Meraki Firewalled Services and Poetry
In this post I describe how to use Poetry to build and package a tool to verify the status of Meraki Firewalled Services (ICMP, SNMP and Web).
Business case
A customer with a large Cisco Meraki network is not using templates for $reasons.
If you manage a Meraki network, use templates!
This mistake choice makes the network harder to manage and to validate the consistency of the configurations.
On Oct 5th 2020 Meraki released a document notifying a Local Status Page Vulnerability that raised a question:
“How many devices have remote access enabled?"
Meraki Appliance Services
The Meraki MX firewall has 3 Appliance Services :
- ICMP Ping
- Web (local status & configuration)
- SNMP
Each service can be enabled/disabled and restricted to permit only request coming from specified address(es).
The requirement is to extract the information about the services of all the networks of the organization.
Let's write some code!
The script
For the script I used these tools:
- Meraki Dashboard API Python Library to read data
- Click for the command line interface
- Rich for the progress bar and the tables
- Black for code formatting
- Poetry for packaging and publication on PyPI
The script collects the statuses of the Appliance Services of each network of the organization and prints them with Rich for a nice output.
Source code available in GitHub. .
Poetry
What is Poetry?
Poetry is a tool for dependency management and packaging in Python.
I’ve used setuptools for another project but of course I’m too curious to use the same tool for two consecutive projects.
I’ll briefly describe the steps to create the package. Go to the official Poetry documentation for the details.
Start creating a a new project:
poetry new merakiFirewalledServices
cd merakiFirewalledServices
Add the file merakiFirewalledServices.py that is the actual script:
merakiLocalStatusPage/
├── LICENSE
├── README.MD
├── merakiFirewalledServices
│ └── merakiFirewalledServices.py
├── poetry.lock
└── pyproject.toml
Edit pyproject.toml. The key point here is to define the script entry point name:
[tool.poetry.scripts]
merakiFirewalledServices = "merakifirewalledservices.merakiFirewalledServices:main"
Add dependencies:
poetry add meraki
poetry add click
poetry add rich
Trick: I migrated the dependencies from requirements.txt to Poetry with the command
poetry add $(cat requirements.txt)
The reverse is also possible with
poetry export -f requirements.txt --without-hashes > requirements.txt
Build the package:
poetry build
The files are saved in /dist. Install the package on the local machine using pip:
python -m pip install dist/merakiFirewalledServices-0.1.2-py3-none-any.whl
Use a Python virtual environment to avoid conflicts of package versions.
Run the script:
merakiFirewalledServices
Example of execution with the Meraki DevNet Sandbox API Key.
Publish on PyPI
Python Package Index (PyPI) is a repository of software written in Python.
This script is available on Pypi here .
The publication process requires a PyPi account and then run:
poetry publish
That’s it!
Wrap-up
Poetry is a simple yet powerful tool to package Python scripts and make them available on the CLI for customers and Ops team.
Most of my scripts are for internal use for my team or myself, hosted in a private PyPI repository that runs in a Docker container.
I really enjoy the opportunity to write custom tools and create value despite my bad