[MediaWiki-commits] [Gerrit] Add tools to calculate whitelist for Amazon - change (wikimedia...tools)

jenkins-bot (Code Review) Thu, 24 Mar 2016 16:55:54 -0700

jenkins-bot has submitted this change and it was merged.

Change subject: Add tools to calculate whitelist for Amazon
......................................................................



Add tools to calculate whitelist for Amazon

Downloads us-east-1 IP address ranges from Amazon and removes
anything indicated as non-Amazon services, such as CLOUDFRONT,
EC2, and ROUTE53.

Bug: T119002
Change-Id: I81e4f6a946aed995cc9968e78ed32e9c4c4ff4c3
---
A whitelist/amazon-ranges.sh
A whitelist/netdiff.py
2 files changed, 34 insertions(+), 0 deletions(-)

Approvals:
  Awight: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/whitelist/amazon-ranges.sh b/whitelist/amazon-ranges.sh
new file mode 100755
index 0000000..21bb1b2
--- /dev/null
+++ b/whitelist/amazon-ranges.sh
@@ -0,0 +1,12 @@
+#! /bin/sh
+IPFILE=`mktemp`
+INCLUDEFILE=`mktemp`
+EXCLUDEFILE=`mktemp`
+MYPATH=`dirname $0`
+wget --quiet https://ip-ranges.amazonaws.com/ip-ranges.json -O $IPFILE
+jq '.prefixes[] | select(.region|startswith("us-east-1")) | 
select(.service=="AMAZON") | .ip_prefix' $IPFILE \
+    | sed -e 's/"//g' > $INCLUDEFILE
+jq '.prefixes[] | select(.service!="AMAZON") | .ip_prefix' $IPFILE \
+    | sed -e 's/"//g' > $EXCLUDEFILE
+$MYPATH/netdiff.py $INCLUDEFILE $EXCLUDEFILE
+rm $IPFILE $INCLUDEFILE $EXCLUDEFILE
diff --git a/whitelist/netdiff.py b/whitelist/netdiff.py
new file mode 100755
index 0000000..da6d548
--- /dev/null
+++ b/whitelist/netdiff.py
@@ -0,0 +1,22 @@
+#! /usr/bin/env python
+# Calculates the disjunction of two sets of IP ranges
+from sys import argv
+from netaddr import IPSet
+
+if len(argv) != 3:
+    print('Usage: {0} include.txt exclude.txt'.format(argv[0]))
+    exit()
+
+net = IPSet()
+
+with open(argv[1], 'r') as incfile:
+    for line in incfile:
+        net = net | IPSet([line])
+
+with open(argv[2], 'r') as exfile:
+    for line in exfile:
+        net.remove(line)
+
+for cidr in net.iter_cidrs():
+    print(cidr)
+

-- 
To view, visit https://gerrit.wikimedia.org/r/279124
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I81e4f6a946aed995cc9968e78ed32e9c4c4ff4c3
Gerrit-PatchSet: 2
Gerrit-Project: wikimedia/fundraising/tools
Gerrit-Branch: master
Gerrit-Owner: Ejegg <eeggles...@wikimedia.org>
Gerrit-Reviewer: Awight <awi...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Add tools to calculate whitelist for Amazon - change (wikimedia...tools)

Reply via email to