 41 |
47 |
%set %%container_name = %%access['container_group']
|
| 42 |
|
%if %%container_ip != '127.0.0.1'
|
| 43 |
|
#desactived in container %slurp
|
|
48 |
%if %%mode_conteneur_actif == "oui" and %%current_container['name'] != %%container_name
|
|
49 |
#desactived not in this container %slurp
|
| 44 |
50 |
%end if
|
| 45 |
|
%set %%sources = %%restrictions.get(%%access['service'], {}).get(%%container_name, ['0.0.0.0/0.0.0.0'])
|
|
51 |
%set %%sources = %%restrictions.get(%%access['service'], {}).get(%%container_name, {'all': ['0.0.0.0/0.0.0.0']})
|
| 46 |
52 |
%for %%source in %%sources
|
| 47 |
|
%if %%source == None
|
| 48 |
|
%break
|
| 49 |
|
%end if
|
| 50 |
|
%%access['name']:%%source
|
|
53 |
%for %%interface in %%sources[%%source]
|
|
54 |
%if %%interface == None
|
|
55 |
%break
|
|
56 |
%end if
|
|
57 |
%%access['name']:%%interface
|
|
58 |
%end for
|
| 51 |
59 |
%end for
|
| 52 |
60 |
%end if
|
| 53 |
61 |
%end for
|