def it_condition_have_proto_protocol_and_port_port_for_cidr(
step_obj, condition, proto, port, cidr):
proto = str(proto)
cidr = str(cidr)
ports = port
# In case we have a range
if '-' in port:
from_port, to_port = port.split('-')
# In case we have comma delimited ports
elif ',' in port:
from_port = to_port = '0'
ports = port.split(',')
else:
from_port = to_port = port
condition = condition == 'only'
for item in step_obj.context.stash.properties:
if type(item.property_value) is list:
for security_group in item.property_value:
check_sg_rules(world.config.terraform.terraform_config,
security_group, condition, proto, from_port,
to_port, ports, cidr)
else:
check_sg_rules(world.config.terraform.terraform_config,
item.property_value, proto, condition, from_port,
to_port, ports, cidr)
def it_condition_have_proto_protocol_and_port_port_for_cidr(
_step_obj, condition, proto, port, cidr):
proto = str(proto)
cidr = str(cidr)
# Set to True only if the condition is 'only'
condition = condition == 'only'
# In case we have a range
if '-' in port:
if condition:
raise Failure(
'"must only" scenario cases must be used either with individual port '
'or multiple ports separated with comma.')
from_port, to_port = port.split('-')
ports = [from_port, to_port]
# In case we have comma delimited ports
elif ',' in port:
ports = [port for port in port.split(',')]
from_port = min(ports)
to_port = max(ports)
else:
from_port = to_port = int(port)
ports = list(set([str(from_port), str(to_port)]))
from_port = int(from_port) if int(from_port) > 0 else 1
to_port = int(to_port) if int(to_port) > 0 else 1
ports[0] = ports[0] if int(ports[0]) > 0 else '1'
looking_for = dict(proto=proto,
from_port=int(from_port),
to_port=int(to_port),
ports=ports,
cidr=cidr)
for security_group in _step_obj.context.stash:
if type(security_group['values']) is list:
for sg in security_group['values']:
check_sg_rules(plan_data=sg,
security_group=looking_for,
condition=condition)
elif type(security_group['values']) is dict:
check_sg_rules(plan_data=security_group['values'],
security_group=looking_for,
condition=condition)
else:
raise TerraformComplianceInternalFailure(
'Unexpected Security Group, '
'must be either list or a dict: '
'{}'.format(security_group['values']))
return True
def it_must_not_have_sg_stuff(step, proto, port, cidr):
proto = str(proto)
port = int(port)
cidr = str(cidr)
for item in step.context.stash.properties:
if type(item.property_value) is list:
for security_group in item.property_value:
check_sg_rules(world.config.terraform.terraform_config,
security_group, proto, port, cidr)
else:
check_sg_rules(world.config.terraform.terraform_config,
item.property_value, proto, port, cidr)
def it_must_not_have_proto_protocol_and_port_port_for_cidr(
step_obj, proto, port, cidr):
proto = str(proto)
cidr = str(cidr)
# In case we have a range
if '-' in port:
from_port, to_port = port.split('-')
else:
from_port = to_port = port
for item in step_obj.context.stash.properties:
if type(item.property_value) is list:
for security_group in item.property_value:
check_sg_rules(world.config.terraform.terraform_config,
security_group, proto, from_port, to_port, cidr)
else:
check_sg_rules(world.config.terraform.terraform_config,
item.property_value, proto, from_port, to_port,
cidr)
