Exemplo n.º 1
0
    def test_formats_rule(self):
        this = self.good_gid
        other = self.good_gid
        rule_fmt = "{Direction} {GroupId} {OtherGroupId}{OtherCidrIp} " + \
                   "{IpProtocol} {FromPort} {ToPort}"
        rule_fmt_with_acc = "{Direction} {GroupId} {OtherUserId}/{OtherGroupId} " + \
                            "{IpProtocol} {FromPort} {ToPort}"
        formatter = RuleFormatter()

        rule_data = {
            'Direction': 'in',
            'GroupId': this,
            'IpProtocol': 'tcp',
            'FromPort': 0,
            'ToPort': 65535,
            'OtherGroupId': other,
            'OtherUserId': '',
            'OtherCidrIp': '',
        }
        self.assertEqual(formatter.format_rule(Rule(rule_data)),
                         rule_fmt.format(**rule_data))

        rule_data['OtherUserId'] = self.good_account
        self.assertEqual(formatter.format_rule(Rule(rule_data)),
                         rule_fmt_with_acc.format(**rule_data))

        rule_data['OtherCidrIp'] = self.good_cidr
        rule_data['OtherGroupId'] = ''
        rule_data['OtherUserId'] = ''
        self.assertEqual(formatter.format_rule(Rule(rule_data)),
                         rule_fmt.format(**rule_data))
Exemplo n.º 2
0
    def test_formats_rule(self):
        this = self.good_gid
        other = self.good_gid
        rule_fmt = "{Direction} {GroupId} {OtherGroupId}{OtherCidrIp} " + \
                   "{IpProtocol} {FromPort} {ToPort}"
        rule_fmt_with_acc = "{Direction} {GroupId} {OtherUserId}/{OtherGroupId} " + \
                            "{IpProtocol} {FromPort} {ToPort}"
        formatter = RuleFormatter()

        rule_data = {
            'Direction': 'in',
            'GroupId': this,
            'IpProtocol': 'tcp',
            'FromPort': 0,
            'ToPort': 65535,
            'OtherGroupId': other,
            'OtherUserId': '',
            'OtherCidrIp': '',
        }
        self.assertEqual(formatter.format_rule(Rule(rule_data)),
                         rule_fmt.format(**rule_data))

        rule_data['OtherUserId'] = self.good_account
        self.assertEqual(formatter.format_rule(Rule(rule_data)),
                         rule_fmt_with_acc.format(**rule_data))

        rule_data['OtherCidrIp'] = self.good_cidr
        rule_data['OtherGroupId'] = ''
        rule_data['OtherUserId'] = ''
        self.assertEqual(formatter.format_rule(Rule(rule_data)), rule_fmt.format(**rule_data))
Exemplo n.º 3
0
def change_rules(args, rules, verb, warn=None):
    error = 0
    if not rules:
        log.info("Nothing to {}".format(verb))
        return 0
    for rule in rules:
        if rule["GroupId"] not in args.groups:
            log.debug("Skipping rule for excluded group: {}".format(rule))
            continue
        if args.noop:
            log.info("NOOP: {} {}".format(
                verb,
                RuleFormatter(args.aws.account_id).format_rule(rule)))
            continue
        try:
            action = getattr(args.aws.ec2.IpPermissions, verb)
            action(rule["GroupId"], rule.other(), rule.proto_spec(),
                   rule["Direction"])
            log.info("{} rule: {}".format(
                verb,
                RuleFormatter(args.aws.account_id).format_rule(rule)))
        except AWSCallError as e:
            if warn and e.code in warn:
                log.warn("Warning: {}".format(e))
                log.warn("         {}".format(rule))
            else:
                log.error("Error: {}".format(e))
                error = 1
    return error
Exemplo n.º 4
0
 def test_parses_other(self):
     formatter = RuleFormatter()
     gid = self.good_gid
     account = self.good_account
     self.assertEqual({
         'OtherGroupId': gid,
         'OtherUserId': account
     }, formatter.parse_other("{}/{}".format(account, gid)))
Exemplo n.º 5
0
def do_list_rules(args):
    groups = args.aws.ec2.SecurityGroups.get(filters={'group-id': args.groups})
    rs = RuleSet()
    rs.flatten_groups(groups)
    for rule in rs:
        print(RuleFormatter(args.aws.account_id).format_rule(rule),
              file=args.outfile)
    return 0
Exemplo n.º 6
0
    def test_parses_valid_rules(self):
        logger = logging.getLogger(__name__)
        lines = (
            "in sg-12345abc sg-def98765 tcp 0 65535",
            "in sg-12345abc sg-def98765 udp 0 65536",
            "in sg-12345abc sg-def98765 -1 0 65536",
            "in sg-12345abc sg-def98765 17 0 65536",
            "in sg-12345abc sg-def98765 tcp -1 65535",
            "in sg-12345abc 0.0.0.0/0 tcp -1 65535",
            "in sg-12345abc 1.2.3.4 tcp -1 65535",
            "in sg-12345abc sg-def98765 tcp 0 -1",
            "in sg-12345abc sg-def98765 tcp -1 -1",
            "in sg-12345abc sg-def98765 tcp 22 22",
            "in sg-12345abc 123456/sg-def98765 tcp 22 22",
            "in sg-12345abc sg-def98765 17 -1 -1",
        )

        formatter = RuleFormatter()
        for line in lines:
            logger.debug(line)
            rule = formatter.parse_string(line)
            self.assertIsInstance(rule, Rule, msg="Failed on {}".format(line))
Exemplo n.º 7
0
 def test_fails_parse_invalid(self):
     logger = logging.getLogger(__name__)
     lines = ("in sg-12345abc sg-def98765 tcp a 65535",
              "in sg-12345abc sg-def98765 udp 0 a"
              "in sg-12345abc sg-def98765 fail 0 65536",
              "in sg-12345abc sg-def98765 None None None",
              "in sg-12345abc(foo baz) sg-def98765(bar) tcp 0 65535",
              "in sg-12345abc(foo baz) sg-def98765(bar qux) tcp 0 65535",
              "eg sg-12345abc sg-def98765 tcp 0 65535")
     formatter = RuleFormatter()
     for line in lines:
         logger.debug(line)
         self.assertRaises(InvalidRule, formatter.parse_string, line)
Exemplo n.º 8
0
    def test_parses_valid_rules(self):
        logger = logging.getLogger(__name__)
        lines = (
            "in sg-12345abc sg-def98765 tcp 0 65535",
            "in sg-12345abc sg-def98765 udp 0 65536",
            "in sg-12345abc sg-def98765 -1 0 65536",
            "in sg-12345abc sg-def98765 17 0 65536",
            "in sg-12345abc sg-def98765 tcp -1 65535",
            "in sg-12345abc 0.0.0.0/0 tcp -1 65535",
            "in sg-12345abc 1.2.3.4 tcp -1 65535",
            "in sg-12345abc sg-def98765 tcp 0 -1",
            "in sg-12345abc sg-def98765 tcp -1 -1",
            "in sg-12345abc sg-def98765 tcp 22 22",
            "in sg-12345abc 123456/sg-def98765 tcp 22 22",
            "in sg-12345abc sg-def98765 17 -1 -1",
        )

        formatter = RuleFormatter()
        for line in lines:
            logger.debug(line)
            rule = formatter.parse_string(line)
            self.assertIsInstance(rule, Rule, msg="Failed on {}".format(line))
Exemplo n.º 9
0
 def test_parses_other(self):
     formatter = RuleFormatter()
     gid = self.good_gid
     account = self.good_account
     self.assertEqual({'OtherGroupId': gid, 'OtherUserId': account},
                      formatter.parse_other("{}/{}".format(account, gid)))
Exemplo n.º 10
0
 def test_parses_group(self):
     formatter = RuleFormatter()
     gid = self.good_gid
     self.assertEqual({'GroupId': gid}, formatter.parse_group(gid))
Exemplo n.º 11
0
 def test_parses_group(self):
     formatter = RuleFormatter()
     gid = self.good_gid
     self.assertEqual({'GroupId': gid}, formatter.parse_group(gid))