Meraki Firewalled Services and Poetry
In this post I describe how to use Poetry to build and package a tool to verify the status of Meraki Firewalled Services (ICMP, SNMP and Web).
A customer with a large Cisco Meraki network is not using templates for $reasons.
If you manage a Meraki network, use templates!
mistake choice makes the network harder to manage and to validate the consistency of the configurations.
On Oct 5th 2020 Meraki released a document notifying a Local Status Page Vulnerability that raised a question:
“How many devices have remote access enabled?"
Meraki Appliance Services
The Meraki MX firewall has 3 Appliance Services :
- ICMP Ping
- Web (local status & configuration)
Each service can be enabled/disabled and restricted to permit only request coming from specified address(es).
The requirement is to extract the information about the services of all the networks of the organization.
Let's write some code!
For the script I used these tools:
- Meraki Dashboard API Python Library to read data
- Click for the command line interface
- Rich for the progress bar and the tables
- Black for code formatting
- Poetry for packaging and publication on PyPI
Source code available in GitHub. .
What is Poetry?
Poetry is a tool for dependency management and packaging in Python.
I’ll briefly describe the steps to create the package. Go to the official Poetry documentation for the details.
Start creating a a new project:
poetry new merakiFirewalledServices cd merakiFirewalledServices
Add the file merakiFirewalledServices.py that is the actual script:
merakiLocalStatusPage/ ├── LICENSE ├── README.MD ├── merakiFirewalledServices │ └── merakiFirewalledServices.py ├── poetry.lock └── pyproject.toml
Edit pyproject.toml. The key point here is to define the script entry point name:
[tool.poetry.scripts] merakiFirewalledServices = "merakifirewalledservices.merakiFirewalledServices:main"
poetry add meraki poetry add click poetry add rich
Trick: I migrated the dependencies from requirements.txt to Poetry with the command
poetry add $(cat requirements.txt)
The reverse is also possible with
poetry export -f requirements.txt --without-hashes > requirements.txt
Build the package:
The files are saved in /dist. Install the package on the local machine using pip:
python -m pip install dist/merakiFirewalledServices-0.1.2-py3-none-any.whl
Use a Python virtual environment to avoid conflicts of package versions.
Run the script:
Example of execution with the Meraki DevNet Sandbox API Key.
Publish on PyPI
Python Package Index (PyPI) is a repository of software written in Python.
This script is available on Pypi here .
The publication process requires a PyPi account and then run:
Poetry is a simple yet powerful tool to package Python scripts and make them available on the CLI for customers and Ops team.
Most of my scripts are for internal use for my team or myself, hosted in a private PyPI repository that runs in a Docker container.
I really enjoy the opportunity to write custom tools and create value despite my
basic coding skills. bad