def security_group_rules(self, security_group_cfg): """Build Security Group Rules defined in config.""" msg = "'{}' into '{}' over ports {} ({})" for sg_name, rules in security_group_cfg.items(): sg = self.evpc.get_security_group(sg_name) permissions = [] for rule in rules: protocol = rule[1] from_port, to_port = get_port_range(rule[2], protocol) src_sg = self.evpc.get_security_group(rule[0]) permission = { 'IpProtocol' : protocol, 'FromPort' : from_port, 'ToPort' : to_port, } if src_sg is None: permission['IpRanges'] = [{'CidrIp' : rule[0]}] else: permission['UserIdGroupPairs'] = [{'GroupId':src_sg.id}] permissions.append(permission) fmsg = msg.format(rule[0],sg_name,rule[2],rule[1].upper()) self.log.emit(fmsg) sg.authorize_ingress( IpPermissions = permissions )
def security_group_inbound_rules(self, security_group_cfg): """Build inbound rule for Security Group defined in config.""" msg = "inbound connection from '{}' to '{}' over ports {} ({})" for sg_name, rules in security_group_cfg.items(): sg = self.evpc.get_security_group(sg_name) permissions = [] for rule in rules.get('inbound', {}): protocol = rule[1] from_port, to_port = get_port_range(rule[2], protocol) src_sg = self.evpc.get_security_group(rule[0]) permission = { 'IpProtocol' : protocol, 'FromPort' : from_port, 'ToPort' : to_port, } if src_sg is None: permission['IpRanges'] = [{'CidrIp' : rule[0]}] else: permission['UserIdGroupPairs'] = [{'GroupId':src_sg.id}] permissions.append(permission) fmsg = msg.format(rule[0],sg_name,rule[2],rule[1].upper()) self.log.emit(fmsg) if permissions: sg.authorize_ingress( IpPermissions = permissions )
def security_group_rule_to_permission(self, rule): """Return a permission dictionary from a rule tuple.""" protocol = rule[1] from_port, to_port = get_port_range(rule[2], protocol) sg = self.evpc.get_security_group(rule[0]) permission = {"IpProtocol": protocol, "FromPort": from_port, "ToPort": to_port} if sg is None: permission["IpRanges"] = [{"CidrIp": rule[0]}] else: permission["UserIdGroupPairs"] = [{"GroupId": sg.id}] return permission
def security_group_rule_to_permission(self, rule): """Return a permission dictionary from a rule tuple.""" protocol = rule[1] from_port, to_port = get_port_range(rule[2], protocol) sg = self.evpc.get_security_group(rule[0]) permission = { 'IpProtocol': protocol, 'FromPort': from_port, 'ToPort': to_port, } if sg is None: permission['IpRanges'] = [{'CidrIp': rule[0]}] else: permission['UserIdGroupPairs'] = [{'GroupId': sg.id}] return permission
def security_group_rule_to_permission(self, rule): """Return a permission dictionary from a rule tuple.""" protocol = rule[1] from_port, to_port = get_port_range(rule[2], protocol) sg = self.evpc.get_security_group(rule[0]) permission = { 'IpProtocol' : protocol, 'FromPort' : from_port, 'ToPort' : to_port, } if sg is None: permission['IpRanges'] = [{'CidrIp' : rule[0]}] else: permission['UserIdGroupPairs'] = [{'GroupId':sg.id}] return permission
def test_all_caps_port(self): self.assertTupleEqual(get_port_range("ALL"), (1, 65535))
def test_icmp_is_negative_one_tuple(self): self.assertTupleEqual(get_port_range('anything', 'icmp'), (-1, -1))
def test_5000_5009_port_with_whitespace(self): self.assertTupleEqual(get_port_range(" 5000- 5009"), (5000, 5009))
def test_empty_port_raises_exception(self): with self.assertRaises(Exception): get_port_range("")
def test_taco_port_raises_value_error(self): with self.assertRaises(ValueError): get_port_range("taco")
def test_all_mixed_port_raises_value_error(self): with self.assertRaises(ValueError): get_port_range('aLL')
def test_icmp_is_negative_one_tuple(self): self.assertTupleEqual(get_port_range('anything', 'icmp'), (-1, -1))
def test_all_caps_port(self): self.assertTupleEqual(get_port_range('ALL'), (1, 65535))
def test_5000_5009_port(self): self.assertTupleEqual(get_port_range('5000-5009'), (5000, 5009))
def test_icmp_is_negative_one_tuple(self): self.assertTupleEqual(get_port_range("anything", "icmp"), (-1, -1))
def test_all_mixed_port_raises_value_error(self): with self.assertRaises(ValueError): get_port_range("aLL")
def test_taco_port_raises_value_error(self): with self.assertRaises(ValueError): get_port_range('taco')
def test_no_port_raises_exception(self): with self.assertRaises(TypeError): get_port_range()
def test_no_port_raises_exception(self): with self.assertRaises(TypeError): get_port_range()
def test_443_port(self): self.assertTupleEqual(get_port_range("443"), (443, 443))
def test_empty_port_raises_exception(self): with self.assertRaises(Exception): get_port_range('')
def test_tuple_returns_tuple(self): # allows get_port_range to be called many times on its own results. self.assertTupleEqual(get_port_range((53, 53)), (53, 53))
def test_443_port(self): self.assertTupleEqual(get_port_range('443'), (443, 443))
def test_5000_5009_port_with_whitespace(self): self.assertTupleEqual(get_port_range(' 5000- 5009'), (5000, 5009))
def test_all_port(self): self.assertTupleEqual(get_port_range('all'), (1, 65535))