#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Docstrings follow the numpy conventions described at:
# https://numpydoc.readthedocs.io/en/latest/example.html#example
""" Picks a random port range to open for ingress with either TCP or UDP access.

    Choose a random security group that is tagged with the specified opt-in tag. 

    SecurityGroupId : string
        The ID of the security group to modify.
    IpProtocol: string
        The IP protocol to use.  Acceptable values are "tcp" and "udp".
    FromPort: int
        The (random) starting port of the range to open.
    ToPort: int
        The (random) ending port of the range to open.
    IpRanges: string
        The range of IP addresses allowed to access the opened ports.

    PortPackage : dict
        The dictionary of items used as input values for the experiment.
    SGlist : array
        The list of security groups tagged for the experiment.


from botocore.exceptions import ClientError
from random import randint
import random
import boto3
import json

ec2 = boto3.client('ec2')
client = boto3.client('lambda')

## assumption: A security group other than the default security group must exist ##

def addport(sgidnum):
    FromPort = randint(10000,65000)
    ToPort = FromPort + randint(0,5)
    Protocols = ["tcp", "udp"]
    Cidr = ""
    PortPackage = {'IpProtocol': Protocols[randint(0,1)],
        'FromPort': FromPort,
        'ToPort': ToPort,
        'IpRanges': [{'CidrIp': Cidr}],
        'SecurityGroupId': sgidnum
    return PortPackage

# get security group permissions
def getSecGroupIPPermissions(SGidNum):
    permissions = ec2.SecurityGroup(SGidNum).ip_permissions
    return permissions

# get a random security group ID number from the secgroup id list
def changeR(SGlist):
    sgid = randint(0,len(SGlist)-1)
    return SGlist[sgid]

# this function populates a list of security group id's that have the opt-in tag set to true
def getSGList(tagname):
    slinglist = []
    response = ec2.describe_security_groups()
    for securityGroup in response['SecurityGroups']:
        if 'Tags' in securityGroup:
            for tag in securityGroup['Tags']:
                if tag['Key'] == tagname:
                    if tag['Value'].lower() == "true":
                        print(securityGroup['GroupId'] + ' has the opt-in tag.')
    return slinglist

def lambda_handler(event, context):
    slingSG_List = []
    optintag = ""
    if "TagName" in event:
        optintag = event['TagName']
        slingSG_List = getSGList(optintag)
        if len(slingSG_List) >= 1:
            sgidnum = changeR(slingSG_List)
            PortChange = addport(sgidnum)
            Package = json.dumps(PortChange)
            print(sgidnum + ' selected for slinging.')
            response = client.invoke(
            print('No security groups with opt-in tags found.  Doing nothing.')
        print("No opt-in tag specified.  Doing nothing.")