def test_jenkins_load_balancer_sg_valid(self) -> None:
"""
Ensure that the security group attached to the Jenkins server load balancer is as expected
"""
try:
sg = SecurityGroup.get_security_groups(
'global-jenkins-server-lb-security-group')[0]
except IndexError:
self.assertTrue(False)
return
ingress = sg.get('IpPermissions')
egress = sg.get('IpPermissionsEgress')
egress_80 = SecurityGroup.validate_sg_rule_cidr(
egress[0], 'tcp', 80, 80, '0.0.0.0/0')
egress_22 = SecurityGroup.validate_sg_rule_cidr(
egress[1], 'tcp', 22, 22, '0.0.0.0/0')
egress_2049 = SecurityGroup.validate_sg_rule_cidr(
egress[3], '-1', 0, 0, '0.0.0.0/0')
egress_443 = SecurityGroup.validate_sg_rule_cidr(
egress[2], 'tcp', 443, 443, '0.0.0.0/0')
self.assertTrue(
all([
len(ingress) == 0,
len(egress) == 4, egress_80, egress_22, egress_2049, egress_443
]))
def test_jenkins_efs_sg_valid(self) -> None:
"""
Determine if the security group for EFS is as expected
"""
sg = SecurityGroup.get_security_groups('jenkins-efs-security')[0]
ingress = sg.get('IpPermissions')
egress = sg.get('IpPermissionsEgress')
ingress_2049 = SecurityGroup.validate_sg_rule_cidr(ingress[0], 'tcp', 2049, 2049, '10.0.0.0/16')
egress_2049 = SecurityGroup.validate_sg_rule_cidr(egress[0], 'tcp', 2049, 2049, '10.0.0.0/16')
self.assertTrue(all([
sg.get('GroupName') == 'jenkins-efs-security',
ingress_2049,
egress_2049
]))
def validate_sandbox_sg_rules(self, ingress: list, egress: list):
"""
Ensure that the sandbox-vpc security group rules are as expected
:param ingress: Ingress rules for the security group
:param egress: Egress rules for the security group
:return: True if the security group rules exist as expected, False otherwise
"""
ingress_80 = SecurityGroup.validate_sg_rule_cidr(
ingress[0], 'tcp', 80, 80, '0.0.0.0/0')
ingress_22 = SecurityGroup.validate_sg_rule_cidr(
ingress[1], 'tcp', 22, 22, '0.0.0.0/0')
ingress_443 = SecurityGroup.validate_sg_rule_cidr(
ingress[2], 'tcp', 443, 443, '0.0.0.0/0')
ingress_neg1 = SecurityGroup.validate_sg_rule_cidr(
ingress[3], 'icmp', -1, -1, '0.0.0.0/0')
egress_80 = SecurityGroup.validate_sg_rule_cidr(
egress[0], 'tcp', 80, 80, '0.0.0.0/0')
egress_neg1 = SecurityGroup.validate_sg_rule_cidr(
egress[1], '-1', 0, 0, '0.0.0.0/0')
egress_443 = SecurityGroup.validate_sg_rule_cidr(
egress[2], 'tcp', 443, 443, '0.0.0.0/0')
return all([
len(ingress) == 4, ingress_80, ingress_22, ingress_443,
ingress_neg1,
len(egress) == 3, egress_80, egress_neg1, egress_443
])
def validate_jenkins_load_balancer_sg_rules(ingress: list, egress: list):
"""
Ensure that the jenkins-{env}-lb-security-group security group rules are as expected
:param ingress: Ingress rules for the security group
:param egress: Egress rules for the security group
:return: True if the security group rules exist as expected, False otherwise
"""
ingress_80 = SecurityGroup.validate_sg_rule_cidr(
ingress[0], 'tcp', 80, 80, '0.0.0.0/0')
ingress_443 = SecurityGroup.validate_sg_rule_cidr(
ingress[1], 'tcp', 443, 443, '0.0.0.0/0')
egress_neg1 = SecurityGroup.validate_sg_rule_cidr(
egress[0], '-1', 0, 0, '0.0.0.0/0')
return all([
len(ingress) == 2, ingress_80, ingress_443,
len(egress) == 1, egress_neg1
])
def test_jenkins_load_balancer_security_group(self) -> None:
sg = SecurityGroup.get_security_groups(
name=f'jenkins-{env}-lb-security-group')[0]
self.assertTrue(
all([
sg.get('GroupName') == f'jenkins-{env}-lb-security-group',
TestJenkinsKubernetes.validate_jenkins_load_balancer_sg_rules(
sg.get('IpPermissions'), sg.get('IpPermissionsEgress'))
]))
def test_jarombek_com_sg_valid(self) -> None:
"""
Ensure that the security group attached to the jarombek-com-vpc is as expected
"""
sg = SecurityGroup.get_security_groups('jarombek-com-vpc-security')[0]
self.assertTrue(all([
sg.get('GroupName') == 'jarombek-com-vpc-security',
self.validate_jarombek_com_sg_rules(sg.get('IpPermissions'), sg.get('IpPermissionsEgress'))
]))
def test_jenkins_launch_config_sg_valid(self) -> None:
"""
Ensure that the security group attached to the launch configuration is as expected
"""
lcs = self.autoscaling.describe_launch_configurations(
LaunchConfigurationNames=['global-jenkins-server-lc'],
MaxRecords=1)
try:
launch_config = lcs.get('LaunchConfigurations')[0]
except IndexError:
self.assertTrue(False)
return
sg_id = launch_config.get('SecurityGroups')[0]
sg = self.ec2.describe_security_groups(
GroupIds=[sg_id]).get('SecurityGroups')[0]
ingress = sg.get('IpPermissions')
egress = sg.get('IpPermissionsEgress')
ingress_80 = SecurityGroup.validate_sg_rule_cidr(
ingress[0], 'tcp', 80, 80, '0.0.0.0/0')
ingress_22 = SecurityGroup.validate_sg_rule_cidr(
ingress[1], 'tcp', 22, 22, '0.0.0.0/0')
egress_80 = SecurityGroup.validate_sg_rule_cidr(
egress[0], 'tcp', 80, 80, '0.0.0.0/0')
egress_22 = SecurityGroup.validate_sg_rule_cidr(
egress[0], 'tcp', 22, 22, '0.0.0.0/0')
egress_443 = SecurityGroup.validate_sg_rule_cidr(
egress[0], 'tcp', 443, 443, '0.0.0.0/0')
egress_2049 = SecurityGroup.validate_sg_rule_cidr(
egress[0], 'tcp', 2049, 2049, '0.0.0.0/0')
self.assertTrue(
all([
sg.get('GroupName') ==
'global-jenkins-server-lc-security-group',
len(ingress) == 2, ingress_80, ingress_22,
len(egress) == 4, egress_80, egress_22, egress_443, egress_2049
]))