예제 #1
0
        static void ProcessNetworkAclFromTemplate(dynamic input, CFStack stack)
        {
            NetworkAcl nacl = new NetworkAcl();

            nacl.LogicalId = input.Name;
            nacl.Type      = "AWS::EC2::NetworkAcl";

            var props = input.Value["Properties"];

            foreach (var prop in props)
            {
                switch ((string)prop.Name)
                {
                case "VpcId":
                    var a = prop.Value;
                    foreach (var item in a)
                    {
                        nacl.Properties.VpcId = item.Value;
                    }
                    break;

                case "Tags":

                    break;
                }
            }

            stack.Resources.Add(nacl);
        }
예제 #2
0
        static void ProcessEC2SecurityGroupIngressFromTemplate(dynamic input, CFStack stack)
        {
            EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();

            var rule = input.Value["Properties"];

            //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
            sgi.IpProtocol = FormatProtocol(rule.IpProtocol.ToString());
            //-------------------------------------------------------------------

            //FormatPortRange - Port range could be 0-0 -1-1 0-65535
            string from = "";
            string to   = "";

            FormatPortRange(rule.FromPort.ToString(), rule.ToPort.ToString(), out from, out to);
            sgi.FromPort = from;
            sgi.ToPort   = to;
            //-------------------------------------------------------------------

            sgi.CidrIp = rule.CidrIp;
            if (rule.SourceSecurityGroupId != null)
            {
                if (rule.SourceSecurityGroupId != null)
                {
                    var Ids = rule.SourceSecurityGroupId;
                    if (Ids.Value == null)
                    {
                        foreach (var Id in Ids)
                        {
                            sgi.SourceSecurityGroupId = Id.Value;
                        }
                    }
                    else
                    {
                        sgi.SourceSecurityGroupId = Ids.Value;
                    }
                }
            }

            if (rule.GroupId != null)
            {
                sgi.GroupName = rule.GroupId["Ref"].Value;
                EC2SecurityGroup x = stack.Resources.Find(n => n != null && n.LogicalId == rule.GroupId["Ref"].Value);
                if (x != null)
                {
                    x.Properties.SecurityGroupIngress.Add(sgi);
                }
                else
                {
//TODO
//Either remember and process orphaned ingress rule
//Or write out to error log.
                    MessageBox.Show("Error", "Did not find security group " + sgi.GroupName + " to add ingress rule to", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
            }
        }
예제 #3
0
        static void ProcessIAMUserFromTemplate(dynamic input, CFStack stack)
        {
            IAMUser u = new IAMUser();

            u.LogicalId = input.Name;
            u.Type      = "AWS::IAM::User";

            var props = input.Value["Properties"];

            foreach (var prop in props)
            {
                switch ((string)prop.Name)
                {
                case "Path":
                    u.Properties.Path = prop.Value;
                    break;

                case "Policies":
                    var policies = prop.Value;
                    foreach (var policy in policies)
                    {
                        IAMUserPolicy pol = new IAMUserPolicy();
                        pol.PolicyName = (string)policy["PolicyName"];
                        var policyDoc = policy["PolicyDocument"];
                        foreach (var statementItems in policyDoc)
                        {
                            foreach (var statement in statementItems.Value)
                            {
                                IAMUserStatement us = new IAMUserStatement();
                                us.Action   = statement.Action;
                                us.Effect   = statement.Effect;
                                us.Resource = statement.Resource;
                                pol.PolicyDocument.Statement.Add(us);
                            }
                        }
                        u.Properties.Policies.Add(pol);
                    }
                    break;

                default:
                    break;
                }
            }
            stack.Resources.Add(u);
        }
예제 #4
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void compare_BTN_Click_1(object sender, EventArgs e)
        {
            if (StackOriginal1 == null || StackOriginal2 == null)
            {
                return;
            }

            ClearRTBBackgroundColour(richTextBox1);
            ClearRTBBackgroundColour(richTextBox2);
            CompareRemoves = toolStripMenuItem_CompareRemove.Checked;

            StackCopy1 = StackOriginal1.DeepClone();
            StackCopy2 = StackOriginal2.DeepClone();

            CompareStacks();
            ViewSwitch             = true;
            SwitchView_BTN.Enabled = true;
        }
예제 #5
0
        // -----------------------------------------------------------------------
        // Template

        public static void ProcessTemplateResources(dynamic input, CFStack stack)
        {
            foreach (var resource in input)
            {
                string logicalId = resource.Name;


                switch ((string)resource.Value["Type"])
                {
                case "AWS::IAM::User":
                    //ProcessIAMUserFromTemplate(resource, stack);
                    break;

                case "AWS::IAM::AccessKey":
                    break;

                case "AWS::EC2::SecurityGroup":
                    ProcessEC2SecurityGroupFromTemplate(resource, stack);
                    break;

                case "AWS::EC2::SecurityGroupIngress":
                    ProcessEC2SecurityGroupIngressFromTemplate(resource, stack);
                    break;

                case "AWS::EC2::NetworkAcl":
                    ProcessNetworkAclFromTemplate(resource, stack);
                    break;

                case "AWS::EC2::NetworkAclEntry":
                    ProcessNetworkAclEntryFromTemplate(resource, stack);
                    break;

                default:
                    break;
                }
            }
        }
예제 #6
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void WriteOutput(CFStack s, RichTextBox rtb, string source, string name)
        {
            rtb.Clear();

            rtb.AppendText("Source: " + source); rtb.AppendText(Environment.NewLine);
            rtb.AppendText("Name/Path: " + name); rtb.AppendText(Environment.NewLine); rtb.AppendText(Environment.NewLine);

            rtb.AppendText("Decription: " + s.Description); rtb.AppendText(Environment.NewLine);

            rtb.AppendText("Resources"); rtb.AppendText(Environment.NewLine);
            foreach (var resource in s.Resources)
            {
                rtb.AppendText(tab1); rtb.AppendText(resource.LogicalId); rtb.AppendText(Environment.NewLine);
                rtb.AppendText(tab2); rtb.AppendText("Type: " + resource.Type); rtb.AppendText(Environment.NewLine);

                var    properties = resource.Properties;
                string type       = resource.Type;
                switch (type)
                {
                case "AWS::EC2::SecurityGroup":
                    EC2SecurityGroup group = (EC2SecurityGroup)resource;
                    rtb.AppendText(tab3); rtb.AppendText("Group Description: " + group.Properties.GroupDescription); rtb.AppendText(Environment.NewLine);
                    var rules = group.Properties.SecurityGroupIngress.OrderBy(a => a.IpProtocol).ThenBy(a => a.ToPort).ThenBy(a => a.FromPort).ThenBy(a => a.CidrIp).ThenBy(a => a.SourceSecurityGroupId);
                    foreach (var rule in rules)
                    {
                        if (rule.StateChanged == false)
                        {
                            rtb.AppendText(tab4);
                        }
                        else
                        {
                            rtb.AppendText(diffMarker); rtb.AppendText(tab3);
                        }

                        //Check if Protocol exists in Dictionary else use the number
                        if (Protocols.ContainsKey(rule.IpProtocol))
                        {
                            rtb.AppendText("Protocol: " + Protocols[rule.IpProtocol] + " (" + rule.IpProtocol + ") | ");
                        }
                        else
                        {
                            rtb.AppendText("Protocol: " + "Custom" + " (" + rule.IpProtocol + ") | ");
                        }


                        if (rule.FromPort.Equals(rule.ToPort, StringComparison.Ordinal))
                        {
                            rtb.AppendText("Port Range: " + rule.FromPort + " | ");
                        }
                        else
                        {
                            rtb.AppendText("Port Range: " + rule.FromPort + "-" + rule.ToPort + " | ");
                        }


                        if (rule.CidrIp != null)
                        {
                            rtb.AppendText("Source: " + rule.CidrIp);
                        }
                        else
                        {
                            rtb.AppendText("Source: " + rule.SourceSecurityGroupId);
                        }

                        rtb.AppendText(Environment.NewLine);
                    }
                    break;

                case "AWS::EC2::NetworkAcl":
                    NetworkAcl acl = (NetworkAcl)resource;
                    rtb.AppendText(tab3); rtb.AppendText("VpcId: " + acl.Properties.VpcId); rtb.AppendText(Environment.NewLine);
                    var  aclEntry         = acl.Properties.NetworkAclEntry.OrderBy(a => a.Egress).ThenBy(a => a.RuleNumber);
                    bool egressDisplayed  = false;
                    bool ingressDisplayed = false;
                    foreach (var rule in aclEntry)
                    {
                        //Rule #, Type, Protocol, Port Range, Source, Allow/Deny
                        if (rule.Egress == false && ingressDisplayed == false)
                        {
                            rtb.AppendText(tab4); rtb.AppendText("Inbound Rules"); rtb.AppendText(Environment.NewLine);
                            ingressDisplayed = true;
                        }
                        else if (rule.Egress == true && egressDisplayed == false)
                        {
                            rtb.AppendText(tab4); rtb.AppendText("Outbound Rules"); rtb.AppendText(Environment.NewLine);
                            egressDisplayed = true;
                        }

                        if (rule.StateChanged == false)
                        {
                            rtb.AppendText(tab5);
                        }
                        else
                        {
                            rtb.AppendText(diffMarker); rtb.AppendText(tab4);
                        }

                        rtb.AppendText("Rule: " + rule.RuleNumber + " | ");

                        //Check if Protocol exists in Dictionary else use the number
                        if (Protocols.ContainsKey(rule.Protocol))
                        {
                            rtb.AppendText("Protocol: " + Protocols[rule.Protocol] + " (" + rule.Protocol + ") | ");
                        }
                        else
                        {
                            rtb.AppendText("Protocol: " + "Custom" + " (" + rule.Protocol + ") | ");
                        }

                        //ALL ports could be 0-0 or -1 or 0-65535
                        if (rule.FromPort.Equals(rule.ToPort, StringComparison.Ordinal))
                        {
                            if ((rule.FromPort == "0" && rule.ToPort == "0") || (rule.FromPort == "-1" && rule.ToPort == "-1"))
                            {
                                rtb.AppendText("Port Range: ALL | ");
                            }
                            else
                            {
                                rtb.AppendText("Port Range: " + rule.FromPort + " | ");
                            }
                        }
                        else
                        {
                            if (rule.FromPort == "0" && rule.ToPort == "65535")
                            {
                                rtb.AppendText("Port Range: ALL | ");
                            }
                            else
                            {
                                rtb.AppendText("Port Range: " + rule.FromPort + "-" + rule.ToPort + " | ");
                            }
                        }
                        rtb.AppendText("Source: " + rule.CidrBlock + " | ");
                        rtb.AppendText("Allow/Deny: " + rule.RuleAction.ToUpper());
                        rtb.AppendText(Environment.NewLine);
                    }
                    break;
                }

                rtb.AppendText(Environment.NewLine);
            }

            // Highlight Textbox Lines
            for (int i = 0; i < rtb.Lines.Length; i++)
            {
                if (rtb.Lines[i].Contains("*"))
                {
                    int selectionStart = rtb.GetFirstCharIndexFromLine(i);
                    int selectionEnd   = rtb.Lines[i].Count();
                    rtb.SelectionStart     = selectionStart;
                    rtb.SelectionLength    = selectionEnd;
                    rtb.SelectionBackColor = System.Drawing.Color.Yellow;
                }
            }
        }
예제 #7
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void ProcessLiveStackResourcess(ListStackResourcesResponse liveStackResources, CFStack stack, AmazonEC2Client ec2Client, Dictionary <string, string> secGroupMap, string stackName, AmazonCloudFormationClient cfClient)
        {
            foreach (StackResourceSummary liveStackResource in liveStackResources.StackResourceSummaries)
            {
                switch (liveStackResource.ResourceType)
                {
                case "AWS::EC2::SecurityGroup":
                    AWSUtils.ProcessEC2SecurityGroupFromAWS(liveStackResource, stack, ec2Client, secGroupMap, stackName);
                    break;

                case "AWS::EC2::NetworkAcl":
                    AWSUtils.ProcessNetworkAclFromAWS(liveStackResource, stack, ec2Client, stackName);
                    break;

                default:
                    break;
                }
            }

            if (liveStackResources.NextToken != null)
            {
                ListStackResourcesRequest lr = new ListStackResourcesRequest();
                lr.StackName       = stackName;
                lr.NextToken       = liveStackResources.NextToken;
                liveStackResources = cfClient.ListStackResources(lr);
                ProcessLiveStackResourcess(liveStackResources, stack, ec2Client, secGroupMap, stackName, cfClient);
            }
        }
예제 #8
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        //private ListStackResourcesResponse ListStackResources(string stackName, AmazonCloudFormationClient cfClient, string nextToken = null)
        //{
        //    ListStackResourcesRequest lr = new ListStackResourcesRequest();
        //    lr.StackName = stackName;
        //    lr.NextToken = nextToken;
        //    ListStackResourcesResponse liveStackResources = cfClient.ListStackResources(lr);
        //    return liveStackResources;
        //}

        private void ProcessLiveStack(string stackName, AmazonCloudFormationClient cfClient, AmazonEC2Client ec2Client, RichTextBox rtb, CFStack stack)
        {
            Dictionary <string, string>   secGroupMap        = new Dictionary <string, string>();
            DescribeSecurityGroupsRequest secGroupRequestAll = new DescribeSecurityGroupsRequest();
            //Get all security group Id's and cf logicalId's (if any)
            DescribeSecurityGroupsResponse secGroupResponseAll = ec2Client.DescribeSecurityGroups(secGroupRequestAll);

            foreach (SecurityGroup sg in secGroupResponseAll.SecurityGroups)
            {
                string value = "none";
                foreach (Amazon.EC2.Model.Tag tag in sg.Tags)
                {
                    if (tag.Key.Contains("aws:cloudformation:logical-id"))
                    {
                        value = tag.Value;
                    }
                }
                secGroupMap.Add(sg.GroupId, value);
            }



            //Get Live Stack
            DescribeStacksRequest cfRequest = new DescribeStacksRequest();

            cfRequest.StackName = stackName;
            DescribeStacksResponse liveStack = cfClient.DescribeStacks(cfRequest);

            stack.Description = liveStack.Stacks[0].Description;

            //Get Stack Resouces
            //Need to use ListStackResourcesRequest to be able to get stacks with more than 100 resources
            ListStackResourcesRequest lr = new ListStackResourcesRequest();

            lr.StackName = stackName;
            ListStackResourcesResponse liveStackResources = cfClient.ListStackResources(lr);

            ProcessLiveStackResourcess(liveStackResources, stack, ec2Client, secGroupMap, stackName, cfClient);


            stack.Resources.Sort((a, b) => a.LogicalId.CompareTo(b.LogicalId));

            WriteOutput(stack, rtb, source1_CB.Text, templateOrStack1_TB.Text);
        }
예제 #9
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void ProcessTemplate(string jsonString, RichTextBox rtb, string path, CFStack stack)
        {
            //Stack From Template

            var template = JsonConvert.DeserializeObject <dynamic>(jsonString);

            stack.Description = template.Description;
            var r = template.Resources;

            //Process StackResources
            AWSUtils.ProcessTemplateResources(template.Resources, stack);
            stack.Resources.Sort((a, b) => a.LogicalId.CompareTo(b.LogicalId));

            WriteOutput(stack, rtb, source1_CB.Text, templateOrStack1_TB.Text);
        }
예제 #10
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void Go_Window2()
        {
            if (inputsAreValid(source2_CB, profile2_CB, templateOrStack2_TB, validation2_LB))
            {
                AmazonCloudFormationClient CFclient  = null;
                AmazonEC2Client            EC2client = null;

                StackOriginal2 = new CFStack();
                StackCopy2     = new CFStack();

                try
                {
                    profileName2 = profile2_CB.Text;
                    if (validateTemplate_CB.Checked || source2_CB.Text == "AWS")
                    {
                        var creds = new StoredProfileAWSCredentials(profileName2);
                        CFclient  = new AmazonCloudFormationClient(creds);
                        EC2client = new AmazonEC2Client(creds);
                    }

                    switch (source2_CB.Text)
                    {
                    case "Template":
                        templatePath2 = templateOrStack2_TB.Text.Trim();
                        using (StreamReader sr = new StreamReader(templatePath2))
                        {
                            jasonString2 = sr.ReadToEnd();
                            if (validateTemplate_CB.Checked)
                            {
                                if (validateTemplate(jasonString2, CFclient))
                                {
                                    ProcessTemplate(jasonString2, richTextBox2, templatePath2, StackOriginal2);
                                }
                            }
                            else
                            {
                                ProcessTemplate(jasonString2, richTextBox2, templatePath2, StackOriginal2);
                            }
                        }
                        break;

                    case "AWS":
                        stackName2 = templateOrStack2_TB.Text.Trim();
                        ProcessLiveStack(stackName2, CFclient, EC2client, richTextBox2, StackOriginal2);
                        break;
                    }
                    profileName2 = profile2_CB.Text.Trim();
                }
                catch (Exception ex)
                {
                    richTextBox2.Text = ex.Message;
                }
                finally
                {
                    if (CFclient != null)
                    {
                        CFclient.Dispose();
                    }
                    if (EC2client != null)
                    {
                        EC2client.Dispose();
                    }
                }
            }
        }
예제 #11
0
        static void ProcessNetworkAclEntryFromTemplate(dynamic input, CFStack stack)
        {
            NetworkAclEntry ne = new NetworkAclEntry();

            var rule = input.Value["Properties"];

            ne.Protocol   = rule.Protocol;
            ne.CidrBlock  = rule.CidrBlock;
            ne.Egress     = (bool)rule.Egress;
            ne.RuleNumber = rule.RuleNumber;
            ne.RuleAction = rule.RuleAction;


            if (rule.NetworkAclId != null)
            {
                var a = rule.NetworkAclId;
                foreach (var item in a)
                {
                    ne.NetworkAclId = item.Value;
                }
            }

            if (rule.PortRange != null)
            {
                var range = rule.PortRange;
                foreach (var item in range)
                {
                    if (item.Name == "To")
                    {
                        if (item.Value == "-1")
                        {
                            ne.ToPort = "ALL";
                        }
                        else
                        {
                            ne.ToPort = item.Value;
                        }
                    }
                    if (item.Name == "From")
                    {
                        if (item.Value == "-1")
                        {
                            ne.ToPort = "ALL";
                        }
                        else
                        {
                            ne.FromPort = item.Value;
                        }
                    }
                }
            }
            else //If port range is not specified in the template then AWS sets it to ALL
            {
                ne.FromPort = "ALL";
                ne.ToPort   = "ALL";
            }

            //Format PortRange
            string from = "";
            string to   = "";

            FormatPortRange(ne.FromPort, ne.ToPort, out from, out to);
            ne.FromPort = from;
            ne.ToPort   = to;

            if (rule.Icmp != null)
            {
                //May not be needed
            }

            if (ne.NetworkAclId != null)
            {
                NetworkAcl x = stack.Resources.Find(n => n != null && n.LogicalId == ne.NetworkAclId);
                if (x != null)
                {
                    x.Properties.NetworkAclEntry.Add(ne);
                }
                else
                {
//TODO
//Either remember and process orphaned ingress rule
//Or write out to error log.
                    MessageBox.Show("Error", "Did not find NACL " + ne.NetworkAclId + " to add entry to", MessageBoxButtons.OK, MessageBoxIcon.Error);
                }
            }
        }
예제 #12
0
        public static void ProcessEC2SecurityGroupFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, Dictionary <string, string> secGroupMap, string stackName)
        {
            DescribeSecurityGroupsRequest secGroupRequest = new DescribeSecurityGroupsRequest();

            //Set request to use Phisical Id
            secGroupRequest.GroupIds = new List <string> {
                resource.PhysicalResourceId
            };

            //Attempt to get security group using physical Id
            DescribeSecurityGroupsResponse response = GetSecurityGroup(ec2Client, secGroupRequest);

            if (response == null)
            {
                //Set request to use Logical Id and Stack Name Tags
                secGroupRequest.GroupIds.Clear();
                List <Filter> f = new List <Filter>();
                f.Add(new Filter {
                    Name = "tag:aws:cloudformation:logical-id", Values = new List <string>()
                    {
                        resource.LogicalResourceId
                    }
                });
                f.Add(new Filter {
                    Name = "tag:aws:cloudformation:stack-name", Values = new List <string>()
                    {
                        stackName
                    }
                });
                secGroupRequest.Filters = f;
                //Attempt to get security group using logical Id
                response = GetSecurityGroup(ec2Client, secGroupRequest);
            }

            if (response == null | response.SecurityGroups.Count == 0)
            {
                return;
            }

            foreach (SecurityGroup group in response.SecurityGroups)
            {
                EC2SecurityGroup sg = new EC2SecurityGroup();
                sg.LogicalId = resource.LogicalResourceId;
                if (log)
                {
                    Utils.WriteToFile(logFile, "AWS SG: " + sg.LogicalId.ToString(), true);
                }
                sg.Type = "AWS::EC2::SecurityGroup";
                sg.Properties.GroupDescription = group.Description;
                sg.Properties.VpcId            = group.VpcId;

                foreach (IpPermission perms in group.IpPermissions)
                {
                    for (int i = 0; i < perms.IpRanges.Count; i++)
                    {
                        EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();

                        //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
                        sgi.IpProtocol = FormatProtocol(perms.IpProtocol);
                        //--------------------------------------------------------------------

                        //FormatPortRange - Port range could be 0-0 -1-1 0-65535
                        string from = "";
                        string to   = "";
                        FormatPortRange(perms.FromPort.ToString(), perms.ToPort.ToString(), out from, out to);
                        sgi.FromPort = from;
                        sgi.ToPort   = to;
                        //------------------------------------------------------

                        sgi.CidrIp = perms.IpRanges[i];
                        sg.Properties.SecurityGroupIngress.Add(sgi);

                        if (log)
                        {
                            Utils.WriteToFile(logFile, " Protocol: " + perms.IpProtocol + " | From: " + perms.FromPort.ToString() + " To: " + perms.ToPort.ToString(), true);
                        }
                    }
                    for (int i = 0; i < perms.UserIdGroupPairs.Count; i++)
                    {
                        EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();
                        //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
                        sgi.IpProtocol = FormatProtocol(perms.IpProtocol);
                        //--------------------------------------------------------------------

                        //FormatPortRange - Port range could be 0-0 -1-1 0-65535
                        string from = "";
                        string to   = "";
                        FormatPortRange(perms.FromPort.ToString(), perms.ToPort.ToString(), out from, out to);
                        sgi.FromPort = from;
                        sgi.ToPort   = to;
                        //-------------------------------------------------------

                        sg.Properties.SecurityGroupIngress.Add(sgi);
                        string groupName;
                        if (secGroupMap.TryGetValue(perms.UserIdGroupPairs[i].GroupId, out groupName))
                        {
                            sgi.SourceSecurityGroupId = groupName;
                        }
                        else
                        {
                            sgi.SourceSecurityGroupId = perms.UserIdGroupPairs[i].GroupId;
                        }

                        if (log)
                        {
                            Utils.WriteToFile(logFile, " Protocol: " + perms.IpProtocol + " | From: " + perms.FromPort.ToString() + " To: " + perms.ToPort.ToString(), true);
                        }
                    }
                }
                stack.Resources.Add(sg);
            }
        }
예제 #13
0
        // -----------------------------------------------------------------------
        // Live Stack

        public static void ProcessNetworkAclFromAWS(StackResourceSummary resource, CFStack stack, AmazonEC2Client ec2Client, string stackName)
        {
            DescribeNetworkAclsRequest naclRequest = new DescribeNetworkAclsRequest();

            naclRequest.NetworkAclIds = new List <string> {
                resource.PhysicalResourceId
            };

            DescribeNetworkAclsResponse response = ec2Client.DescribeNetworkAcls(naclRequest);

            foreach (Amazon.EC2.Model.NetworkAcl nacl in response.NetworkAcls)
            {
                NetworkAcl n = new NetworkAcl();
                n.LogicalId = resource.LogicalResourceId;
                if (log)
                {
                    Utils.WriteToFile(logFile, "AWS NACL: " + n.LogicalId.ToString(), true);
                }
                n.Type             = "AWS::EC2::NetworkAcl";
                n.Properties.VpcId = nacl.VpcId;

                foreach (Amazon.EC2.Model.NetworkAclEntry e in nacl.Entries)
                {
                    NetworkAclEntry ne = new NetworkAclEntry();
                    ne.RuleNumber = e.RuleNumber.ToString();
                    ne.CidrBlock  = e.CidrBlock;
                    ne.Egress     = e.Egress;
                    if (e.PortRange == null)
                    {
                        ne.FromPort = "ALL"; ne.ToPort = "ALL";
                    }
                    else
                    {
                        //FormatPortRange - Port range could be 0-0 -1-1 0-65535
                        string from = "";
                        string to   = "";
                        FormatPortRange(e.PortRange.From.ToString(), e.PortRange.To.ToString(), out from, out to);
                        ne.FromPort = from;
                        ne.ToPort   = to;
                        //------------------------------------------------------
                    }

                    //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
                    ne.Protocol = FormatProtocol(e.Protocol);
                    //-------------------------------------------------------------------

                    ne.RuleAction = e.RuleAction;
                    //ICMP not included.

                    n.Properties.NetworkAclEntry.Add(ne);

                    if (e.PortRange == null)
                    {
                        if (log)
                        {
                            Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + "null" + " To: " + "null", true);
                        }
                    }
                    else
                    {
                        if (log)
                        {
                            Utils.WriteToFile(logFile, ne.RuleNumber + " Protocol: " + e.Protocol + " | From: " + e.PortRange.From.ToString() + " To: " + e.PortRange.To.ToString(), true);
                        }
                    }
                }

                stack.Resources.Add(n);
            }
        }
예제 #14
0
        static void ProcessEC2SecurityGroupFromTemplate(dynamic input, CFStack stack)
        {
            EC2SecurityGroup sg = new EC2SecurityGroup();

            sg.LogicalId = input.Name;
            sg.Type      = "AWS::EC2::SecurityGroup";

            var props = input.Value["Properties"];

            foreach (var prop in props)
            {
                //Attempt to deal with values that are calculated using CloudFormation functions like Join.
                if (prop.Value.ToString().Contains("Fn::"))
                {
                    prop.Value = "Calulated value";
                }

                switch ((string)prop.Name)
                {
                case "GroupDescription":
                    sg.Properties.GroupDescription = prop.Value.ToString();
                    break;

                case "VpcId":
                    var a = prop.Value;
                    sg.Properties.VpcId = a.Value;
                    break;

                case "Tags":

                    break;

                case "SecurityGroupIngress":
                    var ingressRules = prop.Value;

                    foreach (var rule in ingressRules)
                    {
                        EC2SecurityGroupIngress sgi = new EC2SecurityGroupIngress();

                        //FormatProtocol - Protocol could be a number or text (e.g. 6 or tcp)
                        sgi.IpProtocol = FormatProtocol(rule.IpProtocol.ToString());
                        //-------------------------------------------------------------------

                        //FormatPortRange - Port range could be 0-0 -1-1 0-65535
                        string from = "";
                        string to   = "";
                        FormatPortRange(rule.FromPort.ToString(), rule.ToPort.ToString(), out from, out to);
                        sgi.FromPort = from;
                        sgi.ToPort   = to;
                        //-------------------------------------------------------

                        sgi.CidrIp = rule.CidrIp;
                        if (rule.SourceSecurityGroupId != null)
                        {
                            var Ids = rule.SourceSecurityGroupId;
                            foreach (var Id in Ids)
                            {
                                sgi.SourceSecurityGroupId = Id.Value;
                            }
                        }
                        sg.Properties.SecurityGroupIngress.Add(sgi);
                    }
                    break;
                }
            }

            stack.Resources.Add(sg);
        }
예제 #15
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void CompareNetworkAcl(NetworkAcl originalResource1, NetworkAcl originalResource2, NetworkAcl copyResource, CFStack copyStack)
        {
            List <NetworkAclEntry> compareList = copyResource.Properties.NetworkAclEntry;

            foreach (NetworkAclEntry x in originalResource1.Properties.NetworkAclEntry)
            {
                //Note NetworkAclId is always null for AWS stack resource
                var y = originalResource2.Properties.NetworkAclEntry.Find(n => n != null && n.RuleNumber == x.RuleNumber && n.RuleAction == x.RuleAction && n.Egress.ToString() == x.Egress.ToString() && n.CidrBlock == x.CidrBlock && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.Protocol == x.Protocol);
                if (y == null)
                {
                    if (CompareRemoves == false)
                    {
                        var z = copyResource.Properties.NetworkAclEntry.Find(n => n != null && n.RuleNumber == x.RuleNumber && n.RuleAction == x.RuleAction && n.Egress.ToString() == x.Egress.ToString() && n.CidrBlock == x.CidrBlock && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.Protocol == x.Protocol);
                        if (z != null)
                        {
                            z.StateChanged = true;
                        }
                    }
                }
                else
                {
                    if (CompareRemoves == true)
                    {
                        var z = copyResource.Properties.NetworkAclEntry.Find(n => n != null && n.RuleNumber == x.RuleNumber && n.RuleAction == x.RuleAction && n.Egress.ToString() == x.Egress.ToString() && n.CidrBlock == x.CidrBlock && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.Protocol == x.Protocol);
                        if (z != null)
                        {
                            compareList.Remove(z);
                        }
                    }
                }
            }

            if (copyResource.Properties.NetworkAclEntry.Count() == 0)
            {
                copyStack.Resources.Remove(copyResource);
            }
        }
예제 #16
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void CompareSecurityGroups(EC2SecurityGroup originalResource1, EC2SecurityGroup originalResource2, EC2SecurityGroup copyResource, CFStack copyStack)
        {
            List <EC2SecurityGroupIngress> compareList = copyResource.Properties.SecurityGroupIngress;

            foreach (EC2SecurityGroupIngress x in originalResource1.Properties.SecurityGroupIngress)
            {
                var y = originalResource2.Properties.SecurityGroupIngress.Find(n => n != null && n.CidrIp == x.CidrIp && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.IpProtocol == x.IpProtocol && n.SourceSecurityGroupId == x.SourceSecurityGroupId);
                if (y == null)
                {
                    if (CompareRemoves == false)
                    {
                        var z = copyResource.Properties.SecurityGroupIngress.Find(n => n != null && n.CidrIp == x.CidrIp && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.IpProtocol == x.IpProtocol && n.SourceSecurityGroupId == x.SourceSecurityGroupId);
                        if (z != null)
                        {
                            z.StateChanged = true;
                        }
                    }
                }
                else
                {
                    if (CompareRemoves == true)
                    {
                        var z = copyResource.Properties.SecurityGroupIngress.Find(n => n != null && n.CidrIp == x.CidrIp && n.FromPort == x.FromPort && n.ToPort == x.ToPort && n.IpProtocol == x.IpProtocol && n.SourceSecurityGroupId == x.SourceSecurityGroupId);
                        if (z != null)
                        {
                            copyResource.Properties.SecurityGroupIngress.Remove(z);
                        }
                    }
                }
            }

            if (copyResource.Properties.SecurityGroupIngress.Count() == 0)
            {
                copyStack.Resources.Remove(copyResource);
            }
        }
예제 #17
0
파일: App.cs 프로젝트: rickbowden/CFCompare
        private void Go_Window1()
        {
            if (inputsAreValid(source1_CB, profile1_CB, templateOrStack1_TB, validation1_LB))
            {
                AmazonCloudFormationClient CFclient  = null;
                AmazonEC2Client            EC2client = null;

                StackOriginal1 = new CFStack();
                StackCopy1     = new CFStack();

                try
                {
                    profileName1 = profile1_CB.Text;
                    if (validateTemplate_CB.Checked || source1_CB.Text == "AWS")
                    {
                        var creds = new StoredProfileAWSCredentials(profileName1);
                        CFclient  = new AmazonCloudFormationClient(creds);
                        EC2client = new AmazonEC2Client(creds);
                    }

                    switch (source1_CB.Text)
                    {
                    case "Template":
                        templatePath1 = templateOrStack1_TB.Text.Trim();
                        using (StreamReader sr = new StreamReader(templatePath1))
                        {
                            jasonString1 = sr.ReadToEnd();
                            if (validateTemplate_CB.Checked)
                            {
                                if (validateTemplate(jasonString1, CFclient))
                                {
                                    ProcessTemplate(jasonString1, richTextBox1, templatePath1, StackOriginal1);
                                }
                            }
                            else
                            {
                                ProcessTemplate(jasonString1, richTextBox1, templatePath1, StackOriginal1);
                            }
                        }
                        break;

                    case "AWS":
                        stackName1 = templateOrStack1_TB.Text.Trim();
                        ProcessLiveStack(stackName1, CFclient, EC2client, richTextBox1, StackOriginal1);
                        break;
                    }
                    profileName1 = profile1_CB.Text.Trim();
                }
                catch (Exception ex)
                {
                    richTextBox1.Text = ex.Message + Environment.NewLine + ex.StackTrace;
                }
                finally
                {
                    if (CFclient != null)
                    {
                        CFclient.Dispose();
                    }
                    if (EC2client != null)
                    {
                        EC2client.Dispose();
                    }
                }
            }
        }