def test_dump_garbage_tags(self): config = VPCTagConfig({ VPCTagConfig.T_TARGET: 'arn:aws:foo/bar', 'flavor': 'development', }) self.assertTrue(config.enabled) self.assertEqual(1, len(config.get_aws_tags()), config.get_aws_tags())
def prompt_vpc_config(vpc_prop: VPC_Props, region: str) -> None: """ The VPC configuration is stored in the account using tags, per the properties supported in VPCTagConfig """ current_config = VPCTagConfig(vpc_prop.tags) desc = f'enabled to `{current_config.target}` with enrollment mode `{current_config.enrollment}`' if current_config.enabled else 'disabled' change_config = 'y' in input( f'Modify VPC config for {vpc_prop.vpc_id}:{vpc_prop.name} (currently {desc})? (n) ' ).lower() if not change_config: return if current_config.enabled and 'y' in input( f"Disable Traffic Mirroring for this VPC? (n) ").lower(): mirror_target_arn = None else: mirror_target_arn = find_mirror_target(region=region, vpc_id=vpc_prop.vpc_id) new_config = VPCTagConfig(vpc_prop.tags) new_config.target = mirror_target_arn auto_mode_default = 'y' if current_config.auto_enrollment else '' resp = input(f"Enrollment Mode: " f"Y for {VPCTagConfig.V_ENROLLMENT_AUTO} mode, " f"N for {VPCTagConfig.V_ENROLLMENT_WHITELIST} mode. " f"(Currently {current_config.enrollment}) " f"Mirror all instances by default? ({auto_mode_default}) " ).lower() or auto_mode_default auto_mode = 'y' in resp new_config.enrollment = VPCTagConfig.V_ENROLLMENT_AUTO if auto_mode else VPCTagConfig.V_ENROLLMENT_WHITELIST Ec2ApiClient.set_vpc_config(region=region, vpc_id=vpc_prop.vpc_id, config=new_config) logging.info( f'VPC Traffic Mirroring Target updated to {mirror_target_arn} in {new_config.enrollment} Enrollment Mode' )
def test_get_aws_tags(self): config = VPCTagConfig() config.target = 'arn:foo/bar' self.assertEqual([{ 'Key': 'Vectra:session_mirroring_target', 'Value': 'arn:foo/bar' }], config.get_aws_tags())
def set_vpc_config(cls, region: str, vpc_id: str, config: VPCTagConfig) -> None: """ enables/disables tapping the vpc""" client = cls._get_client(region=region) if config.enabled: client.create_tags(Tags=config.get_aws_tags(), Resources=[vpc_id]) else: client.delete_tags(Tags=config.get_aws_tags(), Resources=[vpc_id])
def main() -> None: logging.getLogger().setLevel(logging.INFO) region = Ec2ApiClient.get_region() for vpc_prop in Ec2ApiClient.list_vpcs(region=region): # type: VPC_Props logging.info( f" Managing Session Mirroring for VPC {vpc_prop.name}: {vpc_prop.vpc_id}" ) config = VPCTagConfig(vpc_prop.tags) SpileTapper.manage(region=region, vpc_ids=[vpc_prop.vpc_id], config=config)
def test_enrollment_set_none(self): config = VPCTagConfig() config.enrollment = None config.target = None self.assertEqual(2, len(config.get_aws_tags())) for tag in config.get_aws_tags(): self.assertEqual(1, len(tag))
def test_enrollment_set(self): config = VPCTagConfig() config.enrollment = config.V_ENROLLMENT_WHITELIST self.assertEqual(config.V_ENROLLMENT_WHITELIST, config.enrollment) config.target = 'arn:aws:foo/bar' self.assertEqual(2, len(config.get_aws_tags())) for tag in config.get_aws_tags(): self.assertEqual(2, len(tag))
def test_enrollment_default(self): config = VPCTagConfig() self.assertEqual(config.V_ENROLLMENT_AUTO, config.enrollment)
def test_enrollment_value_error(self): config = VPCTagConfig() with self.assertRaises(ValueError) as e: config.enrollment = 'cheese'
def test_disable(self): config = VPCTagConfig() config.target = None self.assertFalse(config.enabled)
def test_enable(self): config = VPCTagConfig() config.target = 'arn:foo/bar' self.assertTrue(config.enabled) self.assertEqual('arn:foo/bar', config.target)
def test_none(self): config = VPCTagConfig() self.assertFalse(config.enabled) self.assertIsNone(config.target)
def test_empty_config(self): config = VPCTagConfig() self.assertEqual([], config.get_aws_tags())