diff --git a/secdep.py b/secdep.py index 2e04e00..ba60aac 100755 --- a/secdep.py +++ b/secdep.py @@ -6,16 +6,16 @@ # 3) Amazon Web Services (EC2) # A user will be able to # 1) create an instance -# 2) delete an instance or all of them -# 3) list all instances across all cloud providers -# 4) start a stopped instance or all of them -# 5) stop a running instance or all of them -# 6) reboot a running instance or all of them +# 2) delete an instance or all of them across all or one cloud provider +# 3) list all instances across all cloud providers or a specific one +# 4) start a stopped instance or all of them across all or one cloud provider +# 5) stop a running instance or all of them across all or one cloud provider +# 6) reboot a running instance or all of them across all or one cloud provider # 7) list images available for a provider # 8) list sizes available for a provider # 9) list locations available for a provider # 10) run a script during the creation of a new instance -# 11) ssh to an instance +# 11) ssh to an instance with a choice across all or one cloud provider # from the command line using flags import os @@ -30,6 +30,10 @@ from libcloud.compute.providers import get_driver from libcloud.compute.base import NodeAuthSSHKey from libcloud.compute.deployment import ScriptDeployment, SSHKeyDeployment, MultiStepDeployment +# from azure.common.credentials import ServicePrincipalCredentials +# from azure.mgmt.network import NetworkManagementClient +# from azure.mgmt.network.models import NetworkSecurityGroup, SecurityRule + # Disable SSL certificate verification # Disable SHA-2 variants of RSA key verification algorithm for backward compatibility reasons @@ -978,11 +982,13 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi if sec_group.name == name+"-sec_group": print("A security group with that name already exists, please try a different virtual machine name to differentiate the security group name") exit(0) + # ips = driver.ex_list_public_ips(SECDEP_AZURE_RESOURCE_GROUP) # for ip in ips: # if ip.name == name+"-ip": # print("An ip with that name already exists, please try a different virtual machine name to differentiate the ip name") # exit(0) + driver.ex_create_network_security_group(name=name+"-sec_group", resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location) networks = driver.ex_list_networks() for network in networks: @@ -997,10 +1003,37 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi print('Current virtual network\'s location: %s' % (ex_network.location)) exit(0) subnet = driver.ex_list_subnets(network=ex_network)[0] + # public_ip = driver.ex_create_public_ip(name=name+"-ip", resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location, public_ip_allocation_method="Static") + public_ip = driver.ex_list_public_ips(SECDEP_AZURE_RESOURCE_GROUP)[0] network_interface = driver.ex_create_network_interface(name=name+"-nic", subnet=subnet, resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location, public_ip=public_ip) - node = driver.create_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=SECDEP_AZURE_RESOURCE_GROUP, ex_use_managed_disks=True, ex_nic=network_interface, ex_os_disk_delete=True) + nic = driver.ex_list_nics(resource_group=SECDEP_AZURE_RESOURCE_GROUP)[0] + sec_group = driver.ex_list_network_security_groups(SECDEP_AZURE_RESOURCE_GROUP)[0] + params = {"ipConfigurations":[{"name":"myip1","id":nic.id,"type":"Microsoft.Network/networkInterfaces/ipConfigurations","properties":{"provisioningState":"Succeeded","privateIPAddress":"10.0.0.4","privateIPAllocationMethod":"Dynamic","publicIPAddress":{"id":public_ip.id},"subnet":{"id":subnet.id},"primary":"true","privateIPAddressVersion":"IPv4"}}],"dnsSettings":{"dnsServers":[]},"enableAcceleratedNetworking":"false","enableIPForwarding":"false","disableTcpStateTracking":"false","networkSecurityGroup":{"id":sec_group.id},"nicType":"Standard"} + newnic = driver.ex_update_nic_properties(nic, SECDEP_AZURE_RESOURCE_GROUP, params) + node = driver.create_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=SECDEP_AZURE_RESOURCE_GROUP, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True) + + # subscription_id = SECDEP_AZURE_SUB_ID + # credentials = ServicePrincipalCredentials( + # client_id = SECDEP_AZURE_APP_ID, + # secret = SECDEP_AZURE_PASSWORD, + # tenant = SECDEP_AZURE_TENANT_ID + # ) + # + # network_client = NetworkManagementClient( + # credentials, + # subscription_id + # ) + # + # network_client.security_rules.begin_create_or_update(SECDEP_AZURE_RESOURCE_GROUP,sec_group.name,"allowAllInbound",SecurityRule( + # protocol='*', + # source_address_prefix='*', + # destination_address_prefix='*', + # access='Allow', + # direction='Inbound', description='Allow all',source_port_range='*', + # destination_port_range='*', + # priority=4096, name="allowAll")) else: keys = driver.list_key_pairs() for key in keys: @@ -1044,12 +1077,14 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi if sec_group.name == name+"-sec_group": print("A security group with that name already exists, please try a different virtual machine name to differentiate the security group name") exit(0) + # ips = driver.ex_list_public_ips(SECDEP_AZURE_RESOURCE_GROUP) # for ip in ips: # if ip.name == name+"-ip": # print("An ip with that name already exists, please try a different virtual machine name to differentiate the ip name") # exit(0) - # driver.ex_create_network_security_group(name=name+"-sec_group", resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location) + + driver.ex_create_network_security_group(name=name+"-sec_group", resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location) networks = driver.ex_list_networks() for network in networks: if network.name == SECDEP_AZURE_VIRTUAL_NETWORK: @@ -1063,10 +1098,37 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi print('Current virtual network\'s location: %s' % (ex_network.location)) exit(0) subnet = driver.ex_list_subnets(network=ex_network)[0] + # public_ip = driver.ex_create_public_ip(name=name+"-ip", resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location, public_ip_allocation_method="Static") + public_ip = driver.ex_list_public_ips(SECDEP_AZURE_RESOURCE_GROUP)[0] network_interface = driver.ex_create_network_interface(name=name+"-nic", subnet=subnet, resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location, public_ip=public_ip) - node = driver.create_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=SECDEP_AZURE_RESOURCE_GROUP, ex_use_managed_disks=True, ex_nic=network_interface, ex_os_disk_delete=True) + nic = driver.ex_list_nics(resource_group=SECDEP_AZURE_RESOURCE_GROUP)[0] + sec_group = driver.ex_list_network_security_groups(SECDEP_AZURE_RESOURCE_GROUP)[0] + params = {"ipConfigurations":[{"name":"myip1","id":nic.id,"type":"Microsoft.Network/networkInterfaces/ipConfigurations","properties":{"provisioningState":"Succeeded","privateIPAddress":"10.0.0.4","privateIPAllocationMethod":"Dynamic","publicIPAddress":{"id":public_ip.id},"subnet":{"id":subnet.id},"primary":"true","privateIPAddressVersion":"IPv4"}}],"dnsSettings":{"dnsServers":[]},"enableAcceleratedNetworking":"false","enableIPForwarding":"false","disableTcpStateTracking":"false","networkSecurityGroup":{"id":sec_group.id},"nicType":"Standard"} + newnic = driver.ex_update_nic_properties(nic, SECDEP_AZURE_RESOURCE_GROUP, params) + node = driver.create_node(name=name, size=size, image=image, location=location, auth=auth, ex_user_name="secdep", ex_resource_group=SECDEP_AZURE_RESOURCE_GROUP, ex_use_managed_disks=True, ex_nic=newnic, ex_os_disk_delete=True) + + # subscription_id = SECDEP_AZURE_SUB_ID + # credentials = ServicePrincipalCredentials( + # client_id = SECDEP_AZURE_APP_ID, + # secret = SECDEP_AZURE_PASSWORD, + # tenant = SECDEP_AZURE_TENANT_ID + # ) + # + # network_client = NetworkManagementClient( + # credentials, + # subscription_id + # ) + # + # network_client.security_rules.begin_create_or_update(SECDEP_AZURE_RESOURCE_GROUP,sec_group.name,"allowAllInbound",SecurityRule( + # protocol='*', + # source_address_prefix='*', + # destination_address_prefix='*', + # access='Allow', + # direction='Inbound', description='Allow all',source_port_range='*', + # destination_port_range='*', + # priority=4096, name="allowAll")) else: keys = driver.list_key_pairs() for key in keys: @@ -1103,37 +1165,68 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi print("\nIP: %s\n" % (node.public_ips)) return node -def list_all_nodes(filterIn=None): +def list_all_nodes(provider, filterIn=None): print("Getting all nodes...") print("Loading 0%...") nodes = [] - if SECDEP_GCE_CLIENT_ID != "": - print("Getting GCE nodes...") - driver = get_corresponding_driver("gce") - gceNodes = driver.list_nodes() - if len(gceNodes) > 0: - for node in gceNodes: - nodes.append(node) - print("Loading %s%%..." % (int((1/providers_quantity)*100))) - if SECDEP_AZURE_APP_ID != "": - print("Getting AZURE nodes...") - driver2 = get_corresponding_driver("azure") - azureNodes = driver2.list_nodes() - if len(azureNodes) > 0: - for node in azureNodes: - nodes.append(node) - print("Loading %s%%..." % (int((2/providers_quantity)*100))) - if SECDEP_AWS_ACCESS_KEY != "": - print("Getting AWS nodes...") - awsLocations = ["ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"] - for region in awsLocations: - driver3 = get_driver(Provider.EC2)(SECDEP_AWS_ACCESS_KEY, SECDEP_AWS_SECRET_KEY,region=region) - # make it so it tries all drivers - awsNodes = driver3.list_nodes() - if len(awsNodes) > 0: - for node in awsNodes: + if provider is None: + if SECDEP_GCE_CLIENT_ID != "": + print("Getting GCE nodes...") + driver = get_corresponding_driver("gce") + gceNodes = driver.list_nodes() + if len(gceNodes) > 0: + for node in gceNodes: nodes.append(node) - print("Loading %s%%..." % (int((3/providers_quantity)*100))) + print("Loading %s%%..." % (int((1/providers_quantity)*100))) + if SECDEP_AZURE_APP_ID != "": + print("Getting AZURE nodes...") + driver2 = get_corresponding_driver("azure") + azureNodes = driver2.list_nodes() + if len(azureNodes) > 0: + for node in azureNodes: + nodes.append(node) + print("Loading %s%%..." % (int((2/providers_quantity)*100))) + if SECDEP_AWS_ACCESS_KEY != "": + print("Getting AWS nodes...") + awsLocations = ["ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"] + for region in awsLocations: + driver3 = get_driver(Provider.EC2)(SECDEP_AWS_ACCESS_KEY, SECDEP_AWS_SECRET_KEY,region=region) + # make it so it tries all drivers + awsNodes = driver3.list_nodes() + if len(awsNodes) > 0: + for node in awsNodes: + nodes.append(node) + print("Loading %s%%..." % (int((3/providers_quantity)*100))) + elif provider == "gce": + if SECDEP_GCE_CLIENT_ID != "": + print("Getting GCE nodes...") + driver = get_corresponding_driver("gce") + gceNodes = driver.list_nodes() + if len(gceNodes) > 0: + for node in gceNodes: + nodes.append(node) + print("Loading %s%%..." % (int((1/providers_quantity)*100))) + elif provider == "azure": + if SECDEP_AZURE_APP_ID != "": + print("Getting AZURE nodes...") + driver2 = get_corresponding_driver("azure") + azureNodes = driver2.list_nodes() + if len(azureNodes) > 0: + for node in azureNodes: + nodes.append(node) + print("Loading %s%%..." % (int((2/providers_quantity)*100))) + elif provider == "aws": + if SECDEP_AWS_ACCESS_KEY != "": + print("Getting AWS nodes...") + awsLocations = ["ap-northeast-1", "ap-northeast-2", "ap-northeast-3", "ap-south-1", "ap-southeast-1", "ap-southeast-2", "ca-central-1", "eu-central-1", "eu-north-1", "eu-west-1", "eu-west-2", "eu-west-3", "sa-east-1", "us-east-1", "us-east-2", "us-west-1", "us-west-2"] + for region in awsLocations: + driver3 = get_driver(Provider.EC2)(SECDEP_AWS_ACCESS_KEY, SECDEP_AWS_SECRET_KEY,region=region) + # make it so it tries all drivers + awsNodes = driver3.list_nodes() + if len(awsNodes) > 0: + for node in awsNodes: + nodes.append(node) + print("Loading %s%%..." % (int((3/providers_quantity)*100))) count = 0 if len(nodes) == 0: print("No nodes") @@ -1156,12 +1249,12 @@ def list_all_nodes(filterIn=None): print("{}) {}\n\nState: {}\nPublic IPs: {}\nPrivate IPs: {}\nDriver: {}\nSize: {}\nImage: {}\nCreation Date: {}\nExtra: {}\n".format(count, node.name, node.state, node.public_ips, node.private_ips, node.driver, node.size, node.image, node.created_at, node.extra)) return nodes -def get_node(): - node = choose_from_list(list_all_nodes(), "node") +def get_node(provider): + node = choose_from_list(list_all_nodes(provider), "node") return node -def node_action(action): - node = choose_from_list(list_all_nodes(action), "node") +def node_action(action, provider): + node = choose_from_list(list_all_nodes(provider, action), "node") if node is None: print("Nothing was chosen") exit(0) @@ -1201,15 +1294,16 @@ def node_action(action): break sec_groups = driver.ex_list_network_security_groups(SECDEP_AZURE_RESOURCE_GROUP) for sec_group in sec_groups: - if sec_group.name == node.name+"-sec_group": - driver.ex_delete_network_security_group(name=sec_group.name, resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location) + # driver.ex_delete_resource(sec_group) + if sec_group.name == node.name+"-sec_group": + driver.ex_delete_network_security_group(name=sec_group.name, resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location) # ips = driver.ex_list_public_ips(SECDEP_AZURE_RESOURCE_GROUP) # for ip in ips: # if ip.name == node.name+"-ip": # driver.ex_delete_public_ip(ip) -def node_action_all(action): - nodes = list_all_nodes(action) +def node_action_all(action, provider): + nodes = list_all_nodes(provider, action) for node in nodes: providerName = node.name.split("-")[0] if providerName == "gce": @@ -1248,6 +1342,7 @@ def node_action_all(action): break sec_groups = driver.ex_list_network_security_groups(SECDEP_AZURE_RESOURCE_GROUP) for sec_group in sec_groups: + # driver.ex_delete_resource(sec_group) if sec_group.name == node.name+"-sec_group": driver.ex_delete_network_security_group(name=sec_group.name, resource_group=SECDEP_AZURE_RESOURCE_GROUP, location=location) # ips = driver.ex_list_public_ips(SECDEP_AZURE_RESOURCE_GROUP) @@ -1255,8 +1350,8 @@ def node_action_all(action): # if ip.name == node.name+"-ip": # driver.ex_delete_public_ip(ip) -def ssh(): - node = choose_from_list(list_all_nodes(), "node") +def ssh(provider): + node = choose_from_list(list_all_nodes(provider), "node") ip = node.public_ips[0] port = 22 username = "secdep" @@ -1318,19 +1413,19 @@ if args.create: exit(0) if args.list: if args.print: - print(get_node()) + print(get_node(args.provider)) else: - list_all_nodes() + list_all_nodes(args.provider) exit(0) # If args.action contains the word all execute the node_action_all function, otherwise the node_action function if args.action: if(args.action.endswith("all")): - node_action_all(args.action) + node_action_all(args.action, args.provider) else: - node_action(args.action) + node_action(args.action, args.provider) exit(0) if args.ssh: - ssh() + ssh(args.provider) exit(0) if args.image or args.size or args.name or args.region or args.yes and not args.create: print("Image, size, name, region and yes parameters only go along with the create flag")