def create_or_update(self, results):
parameters = NetworkSecurityGroup()
if results.get('rules'):
parameters.security_rules = []
for rule in results.get('rules'):
parameters.security_rules.append(create_rule_instance(rule))
if results.get('default_rules'):
parameters.default_security_rules = []
for rule in results.get('default_rules'):
parameters.default_security_rules.append(create_rule_instance(rule))
parameters.tags = results.get('tags')
parameters.location = results.get('location')
try:
poller = self.network_client.network_security_groups.create_or_update(self.resource_group,
self.name,
parameters)
result = self.get_poller_result(poller)
except CloudError as exc:
self.fail("Error creating/updating security group {0} - {1}".format(self.name, str(exc)))
return create_network_security_group_dict(result)
def create_or_update(self, results):
parameters = NetworkSecurityGroup()
if results.get('rules'):
parameters.security_rules = []
for rule in results.get('rules'):
parameters.security_rules.append(create_rule_instance(rule))
if results.get('default_rules'):
parameters.default_security_rules = []
for rule in results.get('default_rules'):
parameters.default_security_rules.append(create_rule_instance(rule))
parameters.tags = results.get('tags')
parameters.location = results.get('location')
try:
poller = self.network_client.network_security_groups.create_or_update(self.resource_group,
self.name,
parameters)
result = self.get_poller_result(poller)
except AzureHttpError as exc:
self.fail("Error creating/upating security group {0} - {1}".format(self.name, str(exc)))
return create_network_security_group_dict(result)
def create_security_group(self):
"""
Creates firewall rules
:return:
"""
with open(f'WebApp/DeploymentLogs/{self.protocol_name}.log',
'a+') as output_file:
print('Creating security groups', file=output_file)
parameters = NetworkSecurityGroup()
parameters.location = 'useast1'
parameters.security_rules = [
SecurityRule(description='AllIn',
protocol='Tcp',
source_port_range='*',
destination_port_range='*',
access='Allow',
direction='Inbound',
priority=100,
name='AllIn'),
SecurityRule(description='AllIn',
protocol='Tcp',
source_port_range='*',
destination_port_range='*',
access='Allow',
direction='Outbound',
priority=100,
name='AllIn')
]
self.network_client.network_security_groups.create_or_update(
self.resource_group, "test-nsg", parameters)
with open(f'WebApp/DeploymentLogs/{self.protocol_name}.log',
'a+') as output_file:
print(
'Done creating security groups, you will redirect to the deployment in few seconds..',
file=output_file)
def create_default_securitygroup(self, resource_group, location, name,
os_type, open_ports):
'''
Create a default security group <name>01 to associate with a network interface. If a security group matching
<name>01 exists, return it. Otherwise, create one.
:param resource_group: Resource group name
:param location: azure location name
:param name: base name to use for the security group
:param os_type: one of 'Windows' or 'Linux'. Determins any default rules added to the security group.
:param ssh_port: for os_type 'Linux' port used in rule allowing SSH access.
:param rdp_port: for os_type 'Windows' port used in rule allowing RDP access.
:return: security_group object
'''
security_group_name = name + '01'
group = None
self.log("Create security group {0}".format(security_group_name))
self.log("Check to see if security group {0} exists".format(
security_group_name))
try:
group = self.network_client.network_security_groups.get(
resource_group, security_group_name)
except CloudError:
pass
if group:
self.log("Security group {0} found.".format(security_group_name))
self.check_provisioning_state(group)
return group
parameters = NetworkSecurityGroup()
parameters.location = location
if not open_ports:
# Open default ports based on OS type
if os_type == 'Linux':
# add an inbound SSH rule
parameters.security_rules = [
SecurityRule('Tcp',
'*',
'*',
'Allow',
'Inbound',
description='Allow SSH Access',
source_port_range='*',
destination_port_range='22',
priority=100,
name='SSH')
]
parameters.location = location
else:
# for windows add inbound RDP and WinRM rules
parameters.security_rules = [
SecurityRule('Tcp',
'*',
'*',
'Allow',
'Inbound',
description='Allow RDP port 3389',
source_port_range='*',
destination_port_range='3389',
priority=100,
name='RDP01'),
SecurityRule('Tcp',
'*',
'*',
'Allow',
'Inbound',
description='Allow WinRM HTTPS port 5986',
source_port_range='*',
destination_port_range='5986',
priority=101,
name='WinRM01'),
]
else:
# Open custom ports
parameters.security_rules = []
priority = 100
for port in open_ports:
priority += 1
rule_name = "Rule_{0}".format(priority)
parameters.security_rules.append(
SecurityRule('Tcp',
'*',
'*',
'Allow',
'Inbound',
source_port_range='*',
destination_port_range=str(port),
priority=priority,
name=rule_name))
self.log(
'Creating default security group {0}'.format(security_group_name))
try:
poller = self.network_client.network_security_groups.create_or_update(
resource_group, security_group_name, parameters)
except Exception as exc:
self.fail("Error creating default security rule {0} - {1}".format(
security_group_name, str(exc)))
return self.get_poller_result(poller)
def create_default_securitygroup(self, resource_group, location, name, os_type, open_ports):
'''
Create a default security group <name>01 to associate with a network interface. If a security group matching
<name>01 exists, return it. Otherwise, create one.
:param resource_group: Resource group name
:param location: azure location name
:param name: base name to use for the security group
:param os_type: one of 'Windows' or 'Linux'. Determins any default rules added to the security group.
:param ssh_port: for os_type 'Linux' port used in rule allowing SSH access.
:param rdp_port: for os_type 'Windows' port used in rule allowing RDP access.
:return: security_group object
'''
security_group_name = name + '01'
group = None
self.log("Create security group {0}".format(security_group_name))
self.log("Check to see if security group {0} exists".format(security_group_name))
try:
group = self.network_client.network_security_groups.get(resource_group, security_group_name)
except CloudError:
pass
if group:
self.log("Security group {0} found.".format(security_group_name))
self.check_provisioning_state(group)
return group
parameters = NetworkSecurityGroup()
parameters.location = location
if not open_ports:
# Open default ports based on OS type
if os_type == 'Linux':
# add an inbound SSH rule
parameters.security_rules = [
SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow SSH Access',
source_port_range='*', destination_port_range='22', priority=100, name='SSH')
]
parameters.location = location
else:
# for windows add inbound RDP and WinRM rules
parameters.security_rules = [
SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389',
source_port_range='*', destination_port_range='3389', priority=100, name='RDP01'),
SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow WinRM HTTPS port 5986',
source_port_range='*', destination_port_range='5986', priority=101, name='WinRM01'),
]
else:
# Open custom ports
parameters.security_rules = []
priority = 100
for port in open_ports:
priority += 1
rule_name = "Rule_{0}".format(priority)
parameters.security_rules.append(
SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', source_port_range='*',
destination_port_range=str(port), priority=priority, name=rule_name)
)
self.log('Creating default security group {0}'.format(security_group_name))
try:
poller = self.network_client.network_security_groups.create_or_update(resource_group,
security_group_name,
parameters)
except Exception as exc:
self.fail("Error creating default security rule {0} - {1}".format(security_group_name, str(exc)))
return self.get_poller_result(poller)
def add_nsg_rule(
self,
rg_name=None,
location=None,
nsg_name=None,
protocol="Tcp",
direction="Inbound",
access="Allow",
description="Test automation rule",
source_port_range="*",
destination_port_range=None,
priority=700,
name="test_automation",
source_address_prefix="*",
destination_address_prefix="*",
):
""" Add new rule to Azure Network Security Group.
Args:
rg_name (str): Azure resource group name
location (str): Azure resource group location
nsg_name (str): Azure NSG name
protocol (str): protocol for rule (Tcp, Udp)
direction (str): web traffic direction (Inbound, Outbound)
access (str): access policy for rule (Allow, Deny)
description (str): rule description
source_port_range (str): source port range for rule
destination_port_range (str): destination port range for rule
priority (int): rule priority
name (str): rule name
source_address_prefix (str): source address prefix
destination_address_prefix (str): destination address prefix
"""
parameters = NetworkSecurityGroup()
parameters.location = location
try:
parameters.security_rules = self.get_nsg(rg_name, nsg_name).security_rules
except CloudError:
parameters.security_rules = []
parameters.security_rules.append(
SecurityRule(
protocol=protocol,
direction=direction,
access=access,
description=description,
source_port_range=source_port_range,
destination_port_range=destination_port_range,
priority=priority,
name=name,
source_address_prefix=source_address_prefix,
destination_address_prefix=destination_address_prefix,
)
)
try:
poller_obj = self.network_client.network_security_groups.create_or_update(
rg_name, nsg_name, parameters
)
except CloudError as cloud_err:
self.colored_print(cloud_err.__repr__(), level="error")
raise
poller_obj.wait()
