def test_get_security_groups(): api = asmapi.Api('us-east-1') api.client = MockClient() groups = api.get_security_groups() sg = groups[0] assert sg is not None assert 'Created for Elasticsearch' in sg.description assert sg.group_id == 'sg-ebe1ac8f' assert sg.group_name == 'Elasticsearch' # for rule in sg.egress_rules: # print("- Egress rule: {0}".format(str(rule))) # for rule in sg.ingress_rules: # print("+ Ingress rule: {0}".format(str(rule))) assert len(sg.egress_rules) == 1 assert sg.egress_rules[0].protocol == awsSecurityGroup.ALL_PROTOCOLS assert sg.egress_rules[0].cidr == "0.0.0.0/0" assert len(sg.ingress_rules) == 9 assert sg.ingress_rules[0].protocol == 'tcp' assert sg.ingress_rules[0].cidr == "209.6.205.245/32" assert sg.ingress_rules[0].from_port == 22 assert sg.ingress_rules[0].to_port == 22
def test_authorize_ingress(): # Get the test security group api = asmapi.Api('us-east-1') api.client = MockClient() groups = api.get_security_groups(group_ids=['sg-ebe1ac8f']) sg = groups[0] assert sg is not None assert sg.group_id == 'sg-ebe1ac8f' assert sg.group_name == 'Elasticsearch' # Request ingress protocol = 'tcp' from_port = 1234 to_port = 5678 cidr = '12.34.56.78/32' ingress_rule = awsSecurityGroup.IngressRule(protocol, from_port, to_port, cidr) api.authorize_ingress(security_group=sg, ingress_rule=ingress_rule) # Request the security group, expect to see the added rule groups = api.get_security_groups(group_ids=['sg-ebe1ac8f']) found = False for curr_group in groups: print('Searching for {}'.format(ingress_rule)) for curr_rule in curr_group.ingress_rules: print(' Testing {}'.format(curr_rule)) if curr_rule == ingress_rule: print(' Found!!') found = True # assert ingress_rule in curr_group.ingress_rules assert found
def get(self): print('GET groups') mngr = mngr_api.Api(REGION) aws_groups = mngr.get_security_groups() print(aws_groups) cidrs = query_registered_cidrs() # TODO: replace with persistence data = Marshaller.merge_records(cidrs, aws_groups) return data
def get(self, group_id): parts = group_id.split('-') assert parts[0] == 'sg' print('GET group {0}'.format(group_id)) mngr = mngr_api.Api(REGION) aws_groups = mngr.get_security_groups(group_ids=[group_id]) cidrs = query_registered_cidrs() data = Marshaller.merge_records(cidrs, aws_groups) return data
def post(self, group_id): parts = group_id.split('-') assert parts[0] == 'sg' post_body = json.loads(request.data) print('POST rules to group {0}, data: {1}'.format(group_id, post_body)) mngr = mngr_api.Api(REGION) sg_group = mngr.get_security_groups(group_ids=[group_id])[0] for curr in post_body: # TODO: validate cidr here or let Amazon handle that? cidr_str = curr['cidr'] try: cidrs = mngr.get_registered_cidrs(cidr_str=cidr)[0] except IndexError: description = curr['description'] owner = curr.get('owner') location = curr.get('location') cidr = registeredCidr.RegisteredCidr( cidr=cidr_str, description=description, owner=owner, location=location, expiration=RegisteredCidr.DO_NOT_EXPIRE) # Persist to store mngr.post_registered_cidr(cidr) protocol = curr.get('protocol', ALL_PROTOCOLS) from_port = curr['from_port'] to_port = curr['to_port'] expiration = curr.get('expiration', DO_NOT_EXPIRE) ingress_rule = awsSecurityGroup.IngressRule( protocol, from_port, to_port, cidr) mngr.authorize_ingress(sg_group, ingress_rule) cidrs = query_registered_cidrs() data = Marshaller.merge_records(cidrs, aws_groups) return data
def post(self): """Creates a new blog category.""" mngr = mngr_api.Api(REGION) mngr.create_rule(request.json) return None, 201