def _build_ports_strings(self, nsg, direction_key, ip_protocol):
nsg_ports = PortsRangeHelper.build_ports_dict(nsg, direction_key, ip_protocol)
IsAllowed = StringUtils.equal(self.access_action, ALLOW_OPERATION)
# Find ports with different access level from NSG and this action
diff_ports = sorted([p for p in self.action_ports if nsg_ports.get(p, False) != IsAllowed])
return PortsRangeHelper.get_ports_strings_from_list(diff_ports)
def _check_nsg(self, nsg):
nsg_ports = PortsRangeHelper.build_ports_dict(nsg, self.direction_key, self.ip_protocol)
num_allow_ports = len([p for p in self.ports if nsg_ports.get(p)])
num_deny_ports = len(self.ports) - num_allow_ports
if self.match == 'all':
if self.IsAllowed:
return num_deny_ports == 0
else:
return num_allow_ports == 0
if self.match == 'any':
if self.IsAllowed:
return num_allow_ports > 0
else:
return num_deny_ports > 0
def test_build_ports_dict(self):
securityRules = [
{'properties': {'destinationPortRange': '80-84',
'priority': 100,
'direction': 'Outbound',
'access': 'Allow',
'protocol': 'TCP'}},
{'properties': {'destinationPortRange': '85-89',
'priority': 110,
'direction': 'Outbound',
'access': 'Allow',
'protocol': 'UDP'}},
{'properties': {'destinationPortRange': '80-84',
'priority': 120,
'direction': 'Inbound',
'access': 'Deny',
'protocol': 'TCP'}},
{'properties': {'destinationPortRange': '85-89',
'priority': 130,
'direction': 'Inbound',
'access': 'Deny',
'protocol': 'UDP'}},
{'properties': {'destinationPortRange': '80-89',
'priority': 140,
'direction': 'Inbound',
'access': 'Allow',
'protocol': '*'}}]
nsg = {'properties': {'securityRules': securityRules}}
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'TCP'),
{k: k > 84 for k in range(80, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'UDP'),
{k: k < 85 for k in range(80, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', '*'),
{k: False for k in range(80, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'TCP'),
{k: True for k in range(80, 85)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'UDP'),
{k: True for k in range(85, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', '*'),
{k: True for k in range(80, 90)})
def test_build_ports_dict(self):
securityRules = [
{'properties': {'destinationPortRange': '80-84',
'priority': 100,
'direction': 'Outbound',
'access': 'Allow',
'protocol': 'TCP'}},
{'properties': {'destinationPortRange': '85-89',
'priority': 110,
'direction': 'Outbound',
'access': 'Allow',
'protocol': 'UDP'}},
{'properties': {'destinationPortRange': '80-84',
'priority': 120,
'direction': 'Inbound',
'access': 'Deny',
'protocol': 'TCP'}},
{'properties': {'destinationPortRange': '85-89',
'priority': 130,
'direction': 'Inbound',
'access': 'Deny',
'protocol': 'UDP'}},
{'properties': {'destinationPortRange': '80-89',
'priority': 140,
'direction': 'Inbound',
'access': 'Allow',
'protocol': '*'}}]
nsg = {'properties': {'securityRules': securityRules}}
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'TCP'),
{k: k > 84 for k in range(80, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', 'UDP'),
{k: k < 85 for k in range(80, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Inbound', '*'),
{k: False for k in range(80, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'TCP'),
{k: True for k in range(80, 85)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', 'UDP'),
{k: True for k in range(85, 90)})
self.assertEqual(PortsRangeHelper.build_ports_dict(nsg, 'Outbound', '*'),
{k: True for k in range(80, 90)})
