Python RuleSet Exemples

Exemple #1

Fichier : sgtables.py Projet : RetailMeNotSandbox/sgtools

def do_list_rules(args):
    groups = args.aws.ec2.SecurityGroups.get(filters={'group-id': args.groups})
    rs = RuleSet()
    rs.flatten_groups(groups)
    for rule in rs:
        print(RuleFormatter(args.aws.account_id).format_rule(rule), file=args.outfile)
    return 0

Exemple #2

Fichier : test_sgengine.py Projet : RetailMeNotSandbox/sgtools

 def test_render_groups(self):
     # ensure that a given rule set is converted to the equivalent security
     # group hierachy
     rs = RuleSet()
     for flat in self.flat:
         rs.add(Rule(flat))
     self.assertEqual(self.groups, rs.render_groups())

Exemple #3

Fichier : test_sgengine.py Projet : eredding-rmn/sgtools

 def test_render_groups(self):
     # ensure that a given rule set is converted to the equivalent security
     # group hierachy
     rs = RuleSet()
     for flat in self.flat:
         rs.add(Rule(flat))
     self.assertEqual(self.groups, rs.render_groups())

Exemple #4

Fichier : sgtables.py Projet : eredding-rmn/sgtools

def do_list_rules(args):
    groups = args.aws.ec2.SecurityGroups.get(filters={'group-id': args.groups})
    rs = RuleSet()
    rs.flatten_groups(groups)
    for rule in rs:
        print(RuleFormatter(args.aws.account_id).format_rule(rule),
              file=args.outfile)
    return 0

Exemple #5

Fichier : test_sgengine.py Projet : RetailMeNotSandbox/sgtools

 def test_adds_missing_ports(self):
     groups = [{
         "GroupId": "sg-23456789",
         "IpPermissions": [{
             "IpProtocol": -1,
             "UserIdGroupPairs": [],
             "IpRanges": [{
                 "CidrIp": "5.6.7.8/32",
             }],
         }],
         "IpPermissionsEgress": [],
     }]
     rs = RuleSet()
     rs.flatten_groups(groups)
     for group in rs:
         self.assertEqual(group["FromPort"], -1)
         self.assertEqual(group["ToPort"], -1)

Exemple #6

Fichier : test_sgengine.py Projet : eredding-rmn/sgtools

 def test_adds_missing_ports(self):
     groups = [{
         "GroupId":
         "sg-23456789",
         "IpPermissions": [{
             "IpProtocol": -1,
             "UserIdGroupPairs": [],
             "IpRanges": [{
                 "CidrIp": "5.6.7.8/32",
             }],
         }],
         "IpPermissionsEgress": [],
     }]
     rs = RuleSet()
     rs.flatten_groups(groups)
     for group in rs:
         self.assertEqual(group["FromPort"], -1)
         self.assertEqual(group["ToPort"], -1)

Exemple #7

Fichier : sgtables.py Projet : eredding-rmn/sgtools

def do_update_rules(args):
    log.info("Operation: update")
    rules, errors = read_rules(args.files)
    if errors:
        map(log.error, errors)
        return 1

    log.debug("Collecting active rules")
    group_args = (args.profile, args.region, args.vpc)
    remote_groups = groups_for(*group_args)
    if args.obliterate:
        log.warning(
            "Obliterate: Updating all groups in {} {} {}".format(*group_args))
    else:
        affected_groups = list(
            set(args.groups).intersection(set(g['GroupId'] for g in rules)))
        if not affected_groups:
            log.warning("No affected groups")
            return 0
        log.debug("Affected groups: {}".format(", ".join(affected_groups)))
        remote_groups = [
            g for g in remote_groups if g['GroupId'] in affected_groups
        ]

    remote_rules = RuleSet().flatten_groups(remote_groups)
    add_set = rules - remote_rules
    remove_set = remote_rules - rules
    if args.add_before_remove:
        error = change_rules(args, add_set, "add")
        if error != 0:
            return error
        return change_rules(args, remove_set, "remove")
    else:
        error = change_rules(args, remove_set, "remove")
        if error != 0:
            return error
        return change_rules(args, add_set, "add")

Exemple #8

Fichier : test_sgengine.py Projet : RetailMeNotSandbox/sgtools

 def test_flatten_groups(self):
     # ensure that a group structure is flattened to the equivalent set of Rules
     rs = RuleSet()
     rs.flatten_groups(self.groups)
     for group in rs:
         self.assertIn(dict(group), self.flat)

Exemple #9

Fichier : test_sgengine.py Projet : RetailMeNotSandbox/sgtools

 def test_add_rule(self):
     # ensure that rules are coerced to Rules
     rs = RuleSet()
     rs.add(dict(chain(self.rule_params.items(), self.cidrsrc_param.items())))
     self.assertIsInstance(rs.pop(), Rule)

Exemple #10

Fichier : test_sgengine.py Projet : eredding-rmn/sgtools

 def test_flatten_groups(self):
     # ensure that a group structure is flattened to the equivalent set of Rules
     rs = RuleSet()
     rs.flatten_groups(self.groups)
     for group in rs:
         self.assertIn(dict(group), self.flat)

Exemple #11

Fichier : test_sgengine.py Projet : eredding-rmn/sgtools

 def test_add_rule(self):
     # ensure that rules are coerced to Rules
     rs = RuleSet()
     rs.add(
         dict(chain(self.rule_params.items(), self.cidrsrc_param.items())))
     self.assertIsInstance(rs.pop(), Rule)