I am writing a cloud function which gets trigger from slack with an IP and then we whitelist the IP in GCP firewall. because GCP firewall dont appeand so we have to get the IP and then appear a new IP to and then update it .
I am facing below error
Error updating firewall rule: FirewallsClient.update() got an unexpected keyword argument 'body'
I tried a lot to fix this but I am getting one or the other error. so not sure how to fix this, due to lack of understanding about the coding as well.
my code
def updateSecurityGroupRule(ip):
project_id = 'development-404511'
firewall_rule_name = 'bastion-host-ssh'
client = compute_v1.FirewallsClient()
try:
request = client.get(project=project_id, firewall=firewall_rule_name)
current_firewall_rule = request
except Exception as e:
print(f"Error retrieving current firewall rule: {e}")
return False
if isinstance(current_firewall_rule, compute_v1.Firewall) and hasattr(current_firewall_rule, 'source_ranges'):
# Assuming there is at least one source range in the list
current_ip_range = current_firewall_rule.source_ranges[0] if current_firewall_rule.source_ranges else None
else:
print(f"Unexpected response from client.get(): {current_firewall_rule}")
return False
new_source_ranges = [current_ip_range, f'{ip}/32']
firewall_update_mask = FieldMask(paths=['source_ranges'])
firewall_update_request = compute_v1.Firewall(
name=firewall_rule_name,
source_ranges=new_source_ranges
)
print(f"Updating firewall rule with new source ranges: {new_source_ranges}")
try:
client.update(project=project_id, firewall=firewall_rule_name, body=firewall_update_request, updateMask=firewall_update_mask)
print("Firewall rule updated successfully.")
return True
except Exception as e:
print(f"Error updating firewall rule: {e}")
return False
def updateSecurityGroupRule(ip):
project_id = 'project-12345'
firewall_rule_name = 'firewall-name'
client = compute_v1.FirewallsClient()
try:
request = client.get(project=project_id, firewall=firewall_rule_name)
current_firewall_rule = request
except Exception as e:
print(f"Error retrieving current firewall rule: {e}")
return False
if isinstance(current_firewall_rule, compute_v1.Firewall) and hasattr(current_firewall_rule, 'source_ranges'):
# Assuming there is at least one source range in the list
current_ip_range = current_firewall_rule.source_ranges[0] if current_firewall_rule.source_ranges else None
else:
print(f"Unexpected response from client.get(): {current_firewall_rule}")
return False
new_source_ranges = [current_ip_range, f'{ip}/32']
firewall_update_mask = FieldMask(paths=['source_ranges'])
firewall_update_request = compute_v1.Firewall(
name=firewall_rule_name,
source_ranges=new_source_ranges
)
print(f"Updating firewall rule with new source ranges: {new_source_ranges}")
try:
client.update(project=project_id, firewall=firewall_rule_name, body=firewall_update_request, updateMask=firewall_update_mask)
print("Firewall rule updated successfully.")
return True
except Exception as e:
print(f"Error updating firewall rule: {e}")
return False
while I run it and watch logs I see that script works until here
print(f"Updating firewall rule with new source ranges: {new_source_ranges}")
it gets the IP from firewall and adds new IP to it, later it is not updating the firewall back
can someone tell me what is wrong here and is there any better way I can do to update a firewall with ip
Solution to above is as below This will get the IP addresses from your firewall, append the new IP that we pass to it, and the update the firewall with the new range. I hope this will help any
def updateSecurityGroupRule(ip):
client = compute_v1.FirewallsClient()
request = compute_v1.GetFirewallRequest(
firewall="<firewall_name>",
project="<project_id>",
)
response = client.get(request=request)
current_ips = [ip_range for ip_range in response.source_ranges]
current_ips.append(f'{ip}/32')
firewall_resource = compute_v1.Firewall(source_ranges=current_ips)
request = compute_v1.PatchFirewallRequest(
firewall="<firewall_name>",
project="<project_id>",
firewall_resource=firewall_resource
)
response = client.patch(request=request)
print(response)