def create_netsec_group_port_allow(self, secgroup_name, protocol, source_address_prefix, destination_address_prefix, access, direction, resource_group=None, **kwargs): resource_group = resource_group or self.resource_group self.logger.info( "Attempting to Create New Azure Security Group " "Rule '%s'.", secgroup_name) parameters = NetworkSecurityGroup(location=self.region) parameters.security_rules = [ SecurityRule(protocol, source_address_prefix, destination_address_prefix, access, direction, **kwargs) ] nsg = self.network_client.network_security_groups operation = nsg.create_or_update(resource_group, secgroup_name, parameters) operation.wait() self.logger.info("Network Security Group Rule is created.") return operation.status()
def test_delete_security_rules(self): # Arrange self.network_security_group = MagicMock() network_client = MagicMock() private_ip_address = Mock() resource_group_name = "group_name" vm_name = "vm_name" security_group = NetworkSecurityGroup() security_group.name = "security_group_name" security_rule = Mock() security_rule.name = "rule_name" security_rule.destination_address_prefix = private_ip_address security_rules = [security_rule] security_group.security_rules = security_rules self.security_group_service.get_network_security_group = MagicMock() self.security_group_service.get_network_security_group.return_value = security_group self.network_service.get_private_ip = Mock( return_value=private_ip_address) contex_enter_mock = Mock() locker = Mock() locker.__enter__ = contex_enter_mock locker.__exit__ = Mock() # Act self.security_group_service.delete_security_rules( network_client, resource_group_name, vm_name, locker, Mock()) # Verify network_client.security_rules.delete.assert_called_once_with( resource_group_name=resource_group_name, network_security_group_name=security_group.name, security_rule_name=security_rule.name) contex_enter_mock.assert_called_once()
def create_or_update(self, results): parameters = NetworkSecurityGroup() if results.get('rules'): parameters.security_rules = [] for rule in results.get('rules'): parameters.security_rules.append(create_rule_instance(rule)) if results.get('default_rules'): parameters.default_security_rules = [] for rule in results.get('default_rules'): parameters.default_security_rules.append(create_rule_instance(rule)) parameters.tags = results.get('tags') parameters.location = results.get('location') try: poller = self.network_client.network_security_groups.create_or_update(self.resource_group, self.name, parameters) result = self.get_poller_result(poller) except CloudError as exc: self.fail("Error creating/updating security group {0} - {1}".format(self.name, str(exc))) return create_network_security_group_dict(result)
def create_or_update(self, results): parameters = NetworkSecurityGroup() if results.get('rules'): parameters.security_rules = [] for rule in results.get('rules'): parameters.security_rules.append(create_rule_instance(rule)) if results.get('default_rules'): parameters.default_security_rules = [] for rule in results.get('default_rules'): parameters.default_security_rules.append(create_rule_instance(rule)) parameters.tags = results.get('tags') parameters.location = results.get('location') try: poller = self.network_client.network_security_groups.create_or_update(self.resource_group, self.name, parameters) result = self.get_poller_result(poller) except AzureHttpError as exc: self.fail("Error creating/upating security group {0} - {1}".format(self.name, str(exc))) return create_network_security_group_dict(result)
def create_security_group(self): """ Creates firewall rules :return: """ with open(f'WebApp/DeploymentLogs/{self.protocol_name}.log', 'a+') as output_file: print('Creating security groups', file=output_file) parameters = NetworkSecurityGroup() parameters.location = 'useast1' parameters.security_rules = [ SecurityRule(description='AllIn', protocol='Tcp', source_port_range='*', destination_port_range='*', access='Allow', direction='Inbound', priority=100, name='AllIn'), SecurityRule(description='AllIn', protocol='Tcp', source_port_range='*', destination_port_range='*', access='Allow', direction='Outbound', priority=100, name='AllIn') ] self.network_client.network_security_groups.create_or_update( self.resource_group, "test-nsg", parameters) with open(f'WebApp/DeploymentLogs/{self.protocol_name}.log', 'a+') as output_file: print( 'Done creating security groups, you will redirect to the deployment in few seconds..', file=output_file)
def create_default_securitygroup(self, resource_group, location, name, os_type, open_ports): ''' Create a default security group <name>01 to associate with a network interface. If a security group matching <name>01 exists, return it. Otherwise, create one. :param resource_group: Resource group name :param location: azure location name :param name: base name to use for the security group :param os_type: one of 'Windows' or 'Linux'. Determins any default rules added to the security group. :param ssh_port: for os_type 'Linux' port used in rule allowing SSH access. :param rdp_port: for os_type 'Windows' port used in rule allowing RDP access. :return: security_group object ''' security_group_name = name + '01' group = None self.log("Create security group {0}".format(security_group_name)) self.log("Check to see if security group {0} exists".format( security_group_name)) try: group = self.network_client.network_security_groups.get( resource_group, security_group_name) except CloudError: pass if group: self.log("Security group {0} found.".format(security_group_name)) self.check_provisioning_state(group) return group parameters = NetworkSecurityGroup() parameters.location = location if not open_ports: # Open default ports based on OS type if os_type == 'Linux': # add an inbound SSH rule parameters.security_rules = [ SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow SSH Access', source_port_range='*', destination_port_range='22', priority=100, name='SSH') ] parameters.location = location else: # for windows add inbound RDP and WinRM rules parameters.security_rules = [ SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389', source_port_range='*', destination_port_range='3389', priority=100, name='RDP01'), SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow WinRM HTTPS port 5986', source_port_range='*', destination_port_range='5986', priority=101, name='WinRM01'), ] else: # Open custom ports parameters.security_rules = [] priority = 100 for port in open_ports: priority += 1 rule_name = "Rule_{0}".format(priority) parameters.security_rules.append( SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', source_port_range='*', destination_port_range=str(port), priority=priority, name=rule_name)) self.log( 'Creating default security group {0}'.format(security_group_name)) try: poller = self.network_client.network_security_groups.create_or_update( resource_group, security_group_name, parameters) except Exception as exc: self.fail("Error creating default security rule {0} - {1}".format( security_group_name, str(exc))) return self.get_poller_result(poller)
def create_default_securitygroup(self, resource_group, location, name, os_type, open_ports): ''' Create a default security group <name>01 to associate with a network interface. If a security group matching <name>01 exists, return it. Otherwise, create one. :param resource_group: Resource group name :param location: azure location name :param name: base name to use for the security group :param os_type: one of 'Windows' or 'Linux'. Determins any default rules added to the security group. :param ssh_port: for os_type 'Linux' port used in rule allowing SSH access. :param rdp_port: for os_type 'Windows' port used in rule allowing RDP access. :return: security_group object ''' security_group_name = name + '01' group = None self.log("Create security group {0}".format(security_group_name)) self.log("Check to see if security group {0} exists".format(security_group_name)) try: group = self.network_client.network_security_groups.get(resource_group, security_group_name) except CloudError: pass if group: self.log("Security group {0} found.".format(security_group_name)) self.check_provisioning_state(group) return group parameters = NetworkSecurityGroup() parameters.location = location if not open_ports: # Open default ports based on OS type if os_type == 'Linux': # add an inbound SSH rule parameters.security_rules = [ SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow SSH Access', source_port_range='*', destination_port_range='22', priority=100, name='SSH') ] parameters.location = location else: # for windows add inbound RDP and WinRM rules parameters.security_rules = [ SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow RDP port 3389', source_port_range='*', destination_port_range='3389', priority=100, name='RDP01'), SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', description='Allow WinRM HTTPS port 5986', source_port_range='*', destination_port_range='5986', priority=101, name='WinRM01'), ] else: # Open custom ports parameters.security_rules = [] priority = 100 for port in open_ports: priority += 1 rule_name = "Rule_{0}".format(priority) parameters.security_rules.append( SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', source_port_range='*', destination_port_range=str(port), priority=priority, name=rule_name) ) self.log('Creating default security group {0}'.format(security_group_name)) try: poller = self.network_client.network_security_groups.create_or_update(resource_group, security_group_name, parameters) except Exception as exc: self.fail("Error creating default security rule {0} - {1}".format(security_group_name, str(exc))) return self.get_poller_result(poller)
def add_nsg_rule( self, rg_name=None, location=None, nsg_name=None, protocol="Tcp", direction="Inbound", access="Allow", description="Test automation rule", source_port_range="*", destination_port_range=None, priority=700, name="test_automation", source_address_prefix="*", destination_address_prefix="*", ): """ Add new rule to Azure Network Security Group. Args: rg_name (str): Azure resource group name location (str): Azure resource group location nsg_name (str): Azure NSG name protocol (str): protocol for rule (Tcp, Udp) direction (str): web traffic direction (Inbound, Outbound) access (str): access policy for rule (Allow, Deny) description (str): rule description source_port_range (str): source port range for rule destination_port_range (str): destination port range for rule priority (int): rule priority name (str): rule name source_address_prefix (str): source address prefix destination_address_prefix (str): destination address prefix """ parameters = NetworkSecurityGroup() parameters.location = location try: parameters.security_rules = self.get_nsg(rg_name, nsg_name).security_rules except CloudError: parameters.security_rules = [] parameters.security_rules.append( SecurityRule( protocol=protocol, direction=direction, access=access, description=description, source_port_range=source_port_range, destination_port_range=destination_port_range, priority=priority, name=name, source_address_prefix=source_address_prefix, destination_address_prefix=destination_address_prefix, ) ) try: poller_obj = self.network_client.network_security_groups.create_or_update( rg_name, nsg_name, parameters ) except CloudError as cloud_err: self.colored_print(cloud_err.__repr__(), level="error") raise poller_obj.wait()