def test_create_private_subnet(ec2_client, vpc_json, datadir,
shieldx_constants, shieldx_logger):
vpc = VPC(ec2_client=ec2_client)
config_reader = CCR()
# Read VPC Info
vpc_filename = str((datadir / vpc_json).resolve())
vpc_info = dict(config_reader.read_json_config(vpc_filename))
# Describe VPCs
vpc_cidr_block = vpc_info["cidr_block"]
vpc_response = vpc.describe_vpc_by_filter("cidr", vpc_cidr_block)
shieldx_logger.info("Describe VPC: {}".format(vpc_response))
# Fetch target VPC
target_vpc = get_target("CidrBlock", vpc_cidr_block, vpc_response["Vpcs"])
# If target VPC is found, proceed creating private subnet
if target_vpc["found"]:
# Get VPC Name and ID
vpc_target = target_vpc["target"]
shieldx_logger.info("Found matching VPC: {}".format(vpc_target))
vpc_id = vpc_target["VpcId"]
vpc_name = vpc_info["vpc_name"]
shieldx_logger.info("VPC Name: {}".format(vpc_name))
shieldx_logger.info("VPC ID: {}".format(vpc_id))
for private_subnet in vpc_info["private_subnet"]:
# Create Private Subnet
create_subnet_response = vpc.create_subnet(
vpc_id, private_subnet["address"])
private_subnet["id"] = create_subnet_response["Subnet"]["SubnetId"]
# Name Private Subnet
vpc.create_tags(private_subnet["id"], private_subnet["name"])
shieldx_logger.info("Create Private Subnet Response: {}".format(
create_subnet_response))
shieldx_logger.info("Private Subnet: {}".format(private_subnet))
# Write VPC Info - for debugging
shieldx_logger.info("VPC Info: {}".format(vpc_info))
shieldx_logger.info("VPC location: {}".format(vpc_filename))
config_reader.write_json_config(vpc_info, vpc_filename)
else:
# VPC not found, create VPC first
shieldx_logger.warning("VPC not found.")
def test_create_vpc(ec2_client, vpc_json, datadir, shieldx_constants,
shieldx_logger):
vpc = VPC(ec2_client=ec2_client)
config_reader = CCR()
# Read VPC Info
vpc_filename = str((datadir / vpc_json).resolve())
vpc_info = dict(config_reader.read_json_config(vpc_filename))
# Describe VPCs
vpc_cidr_block = vpc_info["cidr_block"]
vpc_response = vpc.describe_vpc_by_filter("cidr", vpc_cidr_block)
shieldx_logger.info("Describe VPC: {}".format(vpc_response))
# Fetch target VPC
target_vpc = get_target("CidrBlock", vpc_cidr_block, vpc_response["Vpcs"])
# Work with existing VPC
if not target_vpc["found"]:
# Create VPC
vpc_response = vpc.create_vpc(vpc_cidr_block)
shieldx_logger.info("Create VPC: {}".format(vpc_response))
# Fetch VPC ID from create VPC response
vpc_id = vpc_response["Vpc"]["VpcId"]
vpc_info["vpc_id"] = vpc_id
vpc_name = vpc_info["vpc_name"]
vpc_owner = vpc_info["vpc_owner"]
shieldx_logger.info("VPC Name: {}".format(vpc_name))
shieldx_logger.info("VPC ID: {}".format(vpc_id))
# Tag the VPC
tag_response = vpc.create_tags(vpc_id, "Name", vpc_name)
shieldx_logger.info("Tag VPC: {}".format(tag_response))
tag_response = vpc.create_tags(vpc_id, "Owner", vpc_owner)
shieldx_logger.info("Tag VPC: {}".format(tag_response))
# Create Internet gateway
igw_response = vpc.create_internet_gateway()
shieldx_logger.info("Create IGW: {}".format(igw_response))
igw_id = igw_response["InternetGateway"]["InternetGatewayId"]
igw_name = vpc_info["internet_gateway"]["name"]
vpc_info["internet_gateway"]["id"] = igw_id
shieldx_logger.info("IGW Name: {}".format(igw_name))
shieldx_logger.info("IGW ID: {}".format(igw_id))
# Tag the IGW
tag_response = vpc.create_tags(igw_id, "Name", igw_name)
shieldx_logger.info("Tag IGW: {}".format(tag_response))
tag_response = vpc.create_tags(igw_id, "Owner", vpc_owner)
shieldx_logger.info("Tag IGW: {}".format(tag_response))
# Attach the Internet gateway
attach_response = vpc.attach_igw_to_vpc(igw_id, vpc_id)
shieldx_logger.info("Attach: {}".format(attach_response))
# Write VPC Info - for debugging
shieldx_logger.info("VPC Info: {}".format(vpc_info))
shieldx_logger.info("VPC location: {}".format(vpc_filename))
config_reader.write_json_config(vpc_info, vpc_filename)
else:
# VPC with given CIDR block already exist, skip create
shieldx_logger.warning("VPC Already Exist: {}".format(
target_vpc["target"]))
def test_create_management_subnet(ec2_client, vpc_json, datadir,
shieldx_constants, shieldx_logger):
vpc = VPC(ec2_client=ec2_client)
config_reader = CCR()
# Read VPC Info
vpc_filename = str((datadir / vpc_json).resolve())
vpc_info = dict(config_reader.read_json_config(vpc_filename))
# Describe VPCs
vpc_cidr_block = vpc_info["cidr_block"]
vpc_response = vpc.describe_vpc_by_filter("cidr", vpc_cidr_block)
shieldx_logger.info("Describe VPC: {}".format(vpc_response))
# Fetch target VPC
target_vpc = get_target("CidrBlock", vpc_cidr_block, vpc_response["Vpcs"])
# If target VPC is found, proceed creating public subnet
if target_vpc["found"]:
# Get VPC Name and ID
vpc_target = target_vpc["target"]
shieldx_logger.info("Found matching VPC: {}".format(vpc_target))
vpc_id = vpc_target["VpcId"]
vpc_name = vpc_info["vpc_name"]
vpc_owner = vpc_info["vpc_owner"]
shieldx_logger.info("VPC Name: {}".format(vpc_name))
shieldx_logger.info("VPC ID: {}".format(vpc_id))
for public_subnet in vpc_info["management_subnet"]:
# Create Subnet
create_subnet_response = vpc.create_subnet(
vpc_id, public_subnet["address"])
public_subnet["id"] = create_subnet_response["Subnet"]["SubnetId"]
# Tag Subnet
vpc.create_tags(public_subnet["id"], "Name", public_subnet["name"])
vpc.create_tags(public_subnet["id"], "Owner", vpc_owner)
shieldx_logger.info("Create Public Subnet Response: {}".format(
create_subnet_response))
shieldx_logger.info("Public Subnet: {}".format(public_subnet))
# Create Route Table
create_route_table_response = vpc.create_public_route_table(vpc_id)
shieldx_logger.info("Create Public Route Table: {}".format(
create_route_table_response))
# Get Route Table ID
route_table_id = create_route_table_response["RouteTable"][
"RouteTableId"]
vpc_info["management_route_table"]["id"] = route_table_id
# Tag Route Table
route_table_name = vpc_info["management_route_table"]["name"]
vpc.create_tags(route_table_id, "Name", route_table_name)
vpc.create_tags(route_table_id, "Owner", vpc_owner)
# Get IGW ID
describe_igw_response = vpc.describe_igw_by_filter(
"attachment.vpc-id", vpc_id)
shieldx_logger.info(
"Describe IGW Response: {}".format(describe_igw_response))
igw = describe_igw_response["InternetGateways"][0]
igw_id = igw["InternetGatewayId"]
vpc_info["internet_gateway"]["id"] = igw_id
shieldx_logger.info("Route Table ID: {}".format(route_table_id))
shieldx_logger.info("Internet Gateway ID: {}".format(igw_id))
# Create Route to IGW
create_route_response = vpc.create_igw_route_to_public_route_table(
route_table_id, igw_id)
shieldx_logger.info(
"Create Route to IGW: {}".format(create_route_response))
for public_subnet in vpc_info["management_subnet"]:
# Associate Management Subnet with Route Table
associate_subnet_response = vpc.associate_subnet_with_route_table(
route_table_id, public_subnet["id"])
shieldx_logger.info(
"Associate Public subnet with Route Table: {}".format(
associate_subnet_response))
# Allow auto-assign public IP Address for subnet
vpc.allow_auto_assign_ip_addresses_for_subnet(public_subnet["id"])
# Write VPC Info - for debugging
shieldx_logger.info("VPC Info: {}".format(vpc_info))
shieldx_logger.info("VPC location: {}".format(vpc_filename))
config_reader.write_json_config(vpc_info, vpc_filename)
else:
# VPC not found, create VPC first
shieldx_logger.warning("VPC not found.")