nsgのid抜き出し
oci network nsg list -c $compartment
rule抜き出し
oci network nsg rules list --nsg-id ocid > nsg_rules.json
cat nsg_rules.json | jq -r '[.data[] | keys]'
基本的に.data[]以下で下記のKeyがある
[
"description",
"destination",
"destination-type",
"direction",
"icmp-options",
"id",
"is-stateless",
"is-valid",
"protocol",
"source",
"source-type",
"tcp-options",
"time-created",
"udp-options"
]
必要なものを抜き出して確認出来れば楽なのだが、"tcp-options"が曲者(多分UDPも)
下記の感じでrangeでデータが入ってたりする。
"tcp-options": {
"destination-port-range": {
"max": 3389,
"min": 3 # 3389で開けているのだが何故3が入っているかは謎
},
とりあえず下記で抜き出す。もっとコンパクトに出来ないものか
cat nsg_rules.json | jq -r '.data[] | { direction: .direction, sorce: .source, protocol: .protocol, tpc: .\"tcp-options\", udp: .\"udp-options\" } '
{
"direction": "INGRESS",
"sorce": "****",
"protocol": "all",
"tpc": null,
"udp": null
}
省略
{
"direction": "INGRESS",
"sorce": "0.0.0.0/0",
"protocol": "6",
"tpc": {
"destination-port-range": {
"max": 3389,
"min": 3389
},
"source-port-range": null
},
"udp": null
}
EGRESS/INGRESS抜き出し
cat nsg_rules.json | jq -r '.data[] | { direction: .direction, sorce: .source, protocol: .protocol, tpc: .\"tcp-options\", udp: .\"udp-options\" } ' | jq -r 'select( .direction == \"EGRESS\" ) '
cat nsg_rules.json | jq -r '.data[] | { direction: .direction, sorce: .source, protocol: .protocol, tpc: .\"tcp-options\", udp: .\"udp-options\" } ' | jq -r 'select( .direction == \"INGRESS\" ) '