Ejemplo n.º 1
0
    def test_load_config_spanned_configs(self):
        project_yaml = ('deploy/samples/'
                        'project_with_remote_audit_logs.yaml')
        input_yaml_path = utils.normalize_path(project_yaml)
        dict1 = utils.load_config(input_yaml_path)

        project_yaml = ('deploy/samples/spanned_configs/root.yaml')
        input_yaml_path = utils.normalize_path(project_yaml)
        dict2 = utils.load_config(input_yaml_path)
        self.assertTrue(is_expand_config_equal(dict1, dict2))
Ejemplo n.º 2
0
def move_generated_fields_out_of_projects(input_yaml_path):
    """Move generated_fields out of projects."""
    overall = utils.load_config(input_yaml_path)
    if GENERATED_FIELDS_NAME in overall:
        if is_old_generated_fields_format_exist(overall):
            raise utils.InvalidConfigError(
                'Generated fields conflict between new and old format.')
        return False
    convert_old_generated_fields_to_new(overall)
    if GENERATED_FIELDS_NAME in overall:
        if utils.wait_for_yes_no(
                'Move generated_fields out of projects [y/N]?'):
            utils.write_yaml_file(overall, input_yaml_path)
        return True
    return False
Ejemplo n.º 3
0
def main(argv):
    del argv  # Unused.

    input_yaml_path = utils.normalize_path(FLAGS.project_yaml)
    output_yaml_path = utils.normalize_path(FLAGS.output_yaml_path)
    output_rules_path = None
    if FLAGS.output_rules_path:
        output_rules_path = utils.normalize_path(FLAGS.output_rules_path)

    # Output YAML will rearrange fields and remove comments, so do a basic check
    # against accidental overwriting.
    if input_yaml_path == output_yaml_path:
        logging.error('output_yaml_path cannot overwrite project_yaml.')
        return

    # Read and parse the project configuration YAML file.
    root_config = utils.load_config(input_yaml_path)
    if not root_config:
        logging.error('Error loading project YAML.')
        return

    logging.info('Validating project YAML against schema.')
    try:
        utils.validate_config_yaml(root_config)
    except jsonschema.exceptions.ValidationError as e:
        logging.error('Error in YAML config: %s', e)
        return

    audit_logs_project = root_config.get('audit_logs_project')

    projects = []
    # Always deploy the remote audit logs project first (if present).
    if not is_deployed(audit_logs_project):
        projects.append(
            ProjectConfig(root=root_config,
                          project=audit_logs_project,
                          audit_logs_project=None,
                          extra_steps=[]))

    forseti_config = root_config.get('forseti', {})

    if not is_deployed(forseti_config.get('project')):
        extra_steps = [
            install_forseti,
            get_forseti_access_granter(
                forseti_config['project']['project_id']),
        ]

        if audit_logs_project:
            extra_steps.append(
                get_forseti_access_granter(audit_logs_project['project_id']))

        forseti_project_config = ProjectConfig(
            root=root_config,
            project=forseti_config['project'],
            audit_logs_project=audit_logs_project,
            extra_steps=extra_steps)
        projects.append(forseti_project_config)

    for project_config in root_config.get('projects', []):
        if is_deployed(project_config):
            continue

        extra_steps = []
        if forseti_config:
            extra_steps.append(
                get_forseti_access_granter(project_config['project_id']))

        projects.append(
            ProjectConfig(root=root_config,
                          project=project_config,
                          audit_logs_project=audit_logs_project,
                          extra_steps=extra_steps))

    validate_project_configs(root_config['overall'], projects)

    logging.info('Found %d projects to deploy', len(projects))

    for config in projects:
        logging.info('Setting up project %s', config.project['project_id'])
        starting_step = 1
        if config.project['project_id'] == FLAGS.resume_from_project:
            starting_step = max(1, FLAGS.resume_from_step)

        if not setup_new_project(config, starting_step, output_yaml_path):
            # Don't attempt to deploy additional projects if one project failed.
            return

    if forseti_config:
        rule_generator.run(root_config, output_path=output_rules_path)
Ejemplo n.º 4
0
def main(argv):
  del argv  # Unused.

  if FLAGS.enable_new_style_resources:
    logging.info('--enable_new_style_resources is true.')

  FLAGS.output_yaml_path = utils.normalize_path(FLAGS.output_yaml_path)
  FLAGS.output_cleanup_path = utils.normalize_path(FLAGS.output_cleanup_path)
  if FLAGS.output_rules_path:
    FLAGS.output_rules_path = utils.normalize_path(FLAGS.output_rules_path)

  FLAGS.project_yaml = utils.normalize_path(FLAGS.project_yaml)
  if field_generation.move_generated_fields_out_of_projects(FLAGS.project_yaml):
    if FLAGS.dry_run:
      logging.error(
          'Must convert generated fields in nodry_run before running!')
      return
    elif not utils.wait_for_yes_no(
        'Use converted generated fields to continue? [y/N]?'):
      return

  # Read and parse the project configuration YAML file.
  root_config = utils.load_config(FLAGS.project_yaml)
  if not root_config:
    logging.error('Error loading project YAML.')
    return

  logging.info('Validating project YAML against schema.')
  try:
    utils.validate_config_yaml(root_config)
  except jsonschema.exceptions.ValidationError as e:
    logging.error('Error in YAML config: %s', e)
    return

  with open(FLAGS.output_cleanup_path, 'w') as f:
    f.write(_CLEANUP_HEADER)

  want_projects = set(FLAGS.projects)

  def want_project(project_config_dict):
    if not project_config_dict:
      return False

    return want_projects == {
        '*'
    } or project_config_dict['project_id'] in want_projects

  projects = []
  audit_logs_project = root_config.get('audit_logs_project')

  # Always deploy the remote audit logs project first (if present).
  if want_project(audit_logs_project):
    projects.append(
        ProjectConfig(
            root=root_config,
            project=audit_logs_project,
            audit_logs_project=None,
            extra_steps=[]))

  forseti_config = root_config.get('forseti')

  if forseti_config and want_project(forseti_config['project']):
    extra_steps = [
        Step(
            func=install_forseti,
            description='Install Forseti',
            updatable=False,
        ),
        get_forseti_access_granter_step(
            forseti_config['project']['project_id']),
    ]

    if audit_logs_project:
      extra_steps.append(
          get_forseti_access_granter_step(audit_logs_project['project_id']))

    forseti_project_config = ProjectConfig(
        root=root_config,
        project=forseti_config['project'],
        audit_logs_project=audit_logs_project,
        extra_steps=extra_steps)
    projects.append(forseti_project_config)

  for project_config in root_config.get('projects', []):
    if not want_project(project_config):
      continue

    extra_steps = []
    if forseti_config:
      extra_steps.append(
          get_forseti_access_granter_step(project_config['project_id']))

    projects.append(
        ProjectConfig(
            root=root_config,
            project=project_config,
            audit_logs_project=audit_logs_project,
            extra_steps=extra_steps))

  validate_project_configs(root_config['overall'], projects)

  logging.info('Found %d projects to deploy', len(projects))

  for config in projects:
    logging.info('Setting up project %s', config.project['project_id'])

    if not setup_project(config, FLAGS.project_yaml, FLAGS.output_yaml_path,
                         FLAGS.output_cleanup_path):
      # Don't attempt to deploy additional projects if one project failed.
      return

  if forseti_config:
    if FLAGS.enable_new_style_resources:
      call = [
          FLAGS.rule_generator_binary,
          '--project_yaml_path',
          FLAGS.project_yaml,
          '--output_path',
          FLAGS.output_rules_path or '',
      ]
      logging.info('Running rule generator: %s', call)
      subprocess.check_call(call)
    else:
      rule_generator.run(root_config, output_path=FLAGS.output_rules_path)

  logging.info(
      'All projects successfully deployed. Please remember to sync '
      'any changes written to the config at --output_yaml_path with '
      '--project_yaml before running the script again (Note: only applicable '
      'if --output_yaml_path != --project_yaml)')
Ejemplo n.º 5
0
def main(argv):
  del argv  # Unused.

  input_yaml_path = utils.normalize_path(FLAGS.project_yaml)
  output_yaml_path = utils.normalize_path(FLAGS.output_yaml_path)
  output_cleanup_path = utils.normalize_path(FLAGS.output_cleanup_path)
  output_rules_path = None
  if FLAGS.output_rules_path:
    output_rules_path = utils.normalize_path(FLAGS.output_rules_path)

  # Read and parse the project configuration YAML file.
  root_config = utils.load_config(input_yaml_path)
  if not root_config:
    logging.error('Error loading project YAML.')
    return

  logging.info('Validating project YAML against schema.')
  try:
    utils.validate_config_yaml(root_config)
  except jsonschema.exceptions.ValidationError as e:
    logging.error('Error in YAML config: %s', e)
    return

  with open(output_cleanup_path, 'w') as f:
    f.write(_CLEANUP_HEADER)

  want_projects = set(FLAGS.projects)

  def want_project(project_config_dict):
    if not project_config_dict:
      return False

    return want_projects == {
        '*'
    } or project_config_dict['project_id'] in want_projects

  projects = []
  audit_logs_project = root_config.get('audit_logs_project')

  # Always deploy the remote audit logs project first (if present).
  if want_project(audit_logs_project):
    projects.append(
        ProjectConfig(
            root=root_config,
            project=audit_logs_project,
            audit_logs_project=None,
            extra_steps=[]))

  forseti_config = root_config.get('forseti')

  if forseti_config and want_project(forseti_config['project']):
    extra_steps = [
        Step(
            func=install_forseti,
            description='Install Forseti',
            updatable=False,
        ),
        get_forseti_access_granter_step(
            forseti_config['project']['project_id']),
    ]

    if audit_logs_project:
      extra_steps.append(
          get_forseti_access_granter_step(audit_logs_project['project_id']))

    forseti_project_config = ProjectConfig(
        root=root_config,
        project=forseti_config['project'],
        audit_logs_project=audit_logs_project,
        extra_steps=extra_steps)
    projects.append(forseti_project_config)

  for project_config in root_config.get('projects', []):
    if not want_project(project_config):
      continue

    extra_steps = []
    if forseti_config:
      extra_steps.append(
          get_forseti_access_granter_step(project_config['project_id']))

    projects.append(
        ProjectConfig(
            root=root_config,
            project=project_config,
            audit_logs_project=audit_logs_project,
            extra_steps=extra_steps))

  validate_project_configs(root_config['overall'], projects)

  logging.info('Found %d projects to deploy', len(projects))

  for config in projects:
    logging.info('Setting up project %s', config.project['project_id'])

    if not setup_project(config, output_yaml_path, output_cleanup_path):
      # Don't attempt to deploy additional projects if one project failed.
      return

  if forseti_config:
    rule_generator.run(root_config, output_path=output_rules_path)

  logging.info(
      'All projects successfully deployed. Please remember to sync '
      'any changes written to the config at --output_yaml_path with '
      '--project_yaml before running the script again (Note: only applicable '
      'if --output_yaml_path != --project_yaml)')
Ejemplo n.º 6
0
def main(argv):
  del argv  # Unused.

  if FLAGS.enable_new_style_resources:
    logging.info('--enable_new_style_resources is true.')

  FLAGS.output_yaml_path = utils.normalize_path(FLAGS.output_yaml_path)
  if FLAGS.output_rules_path:
    FLAGS.output_rules_path = utils.normalize_path(FLAGS.output_rules_path)

  FLAGS.project_yaml = utils.normalize_path(FLAGS.project_yaml)

  if FLAGS.enable_new_style_resources:
    config_string = runner.run_command([
        FLAGS.load_config_binary,
        '--config_path',
        FLAGS.project_yaml,
    ],
                                       get_output=True)
    yaml = ruamel.yaml.YAML()
    root_config = yaml.load(config_string)
  else:
    root_config = utils.load_config(FLAGS.project_yaml)

  if not root_config:
    logging.error('Error loading project YAML.')
    return

  logging.info('Validating project YAML against schema.')
  try:
    utils.validate_config_yaml(root_config)
  except jsonschema.exceptions.ValidationError as e:
    logging.error('Error in YAML config: %s', e)
    return

  want_projects = set(FLAGS.projects)

  def want_project(project_config_dict):
    if not project_config_dict:
      return False

    return want_projects == {
        '*'
    } or project_config_dict['project_id'] in want_projects

  projects = []
  audit_logs_project = root_config.get('audit_logs_project')

  # Always deploy the remote audit logs project first (if present).
  if want_project(audit_logs_project):
    projects.append(
        ProjectConfig(
            root=root_config,
            project=audit_logs_project,
            audit_logs_project=None,
            extra_steps=[]))

  forseti_config = root_config.get('forseti')

  if forseti_config and want_project(forseti_config['project']):
    extra_steps = [
        Step(
            func=install_forseti,
            description='Install Forseti',
            updatable=False,
        ),
        get_forseti_access_granter_step(
            forseti_config['project']['project_id']),
    ]

    if audit_logs_project:
      extra_steps.append(
          get_forseti_access_granter_step(audit_logs_project['project_id']))

    forseti_project_config = ProjectConfig(
        root=root_config,
        project=forseti_config['project'],
        audit_logs_project=audit_logs_project,
        extra_steps=extra_steps)
    projects.append(forseti_project_config)

  for project_config in root_config.get('projects', []):
    if not want_project(project_config):
      continue

    extra_steps = []
    if forseti_config:
      extra_steps.append(
          get_forseti_access_granter_step(project_config['project_id']))

    projects.append(
        ProjectConfig(
            root=root_config,
            project=project_config,
            audit_logs_project=audit_logs_project,
            extra_steps=extra_steps))

  validate_project_configs(root_config['overall'], projects)

  logging.info('Found %d projects to deploy', len(projects))

  for config in projects:
    logging.info('Setting up project %s', config.project['project_id'])

    if not setup_project(config, FLAGS.project_yaml, FLAGS.output_yaml_path):
      # Don't attempt to deploy additional projects if one project failed.
      return

  if forseti_config:
    if FLAGS.enable_new_style_resources:
      call = [
          FLAGS.rule_generator_binary,
          '--project_yaml_path',
          FLAGS.project_yaml,
          '--output_path',
          FLAGS.output_rules_path or '',
      ]
      logging.info('Running rule generator: %s', call)
      utils.call_go_binary(call)
    else:
      rule_generator.run(root_config, output_path=FLAGS.output_rules_path)

  logging.info(
      'All projects successfully deployed. Please remember to sync '
      'any changes written to the config at --output_yaml_path with '
      '--project_yaml before running the script again (Note: only applicable '
      'if --output_yaml_path != --project_yaml)')