Now it's all microservices, I hope the fad persists.
This commit is contained in:
96
secdep.py
96
secdep.py
@@ -36,6 +36,8 @@ from libcloud.compute.types import Provider
|
||||
from libcloud.compute.providers import get_driver
|
||||
from libcloud.compute.base import NodeAuthSSHKey
|
||||
from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment
|
||||
# FileDeployment not working for some reason
|
||||
# from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment, FileDeployment
|
||||
from azure.identity import ClientSecretCredential
|
||||
from azure.mgmt.resource import ResourceManagementClient
|
||||
from azure.mgmt.network import NetworkManagementClient
|
||||
@@ -73,8 +75,10 @@ parser.add_argument('-v', '--version', help='Show secdep\'s version', action='st
|
||||
parser.add_argument('-P', '--provider', help='Cloud provider', choices=['gce', 'azure', 'aws'])
|
||||
parser.add_argument('-a', '--action', help='Action to perform on a single provider with -P PROVIDER or all instances. Valid options are delete[all] start[all] stop[all] reboot[all]', choices=action_choices, metavar='ACTION')
|
||||
parser.add_argument('-c', '--create', help='Create an instance', action='store_true')
|
||||
parser.add_argument('-dc', '--docker-compose', help='Run the docker-compose.yml file', action='store_true')
|
||||
parser.add_argument('-dep', '--deploy', help='Docker images to deploy', type=str, nargs='*', default=None, required=False)
|
||||
# --docker_compose is not named --docker-compose because of the way argparse works
|
||||
parser.add_argument('-dc', '--docker_compose', help='Run the docker-compose.yml file', action='store_true')
|
||||
# action='append' is used to allow the user to check if --deploy was used even without any arguments
|
||||
parser.add_argument('-dep', '--deploy', help='Docker images to deploy', type=str, nargs='*', default=None, required=False, action='append')
|
||||
parser.add_argument('-I', '--listimages', help='List images', action='store_true')
|
||||
parser.add_argument('-S', '--listsizes', help='List sizes', action='store_true')
|
||||
parser.add_argument('-G', '--listlocations', help='List locations', action='store_true')
|
||||
@@ -1025,13 +1029,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
if existIn == False:
|
||||
driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
|
||||
if args.deploy:
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
|
||||
sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
# After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
|
||||
# sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
|
||||
msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
|
||||
node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
else:
|
||||
node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
# console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
|
||||
# console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
|
||||
# console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
|
||||
console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
|
||||
console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
|
||||
console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
|
||||
@@ -1087,13 +1096,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
network_client.security_rules.begin_create_or_update(res_group.name, sec_group.name,"allowAllOutbound", SecurityRule(protocol='*', source_address_prefix='*', destination_address_prefix='*', access='Allow', direction='Outbound', description='Allow all', source_port_range='*', destination_port_range='*', priority=4096, name="allowAll"))
|
||||
# Create the node
|
||||
if args.deploy:
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
|
||||
sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
# After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
|
||||
# sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
|
||||
msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
|
||||
node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
else:
|
||||
node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
# console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
|
||||
# console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
|
||||
# console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
|
||||
console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
|
||||
console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
|
||||
console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
|
||||
@@ -1127,14 +1141,13 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
sudo chown secdep:secdep /home/secdep -R
|
||||
sudo chmod 700 /home/secdep /home/secdep/.ssh
|
||||
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
|
||||
## Last two lines don't work
|
||||
## sudo printf "%s\n" "secdep ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/secdepRules"
|
||||
## sudo chmod 0440 "/etc/sudoers.d/secdepRules"'''
|
||||
deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
|
||||
if args.deploy:
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
|
||||
sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
# After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
|
||||
# sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
|
||||
msd = MultiStepDeployment([deploy, sendDockerCompose, actualDeployScript])
|
||||
else:
|
||||
msd = MultiStepDeployment([deploy, actualDeployScript])
|
||||
@@ -1142,6 +1155,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
console.print('[bold white]deploy stdout: %s[/bold white]' % (deploy.stdout))
|
||||
console.print('[bold red]deploy stderr: %s[/bold red]' % (deploy.stderr))
|
||||
console.print('[bold white]deploy exit_code: %s[/bold white]' % (deploy.exit_status))
|
||||
# console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
|
||||
# console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
|
||||
# console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
|
||||
console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
|
||||
console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
|
||||
console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
|
||||
@@ -1169,13 +1185,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
if existIn == False:
|
||||
driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
|
||||
if args.deploy:
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
|
||||
sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
# After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
|
||||
# sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
|
||||
msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
|
||||
node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
else:
|
||||
node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
# console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
|
||||
# console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
|
||||
# console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
|
||||
console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
|
||||
console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
|
||||
console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
|
||||
@@ -1231,13 +1252,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
network_client.security_rules.begin_create_or_update(res_group.name, sec_group.name,"allowAllOutbound", SecurityRule(protocol='*', source_address_prefix='*', destination_address_prefix='*', access='Allow', direction='Outbound', description='Allow all', source_port_range='*', destination_port_range='*', priority=4096, name="allowAll"))
|
||||
# Create the node
|
||||
if args.deploy:
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
|
||||
sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
# After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
|
||||
# sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
|
||||
msd = MultiStepDeployment([sendDockerCompose, actualDeployScript])
|
||||
node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
else:
|
||||
node = driver.deploy_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=res_group.name, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
|
||||
# console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
|
||||
# console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
|
||||
# console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
|
||||
console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
|
||||
console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
|
||||
console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
|
||||
@@ -1261,24 +1287,23 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
sudo useradd -G sudo -s /bin/bash -m secdep
|
||||
sudo echo "secdep:secdeppass" | sudo chpasswd
|
||||
sudo mkdir -p /home/secdep/.ssh
|
||||
[[ -e /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -e /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -e /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -e /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -e /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -e /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -f /root/.ssh/authorized_keys ]] && sudo cp /root/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -f /home/admin/.ssh/authorized_keys ]] && sudo cp /home/admin/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -f /home/ec2-user/.ssh/authorized_keys ]] && sudo cp /home/ec2-user/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -f /home/centos/.ssh/authorized_keys ]] && sudo cp /home/centos/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -f /home/fedora/.ssh/authorized_keys ]] && sudo cp /home/fedora/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
[[ -f /home/ubuntu/.ssh/authorized_keys ]] && sudo cp /home/ubuntu/.ssh/authorized_keys /home/secdep/.ssh/authorized_keys
|
||||
sudo chmod 755 /home
|
||||
sudo chown secdep:secdep /home/secdep -R
|
||||
sudo chmod 700 /home/secdep /home/secdep/.ssh
|
||||
sudo chmod 600 /home/secdep/.ssh/authorized_keys'''
|
||||
## Last two lines don't work
|
||||
## sudo printf "%s\n" "secdep ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/secdepRules"
|
||||
## sudo chmod 0440 "/etc/sudoers.d/secdepRules"'''
|
||||
deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True)
|
||||
if args.deploy:
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker-compose:
|
||||
sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
# After using action=append the args.deploy is a list of lists, so we need to get the first element of the first list
|
||||
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy[0], name="harden", delete=True)
|
||||
if os.path.exists(SECDEP_DOCKER_COMPOSE) and args.docker_compose:
|
||||
# sendDockerCompose = FileDeployment(SECDEP_DOCKER_COMPOSE, target="/home/secdep")
|
||||
sendDockerCompose = ScriptFileDeployment(script_file=SECDEP_DOCKER_COMPOSE, name="docker-compose.yml", delete=False)
|
||||
msd = MultiStepDeployment([deploy, sendDockerCompose, actualDeployScript])
|
||||
else:
|
||||
msd = MultiStepDeployment([deploy, actualDeployScript])
|
||||
@@ -1286,6 +1311,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
|
||||
console.print('[bold white]deploy stdout: %s[/bold white]' % (deploy.stdout))
|
||||
console.print('[bold red]deploy stderr: %s[/bold red]' % (deploy.stderr))
|
||||
console.print('[bold white]deploy exit_code: %s[/bold white]' % (deploy.exit_status))
|
||||
# console.print('[bold white]harden stdout: %s[/bold white]' % (sendDockerCompose.stdout))
|
||||
# console.print('[bold red]harden stderr: %s[/bold red]' % (sendDockerCompose.stderr))
|
||||
# console.print('[bold white]harden exit_code: %s[/bold white]' % (sendDockerCompose.exit_status))
|
||||
console.print('[bold white]harden stdout: %s[/bold white]' % (actualDeployScript.stdout))
|
||||
console.print('[bold red]harden stderr: %s[/bold red]' % (actualDeployScript.stderr))
|
||||
console.print('[bold white]harden exit_code: %s[/bold white]' % (actualDeployScript.exit_status))
|
||||
@@ -1582,7 +1610,7 @@ if args.listlocations and args.provider:
|
||||
if args.create:
|
||||
assert args.provider is not None, "Provider must be specified for node creation"
|
||||
# If -c or --create is passed, call the create_node function
|
||||
create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy)
|
||||
create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy[0])
|
||||
exit(0)
|
||||
if args.list:
|
||||
if args.print:
|
||||
@@ -1603,7 +1631,7 @@ if args.ssh:
|
||||
if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create:
|
||||
console.print("Image, size, name, region, yes and deploy parameters [u]only[/u] go along with the create flag", style="bold red")
|
||||
exit(0)
|
||||
if args.docker-compose and not args.deploy:
|
||||
if args.docker_compose and not args.deploy:
|
||||
console.print("Docker compose [u]only[/u] goes along with the deploy flag", style="bold red")
|
||||
exit(0)
|
||||
if args.print and not args.list or args.listimages or args.listsizes or args.listlocations:
|
||||
|
||||
Reference in New Issue
Block a user