class Environment(Resource): resource_name = "environment" name = argument.String() cidr_block = argument.IPNetwork() account = argument.Resource(Account)
def test_list_invalid_ips(self): self.assertRaises( errors.InvalidParameter, argument.List(argument.IPNetwork()).clean, None, ["0.0.0.0/"], )
def test_ip_network_exception(self): self.assertRaises( errors.InvalidParameter, argument.IPNetwork().clean, None, "192.168.0.270", )
class VPC(Resource): resource_name = "vpc" name = argument.String() cidr_block = argument.IPNetwork(field='CidrBlock') tenancy = argument.String(default="default", choices=["default", "dedicated"], field="InstanceTenancy") tags = argument.Dict() account = argument.Resource(Account)
class Zone(Resource): name = argument.String() prefix = argument.Integer(default=24) cidr_block = argument.IPNetwork() """ Is this zone on the public internet? """ public = argument.Boolean(default=False) """ The availability zones to create this zone in """ availability_zones = argument.List( argument.String(min=1, max=1), min=2, max=2, default=["a", "b"], ) environment = argument.Resource(Environment)
class Subnet(Resource): resource_name = "subnet" field_order = ["vpc"] name = argument.String() cidr_block = argument.IPNetwork(field='CidrBlock') availability_zone = argument.String(field='AvailabilityZone') route_table = argument.Resource(RouteTable) network_acl = argument.Resource(NetworkACL) tags = argument.Dict() vpc = argument.Resource(VPC, field='VpcId') def clean_cidr_block(self, cidr_block): if not cidr_block in self.vpc.cidr_block: raise errors.InvalidParameter("{} not inside network {}".format( self.cidr_block, self.vpc.cidr_block)) return cidr_block
class Rule(Resource): resource_name = "rule" dot_ignore = True network = argument.IPNetwork(field="CidrBlock") protocol = argument.String(default='tcp', choices=['tcp', 'udp', 'icmp'], field="Protocol") port = argument.Integer(min=-1, max=65535) from_port = argument.Integer(default=lambda r: r.port if r.port != -1 else 1, min=-1, max=65535) to_port = argument.Integer(default=lambda r: r.port if r.port != -1 else 65535, min=-1, max=65535) action = argument.String(default="allow", choices=["allow", "deny"], field="RuleAction") extra_serializers = { "PortRange": serializers.Dict( From=serializers.Integer(serializers.Argument("from_port")), To=serializers.Integer(serializers.Argument("to_port")), ), } def __str__(self): name = super(Rule, self).__str__() if self.from_port == self.to_port: ports = "port {}".format(self.from_port) else: ports = "ports {} to {}".format(self.from_port, self.to_port) return "{}: {} {} from {}".format(name, self.protocol, ports, self.network)
def test_list_ips(self): result = argument.List(argument.IPNetwork()).clean(None, ["0.0.0.0/0"]) self.assertTrue(isinstance(result, list)) self.assertTrue(isinstance(result[0], netaddr.IPNetwork))
def test_ip_network(self): self.assertEqual( str(argument.IPNetwork().clean(None, "192.168.0.1/25")), "192.168.0.1/25", )
class Rule(Resource): resource_name = "rule" @property def dot_ignore(self): return self.security_group is None protocol = argument.String(default='tcp', choices=['tcp', 'udp', 'icmp'], field="IpProtocol") port = argument.Integer(min=-1, max=32768) from_port = argument.Integer(default=lambda r: r.port, min=-1, max=32768, field="FromPort") to_port = argument.Integer(default=lambda r: r.port, min=-1, max=32768, field="ToPort") security_group = argument.Resource( "touchdown.aws.vpc.security_group.SecurityGroup", field="UserIdGroupPairs", serializer=serializers.ListOfOne( serializers.Dict( UserId=serializers.Property("OwnerId"), GroupId=serializers.Identifier(), )), ) network = argument.IPNetwork( field="IpRanges", serializer=serializers.ListOfOne( serializers.Dict(CidrIp=serializers.String(), )), ) def matches(self, runner, rule): sg = None if self.security_group: sg = runner.get_plan(self.security_group) # If the SecurityGroup doesn't exist yet then this rule can't exist # yet - so we can bail early! if not sg.resource_id: return False if self.protocol != rule['IpProtocol']: return False if self.from_port != rule.get('FromPort', None): return False if self.to_port != rule.get('ToPort', None): return False if sg and sg.object: for group in rule.get('UserIdGroupPairs', []): if group['GroupId'] == sg.resource_id and group[ 'UserId'] == sg.object['OwnerId']: return True if self.network: for network in rule.get('IpRanges', []): if network['CidrIp'] == str(self.network): return True return False def __str__(self): name = super(Rule, self).__str__() if self.from_port == self.to_port: ports = "port {}".format(self.from_port) else: ports = "ports {} to {}".format(self.from_port, self.to_port) return "{}: {} {} from {}".format( name, self.protocol, ports, self.network if self.network else self.security_group)
class Route(Resource): resource_name = "route" destination_cidr = argument.IPNetwork(field="DestinationCidrBlock") internet_gateway = argument.Resource(InternetGateway, field="GatewayId")