Ejemplos de parse_swag_config_options en Python

Ejemplo n.º 1

def test_file_backend_get_service_enabled_v1(vector_path):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.data_dir': vector_path,
        'swag.namespace': 'valid_accounts_v1',
        'swag.cache_expires': 0,
        'swag.schema_version': 1
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    enabled = swag.get_service_enabled('myService')
    assert len(enabled) == 1

    enabled = swag.get_service_enabled('myService', region='us-east-1')
    assert len(enabled) == 1

    enabled = swag.get_service_enabled('myService1')
    assert len(enabled) == 1

    enabled = swag.get_service_enabled('myService1', region='us-east-1')
    assert len(enabled) == 1

    enabled = swag.get_service_enabled('myService2', region='us-east-1')
    assert len(enabled) == 0

    enabled = swag.get_service_enabled('myService2')
    assert len(enabled) == 0

Ejemplo n.º 2

def test_file_backend_update(temp_file_name):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.data_file': str(temp_file_name),
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        'aliases': ['test'],
        'contacts': ['*****@*****.**'],
        'description': 'LOL, Test account',
        'email': '*****@*****.**',
        'environment': 'test',
        'id': '012345678910',
        'name': 'testaccount',
        'owner': 'netflix',
        'provider': 'aws',
        'sensitive': False
    }

    swag.create(account)

    account['aliases'] = ['test', 'prod']
    swag.update(account)

    account = swag.get("[?id=='{id}']".format(id=account['id']))
    assert account['aliases'] == ['test', 'prod']

Ejemplo n.º 3

def test_s3_backend_get(s3_bucket_name):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': s3_bucket_name,
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        'aliases': ['test'],
        'contacts': ['*****@*****.**'],
        'description': 'LOL, Test account',
        'email': '*****@*****.**',
        'environment': 'test',
        'id': '012345678910',
        'name': 'testaccount',
        'owner': 'netflix',
        'provider': 'aws',
        'sensitive': False
    }

    swag.create(account)
    assert swag.get("[?id=='012345678910']")

Ejemplo n.º 4

def test_schema_context_validation_owner_field():
    """Test schema context validation for owner field"""
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.schema_context': {
            'owner': ['netflix', 'dvd', 'aws', 'third-party']
        }
    }
    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    data = {
        "aliases": ["test"],
        "contacts": ["*****@*****.**"],
        "description": "This is just a test.",
        "email": "*****@*****.**",
        "id": "012345678910",
        "name": "testaccount",
        "environment": "test",
        "provider": "aws",
    }

    # Test with invalid owner
    with pytest.raises(ValidationError):
        data['owner'] = 'bad_owner'
        swag.create(data)

    # Test with a valid owner
    data['owner'] = 'netflix'
    account = swag.create(data)
    assert account.get('owner') == 'netflix'

Ejemplo n.º 5

def test_dynamodb_backend_create(dynamodb_table):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.type': 'dynamodb',
        'swag.namespace': 'accounts',
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        'aliases': ['test'],
        'contacts': ['*****@*****.**'],
        'description': 'LOL, Test account',
        'email': '*****@*****.**',
        'environment': 'test',
        'id': '012345678910',
        'name': 'testaccount',
        'owner': 'netflix',
        'provider': 'aws',
        'sensitive': False
    }

    assert not swag.get_all()
    item = swag.create(account)
    assert swag.get("[?id=='{id}']".format(id=item['id']))

Ejemplo n.º 6

def test_schema_context_validation_type_field():
    """Test schema context validation for type field"""
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.schema_context': {
            'type': ['billing', 'security', 'shared-service', 'service'],
        }
    }
    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    data = {
        "aliases": ["test"],
        "contacts": ["*****@*****.**"],
        "description": "This is just a test.",
        "email": "*****@*****.**",
        "environment": "dev",
        "id": "012345678910",
        "name": "testaccount",
        "owner": "netflix",
        "provider": "aws",
    }

    # Test with invalid account type
    with pytest.raises(ValidationError):
        data['type'] = 'bad_type'
        swag.create(data)

    # Test with a valid account type
    data['type'] = 'billing'
    account = swag.create(data)
    assert account.get('type') == 'billing'

Ejemplo n.º 7

def get_historical_accounts():
    """Fetches valid accounts from SWAG if enabled or a list accounts."""
    if os.environ.get('SWAG_BUCKET', False):
        swag_opts = {
            'swag.type': 's3',
            'swag.bucket_name': os.environ['SWAG_BUCKET'],
            'swag.data_file': os.environ.get('SWAG_DATA_FILE',
                                             'accounts.json'),
            'swag.region': os.environ.get('SWAG_REGION', 'us-east-1')
        }
        swag = SWAGManager(**parse_swag_config_options(swag_opts))
        search_filter = f"[?provider=='aws' && owner=='{os.environ['SWAG_OWNER']}' && account_status!='deleted'"

        if parse_boolean(os.environ.get('TEST_ACCOUNTS_ONLY')):
            search_filter += " && environment=='test'"

        search_filter += ']'

        accounts = swag.get_service_enabled('historical',
                                            search_filter=search_filter)
    else:
        accounts = [{
            'id': account_id
        } for account_id in os.environ['ENABLED_ACCOUNTS'].split(',')]

    return accounts

Ejemplo n.º 8

Archivo: config.py Proyecto: amarentis/diffy

def configure_swag() -> None:
    """Configures SWAG if enabled."""
    if CONFIG["DIFFY_SWAG_ENABLED"]:
        swag_config = CONFIG.get_namespace("SWAG_")
        logger.debug(str(swag_config))
        swag_config = {"swag." + k: v for k, v in swag_config.items()}
        swag.configure(**parse_swag_config_options(swag_config))
        CONFIG["DIFFY_ACCOUNTS"] = swag.get_service_enabled("diffy")

Ejemplo n.º 9

Archivo: config.py Proyecto: jedmitten/diffy

def configure_swag() -> None:
    """Configures SWAG if enabled."""
    if CONFIG['DIFFY_SWAG_ENABLED']:
        swag_config = CONFIG.get_namespace('SWAG_')
        logger.debug(str(swag_config))
        swag_config = {'swag.' + k: v for k, v in swag_config.items()}
        swag.configure(**parse_swag_config_options(swag_config))
        CONFIG['DIFFY_ACCOUNTS'] = swag.get_service_enabled('diffy')

Ejemplo n.º 10

Archivo: config.py Proyecto: kevgliss/diffy

def configure_swag() -> None:
    """Configures SWAG if enabled."""
    if CONFIG['DIFFY_SWAG_ENABLED']:
        swag_config = CONFIG.get_namespace('SWAG_')
        logger.debug(str(swag_config))
        swag_config = {'swag.' + k: v for k, v in swag_config.items()}
        swag.configure(**parse_swag_config_options(swag_config))
        CONFIG['DIFFY_ACCOUNTS'] = swag.get_service_enabled('diffy')

Ejemplo n.º 11

Archivo: config.py Proyecto: forestmonster/diffy

def configure_swag() -> None:
    """Configures SWAG if enabled."""
    if CONFIG["DIFFY_SWAG_ENABLED"]:
        swag_config = CONFIG.get_namespace("SWAG_")
        logger.debug(str(swag_config))
        swag_config = {"swag." + k: v for k, v in swag_config.items()}
        swag.configure(**parse_swag_config_options(swag_config))
        CONFIG["DIFFY_ACCOUNTS"] = swag.get_service_enabled("diffy")

Ejemplo n.º 12

def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker):
    """Use the SWAG client to sync SWAG accounts to Security Monkey."""
    from security_monkey.account_manager import account_registry

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket_name,
        'swag.data_file': bucket_prefix,
        'swag.region': bucket_region
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))
    account_manager = account_registry[account_type]()

    for account in swag.get_all("[?provider=='{provider}']".format(provider=account_type.lower())):
        services = account.get('services', [])
        services_by_name = {s['name']: s for s in services}

        secmonkey_service = services_by_name.get('security_monkey', {})
        all_region_status = {}
        for status in secmonkey_service.get('status', []):
            if status['region'] == 'all':
                all_region_status = status
                break
        active = all_region_status.get('enabled', False)
        thirdparty = account['owner'] != owner

        if spinnaker:
            spinnaker_name = swag.get_service_name('spinnaker', "[?id=='{id}']".format(id=account['id']))
            if not spinnaker_name:
                name = account['name']
            else:
                name = spinnaker_name
        else:
            name = account['name']

        notes = account['description']
        identifier = account['id']

        custom_fields = {}
        s3_name = swag.get_service_name('s3', "[?id=='{id}']".format(id=account['id']))
        if s3_name:
            custom_fields['s3_name'] = s3_name

        s3_service = services_by_name.get('s3', {})
        if s3_service:
            c_id = s3_service['metadata'].get('canonicalId', None)
            if c_id:
                custom_fields['canonical_id'] = c_id
        role_name = secmonkey_service.get('metadata', {}).get('role_name', None)
        if role_name is not None:
            custom_fields['role_name'] = role_name

        account_manager.sync(account_manager.account_type, name, active, thirdparty,
                             notes, identifier,
                             custom_fields=custom_fields)
    db.session.close()
    app.logger.info('SWAG sync successful.')

Ejemplo n.º 13

Archivo: conftest.py Proyecto: mikegrima/historical

def swag_accounts(s3, retry):
    """Create mocked SWAG Accounts."""
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    bucket_name = 'SWAG'
    data_file = 'accounts.json'
    region = 'us-east-1'
    owner = 'third-party'

    s3.create_bucket(Bucket=bucket_name)
    os.environ['SWAG_BUCKET'] = bucket_name
    os.environ['SWAG_DATA_FILE'] = data_file
    os.environ['SWAG_REGION'] = region
    os.environ['SWAG_OWNER'] = owner

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket_name,
        'swag.data_file': data_file,
        'swag.region': region,
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        'aliases': ['test'],
        'contacts': ['*****@*****.**'],
        'description':
        'LOL, Test account',
        'email':
        '*****@*****.**',
        'environment':
        'test',
        'id':
        '012345678910',
        'name':
        'testaccount',
        'owner':
        'third-party',
        'provider':
        'aws',
        'sensitive':
        False,
        'account_status':
        'ready',
        'services': [{
            'name': 'historical',
            'status': [{
                'region': 'all',
                'enabled': True
            }]
        }]
    }

    swag.create(account)

Ejemplo n.º 14

def _prep_accounts(account_names):
    """
    Convert CLI provided account names into list of accounts from SWAG.
    Considers account aliases as well as account names.
    Returns a list of account numbers
    """
    matching_accounts = list()
    account_names = account_names.split(',')
    account_names = {name.lower().strip() for name in account_names}

    # create a new copy of the account_names list so we can remove accounts as needed
    for account in list(account_names):
        if re.match('\d{12}', account):
            account_names.remove(account)
            matching_accounts.append(account)

    if not account_names:
        return matching_accounts

    try:
        current_app.logger.info('getting bucket {}'.format(
                                current_app.config.get('SWAG_BUCKET')))

        swag = SWAGManager(**parse_swag_config_options(current_app.config.get('SWAG_OPTS')))

        all_accounts = swag.get_all(current_app.config.get('SWAG_FILTER'))

        service_enabled_requirement = current_app.config.get('SWAG_SERVICE_ENABLED_REQUIREMENT', None)
        if service_enabled_requirement:
            all_accounts = swag.get_service_enabled(service_enabled_requirement, accounts_list=all_accounts)

    except (KeyError, InvalidSWAGDataException, Exception) as e:
        current_app.logger.error('Account names passed but SWAG not configured or unavailable: {}'.format(e))

    if 'all' in account_names:
        return [account['id'] for account in all_accounts]

    lookup = {account['name']: Bunch(account) for account in all_accounts}

    for account in all_accounts:
        # get the right key, depending on whether we're using swag v1 or v2
        alias_key = 'aliases' if account['schemaVersion'] == '2' else 'alias'
        for alias in account[alias_key]:
            lookup[alias] = Bunch(account)

    for name in account_names:
        if name not in lookup:
            current_app.logger.warn('Could not find an account named %s'
                                    % name)
            continue

        account_number = lookup[name].get('id', None)
        if account_number:
            matching_accounts.append(account_number)

    return matching_accounts

Ejemplo n.º 15

def test_file_backend_get_all(vector_path):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.data_dir': vector_path,
        'swag.namespace': 'valid_accounts_v2',
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))
    assert len(swag.get_all()) == 2

Ejemplo n.º 16

def test_get_by_name(s3_bucket_name):
    from swag_client.swag import get_by_name

    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': s3_bucket_name,
        'swag.schema_version': 1,
        'swag.cache_expires': 0
    }

    swagv1 = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        "bastion": "testaccount.net",
        "metadata": {
            "s3_name": "testaccounts3",
            "cloudtrail_index": "cloudtrail_testaccount[yyyymm]",
            "cloudtrail_kibana_url":
            "http://testaccount.cloudtrail.dashboard.net",
            "email": "*****@*****.**",
            "account_number": "012345678910"
        },
        "schema_version": 1,
        "owners": ["*****@*****.**"],
        "email": "*****@*****.**",
        "ours": True,
        "description": "LOL, Test account",
        "cmc_required": False,
        "tags": ["testing"],
        "id": "aws-012345678910",
        "name": "testaccount",
        "type": "aws",
        "alias": [
            "test",
        ]
    }

    swagv1.create(account)

    # Test getting account named: 'testaccount'
    account = get_by_name('testaccount', s3_bucket_name)
    assert account['name'] == 'testaccount'

    # Test by getting account that does not exist:
    assert not get_by_name('does not exist', s3_bucket_name)

    # With alias
    account = get_by_name('test', s3_bucket_name, alias=True)
    assert account['metadata']['account_number'] == '012345678910'

Ejemplo n.º 17

def configure_extensions(app):
    """
    Attaches and configures any needed flask extensions
    to our app.
    :param app:
    """
    sentry.init_app(app)

    opts = {
        'swag.type': app.config.get('SWAG_BACKEND_TYPE', 'dynamodb'),
        'swag.namespace': app.config.get('SWAG_BACKEND_NAMESPACE', 'accounts')
    }
    swag.configure(**parse_swag_config_options(opts))

Ejemplo n.º 18

Archivo: request_schemas.py Proyecto: mikegrima/bucketsnake

def get_swag():
    """
    Get account data from SWAG (via S3)
    :return:
    """
    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': CONFIG.swag_bucket,
        'swag.data_file': CONFIG.swag_data_file,
        'swag.region': CONFIG.swag_region,
        'swag.cache_expires': 0
    }
    return SWAGManager(**parse_swag_config_options(swag_opts))

Ejemplo n.º 19

def test_backend_get_service_name(vector_path):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.data_dir': vector_path,
        'swag.namespace': 'valid_accounts_v2',
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))
    assert swag.get_service_name('myService',
                                 "[?name=='testaccount']") == 'testaccount'

Ejemplo n.º 20

def test_get_all_accounts(s3_bucket_name):
    from swag_client.swag import get_all_accounts

    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': s3_bucket_name,
        'swag.schema_version': 1,
        'swag.cache_expires': 0
    }

    swagv1 = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        "bastion": "test2.net",
        "metadata": {
            "s3_name": "testaccounts3",
            "cloudtrail_index": "cloudtrail_testaccount[yyyymm]",
            "cloudtrail_kibana_url":
            "http://testaccount.cloudtrail.dashboard.net",
            "email": "*****@*****.**",
            "account_number": "012345678910"
        },
        "schema_version": 1,
        "owners": ["*****@*****.**"],
        "ours": True,
        "description": "LOL, Test account",
        "cmc_required": False,
        "email": "*****@*****.**",
        "tags": ["testing"],
        "id": "aws-012345678910",
        "name": "testaccount",
        "type": "aws",
        "alias": [
            "test",
        ]
    }

    swagv1.create(account)

    data = get_all_accounts(s3_bucket_name)
    assert len(data['accounts']) == 1

    data = get_all_accounts(s3_bucket_name, **{'owners': ['*****@*****.**']})

    assert len(data['accounts']) == 1

    data = get_all_accounts(s3_bucket_name, bastion="test2.net")
    assert len(data['accounts']) == 1

Ejemplo n.º 21

def test_s3_backend_delete_v1(s3_bucket_name):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': s3_bucket_name,
        'swag.schema_version': 1,
        'swag.cache_expires': 0
    }

    swagv1 = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        "bastion": "testaccount.net",
        "metadata": {
            "s3_name": "testaccounts3",
            "cloudtrail_index": "cloudtrail_testaccount[yyyymm]",
            "cloudtrail_kibana_url":
            "http://testaccount.cloudtrail.dashboard.net",
            "email": "*****@*****.**",
            "account_number": "012345678910"
        },
        "schema_version": 1,
        "owners": ["*****@*****.**"],
        "ours": True,
        "email": "*****@*****.**",
        "description": "LOL, Test account",
        "cmc_required": False,
        "tags": ["testing"],
        "id": "aws-012345678910",
        "name": "testaccount",
        "type": "aws",
        "alias": [
            "test",
        ],
        "services": {
            "rolliepollie": {
                "enabled": True
            },
            "awwwdit": {
                "enabled": True
            }
        }
    }

    swagv1.create(account)

    assert len(swagv1.get_all()['accounts']) == 1
    swagv1.delete(account)
    assert len(swagv1.get_all()['accounts']) == 0

Ejemplo n.º 22

def get_all_accounts(bucket, region='us-west-2', json_path='accounts.json', **filters):
    """Fetches all the accounts from SWAG."""
    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket,
        'swag.region': region,
        'swag.data_file': json_path,
        'swag.schema_version': 1
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))
    accounts = swag.get_all()
    accounts = [account for account in accounts['accounts'] if is_sub_dict(filters, account)]
    return {'accounts': accounts}

Ejemplo n.º 23

Archivo: factory.py Proyecto: mikegrima/swag-api

def configure_extensions(app: Flask):
    """
    Attaches and configures any needed flask extensions
    to our app.
    :param app:
    """
    sentry.init_app(app)

    opts = {
        'swag.type': app.config.get('SWAG_BACKEND_TYPE', 'dynamodb'),
        'swag.namespace': app.config.get('SWAG_BACKEND_NAMESPACE', 'accounts'),
        'swag.schema_context': app.config.get('SWAG_SCHEMA_CONTEXT', {}),
        'swag.cache_expires': app.config.get('SWAG_CACHE_EXPIRES', 600)
    }

    swag.configure(**parse_swag_config_options(opts))

Ejemplo n.º 24

def test_backend_get_by_name(vector_path):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.data_dir': vector_path,
        'swag.namespace': 'valid_accounts_v2',
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    assert swag.get_by_name('testaccount')
    assert not swag.get_by_name('test')
    assert swag.get_by_name('test', alias=True)
    assert swag.get_by_name('testaccount', alias=True)

Ejemplo n.º 25

def test_region_validation_field(s3_bucket_name):
    """Test schema context validation for owner field"""
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': s3_bucket_name,
        'swag.schema_version': 2,
        'swag.cache_expires': 0
    }
    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    data = {
        "aliases": ["test"],
        "contacts": ["*****@*****.**"],
        "description": "This is just a test.",
        "email": "*****@*****.**",
        "id": "012345678910",
        "name": "testaccount",
        "environment": "test",
        "provider": "aws",
        "status": [{
            "region": "us-west-2",
            "status": "created",
            "notes": []
        }],
        "account_status": "created",
        "regions": {
            "us-east-1": {
                "status": "created",
                "az_mapping": []
            }
        }
    }

    # Test with invalid account_status
    with pytest.raises(ValidationError):
        swag.create(data)

    # Test with a valid account_status
    data['regions']['us-east-1']['az_mapping'] = {}
    account = swag.create(data)
    assert account.get('account_status') == 'created'

Ejemplo n.º 26

def get_historical_accounts():
    """Fetches valid accounts from SWAG if enabled or a list accounts."""
    if os.environ.get('SWAG_BUCKET', False):
        swag_opts = {
            'swag.type': 's3',
            'swag.bucket_name': os.environ['SWAG_BUCKET'],
            'swag.data_file': os.environ.get('SWAG_DATA_FILE',
                                             'accounts.json'),
            'swag.region': os.environ.get('SWAG_REGION', 'us-east-1')
        }
        swag = SWAGManager(**parse_swag_config_options(swag_opts))
        accounts = swag.get_service_enabled(
            'historical',
            search_filter="[?provider=='aws'] && [?owner=='{}']".format(
                os.environ['SWAG_OWNER']))
    else:
        accounts = os.environ['ENABLED_ACCOUNTS']

    return accounts

Ejemplo n.º 27

Archivo: cli.py Proyecto: willbengtson/swag-client

def propagate(ctx):
    """Transfers SWAG data from one backend to another"""
    data = []
    if ctx.type == 'file':
        if ctx.data_file:
            file_path = ctx.data_file
        else:
            file_path = os.path.join(ctx.data_dir, ctx.namespace + '.json')

        with open(file_path, 'r') as f:
            data = json.loads(f.read())

    swag_opts = {'swag.type': 'dynamodb'}

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    for item in data:
        time.sleep(2)
        swag.create(item, dry_run=ctx.dry_run)

Ejemplo n.º 28

Archivo: cli.py Proyecto: willbengtson/swag-client

def create_swag_from_ctx(ctx):
    """Creates SWAG client from the current context."""
    swag_opts = {}
    if ctx.type == 'file':
        swag_opts = {
            'swag.type': 'file',
            'swag.data_dir': ctx.data_dir,
            'swag.data_file': ctx.data_file
        }
    elif ctx.type == 's3':
        swag_opts = {
            'swag.type': 's3',
            'swag.bucket_name': ctx.bucket_name,
            'swag.data_file': ctx.data_file,
            'swag.region': ctx.region
        }
    elif ctx.type == 'dynamodb':
        swag_opts = {'swag.type': 'dynamodb', 'swag.region': ctx.region}
    return SWAGManager(**parse_swag_config_options(swag_opts))

Ejemplo n.º 29

Archivo: conftest.py Proyecto: wehkamp-oss/swag-api

def dynamodb_table(aws_credentials):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    with mock_dynamodb2():
        resource = boto3.resource('dynamodb', region_name='us-east-1')

        table = resource.create_table(TableName='accounts',
                                      KeySchema=[{
                                          'AttributeName': 'id',
                                          'KeyType': 'HASH'
                                      }],
                                      AttributeDefinitions=[{
                                          'AttributeName':
                                          'id',
                                          'AttributeType':
                                          'S'
                                      }],
                                      ProvisionedThroughput={
                                          'ReadCapacityUnits': 1,
                                          'WriteCapacityUnits': 1
                                      })

        table.meta.client.get_waiter('table_exists').wait(TableName='accounts')

        swag_opts = {
            'swag.type': 'dynamodb',
            'swag.namespace': 'accounts',
            'swag.cache_expires': 0
        }
        swag = SWAGManager(**parse_swag_config_options(swag_opts))

        cwd = os.path.dirname(os.path.realpath(__file__))
        account_file = os.path.join(cwd, 'vectors/accounts.json')

        with open(account_file, 'r') as f:
            accounts = json.loads(f.read())

            for account in accounts:
                swag.create(account)

        yield

Ejemplo n.º 30

def swag_accounts(s3):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    bucket_name = "SWAG"
    data_file = "accounts.json"
    region = "us-east-1"
    owner = "third-party"

    s3.create_bucket(Bucket=bucket_name)
    os.environ["SWAG_BUCKET"] = bucket_name
    os.environ["SWAG_DATA_FILE"] = data_file
    os.environ["SWAG_REGION"] = region
    os.environ["SWAG_OWNER"] = owner

    swag_opts = {
        "swag.type": "s3",
        "swag.bucket_name": bucket_name,
        "swag.data_file": data_file,
        "swag.region": region,
        "swag.cache_expires": 0,
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        "aliases": ["test"],
        "contacts": ["*****@*****.**"],
        "description": "LOL, Test account",
        "email": "*****@*****.**",
        "environment": "test",
        "id": "012345678910",
        "name": "testaccount",
        "owner": "third-party",
        "provider": "aws",
        "sensitive": False,
        "services": [],
    }

    swag.create(account)

Ejemplo n.º 31

Archivo: conftest.py Proyecto: jedmitten/diffy

def swag_accounts(s3):
    from swag_client.backend import SWAGManager
    from swag_client.util import parse_swag_config_options

    bucket_name = 'SWAG'
    data_file = 'accounts.json'
    region = 'us-east-1'
    owner = 'third-party'

    s3.create_bucket(Bucket=bucket_name)
    os.environ['SWAG_BUCKET'] = bucket_name
    os.environ['SWAG_DATA_FILE'] = data_file
    os.environ['SWAG_REGION'] = region
    os.environ['SWAG_OWNER'] = owner

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket_name,
        'swag.data_file': data_file,
        'swag.region': region,
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    account = {
        'aliases': ['test'],
        'contacts': ['*****@*****.**'],
        'description': 'LOL, Test account',
        'email': '*****@*****.**',
        'environment': 'test',
        'id': '012345678910',
        'name': 'testaccount',
        'owner': 'third-party',
        'provider': 'aws',
        'sensitive': False,
        'services': []
    }

    swag.create(account)

Ejemplo n.º 32

Archivo: manage.py Proyecto: zion0425/security_monkey

def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type,
              spinnaker):
    """Use the SWAG client to sync SWAG accounts to Security Monkey."""
    from security_monkey.account_manager import account_registry

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket_name,
        'swag.data_file': bucket_prefix,
        'swag.region': bucket_region
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))
    account_manager = account_registry[account_type]()

    for account in swag.get_all(
            "[?provider=='{provider}']".format(provider=account_type.lower())):
        services = account.get('services', [])
        services_by_name = {s['name']: s for s in services}

        # Check if the account is active or not:
        # With the current SWAG schema, need to do the following:
        # 1. Check if the 'account_status' field is set to 'ready'.
        # 2. Loop through all the services for "security_monkey" and if the status is "active", then the account
        #    is active.
        check_active = active = False
        if account['account_status'] == 'ready':
            check_active = True

        if check_active:
            secmonkey_service = services_by_name.get('security_monkey', {})
            for status in secmonkey_service.get('status', []):
                if status['region'] == 'all':
                    active = status.get('enabled', False)
                    break

        thirdparty = account['owner'] != owner
        if spinnaker:
            spinnaker_name = swag.get_service_name(
                'spinnaker', "[?id=='{id}']".format(id=account['id']))
            if not spinnaker_name:
                name = account['name']
            else:
                name = spinnaker_name
        else:
            name = account['name']

        notes = account['description']
        identifier = account['id']

        custom_fields = {}
        s3_name = swag.get_service_name(
            's3', "[?id=='{id}']".format(id=account['id']))
        if s3_name:
            custom_fields['s3_name'] = s3_name

        s3_service = services_by_name.get('s3', {})
        if s3_service:
            c_id = s3_service['metadata'].get('canonicalId', None)
            if c_id:
                custom_fields['canonical_id'] = c_id
        role_name = secmonkey_service.get('metadata',
                                          {}).get('role_name', None)
        if role_name is not None:
            custom_fields['role_name'] = role_name

        account_manager.sync(account_manager.account_type,
                             name,
                             active,
                             thirdparty,
                             notes,
                             identifier,
                             custom_fields=custom_fields)
    db.session.close()
    app.logger.info('SWAG sync successful.')

Ejemplo n.º 33

Archivo: test_commons.py Proyecto: mikegrima/historical

def test_get_only_test_accounts(swag_accounts):
    """Tests that the SWAG logic will only return 'test' accounts if specified."""
    from historical.common.accounts import get_historical_accounts

    # Setup:
    bucket_name = 'SWAG'
    data_file = 'accounts.json'
    region = 'us-east-1'
    owner = 'third-party'

    os.environ['SWAG_BUCKET'] = bucket_name
    os.environ['SWAG_DATA_FILE'] = data_file
    os.environ['SWAG_REGION'] = region
    os.environ['SWAG_OWNER'] = owner

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket_name,
        'swag.data_file': data_file,
        'swag.region': region,
        'swag.cache_expires': 0
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))

    # Production account:
    account = {
        'aliases': ['prod'],
        'contacts': ['*****@*****.**'],
        'description':
        'LOL, PROD account',
        'email':
        '*****@*****.**',
        'environment':
        'prod',
        'id':
        '999999999999',
        'name':
        'prodaccount',
        'owner':
        'third-party',
        'provider':
        'aws',
        'sensitive':
        False,
        'account_status':
        'ready',
        'services': [{
            'name': 'historical',
            'status': [{
                'region': 'all',
                'enabled': True
            }]
        }]
    }
    swag.create(account)

    # Get all the swag accounts:
    result = get_historical_accounts()
    assert len(result) == 2

    assert result[1]['environment'] == 'prod'
    assert result[1]['id'] == '999999999999'

    # Only test accounts:
    os.environ['TEST_ACCOUNTS_ONLY'] = 'True'
    result = get_historical_accounts()
    assert len(result) == 1
    assert result[0]['environment'] == 'test'
    assert result[0]['id'] != '999999999999'

    # Test the boolean logic:
    os.environ['TEST_ACCOUNTS_ONLY'] = ''
    result = get_historical_accounts()
    assert len(result) == 2

    os.environ['TEST_ACCOUNTS_ONLY'] = 'false'
    result = get_historical_accounts()
    assert len(result) == 2

    # Make sure that disabled/deleted accounts are not in the results:
    account['account_status'] = 'deleted'
    swag.update(account)
    result = get_historical_accounts()
    assert len(result) == 1

Ejemplo n.º 34

Archivo: manage.py Proyecto: Netflix/security_monkey

def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker):
    """Use the SWAG client to sync SWAG accounts to Security Monkey."""
    from security_monkey.account_manager import account_registry

    swag_opts = {
        'swag.type': 's3',
        'swag.bucket_name': bucket_name,
        'swag.data_file': bucket_prefix,
        'swag.region': bucket_region
    }

    swag = SWAGManager(**parse_swag_config_options(swag_opts))
    account_manager = account_registry[account_type]()

    for account in swag.get_all("[?provider=='{provider}']".format(provider=account_type.lower())):
        services = account.get('services', [])
        services_by_name = {s['name']: s for s in services}

        # Check if the account is active or not:
        # With the current SWAG schema, need to do the following:
        # 1. Check if the 'account_status' field is set to 'ready'.
        # 2. Loop through all the services for "security_monkey" and if the status is "active", then the account
        #    is active.
        check_active = active = False
        if account['account_status'] == 'ready':
            check_active = True

        if check_active:
            secmonkey_service = services_by_name.get('security_monkey', {})
            for status in secmonkey_service.get('status', []):
                if status['region'] == 'all':
                    active = status.get('enabled', False)
                    break

        thirdparty = account['owner'] != owner
        if spinnaker:
            spinnaker_name = swag.get_service_name('spinnaker', "[?id=='{id}']".format(id=account['id']))
            if not spinnaker_name:
                name = account['name']
            else:
                name = spinnaker_name
        else:
            name = account['name']

        notes = account['description']
        identifier = account['id']

        custom_fields = {}
        s3_name = swag.get_service_name('s3', "[?id=='{id}']".format(id=account['id']))
        if s3_name:
            custom_fields['s3_name'] = s3_name

        s3_service = services_by_name.get('s3', {})
        if s3_service:
            c_id = s3_service['metadata'].get('canonicalId', None)
            if c_id:
                custom_fields['canonical_id'] = c_id
        role_name = secmonkey_service.get('metadata', {}).get('role_name', None)
        if role_name is not None:
            custom_fields['role_name'] = role_name

        account_manager.sync(account_manager.account_type, name, active, thirdparty,
                             notes, identifier,
                             custom_fields=custom_fields)
    db.session.close()
    app.logger.info('SWAG sync successful.')