def it_condition_have_proto_protocol_and_port_port_for_cidr( step_obj, condition, proto, port, cidr): proto = str(proto) cidr = str(cidr) ports = port # In case we have a range if '-' in port: from_port, to_port = port.split('-') # In case we have comma delimited ports elif ',' in port: from_port = to_port = '0' ports = port.split(',') else: from_port = to_port = port condition = condition == 'only' for item in step_obj.context.stash.properties: if type(item.property_value) is list: for security_group in item.property_value: check_sg_rules(world.config.terraform.terraform_config, security_group, condition, proto, from_port, to_port, ports, cidr) else: check_sg_rules(world.config.terraform.terraform_config, item.property_value, proto, condition, from_port, to_port, ports, cidr)
def it_condition_have_proto_protocol_and_port_port_for_cidr( _step_obj, condition, proto, port, cidr): proto = str(proto) cidr = str(cidr) # Set to True only if the condition is 'only' condition = condition == 'only' # In case we have a range if '-' in port: if condition: raise Failure( '"must only" scenario cases must be used either with individual port ' 'or multiple ports separated with comma.') from_port, to_port = port.split('-') ports = [from_port, to_port] # In case we have comma delimited ports elif ',' in port: ports = [port for port in port.split(',')] from_port = min(ports) to_port = max(ports) else: from_port = to_port = int(port) ports = list(set([str(from_port), str(to_port)])) from_port = int(from_port) if int(from_port) > 0 else 1 to_port = int(to_port) if int(to_port) > 0 else 1 ports[0] = ports[0] if int(ports[0]) > 0 else '1' looking_for = dict(proto=proto, from_port=int(from_port), to_port=int(to_port), ports=ports, cidr=cidr) for security_group in _step_obj.context.stash: if type(security_group['values']) is list: for sg in security_group['values']: check_sg_rules(plan_data=sg, security_group=looking_for, condition=condition) elif type(security_group['values']) is dict: check_sg_rules(plan_data=security_group['values'], security_group=looking_for, condition=condition) else: raise TerraformComplianceInternalFailure( 'Unexpected Security Group, ' 'must be either list or a dict: ' '{}'.format(security_group['values'])) return True
def it_must_not_have_sg_stuff(step, proto, port, cidr): proto = str(proto) port = int(port) cidr = str(cidr) for item in step.context.stash.properties: if type(item.property_value) is list: for security_group in item.property_value: check_sg_rules(world.config.terraform.terraform_config, security_group, proto, port, cidr) else: check_sg_rules(world.config.terraform.terraform_config, item.property_value, proto, port, cidr)
def it_must_not_have_proto_protocol_and_port_port_for_cidr( step_obj, proto, port, cidr): proto = str(proto) cidr = str(cidr) # In case we have a range if '-' in port: from_port, to_port = port.split('-') else: from_port = to_port = port for item in step_obj.context.stash.properties: if type(item.property_value) is list: for security_group in item.property_value: check_sg_rules(world.config.terraform.terraform_config, security_group, proto, from_port, to_port, cidr) else: check_sg_rules(world.config.terraform.terraform_config, item.property_value, proto, from_port, to_port, cidr)