Delinea Network Requirements Converter

Convert Delinea's Platform IP/CIDR network requirements JSON into firewall rules and infrastructure-as-code formats — via CLI or an interactive terminal UI.

Table of Contents

• Features
• Installation
• Quick Start
• Interactive TUI
• Commands
• Tenant Substitution
• Output Formats
• Diff
• Info
• Shell Completion
• Examples
• Contributing
• License
• Disclaimer

Features

• Interactive TUI — browse, filter, inspect, export, and diff entries without remembering flags
• 7 Output Formats — CSV, YAML, Terraform, Ansible, AWS Security Groups, Cisco ACL, PAN-OS XML
• Diff & Info — compare versions and show statistics
• Tenant Substitution — replace <tenant> placeholders with your actual tenant name
• Flexible Input — load from local files or remote URLs
• Shell Completion — bash, zsh, fish, and PowerShell

Installation

Pre-built Binaries (Recommended)

Linux / macOS

curl -sfL https://raw.githubusercontent.com/DelineaXPM/delinea-netconfig/main/install.sh | sh

Windows

Download the .zip for your architecture from GitHub Releases, extract delinea-netconfig.exe, and add it to your PATH.

Tip: The interactive tui command requires a modern terminal. Use Windows Terminal for the best experience — the classic cmd.exe console has limited support.

All other platforms: download the archive from GitHub Releases, extract, and move to your PATH.

Docker

# Fetch live from setup.delinea.app and convert (no local file needed)
docker run --rm ghcr.io/delineaxpm/delinea-netconfig:latest \
  convert -u https://setup.delinea.app/network-requirements --format csv

# Convert a local file (must exist in current directory)
docker run --rm -v "$(pwd):/data" ghcr.io/delineaxpm/delinea-netconfig:latest \
  convert -f /data/network-requirements.json --format csv

Go Install

go install github.com/DelineaXPM/delinea-netconfig/cmd/delinea-netconfig@latest

From Source

git clone https://github.com/DelineaXPM/delinea-netconfig.git
cd delinea-netconfig
make build

Quick Start

# Convert to CSV
delinea-netconfig convert -f network-requirements.json --format csv

# Convert with tenant substitution
delinea-netconfig convert -f network-requirements.json --format terraform --tenant mycompany

# Fetch from URL and convert
delinea-netconfig convert \
  -u https://setup.delinea.app/network-requirements \
  --format terraform --tenant mycompany

# Save multiple formats to a directory
delinea-netconfig convert -f network-requirements.json \
  --format csv,yaml,terraform,ansible,aws-sg \
  --output-dir ./configs

Interactive TUI

Launch an interactive terminal UI to browse, filter, and export — no flags to remember.

# Open file picker
delinea-netconfig tui

# Load a file directly
delinea-netconfig tui -f network-requirements.json

# Load from a remote URL
delinea-netconfig tui -u https://setup.delinea.app/network-requirements

# Compare two versions interactively
delinea-netconfig tui --diff old.json new.json

Key Bindings

Key	Action
↑ / k, ↓ / j	Navigate entries
Tab	Toggle All / Outbound / Inbound
/	Live text filter
r	Filter by region (enter to confirm, esc to cancel)
x	Clear region filter
Enter	Open entry detail
e	Export (from browser or detail)
d	Diff current file against another file
c	Copy IPs to clipboard (detail screen)
Esc	Cancel export / go back from diff or detail
Tab	Cycle diff tabs: All / Added / Removed / Modified
q / Ctrl+C	Quit

Commands

Command	Description
tui	Interactive terminal UI
convert	Convert to a supported output format
validate	Validate network requirements JSON
diff	Compare two versions
info	Show statistics
completion	Generate shell completion scripts
version	Show version information

Common Flags

-f, --file       Path to network-requirements.json
-u, --url        URL to fetch network-requirements.json
-o, --output     Output file (default: stdout)
    --output-dir Output directory for multiple formats
    --format      Output format(s): csv, yaml, terraform, ansible, aws-sg, cisco, panos
-t, --tenant     Substitute <tenant> placeholder
-v, --verbose    Verbose logging
-q, --quiet      Suppress non-error output

Tenant Substitution

Entries containing <tenant> placeholders are replaced with your actual tenant name:

<tenant>.secretservercloud.com  →  mycompany.secretservercloud.com
<tenant>.delinea.app            →  mycompany.delinea.app

delinea-netconfig convert -f network-requirements.json --format csv --tenant mycompany

Works across all output formats and in the TUI export form.

Output Formats

CSV

direction,service,region,type,value,protocol,ports,description,redundancy
outbound,platform_ssc_ips,global,ipv4,199.83.128.0/21,tcp,443,WAF IP ranges,

YAML

delinea_network_requirements:
  outbound:
    platform_ssc_ips:
      global:
        - type: ipv4
          values: [199.83.128.0/21]
          protocol: tcp
          ports: [443]

Terraform

variable "delinea_outbound_platform_ssc_ips_global_ipv4" {
  description = "platform_ssc_ips - WAF IP ranges (global)"
  type        = list(string)
  default     = ["199.83.128.0/21", "198.143.32.0/19"]
}

Ansible

delinea_firewall_rules:
  outbound:
    - name: platform_ssc_ips_global_ipv4
      destinations: [199.83.128.0/21]
      protocol: tcp
      ports: [443]

AWS Security Groups

Generates IpPermissions / IpPermissionsEgress JSON ready for use with aws ec2 authorize-security-group-* or CloudFormation.

Cisco ACL

ip access-list extended DELINEA-OUTBOUND
 10 remark platform_ssc_ips - WAF IP ranges
 11 permit tcp any 199.83.128.0 0.0.7.255 eq 443

CIDR notation is converted to wildcard masks; /32 addresses use the host keyword.

PAN-OS XML

Generates address objects, service objects, and security rules for Palo Alto Networks firewalls.

Diff

delinea-netconfig diff old.json new.json
delinea-netconfig diff --summary old.json new.json

Added (2 entries):
  + [outbound] new_service/us: 10.0.0.0/24 (tcp:[443])

Removed (1 entries):
  - [outbound] old_service/us: 192.168.1.0/24 (tcp:[80])

Summary: Added: 2  Removed: 1  Modified: 0  Total: 3

Or use delinea-netconfig tui --diff old.json new.json for the interactive tabbed view.

Info

delinea-netconfig info network-requirements.json

Shows total entries, direction breakdown, service distribution, protocol usage, and port frequency.

Shell Completion

# Bash
source <(delinea-netconfig completion bash)

# Zsh
source <(delinea-netconfig completion zsh)

# Fish
delinea-netconfig completion fish | source

# PowerShell
delinea-netconfig completion powershell | Out-String | Invoke-Expression

Install permanently (examples):

# Bash (Linux)
delinea-netconfig completion bash > /etc/bash_completion.d/delinea-netconfig

# Zsh
delinea-netconfig completion zsh > "${fpath[1]}/_delinea-netconfig"

# Fish
delinea-netconfig completion fish > ~/.config/fish/completions/delinea-netconfig.fish

Examples

Terraform Integration

delinea-netconfig convert -f network-requirements.json --format terraform -o delinea.tf

Reference the generated variables in your Terraform:

resource "aws_security_group_rule" "delinea_platform" {
  type              = "egress"
  from_port         = 443
  to_port           = 443
  protocol          = "tcp"
  cidr_blocks       = var.delinea_outbound_platform_ssc_ips_global_ipv4
  security_group_id = aws_security_group.main.id
}

Ansible Integration

delinea-netconfig convert -f network-requirements.json \
  --format ansible --tenant mycompany \
  -o group_vars/all/delinea_network.yml

Automated Updates with GitHub Actions

Keep firewall rules current by fetching the latest requirements on a schedule:

# .github/workflows/update-firewall-rules.yml
name: Update Firewall Rules
on:
  schedule:
    - cron: '0 0 * * 0'  # Weekly
  workflow_dispatch:

jobs:
  update:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install delinea-netconfig
        run: curl -sfL https://raw.githubusercontent.com/DelineaXPM/delinea-netconfig/main/install.sh | sh

      - name: Fetch and convert
        run: |
          delinea-netconfig convert \
            -u https://setup.delinea.app/network-requirements \
            --format terraform \
            --tenant ${{ secrets.DELINEA_TENANT }} \
            -o delinea.tf

      - name: Create Pull Request
        uses: peter-evans/create-pull-request@v5
        with:
          commit-message: Update Delinea network requirements
          title: 'chore: Update Delinea network requirements'
          branch: update-delinea-network-reqs

Contributing

See CONTRIBUTING.md for development setup, testing, and how to add new converters.

License

MIT License — see LICENSE for details.

Acknowledgments

• Built with Cobra CLI framework
• Uses goccy/go-yaml for YAML processing
• Interactive TUI powered by Bubble Tea, Bubbles, Lip Gloss, and Huh from Charm
• Clipboard support via atotto/clipboard
• Inspired by the need for easy network requirement management

Disclaimer

The content (scripts, documentation, examples) included in this repository is not supported under any Delinea standard support program, agreement, or service. The code is provided AS IS without warranty of any kind. Delinea further disclaims all implied warranties, including, without limitation, any implied warranties of merchantability or fitness for a particular purpose. The entire risk arising out of the code and content's use or performance remains with you. In no event shall Delinea, its authors, or anyone else involved in the creation, production, or delivery of the content shall be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the code or content, even if Delinea has been advised of the possibility of such damages.

---

Made with ❤️ by the Delinea Platform Team