def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups(vpc=self.vpc, only_groups=self.only_groups)
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config, mode):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups(vpc=self.vpc, only_groups=self.only_groups)
self.local.load_local_groups(config, mode)
return self.local
def load_local_groups(self, config):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups()
self.local.load_local_groups(config)
return self.local
def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups(vpc=self.vpc)
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config, mode):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups(vpc=self.vpc)
self.local.load_local_groups(config, mode)
return self.local
class SGManager(object):
def __init__(self, ec2_connection=None, vpc=False):
"""
Connect to EC2
:param config: path to configuration file
:param kwargs: parameters for boto.connect_ec2()
"""
global ec2
if not ec2_connection:
# Use supplied connection
try:
ec2 = boto.connect_ec2()
except boto.exception.NoAuthHandlerFound as e:
e.friendly = True
raise
else:
# Try to connect on our own
ec2 = ec2_connection
if vpc:
lg.debug("Working only with VPC security groups")
self.vpc = vpc
self.remote = None
self.local = None
self.config = None
def unused_groups(self):
"""
Get list of unused remote groups
"""
groups_used = []
# Get all instances and their security groups
for instance in ec2.get_all_instances():
for grp in instance.groups:
groups_used.append(grp.id)
# Compare with all remote groups present
for grp in self.remote.groups.iterkeys():
if grp not in groups_used:
yield grp
def remove_unused_groups(self, dry=False):
for grp in self.unused_groups():
self.remote.groups[grp].remove_group(dry=dry)
def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups(vpc=self.vpc)
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config, mode):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups(vpc=self.vpc)
self.local.load_local_groups(config, mode)
return self.local
def dump_remote_groups(self):
"""
Dump remote groups into YAML
"""
return self.remote.dump_groups()
def dump_local_groups(self):
"""
Dump local groups into YAML
"""
return self.local.dump_groups()
def apply_diff(self, remove_groups=True, remove_rules=True, dry=False):
"""
Apply diff between local and remote groups
"""
# Diff groups
sg_added, sg_removed, sg_updated, sg_unchanged = self.local.compare(self.remote)
# Create new groups
# Firstly create all groups, then add all rules (to satisfy between group relations)
for group in sg_added:
group.create_group(dry, no_rules=True)
for group in sg_added:
for rule in group.rules:
rule.add_rule(dry)
# Update groups (create / remove rules)
for group in sg_updated:
added, removed, unchanged = group.compare(self.remote.groups[group.name])
# Add new rules
for rule in added:
rule.add_rule(dry)
# Remove old rules
if remove_rules is True:
for rule in removed:
rule.remove_rule(dry)
# Delete groups
# This should be done at last to avoid between group relations
if remove_groups is True:
for group in sg_removed:
group.remove_group(dry)
class SGManager(object):
def __init__(self, ec2_connection=None):
"""
Connect to EC2
:param config: path to configuration file
:param kwargs: parameters for boto.connect_ec2()
"""
global ec2
if not ec2_connection:
# Use supplied connection
try:
ec2 = boto.connect_ec2()
except boto.exception.NoAuthHandlerFound as e:
e.friendly = True
raise
else:
# Try to connect on our own
ec2 = ec2_connection
self.remote = None
self.local = None
self.config = None
def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups()
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups()
self.local.load_local_groups(config)
return self.local
def dump_remote_groups(self):
"""
Dump remote groups into YAML
"""
return self.remote.dump_groups()
def dump_local_groups(self):
"""
Dump local groups into YAML
"""
return self.local.dump_groups()
def apply_diff(self, remove_groups=True, remove_rules=True, dry=False):
"""
Apply diff between local and remote groups
"""
# Diff groups
sg_added, sg_removed, sg_updated, sg_unchanged = self.local.compare(self.remote)
# Create new groups
# Firstly create all groups, then add all rules (to satisfy between group relations)
for group in sg_added:
group.create_group(dry, no_rules=True)
for group in sg_added:
for rule in group.rules:
rule.add_rule(dry)
# Update groups (create / remove rules)
for group in sg_updated:
added, removed, unchanged = group.compare(self.remote.groups[group.name])
# Add new rules
for rule in added:
rule.add_rule(dry)
# Remove old rules
if remove_rules is True:
for rule in removed:
rule.remove_rule(dry)
# Delete groups
# This should be done at last to avoid between group relations
if remove_groups is True:
for group in sg_removed:
group.remove_group(dry)
class SGManager(object):
def __init__(self, ec2_connection=None, vpc=False, only_groups=[]):
"""
Connect to EC2
:param config: path to configuration file
:param kwargs: parameters for boto.connect_ec2()
"""
global ec2
if not ec2_connection:
# Use supplied connection
try:
ec2 = boto.connect_ec2()
except boto.exception.NoAuthHandlerFound as e:
e.friendly = True
raise
else:
# Try to connect on our own
ec2 = ec2_connection
if vpc:
lg.debug("Working only with VPC security groups")
self.vpc = vpc
self.remote = None
self.local = None
self.config = None
self.only_groups = only_groups
def unused_groups(self):
"""
Get list of unused remote groups
"""
groups_used = []
# Get all instances and their security groups
for instance in ec2.get_all_instances():
for grp in instance.groups:
groups_used.append(grp.id)
# Compare with all remote groups present
for grp in self.remote.groups.iterkeys():
if grp not in groups_used:
yield grp
def remove_unused_groups(self, dry=False):
for grp in self.unused_groups():
self.remote.groups[grp].remove_group(dry=dry)
def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups(vpc=self.vpc, only_groups=self.only_groups)
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config, mode):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups(vpc=self.vpc, only_groups=self.only_groups)
self.local.load_local_groups(config, mode)
return self.local
def dump_remote_groups(self):
"""
Dump remote groups into YAML
"""
return self.remote.dump_groups()
def dump_local_groups(self):
"""
Dump local groups into YAML
"""
return self.local.dump_groups()
def apply_diff(self, remove_groups=True, remove_rules=True, dry=False):
"""
Apply diff between local and remote groups
"""
# Diff groups
sg_added, sg_removed, sg_updated, sg_unchanged = self.local.compare(self.remote)
# Create new groups
# Firstly create all groups, then add all rules (to satisfy between group relations)
for group in sg_added:
group.create_group(dry, no_rules=True)
for group in sg_added:
for rule in group.rules:
rule.add_rule(dry)
# Update groups (create / remove rules)
for group in sg_updated:
added, removed, unchanged = group.compare(self.remote.groups[group.name])
# Add new rules
for rule in added:
rule.add_rule(dry)
# Remove old rules
if remove_rules is True:
for rule in removed:
rule.remove_rule(dry)
# Delete groups
# This should be done at last to avoid between group relations
if remove_groups is True:
for group in sg_removed:
group.remove_group(dry)
class SGManager(object):
def __init__(self, ec2_connection=None):
"""
Connect to EC2
:param config: path to configuration file
:param kwargs: parameters for boto.connect_ec2()
"""
global ec2
if not ec2_connection:
# Use supplied connection
try:
ec2 = boto.connect_ec2()
except boto.exception.NoAuthHandlerFound as e:
e.friendly = True
raise
else:
# Try to connect on our own
ec2 = ec2_connection
self.remote = None
self.local = None
self.config = None
def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups()
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups()
self.local.load_local_groups(config)
return self.local
def dump_remote_groups(self):
"""
Dump remote groups into YAML
"""
return self.remote.dump_groups()
def dump_local_groups(self):
"""
Dump local groups into YAML
"""
return self.local.dump_groups()
def apply_diff(self, remove_groups=True, remove_rules=True, dry=False):
"""
Apply diff between local and remote groups
"""
# Diff groups
sg_added, sg_removed, sg_updated, sg_unchanged = self.local.compare(
self.remote)
# Create new groups
# Firstly create all groups, then add all rules (to satisfy between group relations)
for group in sg_added:
group.create_group(dry, no_rules=True)
for group in sg_added:
for rule in group.rules:
rule.add_rule(dry)
# Update groups (create / remove rules)
for group in sg_updated:
added, removed, unchanged = group.compare(
self.remote.groups[group.name])
# Add new rules
for rule in added:
rule.add_rule(dry)
# Remove old rules
if remove_rules is True:
for rule in removed:
rule.remove_rule(dry)
# Delete groups
# This should be done at last to avoid between group relations
if remove_groups is True:
for group in sg_removed:
group.remove_group(dry)
class SGManager(object):
def __init__(self, ec2_connection=None, vpc=False, only_groups=[]):
"""
Connect to EC2
:param config: path to configuration file
:param kwargs: parameters for boto.connect_ec2()
"""
global ec2
if isinstance(ec2_connection, boto.ec2.connection.EC2Connection):
# Use supplied connection
ec2 = ec2_connection
elif ec2_connection:
# Try to connect on our own
try:
ec2 = boto.connect_ec2()
except boto.exception.NoAuthHandlerFound as e:
e.friendly = True
raise
else:
# Continue without connection
ec2 = None
if vpc:
lg.debug("Working only with VPC security groups")
self.vpc = vpc
self.remote = None
self.local = None
self.config = None
self.only_groups = only_groups
def unused_groups(self):
"""
Get list of unused remote groups
"""
groups_used = []
# Get all instances and their security groups
for instance in ec2.get_all_instances():
for grp in instance.groups:
groups_used.append(grp.id)
# Compare with all remote groups present
for grp in self.remote.groups.iterkeys():
if grp not in groups_used:
yield grp
def remove_unused_groups(self, dry=False):
for grp in self.unused_groups():
self.remote.groups[grp].remove_group(dry=dry)
def load_remote_groups(self):
"""
Load security groups and their rules from EC2
Save and return SecurityGroups object
:rtype : object
"""
self.remote = SecurityGroups(vpc=self.vpc, only_groups=self.only_groups)
self.remote.load_remote_groups()
return self.remote
def load_local_groups(self, config, mode):
"""
Load local groups from config file
Save and return SecurityGroups object
:param config: configuration file path
:rtype : object
"""
self.local = SecurityGroups(vpc=self.vpc, only_groups=self.only_groups)
self.local.load_local_groups(config, mode)
self.local.check_validity()
return self.local
def dump_remote_groups(self):
"""
Dump remote groups into YAML
"""
return self.remote.dump_groups()
def dump_local_groups(self):
"""
Dump local groups into YAML
"""
return self.local.dump_groups()
def apply_diff(self, remove_groups=True, remove_rules=True, dry=False, threshold=None):
"""
Apply diff between local and remote groups
"""
# Diff groups
sg_added, sg_removed, sg_updated, sg_unchanged = self.local.compare(self.remote)
if threshold:
len_changes = len(sg_updated) + len(sg_added) + len(sg_removed)
# don't count in threshold groups to be removed if --no-remove-groups specified
if not remove_groups:
len_changes -= len(sg_removed)
if not remove_rules:
for group in sg_updated:
added, removed, unchanged = group.compare(self.remote.groups[group.name])
# if there is nothing to add we don't modify the group, don't count in threshold
if len(added) == 0:
len_changes -= 1
changes_perc = (float(len_changes) / (float(len(sg_unchanged)) + float(len_changes))) * 100
if (float(changes_perc) >= float(threshold)):
raise ThresholdException(
"Threshold for changes reached, expected: < %s %%,"
" actual: %s %%" % (threshold, round(changes_perc, 2)))
# Create new groups
# Firstly create all groups, then add all rules (to satisfy between group relations)
for group in sg_added:
group.create_group(dry, no_rules=True)
for group in sg_added:
for rule in group.rules:
rule.add_rule(dry)
# Update groups (create / remove rules)
for group in sg_updated:
added, removed, unchanged = group.compare(self.remote.groups[group.name])
# Add new rules
for rule in added:
rule.add_rule(dry)
# Remove old rules
if remove_rules is True:
for rule in removed:
rule.remove_rule(dry)
# Delete groups
# This should be done at last to avoid between group relations
if remove_groups is True:
for group in sg_removed:
group.remove_group(dry)
