def __init__(self, global_configs, scanner_configs, service_config,
model_name, snapshot_timestamp, rules):
"""Initialization.
Args:
global_configs (dict): Global configurations.
scanner_configs (dict): Scanner configurations.
service_config (ServiceConfig): Forseti 2.0 service configs
model_name (str): name of the data model
snapshot_timestamp (str): Timestamp, formatted as YYYYMMDDTHHMMSSZ.
rules (str): Fully-qualified path and filename of the rules file.
"""
super(ExternalProjectAccessScanner, self).__init__(
global_configs,
scanner_configs,
service_config,
model_name,
snapshot_timestamp,
rules)
self.inventory_configs = self.service_config.get_inventory_config()
self.rules_engine = (
epa_rules_engine.ExternalProjectAccessRulesEngine(
rules_file_path=self.rules,
snapshot_timestamp=self.snapshot_timestamp))
self.rules_engine.build_rule_book(self.inventory_configs)
self._ancestries = dict()
def test_yaml_file_bad_ancestor(self):
"""Test that a RuleBook is built correctly with a yaml file."""
rules_local_path = get_datafile_path(
__file__, 'external_project_access_test_rules_2.yaml')
rules_engine = engine_module.ExternalProjectAccessRulesEngine(
rules_file_path=rules_local_path)
with self.assertRaises(audit_errors.InvalidRulesSchemaError):
rules_engine.build_rule_book(self.inventory_config)
def test_good_yaml_file(self):
"""Test that a RuleBook is built correctly with a yaml file."""
rules_local_path = get_datafile_path(
__file__, 'external_project_access_test_rules_1.yaml')
rules_engine = engine_module.ExternalProjectAccessRulesEngine(
rules_file_path=rules_local_path)
rules_engine.build_rule_book(self.inventory_config)
self.assertEqual(2, len(rules_engine.rule_book.resource_rules_map))
def test_no_violations_no_rules(self):
"""Test that no violations are found when no rules in the file."""
all_violations = []
rules_local_path = get_datafile_path(
__file__, 'external_project_access_test_rules_0.yaml')
rules_engine = engine_module.ExternalProjectAccessRulesEngine(
rules_file_path=rules_local_path)
rules_engine.build_rule_book(self.inventory_config)
for user, ancestry in self.TEST_ANCESTRIES_SIMPLE.items():
violations = rules_engine.find_violations(
user, ancestry, True)
all_violations.extend(violations)
self.assertEqual(len(all_violations), 0)
def test_violations_are_found(self):
"""Test that violations are found"""
all_violations = []
rules_local_path = get_datafile_path(
__file__, 'external_project_access_test_rules_1.yaml')
rules_engine = engine_module.ExternalProjectAccessRulesEngine(
rules_file_path=rules_local_path)
rules_engine.build_rule_book(self.inventory_config)
for user, ancestry in self.TEST_ANCESTRIES_VIOLATIONS.iteritems():
violations = rules_engine.find_violations(user,
ancestry,
True)
all_violations.extend(violations)
self.assertEqual(len(all_violations), 2)