def test_load_defaults():
examples = SecgroupExamples()
examples.load()
Benchmark.Start()
found = groups.list()
Benchmark.Stop()
assert len(found) == len(examples.secgroups)
found = rules.list()
assert len(found) == len(examples.secrules)
def test_sec_init(self):
HEADING()
r = rules.clear()
g = groups.clear()
examples = SecgroupExamples()
examples.load()
assert len(examples.secgroups) > 0
assert len(examples.secrules) > 0
result = run(f"cms sec rule add deleteme 101 101 tcp 10.0.0.0/0")
try:
result = run(f"cms sec group add wrong nothing wrong")
assert False
except:
assert True
def test_load(self):
Benchmark.Start()
run("load", "cms sec load")
Benchmark.Stop()
r = rules.list()
g = groups.list()
assert len(r) > 0
assert len(g) > 0
examples = SecgroupExamples()
assert len(g) == len(examples.secgroups)
assert len(r) == len(examples.secrules)
raise ValueError("cloud is not not set")
def run(label, command):
result = Shell.run_timed(label, command, service=cloud)
print(result)
return result
name_generator = Name(schema=f"test-{user}-vm", counter=1)
provider = Provider(name=cloud)
rules = SecgroupRule()
groups = Secgroup()
examples = SecgroupExamples()
@pytest.mark.incremental
class Test_secgroup_provider:
def test_load(self):
HEADING(color="HEADER")
r = rules.clear()
g = groups.clear()
Benchmark.Start()
examples.load()
Benchmark.Stop()
r = rules.list()
def do_sec(self, args, arguments):
"""
::
Usage:
sec rule list [--cloud=CLOUDS] [--output=OUTPUT]
sec rule add RULE FROMPORT TOPORT PROTOCOL CIDR
sec rule delete RULE [--cloud=CLOUD]
sec group list [--cloud=CLOUDS] [--output=OUTPUT]
sec group add GROUP RULES DESCRIPTION
sec group delete GROUP [--cloud=CLOUD]
sec group load [GROUP] [--cloud=CLOUD]
sec list [--output=OUTPUT]
sec load
sec clear
Options:
--output=OUTPUT Specify output format, in one of the following:
table, csv, json, yaml, dict
[default: table].
--cloud=CLOUD Name of the IaaS cloud e.g. kilo,chameleon.
The clouds are defined in the yaml file.
If the name "all" is used for the cloud all
clouds will be selected.
Arguments:
RULE The security group rule name
GROUP The label/name of the security group
FROMPORT Staring port of the rule, e.g. 22
TOPORT Ending port of the rule, e.g. 22
PROTOCOL Protocol applied, e.g. TCP,UDP,ICMP
CIDR IP address range in CIDR format, e.g.,
129.79.0.0/16
Examples:
# sec load
# sec group list
# sec group add my_new_group webapp 8080 8080 tcp 0.0.0.0/0
Bugs:
# sec group list --cloud=chameleon
# seg group delete my_group my_rule
# sec group delete my_unused_group --cloud=kilo
# sec group upload --cloud=kilo
Description:
Database commands:
sec clear
removes all rules and groups from the database
sec load
loads some default security groups and rules in the
database
sec clear
deletes all security groups and rules in the database
sec rule list [--output=OUTPUT]
lists all security groups and rules in the database
sec rule add RULE FROMPORT TOPORT PROTOCOL CIDR
adds a security rule with the given group and the details
of the security rules
sec group add GROUP RULES DESCRIPTION
adds a security group with the given group and the
details of the security groups
sec rule delete RULE
deletes the rule form the database
sec group delete GROUP
deletes the group form the database
Cloud commands:
sec rule list --cloud=CLOUDS [--output=OUTPUT]
lists all security rules in the specified cloud
sec group list --cloud=CLOUDS [--output=OUTPUT]
lists all security groups in the specified cloud
sec rule delete RULE --cloud=CLOUD
deletes the rule form the cloud
sec group delete GROUP [--cloud=CLOUD]
deletes the group from the cloud
sec load GROUP --cloud=CLOUD
uploads the group to the cloud with all its rules
"""
map_parameters(arguments, 'cloud', 'output', 'name')
rules = SecgroupRule()
groups = Secgroup()
def Print(kind, list):
if kind == "group":
output = ""
else:
output = groups.output
print(
Printer.write(list,
sort_keys=output[kind]['sort_keys'],
order=output[kind]['order'],
header=output[kind]['header'],
output=arguments.output))
def list_all():
data = []
group_entries = groups.list()
for group_entry in group_entries:
group_name = group_entry['name']
for rule_name in group_entry['rules']:
try:
rule_entry = rules.list(name=rule_name)[0]
rule_entry['rule'] = rule_name
rule_entry['group'] = group_name
data.append(rule_entry)
except:
pass
Print("all", data)
if (arguments.load and not arguments.group) or \
(arguments.load and arguments.group and not arguments.GROUP):
examples = SecgroupExamples()
examples.load()
list_all()
return ""
elif arguments.load and arguments.group and arguments.cloud:
provider = Provider(name=arguments.cloud)
provider.upload_secgroup(name=arguments.GROUP)
return ""
elif arguments.list and not arguments.rule and not arguments.group:
found = groups.list()
for entry in found:
group_rules = entry['rules']
if type(group_rules) == list:
entry['rules'] = ', '.join(group_rules)
Print("secgroup", found)
found = rules.list()
Print("secrule", found)
elif arguments.group and arguments.delete:
if arguments.cloud:
clouds = Parameter.expand(arguments.cloud)
for cloud in clouds:
print(f"cloud {cloud}")
provider = Provider(name=cloud)
r = provider.remove_secgroup(name=arguments.GROUP)
else:
groups.remove(arguments.GROUP)
elif (arguments.group or arguments.rule) and arguments.list and \
arguments.cloud:
clouds = Parameter.expand(arguments.cloud)
if len(clouds) == 0:
variables = Variables()
cloudname = variables['cloud']
clouds = [cloudname]
keys = []
for cloud in clouds:
print(f"cloud {cloud}")
provider = Provider(name=cloud)
cloud_groups = provider.list_secgroups()
if arguments.output == 'table':
result = []
for group in cloud_groups:
if cloud == "aws":
for rule in group['IpPermissions']:
rule['name'] = group['GroupName']
rule['direction'] = "Inbound"
if rule['UserIdGroupPairs']:
rule['groupId'] = \
rule['UserIdGroupPairs'][0]['GroupId']
if rule['IpRanges']:
rule['ipRange'] = rule['IpRanges'][0][
'CidrIp']
result.append(rule)
else:
for rule in group['security_group_rules']:
rule['name'] = group['name']
result.append(rule)
cloud_groups = result
provider.p.Print(
cloud_groups,
output=arguments.output,
kind="secrule",
)
return ""
elif arguments.group and arguments.list:
found = groups.list()
for entry in found:
group_rules = entry['rules']
if type(group_rules) == list:
entry['rules'] = ', '.join(group_rules)
Print("secgroup", found)
return ""
elif arguments.rule and arguments.list:
found = rules.list()
Print("secrule", found)
return ""
elif arguments.rule and arguments.add:
rules = SecgroupRule()
# name=None, protocol=None, ports=None, ip_range=None
rules.add(name=arguments.RULE,
ports=f"{arguments.FROMPORT}" + ":" +
f"{arguments.TOPORT}",
protocol=arguments.PROTOCOL,
ip_range=arguments.CIDR)
return ""
elif arguments.group and arguments.add:
group = Secgroup()
group.add(name=arguments.GROUP,
rules=arguments.RULES,
description=arguments.DESCRIPTION)
return ""
elif arguments.list:
found = rules.list()
Print("secrule", found)
return ""
elif arguments.clear:
groups.clear()
rules.clear()
return ""
return ""
###############################################################
# pytest -v --capture=no tests/cloud/test_secgroup_database.py
# pytest -v tests/cloud/test_secgroup_database.py
###############################################################
from cloudmesh.common.util import HEADING
from cloudmesh.common.Benchmark import Benchmark
from cloudmesh.secgroup.Secgroup import Secgroup
from cloudmesh.secgroup.Secgroup import SecgroupExamples
from cloudmesh.secgroup.Secgroup import SecgroupRule
Benchmark.debug()
examples = SecgroupExamples()
examples.load()
secgroups = examples.secgroups
secrules = examples.secrules
rules = SecgroupRule()
groups = Secgroup()
print()
def test_clear():
HEADING(color="HEADER")
Benchmark.Start()
groups.clear()
rules.clear()