Meraki Firewalled Services and Poetry

In this post I describe how to use Poetry to build and package a tool to verify the status of Meraki Firewalled Services (ICMP, SNMP and Web).

Business case

A customer with a large Cisco Meraki network is not using templates for $reasons.

Warning

If you manage a Meraki network, use templates!

This mistake choice makes the network harder to manage and to validate the consistency of the configurations.

On Oct 5th 2020 Meraki released a document notifying a Local Status Page Vulnerability that raised a question:

"How many devices have remote access enabled?"

Meraki Appliance Services

The Meraki MX firewall has 3 Appliance Services:

  • ICMP Ping
  • Web (local status & configuration)
  • SNMP

Each service can be enabled/disabled and restricted to permit only request coming from specified address(es).

The requirement is to extract the information about the services of all the networks of the organization.

**} Let's write some code! **

The script

For the script I used these tools:

The script collects the statuses of the Appliance Services of each network of the organization and prints them with Rich for a nice output.

Source code available in GitHub..

Poetry

What is Poetry?

Poetry is a tool for dependency management and packaging in Python.

I've used setuptools for another project but of course I'm too curious to use the same tool for two consecutive projects.

I'll briefly describe the steps to create the package. Go to the official Poetry documentation for the details.

Start creating a a new project:

1poetry new merakiFirewalledServices
2cd merakiFirewalledServices

Add the file merakiFirewalledServices.py that is the actual script:

1merakiLocalStatusPage/
2โ”œโ”€โ”€ LICENSE
3โ”œโ”€โ”€ README.MD
4โ”œโ”€โ”€ merakiFirewalledServices
5โ”‚   โ””โ”€โ”€ merakiFirewalledServices.py
6โ”œโ”€โ”€ poetry.lock
7โ””โ”€โ”€ pyproject.toml

Edit pyproject.toml. The key point here is to define the script entry point name:

1[tool.poetry.scripts]
2merakiFirewalledServices = "merakifirewalledservices.merakiFirewalledServices:main"

Add dependencies:

1poetry add meraki
2poetry add click
3poetry add rich
Info

Trick: I migrated the dependencies from requirements.txt to Poetry with the command

1poetry add $(cat requirements.txt)

The reverse is also possible with

1poetry export -f requirements.txt --without-hashes > requirements.txt

Build the package:

1poetry build

The files are saved in /dist. Install the package on the local machine using pip:

1python -m pip install dist/merakiFirewalledServices-0.1.2-py3-none-any.whl
Info

Use a Python virtual environment to avoid conflicts of package versions.

Run the script:

1merakiFirewalledServices

Example of execution with the Meraki DevNet Sandbox API Key.


Publish on PyPI

Python Package Index (PyPI) is a repository of software written in Python.

This script is available on Pypi here.

The publication process requires a PyPi account and then run:

1poetry publish

That's it!

Wrap-up

Poetry is a simple yet powerful tool to package Python scripts and make them available on the CLI for customers and Ops team.

Most of my scripts are for internal use for my team or myself, hosted in a private PyPI repository that runs in a Docker container.

I really enjoy the opportunity to write custom tools and create value despite my ~~~bad~~~ basic coding skills.

Source code on GitHub

Package in PyPI