Meraki Firewalled Services and Poetry
In this post I describe how to use Poetry to build and package a tool to verify the status of Meraki Firewalled Services (ICMP, SNMP and Web).
Business case
A customer with a large Cisco Meraki network is not using templates for $reasons.
If you manage a Meraki network, use templates!
This mistake choice makes the network harder to manage and to validate the consistency of the configurations.
On Oct 5th 2020 Meraki released a document notifying a Local Status Page Vulnerability that raised a question:
"How many devices have remote access enabled?"
Meraki Appliance Services
The Meraki MX firewall has 3 Appliance Services:
- ICMP Ping
- Web (local status & configuration)
- SNMP
Each service can be enabled/disabled and restricted to permit only request coming from specified address(es).
The requirement is to extract the information about the services of all the networks of the organization.
**} Let's write some code! **
The script
For the script I used these tools:
- Meraki Dashboard API Python Library to read data
- Click for the command line interface
- Rich for the progress bar and the tables
- Black for code formatting
- Poetry for packaging and publication on PyPI
The script collects the statuses of the Appliance Services of each network of the organization and prints them with Rich for a nice output.
Source code available in GitHub..
Poetry
What is Poetry?
Poetry is a tool for dependency management and packaging in Python.
I've used setuptools for another project but of course I'm too curious to use the same tool for two consecutive projects.
I'll briefly describe the steps to create the package. Go to the official Poetry documentation for the details.
Start creating a a new project:
1poetry new merakiFirewalledServices
2cd merakiFirewalledServices
Add the file merakiFirewalledServices.py that is the actual script:
1merakiLocalStatusPage/
2โโโ LICENSE
3โโโ README.MD
4โโโ merakiFirewalledServices
5โ โโโ merakiFirewalledServices.py
6โโโ poetry.lock
7โโโ pyproject.toml
Edit pyproject.toml. The key point here is to define the script entry point name:
1[tool.poetry.scripts]
2merakiFirewalledServices = "merakifirewalledservices.merakiFirewalledServices:main"
Add dependencies:
1poetry add meraki
2poetry add click
3poetry add rich
Trick: I migrated the dependencies from requirements.txt to Poetry with the command
1poetry add $(cat requirements.txt)
The reverse is also possible with
1poetry export -f requirements.txt --without-hashes > requirements.txt
Build the package:
1poetry build
The files are saved in /dist. Install the package on the local machine using pip:
1python -m pip install dist/merakiFirewalledServices-0.1.2-py3-none-any.whl
Use a Python virtual environment to avoid conflicts of package versions.
Run the script:
1merakiFirewalledServices
Example of execution with the Meraki DevNet Sandbox API Key.
Publish on PyPI
Python Package Index (PyPI) is a repository of software written in Python.
This script is available on Pypi here.
The publication process requires a PyPi account and then run:
1poetry publish
That's it!
Wrap-up
Poetry is a simple yet powerful tool to package Python scripts and make them available on the CLI for customers and Ops team.
Most of my scripts are for internal use for my team or myself, hosted in a private PyPI repository that runs in a Docker container.
I really enjoy the opportunity to write custom tools and create value despite my ~~~bad~~~ basic coding skills.