My boss forced me to build this feature... Pure shit.

2023-03-23 22:03:47 +02:00
parent a5670b3d17
commit 92a3bb437d
1 changed files with 24 additions and 4 deletions
--- a/secdep.py
+++ b/secdep.py
@@ -69,6 +69,7 @@ parser.add_argument('-n', '--name', help='Name of instance')
 parser.add_argument('-g', '--region', help='Region to use')
 parser.add_argument('-y', '--yes', help='Do not ask for confirmation during creation', action='store_true')
 parser.add_argument('-p', '--print', help='Also print node, image, location or size', action='store_true')
+parser.add_argument('-port', '--port', help='Port to connect to when using ssh')
 parser.add_argument('-ssh', '--ssh', help='Connect to an instance using ssh with the option to use -P PROVIDER to choose node from a specific provider', action='store_true')
 args = parser.parse_args()

@@ -929,6 +930,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
                if gceNode.name == name:
                    print("A node with that name already exists under this project, please choose another one")
                    exit(0)
+            existIn = False
+            firewalls = driver.ex_list_firewalls()
+            for firewall in firewalls:
+                if firewall.name == "allow-all-inbound":
+                    existIn = True
+                    break
+            if existIn == False:
+                driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
            if args.deploy:
                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
                node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
@@ -1042,6 +1051,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
                if gceNode.name == name:
                    print("A node with that name already exists under this project, please choose another one")
                    exit(0)
+            existIn = False
+            firewalls = driver.ex_list_firewalls()
+            for firewall in firewalls:
+                if firewall.name == "allow-all-inbound":
+                    existIn = True
+                    break
+            if existIn == False:
+                driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
            if args.deploy:
                actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
                node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
@@ -1151,7 +1168,7 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
    print("Node is initializing")
    print("ip to connect to")
    print("\nIP: %s" % (node.public_ips[0]))
-    print("\nssh command: ssh -i path/to/secdep secdep@%s\n" % (node.public_ips[0]))
+    print("\nssh command: ssh -i %s secdep@%s\n" % (SECDEP_SSH_PRIVATE_KEY, node.public_ips[0]))
    print("If you ever change the port adjust the command accordingly")
    return node

@@ -1325,10 +1342,13 @@ def node_action_all(action, provider):
            poller = resource_client.resource_groups.begin_delete(node_name+"-res_group")
            result = poller.result()

-def ssh(provider):
+def ssh(provider, port=None):
    node = choose_from_list(list_all_nodes(provider,"stop"), "node")
    ip = node.public_ips[0]
-    port = 22
+    if port is None:
+        port = 22
+    else:
+        port = port
    username = "secdep"
    sshkey = SECDEP_SSH_PRIVATE_KEY
    ssh = paramiko.SSHClient()
@@ -1400,7 +1420,7 @@ if args.action:
        node_action(args.action, args.provider)
    exit(0)
 if args.ssh:
-    ssh(args.provider)
+    ssh(args.provider, args.port)
    exit(0)
 if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create:
    print("Image, size, name, region, yes and deploy parameters only go along with the create flag")