def testAllDisabled(self): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.ALL_DISABLED, FAKE_TIMESTAMP) runnable_pipelines = builder.build() self.assertEquals(0, len(runnable_pipelines))
def testTwoEnabled(self, mock_bucket_rules_engine, mock_iam_rules_engine): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.TWO_ENABLED, FAKE_TIMESTAMP) runnable_pipelines = builder.build() self.assertEquals(2, len(runnable_pipelines)) expected_pipelines = ['BucketsAclScanner', 'IamPolicyScanner'] for pipeline in runnable_pipelines: self.assertTrue(type(pipeline).__name__ in expected_pipelines)
def main(_): """Run the scanners. Args: _ (list): argv, unused due to apputils. """ forseti_config = FLAGS.forseti_config if forseti_config is None: LOGGER.error('Path to Forseti Security config needs to be specified.') sys.exit() try: configs = file_loader.read_and_parse_file(forseti_config) except IOError: LOGGER.error('Unable to open Forseti Security config file. ' 'Please check your path and filename and try again.') sys.exit() global_configs = configs.get('global') scanner_configs = configs.get('scanner') log_util.set_logger_level_from_config(scanner_configs.get('loglevel')) snapshot_timestamp = _get_timestamp(global_configs) if not snapshot_timestamp: LOGGER.warn('No snapshot timestamp found. Exiting.') sys.exit() runnable_scanners = scanner_builder.ScannerBuilder( global_configs, scanner_configs, snapshot_timestamp).build() # TODO: Make resilient by letting the batch continue to run even if one # scanner errors out. # TODO: fix the bare except # pylint: disable=bare-except for scanner in runnable_scanners: try: scanner.run() except: LOGGER.error('Error running scanner: %s', scanner.__class__.__name__, exc_info=True) # pylint: enable=bare-except LOGGER.info('Scan complete!')