def _build_ports_strings(self, nsg, direction_key, ip_protocol): nsg_ports = PortsRangeHelper.build_ports_dict(nsg, direction_key, ip_protocol) IsAllowed = StringUtils.equal(self.access_action, ALLOW_OPERATION) # Find ports with different access level from NSG and this action diff_ports = sorted([p for p in self.action_ports if nsg_ports.get(p, False) != IsAllowed]) return PortsRangeHelper.get_ports_strings_from_list(diff_ports)
def _check_nsg(self, nsg): nsg_ports = PortsRangeHelper.build_ports_dict(nsg, self.direction_key, self.ip_protocol) num_allow_ports = len([p for p in self.ports if nsg_ports.get(p)]) num_deny_ports = len(self.ports) - num_allow_ports if self.match == 'all': if self.IsAllowed: return num_deny_ports == 0 else: return num_allow_ports == 0 if self.match == 'any': if self.IsAllowed: return num_allow_ports > 0 else: return num_deny_ports > 0
def test_build_ports_dict(self): securityRules = [ {'properties': {'destinationPortRange': '80-84', 'priority': 100, 'direction': 'Outbound', 'access': 'Allow', 'protocol': 'TCP'}}, {'properties': {'destinationPortRange': '85-89', 'priority': 110, 'direction': 'Outbound', 'access': 'Allow', 'protocol': 'UDP'}}, {'properties': {'destinationPortRange': '80-84', 'priority': 120, 'direction': 'Inbound', 'access': 'Deny', 'protocol': 'TCP'}}, {'properties': {'destinationPortRange': '85-89', 'priority': 130, 'direction': 'Inbound', 'access': 'Deny', 'protocol': 'UDP'}}, {'properties': {'destinationPortRange': '80-89', 'priority': 140, 'direction': 'Inbound', 'access': 'Allow', 'protocol': '*'}}] nsg = {'properties': {'securityRules': securityRules}} self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'TCP'), {k: k > 84 for k in range(80, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'UDP'), {k: k < 85 for k in range(80, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', '*'), {k: False for k in range(80, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'TCP'), {k: True for k in range(80, 85)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'UDP'), {k: True for k in range(85, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', '*'), {k: True for k in range(80, 90)})
def test_build_ports_dict(self): securityRules = [ {'properties': {'destinationPortRange': '80-84', 'priority': 100, 'direction': 'Outbound', 'access': 'Allow', 'protocol': 'TCP'}}, {'properties': {'destinationPortRange': '85-89', 'priority': 110, 'direction': 'Outbound', 'access': 'Allow', 'protocol': 'UDP'}}, {'properties': {'destinationPortRange': '80-84', 'priority': 120, 'direction': 'Inbound', 'access': 'Deny', 'protocol': 'TCP'}}, {'properties': {'destinationPortRange': '85-89', 'priority': 130, 'direction': 'Inbound', 'access': 'Deny', 'protocol': 'UDP'}}, {'properties': {'destinationPortRange': '80-89', 'priority': 140, 'direction': 'Inbound', 'access': 'Allow', 'protocol': '*'}}] nsg = {'properties': {'securityRules': securityRules}} self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'TCP'), {k: k > 84 for k in range(80, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'UDP'), {k: k < 85 for k in range(80, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', '*'), {k: False for k in range(80, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'TCP'), {k: True for k in range(80, 85)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'UDP'), {k: True for k in range(85, 90)}) self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', '*'), {k: True for k in range(80, 90)})