def test_get_security_groups():
api = asmapi.Api('us-east-1')
api.client = MockClient()
groups = api.get_security_groups()
sg = groups[0]
assert sg is not None
assert 'Created for Elasticsearch' in sg.description
assert sg.group_id == 'sg-ebe1ac8f'
assert sg.group_name == 'Elasticsearch'
# for rule in sg.egress_rules:
# print("- Egress rule: {0}".format(str(rule)))
# for rule in sg.ingress_rules:
# print("+ Ingress rule: {0}".format(str(rule)))
assert len(sg.egress_rules) == 1
assert sg.egress_rules[0].protocol == awsSecurityGroup.ALL_PROTOCOLS
assert sg.egress_rules[0].cidr == "0.0.0.0/0"
assert len(sg.ingress_rules) == 9
assert sg.ingress_rules[0].protocol == 'tcp'
assert sg.ingress_rules[0].cidr == "209.6.205.245/32"
assert sg.ingress_rules[0].from_port == 22
assert sg.ingress_rules[0].to_port == 22
def test_authorize_ingress():
# Get the test security group
api = asmapi.Api('us-east-1')
api.client = MockClient()
groups = api.get_security_groups(group_ids=['sg-ebe1ac8f'])
sg = groups[0]
assert sg is not None
assert sg.group_id == 'sg-ebe1ac8f'
assert sg.group_name == 'Elasticsearch'
# Request ingress
protocol = 'tcp'
from_port = 1234
to_port = 5678
cidr = '12.34.56.78/32'
ingress_rule = awsSecurityGroup.IngressRule(protocol, from_port, to_port, cidr)
api.authorize_ingress(security_group=sg, ingress_rule=ingress_rule)
# Request the security group, expect to see the added rule
groups = api.get_security_groups(group_ids=['sg-ebe1ac8f'])
found = False
for curr_group in groups:
print('Searching for {}'.format(ingress_rule))
for curr_rule in curr_group.ingress_rules:
print(' Testing {}'.format(curr_rule))
if curr_rule == ingress_rule:
print(' Found!!')
found = True
# assert ingress_rule in curr_group.ingress_rules
assert found
def get(self):
print('GET groups')
mngr = mngr_api.Api(REGION)
aws_groups = mngr.get_security_groups()
print(aws_groups)
cidrs = query_registered_cidrs() # TODO: replace with persistence
data = Marshaller.merge_records(cidrs, aws_groups)
return data
def get(self, group_id):
parts = group_id.split('-')
assert parts[0] == 'sg'
print('GET group {0}'.format(group_id))
mngr = mngr_api.Api(REGION)
aws_groups = mngr.get_security_groups(group_ids=[group_id])
cidrs = query_registered_cidrs()
data = Marshaller.merge_records(cidrs, aws_groups)
return data
def post(self, group_id):
parts = group_id.split('-')
assert parts[0] == 'sg'
post_body = json.loads(request.data)
print('POST rules to group {0}, data: {1}'.format(group_id, post_body))
mngr = mngr_api.Api(REGION)
sg_group = mngr.get_security_groups(group_ids=[group_id])[0]
for curr in post_body:
# TODO: validate cidr here or let Amazon handle that?
cidr_str = curr['cidr']
try:
cidrs = mngr.get_registered_cidrs(cidr_str=cidr)[0]
except IndexError:
description = curr['description']
owner = curr.get('owner')
location = curr.get('location')
cidr = registeredCidr.RegisteredCidr(
cidr=cidr_str,
description=description,
owner=owner,
location=location,
expiration=RegisteredCidr.DO_NOT_EXPIRE)
# Persist to store
mngr.post_registered_cidr(cidr)
protocol = curr.get('protocol', ALL_PROTOCOLS)
from_port = curr['from_port']
to_port = curr['to_port']
expiration = curr.get('expiration', DO_NOT_EXPIRE)
ingress_rule = awsSecurityGroup.IngressRule(
protocol, from_port, to_port, cidr)
mngr.authorize_ingress(sg_group, ingress_rule)
cidrs = query_registered_cidrs()
data = Marshaller.merge_records(cidrs, aws_groups)
return data
def post(self):
"""Creates a new blog category."""
mngr = mngr_api.Api(REGION)
mngr.create_rule(request.json)
return None, 201