python获取公司动态ip更改阿里云安全组策略

公司在阿里云购买了几十台电脑，我分了4个安全组。由于公司的ip是动态的，每次ip变动，就要重新设置一遍安全组的策略，于是就有了下面python写的脚本来解决这个问题。

#author:mistake_over
#date:2018-12-17
#公司的动态ip自动配置到阿里云安全组

#coding=utf-8
import json
import re
import requests
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.request import CommonRequest

#通过ip.cn网站获取外网ip地址
def get_now_ip():
    url=\"https://ip.cn/\"
    headers = { \'User-Agent\': \"curl/10.0\",\"Content-type\":\"application/x-www-form-urlencoded\",\"Accept\":\"text/plain\"}
    req = requests.get(url,headers=headers)
    now_ip = re.match(\'当前 IP: (.*?) 来自:.*?\',req.text).group(1)
    print(\"当前ip：%s\" % now_ip)
    return (now_ip)

#取出存放在ip.log文件中的ip
def get_old_ip(ipfile):
    open_files = open(ipfile, \"r\")
    old_ip = open_files.read()
    open_files.close()
    print(\"老ip：%s\" % old_ip)
    return (old_ip)

#保存现在的外网ip到ip.log
def save_now_ip_in_log():
        open_files = open(\'ip-hangzhou.log\', \"w+\")
        open_files.write(now_ip)
        open_files.close()

#取出阿里安全组ip和其port，以[{...},{...}]形式体现
def get_source_ip():
    source_ip=[]
    request.set_action_name(\'DescribeSecurityGroupAttribute\')
    request.add_query_param(\'RegionId\', RegionId)
    request.add_query_param(\'SecurityGroupId\', sid)
    request.add_query_param(\'NicType\', \'intranet\')
    request.add_query_param(\'Direction\', \'all\')
    response = client.do_action_with_exception(request)
    # print(response)
    # text = re.match(r\'^b\\\'(.*?)\\\'$\' ,str(response)).group(1)
    text = response.decode(encoding=\'utf-8\')
    # print(text)
    text = json.loads(text)
    text_ip=text[\"Permissions\"][\"Permission\"]
    # print(text_ip)
    #过滤按照公司之前ip制定的策略
    for i in text_ip:
        if i[\'SourceCidrIp\'] == old_ip:
            source_ip.append({\'SourceCidrIp\':i[\'SourceCidrIp\'],\'PortRange\':i[\'PortRange\']})
    return source_ip

#根据ip和port移除规则
def remove_ip():
    request.set_action_name(\'RevokeSecurityGroup\')
    request.add_query_param(\'RegionId\', RegionId)
    request.add_query_param(\'SecurityGroupId\', sid)
    request.add_query_param(\'SourceCidrIp\', sip[\'SourceCidrIp\'])
    request.add_query_param(\'PortRange\', sip[\'PortRange\'])
    request.add_query_param(\'IpProtocol\', \'tcp\')
    request.add_query_param(\'NicType\', \'intranet\')
    response = client.do_action_with_exception(request)

#添加规则
def add_ip():
    request.set_action_name(\'AuthorizeSecurityGroup\')
    request.add_query_param(\'RegionId\', RegionId)
    request.add_query_param(\'SecurityGroupId\', sid)
    request.add_query_param(\'SourceCidrIp\', cip[\'SourceCidrIp\'])
    request.add_query_param(\'PortRange\', cip[\'PortRange\'])
    request.add_query_param(\'IpProtocol\', \'tcp\')
    request.add_query_param(\'NicType\', \'intranet\')
    response = client.do_action_with_exception(request)

if __name__ == \"__main__\":
    ##杭州地区安全策略更改
    #接入阿里
    client = AcsClient(\'xxxxxxxxxxxx\', \'xxxxxxxxxxxxx\', \'RegionId\')
    print(client)
    RegionId = \'cn-hangzhou\'
    SecurityGroupId=[\'sg-xxxxxx\',\'sg-xxxxx\',\'sg-xxxxxx\',]
    #安全组ID(pro，uat,test)
    NicType=\'internet\'
    Direction=\'all\'

    request = CommonRequest()
    request.set_accept_format(\'json\')  # 阿里云返回的数据类型为json格式
    request.set_domain(\'ecs.aliyuncs.com\')
    request.set_method(\'POST\')
    request.set_version(\'2014-05-26\')  # api版本

    old_ip = get_old_ip(\"ip-hangzhou.log\")
    now_ip = get_now_ip()
    change_ip_port = []
    if now_ip != old_ip:
        for sid in SecurityGroupId:
            source_ip_port = get_source_ip()
            print(source_ip_port)
            for i in source_ip_port:
                change_ip_port.append({\'SourceCidrIp\': now_ip, \'PortRange\': i[\'PortRange\']})
            print(\"更改的ip项: %s\" % change_ip_port)

            for ip in source_ip_port:
                sip=ip
                remove_ip()
            for ip in change_ip_port:
                cip=ip
                add_ip()

        save_now_ip_in_log()
    else:
        print(\"ip没有变动，不执行任何操作\")

    ##更改华北青岛的灾备安全组策略
    # 接入阿里
    client = AcsClient(\'xxxxxxxx\', \'xxxxxxxxxxxxxxxxx\', \'RegionId\')
    print(client)
    RegionId = \'cn-qingdao\'
    SecurityGroupId = [\'sg-xxxxxxxxx\']

    NicType = \'internet\'
    Direction = \'all\'

    request = CommonRequest()
    request.set_accept_format(\'json\')  # 阿里云返回的数据类型为json格式
    request.set_domain(\'ecs.aliyuncs.com\')
    request.set_method(\'POST\')
    request.set_version(\'2014-05-26\')  # api版本

    old_ip = get_old_ip(\"ip-qingdao.log\")
    now_ip = get_now_ip()
    change_ip_port = []
    if now_ip != old_ip:
        for sid in SecurityGroupId:
            source_ip_port = get_source_ip()
            print(source_ip_port)
            for i in source_ip_port:
                change_ip_port.append({\'SourceCidrIp\': now_ip, \'PortRange\': i[\'PortRange\']})
            print(\"更改的ip项: %s\" % change_ip_port)

            for ip in source_ip_port:
                sip = ip
                remove_ip()
            for ip in change_ip_port:
                cip = ip
                add_ip()

        save_now_ip_in_log()
    else:
        print(\"ip没有变动，不执行任何操作\")