konsthol/SecDep
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

My boss forced me to build this feature... Pure shit.

Browse Source
This commit is contained in:
konsthol
2023-03-23 22:03:47 +02:00
parent a5670b3d17
commit 92a3bb437d
1 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
secdep.py
View File

@@ -69,6 +69,7 @@ parser.add_argument('-n', '--name', help='Name of instance')
parser.add_argument('-g', '--region', help='Region to use') parser.add_argument('-g', '--region', help='Region to use')
parser.add_argument('-y', '--yes', help='Do not ask for confirmation during creation', action='store_true') parser.add_argument('-y', '--yes', help='Do not ask for confirmation during creation', action='store_true')
parser.add_argument('-p', '--print', help='Also print node, image, location or size', action='store_true') parser.add_argument('-p', '--print', help='Also print node, image, location or size', action='store_true')
parser.add_argument('-port', '--port', help='Port to connect to when using ssh')
parser.add_argument('-ssh', '--ssh', help='Connect to an instance using ssh with the option to use -P PROVIDER to choose node from a specific provider', action='store_true') parser.add_argument('-ssh', '--ssh', help='Connect to an instance using ssh with the option to use -P PROVIDER to choose node from a specific provider', action='store_true')
args = parser.parse_args() args = parser.parse_args()
@@ -929,6 +930,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
if gceNode.name == name: if gceNode.name == name:
print("A node with that name already exists under this project, please choose another one") print("A node with that name already exists under this project, please choose another one")
exit(0) exit(0)
existIn = False
firewalls = driver.ex_list_firewalls()
for firewall in firewalls:
if firewall.name == "allow-all-inbound":
existIn = True
break
if existIn == False:
driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
if args.deploy: if args.deploy:
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True) actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep") node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
@@ -1042,6 +1051,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
if gceNode.name == name: if gceNode.name == name:
print("A node with that name already exists under this project, please choose another one") print("A node with that name already exists under this project, please choose another one")
exit(0) exit(0)
existIn = False
firewalls = driver.ex_list_firewalls()
for firewall in firewalls:
if firewall.name == "allow-all-inbound":
existIn = True
break
if existIn == False:
driver.ex_create_firewall(name="allow-all-inbound", allowed=[{"IPProtocol": "tcp", "ports": ["0-65534"]},{"IPProtocol": "udp", "ports": ["0-65534"]}], network='default', direction='INGRESS', priority=1000, source_service_accounts=sa_scopes, target_service_accounts=sa_scopes)
if args.deploy: if args.deploy:
actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True) actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True)
node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep") node = driver.deploy_node(name=name, image=image, size=size, location=location, ex_service_accounts=sa_scopes, ex_metadata=metadata, deploy=actualDeployScript, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_username="secdep")
@@ -1151,7 +1168,7 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi
print("Node is initializing") print("Node is initializing")
print("ip to connect to") print("ip to connect to")
print("\nIP: %s" % (node.public_ips[0])) print("\nIP: %s" % (node.public_ips[0]))
print("\nssh command: ssh -i path/to/secdep secdep@%s\n" % (node.public_ips[0])) print("\nssh command: ssh -i %s secdep@%s\n" % (SECDEP_SSH_PRIVATE_KEY, node.public_ips[0]))
print("If you ever change the port adjust the command accordingly") print("If you ever change the port adjust the command accordingly")
return node return node
@@ -1325,10 +1342,13 @@ def node_action_all(action, provider):
poller = resource_client.resource_groups.begin_delete(node_name+"-res_group") poller = resource_client.resource_groups.begin_delete(node_name+"-res_group")
result = poller.result() result = poller.result()
def ssh(provider): def ssh(provider, port=None):
node = choose_from_list(list_all_nodes(provider,"stop"), "node") node = choose_from_list(list_all_nodes(provider,"stop"), "node")
ip = node.public_ips[0] ip = node.public_ips[0]
port = 22 if port is None:
port = 22
else:
port = port
username = "secdep" username = "secdep"
sshkey = SECDEP_SSH_PRIVATE_KEY sshkey = SECDEP_SSH_PRIVATE_KEY
ssh = paramiko.SSHClient() ssh = paramiko.SSHClient()
@@ -1400,7 +1420,7 @@ if args.action:
node_action(args.action, args.provider) node_action(args.action, args.provider)
exit(0) exit(0)
if args.ssh: if args.ssh:
ssh(args.provider) ssh(args.provider, args.port)
exit(0) exit(0)
if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create: if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create:
print("Image, size, name, region, yes and deploy parameters only go along with the create flag") print("Image, size, name, region, yes and deploy parameters only go along with the create flag")