def upload_secgroup(self, name=None):
"""
upload or update the security group with the given name
The group will have a number of rules.
:param name: name of the security group
:return:
"""
if name is None:
groups = Secgroup().list()
for group in groups:
print("upload group:", group['name'])
self.upload_secgroup(name=group['name'])
return
groups = Secgroup().list()
if name is not None:
for group in groups:
if group['name'] == name:
break
rules = SecgroupRule().list()
data = {}
for rule in rules:
data[rule['name']] = rule
sgroups = self.list_secgroups(name)
group_exists = False
if len(sgroups) > 0:
print(" Warning group already exists")
group_exists = True
if not group_exists:
self.add_secgroup(name=name, description=group['description'])
for r in group['rules']:
if r != 'nothing':
found = data[r]
print(" ", "rule:", found['name'])
self.add_secgroup_rule(name=name,
port=found["ports"],
protocol=found["protocol"],
ip_range=found["ip_range"])
else:
for r in group['rules']:
if r != 'nothing':
found = data[r]
print(" ", "rule:", found['name'])
self.add_rules_to_secgroup(name=name,
rules=[found['name']])
def add_rules_to_secgroup(self, name=None, rules=None):
if name is None and rules is None:
raise ValueError("name or rules are None")
cgroups = self.list_secgroups(name)
if len(cgroups) == 0:
raise ValueError("group does not exist")
groups = DictList(Secgroup().list())
rules_details = DictList(SecgroupRule().list())
try:
group = groups[name]
except:
raise ValueError("group does not exist")
for rule in rules:
try:
found = rules_details[rule]
self.add_secgroup_rule(name=name,
port=found["ports"],
protocol=found["protocol"],
ip_range=found["ip_range"])
except:
ValueError("rule can not be found")
def remove_rules_from_secgroup(self, name=None, rules=None):
if name is None and rules is None:
raise ValueError("name or rules are None")
cgroups = self.list_secgroups(name)
if len(cgroups) == 0:
raise ValueError("group does not exist")
groups = DictList(Secgroup().list())
rules_details = DictList(SecgroupRule().list())
try:
group = groups[name]
except:
raise ValueError("group does not exist")
for rule in rules:
try:
found = rules_details[rule]
try:
pmin, pmax = rules['ports'].split(":")
except:
pmin = None
pmax = None
except:
ValueError("rule can not be found")
for r in cgroups['security_group_rules']:
test = \
r["port_range_max"] == pmin and \
r["port_range_min"] == pmax and \
r["protocol"] == found["protocol"] and \
r["remote_ip_prefix"] == found["ports"]
# r["direction"] == "egress" \
# r["ethertype"] == "IPv6" \
# r["id"] == "1234e4e3-ba72-4e33-9844-..." \
# r["remote_group_id"]] == null \
# r["tenant_id"]] == "CH-12345"
if test:
id = r["security_group_id"]
list_test = [test]
self.virtual_network.remove_network_security_group_security_rules(
id,
oci.core.models.
RemoveNetworkSecurityGroupSecurityRulesDetails(
list_test))
def upload_secgroup(self, name=None):
if name is None:
raise ValueError("name is None")
group_exists = False
sec_group = self.list_secgroups(name)
if sec_group is None:
return
if len(sec_group) > 0:
print("Warning group already exists")
group_exists = True
groups = Secgroup().list()
rules = SecgroupRule().list()
VERBOSE(rules)
data = {}
for rule in rules:
data[rule['name']] = rule
VERBOSE(groups)
for group in groups:
if group['name'] == name:
break
print("upload group:", name)
if not group_exists:
self.add_secgroup(name=name, description=group['description'])
for r in group['rules']:
found = data[r]
print(" ", "rule:", found['name'])
self.add_secgroup_rule(
name=name,
port=found["ports"],
protocol=found["protocol"],
ip_range=found["ip_range"])
else:
for r in group['rules']:
found = data[r]
print(" ", "rule:", found['name'])
self.add_rules_to_secgroup(
name=name,
rules=[found])
def upload_secgroup(self, name=None):
cgroups = self.list_secgroups(name)
group_exists = False
if len(cgroups) > 0:
print("Warning group already exists")
group_exists = True
groups = Secgroup().list()
rules = SecgroupRule().list()
# pprint (rules)
data = {}
for rule in rules:
data[rule['name']] = rule
# pprint (groups)
for group in groups:
if group['name'] == name:
break
print("upload group:", name)
if not group_exists:
self.add_secgroup(name=name, description=group['description'])
for r in group['rules']:
if r != 'nothing':
found = data[r]
print(" ", "rule:", found['name'])
self.add_secgroup_rule(
name=name,
port=found["ports"],
protocol=found["protocol"],
ip_range=found["ip_range"])
else:
for r in group['rules']:
if r != 'nothing':
found = data[r]
print(" ", "rule:", found['name'])
self.add_rules_to_secgroup(
name=name,
rules=[found['name']])
# cms sec group list
#
###############################################################
import pytest
from cloudmesh.common.util import HEADING
from cloudmesh.common3.Benchmark import Benchmark
from cloudmesh.common3.Shell import Shell
from cloudmesh.secgroup.Secgroup import Secgroup
from cloudmesh.secgroup.Secgroup import SecgroupExamples
from cloudmesh.secgroup.Secgroup import SecgroupRule
Benchmark.debug()
rules = SecgroupRule()
groups = Secgroup()
def run(label, command):
result = Shell.run_timed(label, command, service="local")
print(result)
return result
@pytest.mark.incremental
class TestSecCLI:
def test_clear(self):
HEADING(color="HEADER")
Benchmark.Start()
run("clear", "cms sec clear")
def do_sec(self, args, arguments):
"""
::
Usage:
sec rule list [--cloud=CLOUDS] [--output=OUTPUT]
sec rule add RULE FROMPORT TOPORT PROTOCOL CIDR
sec rule delete RULE [--cloud=CLOUD]
sec group list [--cloud=CLOUDS] [--output=OUTPUT]
sec group add GROUP RULES DESCRIPTION
sec group delete GROUP [--cloud=CLOUD]
sec group load [GROUP] [--cloud=CLOUD]
sec list [--output=OUTPUT]
sec load
sec clear
Options:
--output=OUTPUT Specify output format, in one of the following:
table, csv, json, yaml, dict
[default: table].
--cloud=CLOUD Name of the IaaS cloud e.g. kilo,chameleon.
The clouds are defined in the yaml file.
If the name "all" is used for the cloud all
clouds will be selected.
Arguments:
RULE The security group rule name
GROUP The label/name of the security group
FROMPORT Staring port of the rule, e.g. 22
TOPORT Ending port of the rule, e.g. 22
PROTOCOL Protocol applied, e.g. TCP,UDP,ICMP
CIDR IP address range in CIDR format, e.g.,
129.79.0.0/16
Examples:
# sec load
# sec group list
# sec group add my_new_group webapp 8080 8080 tcp 0.0.0.0/0
Bugs:
# sec group list --cloud=chameleon
# seg group delete my_group my_rule
# sec group delete my_unused_group --cloud=kilo
# sec group upload --cloud=kilo
Description:
Database commands:
sec clear
removes all rules and groups from the database
sec load
loads some default security groups and rules in the
database
sec clear
deletes all security groups and rules in the database
sec rule list [--output=OUTPUT]
lists all security groups and rules in the database
sec rule add RULE FROMPORT TOPORT PROTOCOL CIDR
adds a security rule with the given group and the details
of the security rules
sec group add GROUP RULES DESCRIPTION
adds a security group with the given group and the
details of the security groups
sec rule delete RULE
deletes the rule form the database
sec group delete GROUP
deletes the group form the database
Cloud commands:
sec rule list --cloud=CLOUDS [--output=OUTPUT]
lists all security rules in the specified cloud
sec group list --cloud=CLOUDS [--output=OUTPUT]
lists all security groups in the specified cloud
sec rule delete RULE --cloud=CLOUD
deletes the rule form the cloud
sec group delete GROUP [--cloud=CLOUD]
deletes the group from the cloud
sec load GROUP --cloud=CLOUD
uploads the group to the cloud with all its rules
"""
map_parameters(arguments, 'cloud', 'output', 'name')
rules = SecgroupRule()
groups = Secgroup()
def Print(kind, list):
if kind == "group":
output = ""
else:
output = groups.output
print(
Printer.write(list,
sort_keys=output[kind]['sort_keys'],
order=output[kind]['order'],
header=output[kind]['header'],
output=arguments.output))
def list_all():
data = []
group_entries = groups.list()
for group_entry in group_entries:
group_name = group_entry['name']
for rule_name in group_entry['rules']:
try:
rule_entry = rules.list(name=rule_name)[0]
rule_entry['rule'] = rule_name
rule_entry['group'] = group_name
data.append(rule_entry)
except:
pass
Print("all", data)
if (arguments.load and not arguments.group) or \
(arguments.load and arguments.group and not arguments.GROUP):
examples = SecgroupExamples()
examples.load()
list_all()
return ""
elif arguments.load and arguments.group and arguments.cloud:
provider = Provider(name=arguments.cloud)
provider.upload_secgroup(name=arguments.GROUP)
return ""
elif arguments.list and not arguments.rule and not arguments.group:
found = groups.list()
for entry in found:
group_rules = entry['rules']
if type(group_rules) == list:
entry['rules'] = ', '.join(group_rules)
Print("secgroup", found)
found = rules.list()
Print("secrule", found)
elif arguments.group and arguments.delete:
if arguments.cloud:
clouds = Parameter.expand(arguments.cloud)
for cloud in clouds:
print(f"cloud {cloud}")
provider = Provider(name=cloud)
r = provider.remove_secgroup(name=arguments.GROUP)
else:
groups.remove(arguments.GROUP)
elif (arguments.group or arguments.rule) and arguments.list and \
arguments.cloud:
clouds = Parameter.expand(arguments.cloud)
if len(clouds) == 0:
variables = Variables()
cloudname = variables['cloud']
clouds = [cloudname]
keys = []
for cloud in clouds:
print(f"cloud {cloud}")
provider = Provider(name=cloud)
cloud_groups = provider.list_secgroups()
if arguments.output == 'table':
result = []
for group in cloud_groups:
if cloud == "aws":
for rule in group['IpPermissions']:
rule['name'] = group['GroupName']
rule['direction'] = "Inbound"
if rule['UserIdGroupPairs']:
rule['groupId'] = \
rule['UserIdGroupPairs'][0]['GroupId']
if rule['IpRanges']:
rule['ipRange'] = rule['IpRanges'][0][
'CidrIp']
result.append(rule)
else:
for rule in group['security_group_rules']:
rule['name'] = group['name']
result.append(rule)
cloud_groups = result
provider.p.Print(
cloud_groups,
output=arguments.output,
kind="secrule",
)
return ""
elif arguments.group and arguments.list:
found = groups.list()
for entry in found:
group_rules = entry['rules']
if type(group_rules) == list:
entry['rules'] = ', '.join(group_rules)
Print("secgroup", found)
return ""
elif arguments.rule and arguments.list:
found = rules.list()
Print("secrule", found)
return ""
elif arguments.rule and arguments.add:
rules = SecgroupRule()
# name=None, protocol=None, ports=None, ip_range=None
rules.add(name=arguments.RULE,
ports=f"{arguments.FROMPORT}" + ":" +
f"{arguments.TOPORT}",
protocol=arguments.PROTOCOL,
ip_range=arguments.CIDR)
return ""
elif arguments.group and arguments.add:
group = Secgroup()
group.add(name=arguments.GROUP,
rules=arguments.RULES,
description=arguments.DESCRIPTION)
return ""
elif arguments.list:
found = rules.list()
Print("secrule", found)
return ""
elif arguments.clear:
groups.clear()
rules.clear()
return ""
return ""
