Example #1
0
def main():
    description = textwrap.dedent("""Process security policies into fwunit rules""")
    parser = argparse.ArgumentParser(description=description)
    parser.add_argument('--config', '-c',
        help="YAML configuration file", dest='config_file', type=str, default='fwunit.yaml')
    parser.add_argument('--verbose', action='store_true')
    parser.add_argument('--boto-verbose', action='store_true',
                        help="Enable VERY verbose logging from boto (if in use)")
    parser.add_argument('sources', nargs='*', help="sources to generate (default: ALL)")

    args, cfg = _setup(parser)
    if not args.boto_verbose:
        logging.getLogger('boto').setLevel(logging.CRITICAL)

    requested_sources = args.sources
    if not requested_sources or requested_sources == ['ALL']:
        requested_sources = cfg.keys()
    for source in requested_sources:
        if source not in cfg:
            parser.error("no such source '{}'".format(source))

    entry_points = {ep.name: ep for ep in pkg_resources.iter_entry_points('fwunit.types')}

    # sort all of the sources in dependency order
    requirements = {}
    for source in cfg:
        requirements[source] = cfg[source].get('require', [])

    ordered_sources = []
    def require(source):
        if source in ordered_sources:
            return
        for req in requirements[source]:
            if req not in cfg:
                parser.error("unknown requirement '{}'".format(source))
            require(req)
        ordered_sources.append(source)
    for source in requirements.iterkeys():
        require(source)

    for source in ordered_sources:
        if source not in requested_sources:
            continue
        src_cfg = cfg[source]
        if 'type' not in src_cfg:
            parser.error("source '{}' has no type".format(source))
        typ = src_cfg['type']
        if typ not in entry_points:
            parser.error("source '{}' has undefined type {}".format(source, typ))
        ep = entry_points[typ].load()

        if 'output' not in src_cfg:
            parser.error("source '{}' has no output".format(source))
        output = src_cfg['output']

        logger.warning("running %s", source)
        rules = ep(src_cfg, cfg)
        logger.warning("writing resulting rules to %s", output)
        json.dump(dict(rules=types.to_jsonable(rules)),
                  open(output, "w"))
Example #2
0
def setup():
    global old_sys_argv, old_cwd
    old_sys_argv = sys.argv[:]
    old_cwd = os.getcwd()

    if os.path.exists('test_dir'):
        shutil.rmtree('test_dir')
    os.makedirs('test_dir')
    os.chdir('test_dir')
    yaml.dump(FWUNIT_YAML, open('fwunit.yaml', "w"))
    json.dump(dict(rules=types.to_jsonable(RULES)), open('rules.json', "w"))
Example #3
0
def setup():
    global old_sys_argv, old_cwd
    old_sys_argv = sys.argv[:]
    old_cwd = os.getcwd()

    if os.path.exists('test_dir'):
        shutil.rmtree('test_dir')
    os.makedirs('test_dir')
    os.chdir('test_dir')
    yaml.dump(FWUNIT_YAML,
              open('fwunit.yaml', "w"))
    json.dump(dict(rules=types.to_jsonable(RULES)),
              open('rules.json', "w"))
Example #4
0
def setup_module():
    config._clear()
    sources._clear()
    global dir, old_cwd, rules
    dir = tempfile.mkdtemp()
    old_cwd = os.getcwd()
    os.chdir(dir)
    open('fwunit.yaml', 'w').write(yaml.dump({
        'test_source': {
            'output': os.path.join(dir, 'test_source.json'),
        },
    }))
    json.dump({'rules': types.to_jsonable(TEST_RULES)},
              open('test_source.json', 'w'))
    shutil.copy(os.path.join(dir, 'test_source.json'), '/tmp/foo.json')
    rules = TestContext('test_source')
Example #5
0
def main():
    description = textwrap.dedent(
        """Process security policies into fwunit rules""")
    parser = argparse.ArgumentParser(description=description)
    parser.add_argument('--config',
                        '-c',
                        help="YAML configuration file",
                        dest='config_file',
                        type=str,
                        default='fwunit.yaml')
    parser.add_argument('--verbose', action='store_true')
    parser.add_argument(
        '--boto-verbose',
        action='store_true',
        help="Enable VERY verbose logging from boto (if in use)")
    parser.add_argument('sources',
                        nargs='*',
                        help="sources to generate (default: ALL)")

    args, cfg = _setup(parser)
    if not args.boto_verbose:
        logging.getLogger('boto').setLevel(logging.CRITICAL)

    requested_sources = args.sources
    if not requested_sources or requested_sources == ['ALL']:
        requested_sources = cfg.keys()
    for source in requested_sources:
        if source not in cfg:
            parser.error("no such source '{}'".format(source))

    entry_points = {
        ep.name: ep
        for ep in pkg_resources.iter_entry_points('fwunit.types')
    }

    # sort all of the sources in dependency order
    requirements = {}
    for source in cfg:
        requirements[source] = cfg[source].get('require', [])

    ordered_sources = []

    def require(source):
        if source in ordered_sources:
            return
        for req in requirements[source]:
            if req not in cfg:
                parser.error("unknown requirement '{}'".format(source))
            require(req)
        ordered_sources.append(source)

    for source in requirements.iterkeys():
        require(source)

    for source in ordered_sources:
        if source not in requested_sources:
            continue
        src_cfg = cfg[source]
        if 'type' not in src_cfg:
            parser.error("source '{}' has no type".format(source))
        typ = src_cfg['type']
        if typ not in entry_points:
            parser.error("source '{}' has undefined type {}".format(
                source, typ))
        ep = entry_points[typ].load()

        if 'output' not in src_cfg:
            parser.error("source '{}' has no output".format(source))
        output = src_cfg['output']

        logger.warning("running %s", source)
        rules = ep(src_cfg, cfg)
        logger.warning("writing resulting rules to %s", output)
        json.dump(dict(rules=types.to_jsonable(rules)), open(output, "w"))