From f392de33e62a1d5eb7f633fafe55e6113118762a Mon Sep 17 00:00:00 2001 From: konsthol Date: Mon, 20 Mar 2023 00:15:39 +0200 Subject: [PATCH] Bit Bucket is down. What should I do now? --- secdep.py | 62 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/secdep.py b/secdep.py index f8a25a4..a746da2 100755 --- a/secdep.py +++ b/secdep.py @@ -28,7 +28,7 @@ from dotenv import load_dotenv from libcloud.compute.types import Provider from libcloud.compute.providers import get_driver from libcloud.compute.base import NodeAuthSSHKey -from libcloud.compute.deployment import ScriptDeployment, SSHKeyDeployment, MultiStepDeployment +from libcloud.compute.deployment import ScriptDeployment, MultiStepDeployment, ScriptFileDeployment from azure.identity import ClientSecretCredential from azure.mgmt.resource import ResourceManagementClient from azure.mgmt.network import NetworkManagementClient @@ -779,7 +779,7 @@ def getAWSRegionFromAmi(ami): return list(image.keys())[list(image.values()).index(ami)] # This is the most important function of all and uses all the previous ones to validate the input and get the actual objects -def create_node(provider, name=None, location=None, size=None, image=None, confirm=None): +def create_node(provider, name=None, location=None, size=None, image=None, confirm=None, deploy=None): # Get public ssh key value with open(SECDEP_SSH_PUBLIC_KEY, 'r') as f: pubkey = f.read() @@ -985,9 +985,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi keys = driver.list_key_pairs() for key in keys: driver.delete_key_pair(key) - driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey) - driver.ex_authorize_security_group_permissive('default') keyname="secdep@"+socket.gethostname() + driver.import_key_pair_from_string(keyname, pubkey) + driver.ex_authorize_security_group_permissive('default') # since each ami decides on a different admin user name we can't use the create node # to end up with a secdep user but we have to use the deploy_node function SCRIPT = '''#!/usr/bin/env bash @@ -1004,13 +1004,16 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi sudo chown secdep:secdep /home/secdep -R sudo chmod 700 /home/secdep /home/secdep/.ssh sudo chmod 600 /home/secdep/.ssh/authorized_keys''' - step_1 = SSHKeyDeployment(pubkey) - step_2 = ScriptDeployment(SCRIPT) - msd = MultiStepDeployment([step_1, step_2]) - node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) - print('stdout: %s' % (step_2.stdout)) - print('stderr: %s' % (step_2.stderr)) - print('exit_code: %s' % (step_2.exit_status)) + deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True) + if args.deploy: + actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True) + msd = MultiStepDeployment([deploy, actualDeployScript]) + node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) + else: + node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=deploy, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) + print('stdout: %s' % (deploy.stdout)) + print('stderr: %s' % (deploy.stderr)) + print('exit_code: %s' % (deploy.exit_status)) else: # When the -y or --yes parameter is passed we go straight to the node creation if provider == "gce": @@ -1075,9 +1078,9 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi keys = driver.list_key_pairs() for key in keys: driver.delete_key_pair(key) - driver.import_key_pair_from_string("secdep@"+socket.gethostname(), pubkey) - driver.ex_authorize_security_group_permissive('default') keyname="secdep@"+socket.gethostname() + driver.import_key_pair_from_string(keyname, pubkey) + driver.ex_authorize_security_group_permissive('default') # since each ami decides on a different admin user name we can't use the create node # to end up with a secdep user but we have to use the deploy_node function SCRIPT = '''#!/usr/bin/env bash @@ -1094,17 +1097,18 @@ def create_node(provider, name=None, location=None, size=None, image=None, confi sudo chown secdep:secdep /home/secdep -R sudo chmod 700 /home/secdep /home/secdep/.ssh sudo chmod 600 /home/secdep/.ssh/authorized_keys''' - step_1 = SSHKeyDeployment(pubkey) - step_2 = ScriptDeployment(SCRIPT) - msd = MultiStepDeployment([step_1, step_2]) - node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) - print('stdout: %s' % (step_2.stdout)) - print('stderr: %s' % (step_2.stderr)) - print('exit_code: %s' % (step_2.exit_status)) + deploy = ScriptDeployment(script=SCRIPT, name="initialization.sh", delete=True) + if args.deploy: + actualDeployScript = ScriptFileDeployment(script_file=SECDEP_DEPLOY_SCRIPT, args=args.deploy, name="harden", delete=True) + msd = MultiStepDeployment([deploy, actualDeployScript]) + node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=msd, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) + else: + node = driver.deploy_node(name=name, image=image, size=size, ex_keyname=keyname, deploy=deploy, ssh_key=SECDEP_SSH_PRIVATE_KEY, ssh_alternate_usernames=["admin", "ec2-user", "centos", "fedora", "ubuntu"]) + print('stdout: %s' % (deploy.stdout)) + print('stderr: %s' % (deploy.stderr)) + print('exit_code: %s' % (deploy.exit_status)) print(node.name + " created successfully") print("Node is initializing") - if provider == "aws": - time.sleep(30) #Aws takes a while to assign a public ip print("ip to connect to") print("\nIP: %s\n" % (node.public_ips)) return node @@ -1239,7 +1243,8 @@ def node_action(action, provider): result = poller.result() def node_action_all(action, provider): - nodes = list_all_nodes(provider, action) + string = action[:-3] + nodes = list_all_nodes(provider, string) node_name = "" for node in nodes: providerName = node.name.split("-")[0] @@ -1269,7 +1274,6 @@ def node_action_all(action, provider): case _: print("Invalid action command") exit(0) - string = action[:-3] if(succeded): print("%s node %s -> successful" % (node.name, string)) else: @@ -1280,7 +1284,7 @@ def node_action_all(action, provider): result = poller.result() def ssh(provider): - node = choose_from_list(list_all_nodes(provider), "node") + node = choose_from_list(list_all_nodes(provider,"stop"), "node") ip = node.public_ips[0] port = 22 username = "secdep" @@ -1338,7 +1342,7 @@ if args.listlocations and args.provider: if args.create: assert args.provider is not None, "Provider must be specified for node creation" # If -c or --create is passed, call the create_node function - create_node(args.provider, args.name, args.region, args.size, args.image, args.yes) + create_node(args.provider, args.name, args.region, args.size, args.image, args.yes, args.deploy) exit(0) if args.list: if args.print: @@ -1356,10 +1360,8 @@ if args.action: if args.ssh: ssh(args.provider) exit(0) -if args.image or args.size or args.name or args.region or args.yes and not args.create: - print("Image, size, name, region and yes parameters only go along with the create flag") +if args.image or args.size or args.name or args.region or args.yes or args.deploy and not args.create: + print("Image, size, name, region, yes and deploy parameters only go along with the create flag") exit(0) if args.print and not args.list or args.listimages or args.listsizes or args.listlocations: print("The print flag only goes together with the list, list images, list sizes or list locations") -if args.deploy: - print(args.deploy)