INFRA-1768 | Deepak | adding script to check if env var contain url and if that url is allowed via outbound (#465)

2023-04-12 23:28:18 +05:30
parent 7fbe8bd016
commit 40ef2f7c1f
1 changed files with 53 additions and 0 deletions
--- a/scripts/check_all_outbound_connection.py
+++ b/scripts/check_all_outbound_connection.py
@@ -0,0 +1,53 @@
+from unicodedata import name
+import requests
+import re
+import json
+
+portal_url = "https://gi-deployment-portal.cmd.navi-tech.in"
+s = requests.Session()
+# tbd: replace it with token
+cookie = ""
+
+x_xsrf_token = ""
+s.headers.update({'cookie': cookie, 'x-xsrf-token': x_xsrf_token})
+env = "prod"
+namespace_negative_filter = ['prod', 'airflow', 'data-platform', 'monitoring']
+list_manifest_path = "/api/manifest/list"
+
+r = s.get(portal_url + list_manifest_path)
+manifest_list = r.json()
+env_manifest_list = [manifest for manifest in manifest_list if manifest['environment'] == env]
+pending_url = {}
+for i in env_manifest_list:
+    r = s.get(portal_url + "/api/manifest/"+str(i['id']))
+    manifest = r.json()
+    if 'environmentVariables' in manifest and 'deployment' in manifest and manifest['deployment']['namespace'] not in namespace_negative_filter:
+        if 'disableIstio' not in manifest['deployment'] or manifest['deployment']['disableIstio'] == False:
+            urls = []
+            print("manifest name is", manifest['name'])
+            envs = manifest['environmentVariables']
+            for env in envs:
+                urls += re.findall('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', env['value'])
+            outbound_urls = manifest['deployment']['allowEgress']
+            for url in urls:
+                found = False
+                for outbound_url in outbound_urls:
+                    regex = outbound_url
+                    if '*' in outbound_url:
+                        regex = "." + outbound_url
+                    if len(re.findall(regex, url)) > 0:
+                        found = True
+                        print("found url:", url)
+                        break
+                if found:
+                    continue
+                print("url is : " , url)
+                if f"{manifest['environment']}/{manifest['name']}" in pending_url:
+                    pending_url[f"{manifest['environment']}/{manifest['name']}"].append(url)
+                else:
+                    pending_url[f"{manifest['environment']}/{manifest['name']}"] = [url]
+
+print(json.dumps(pending_url))
+
+
+# urls = re.findall('http[s]?://(?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*\(\),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+', text)