def test_dump_garbage_tags(self):
config = VPCTagConfig({
VPCTagConfig.T_TARGET: 'arn:aws:foo/bar',
'flavor': 'development',
})
self.assertTrue(config.enabled)
self.assertEqual(1, len(config.get_aws_tags()), config.get_aws_tags())
def prompt_vpc_config(vpc_prop: VPC_Props, region: str) -> None:
"""
The VPC configuration is stored in the account using tags, per the properties supported in VPCTagConfig
"""
current_config = VPCTagConfig(vpc_prop.tags)
desc = f'enabled to `{current_config.target}` with enrollment mode `{current_config.enrollment}`' if current_config.enabled else 'disabled'
change_config = 'y' in input(
f'Modify VPC config for {vpc_prop.vpc_id}:{vpc_prop.name} (currently {desc})? (n) '
).lower()
if not change_config:
return
if current_config.enabled and 'y' in input(
f"Disable Traffic Mirroring for this VPC? (n) ").lower():
mirror_target_arn = None
else:
mirror_target_arn = find_mirror_target(region=region,
vpc_id=vpc_prop.vpc_id)
new_config = VPCTagConfig(vpc_prop.tags)
new_config.target = mirror_target_arn
auto_mode_default = 'y' if current_config.auto_enrollment else ''
resp = input(f"Enrollment Mode: "
f"Y for {VPCTagConfig.V_ENROLLMENT_AUTO} mode, "
f"N for {VPCTagConfig.V_ENROLLMENT_WHITELIST} mode. "
f"(Currently {current_config.enrollment}) "
f"Mirror all instances by default? ({auto_mode_default}) "
).lower() or auto_mode_default
auto_mode = 'y' in resp
new_config.enrollment = VPCTagConfig.V_ENROLLMENT_AUTO if auto_mode else VPCTagConfig.V_ENROLLMENT_WHITELIST
Ec2ApiClient.set_vpc_config(region=region,
vpc_id=vpc_prop.vpc_id,
config=new_config)
logging.info(
f'VPC Traffic Mirroring Target updated to {mirror_target_arn} in {new_config.enrollment} Enrollment Mode'
)
def test_get_aws_tags(self):
config = VPCTagConfig()
config.target = 'arn:foo/bar'
self.assertEqual([{
'Key': 'Vectra:session_mirroring_target',
'Value': 'arn:foo/bar'
}], config.get_aws_tags())
def set_vpc_config(cls, region: str, vpc_id: str,
config: VPCTagConfig) -> None:
""" enables/disables tapping the vpc"""
client = cls._get_client(region=region)
if config.enabled:
client.create_tags(Tags=config.get_aws_tags(), Resources=[vpc_id])
else:
client.delete_tags(Tags=config.get_aws_tags(), Resources=[vpc_id])
def main() -> None:
logging.getLogger().setLevel(logging.INFO)
region = Ec2ApiClient.get_region()
for vpc_prop in Ec2ApiClient.list_vpcs(region=region): # type: VPC_Props
logging.info(
f" Managing Session Mirroring for VPC {vpc_prop.name}: {vpc_prop.vpc_id}"
)
config = VPCTagConfig(vpc_prop.tags)
SpileTapper.manage(region=region,
vpc_ids=[vpc_prop.vpc_id],
config=config)
def test_enrollment_set_none(self):
config = VPCTagConfig()
config.enrollment = None
config.target = None
self.assertEqual(2, len(config.get_aws_tags()))
for tag in config.get_aws_tags():
self.assertEqual(1, len(tag))
def test_enrollment_set(self):
config = VPCTagConfig()
config.enrollment = config.V_ENROLLMENT_WHITELIST
self.assertEqual(config.V_ENROLLMENT_WHITELIST, config.enrollment)
config.target = 'arn:aws:foo/bar'
self.assertEqual(2, len(config.get_aws_tags()))
for tag in config.get_aws_tags():
self.assertEqual(2, len(tag))
def test_enrollment_default(self):
config = VPCTagConfig()
self.assertEqual(config.V_ENROLLMENT_AUTO, config.enrollment)
def test_enrollment_value_error(self):
config = VPCTagConfig()
with self.assertRaises(ValueError) as e:
config.enrollment = 'cheese'
def test_disable(self):
config = VPCTagConfig()
config.target = None
self.assertFalse(config.enabled)
def test_enable(self):
config = VPCTagConfig()
config.target = 'arn:foo/bar'
self.assertTrue(config.enabled)
self.assertEqual('arn:foo/bar', config.target)
def test_none(self):
config = VPCTagConfig()
self.assertFalse(config.enabled)
self.assertIsNone(config.target)
def test_empty_config(self):
config = VPCTagConfig()
self.assertEqual([], config.get_aws_tags())