diff --git a/secdep.py b/secdep.py index e381d5c..2676289 100755 --- a/secdep.py +++ b/secdep.py @@ -69,6 +69,7 @@ parser.add_argument('-n', '--name', help='Name of instance') parser.add_argument('-g', '--region', help='Region to use') parser.add_argument('-y', '--yes', help='Do not ask for confirmation during creation', action='store_true') parser.add_argument('-p', '--print', help='Also print node, image, location or size', action='store_true') +parser.add_argument('-port', '--port', help='Port to connect to when using ssh') parser.add_argument('-ssh', '--ssh', help='Connect to an instance using ssh with the option to use -P PROVIDER to choose node from a specific provider', action='store_true') args = parser.parse_args() @@ -929,6 +930,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi if gceNode.name == name: print("A node with that name already exists under this project, please choose another one") exit(0) + existIn = False + firewalls = driver.ex_list_firewalls() + for firewall in firewalls: + if firewall.name == "allow-all-inbound": + existIn = True + break + if existIn == False: + driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes) if args.deploy: actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True) node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep") @@ -1042,6 +1051,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi if gceNode.name == name: print("A node with that name already exists under this project, please choose another one") exit(0) + existIn = False + firewalls = driver.ex_list_firewalls() + for firewall in firewalls: + if firewall.name == "allow-all-inbound": + existIn = True + break + if existIn == False: + driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes) if args.deploy: actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True) node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep") @@ -1151,7 +1168,7 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi print("Node is initializing") print("ip to connect to") print("\nIP: %s" % (node.public_ips[0])) - print("\nssh command: ssh -i path/to/secdep secdep@%s\n" % (node.public_ips[0])) + print("\nssh command: ssh -i %s secdep@%s\n" % (SECDEP_SSH_PRIVATE_KEY, node.public_ips[0])) print("If you ever change the port adjust the command accordingly") return node @@ -1325,10 +1342,13 @@ def node_action_all(action, provider): poller = resource_client.resource_groups.begin_delete(node_name+"-res_group") result = poller.result() -def ssh(provider): +def ssh(provider, port=None): node = choose_from_list(list_all_nodes(provider,"stop"), "node") ip = node.public_ips[0] - port = 22 + if port is None: + port = 22 + else: + port = port username = "secdep" sshkey = SECDEP_SSH_PRIVATE_KEY ssh = paramiko.SSHClient() @@ -1400,7 +1420,7 @@ if args.action: node_action(args.action, args.provider) exit(0) if args.ssh: - ssh(args.provider) + ssh(args.provider, args.port) exit(0) if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create: print("Image, size, name, region, yes and deploy parameters only go along with the create flag")