def add_account(number,
third_party,
name,
s3_name,
active,
notes,
role_name='SecurityMonkey',
edit=False):
''' Adds an account. If one with the same number already exists, do nothing,
unless edit is True, in which case, override the existing account. Returns True
if an action is taken, False otherwise. '''
query = Account.query
query = query.filter(Account.number == number)
if query.count():
if not edit:
return False
else:
query.delete()
account = Account()
account.name = name
account.s3_name = s3_name
account.number = number
account.role_name = role_name
account.notes = notes
account.active = active
account.third_party = third_party
db.session.add(account)
db.session.commit()
return True
def amazon_accounts():
""" Pre-populates standard AWS owned accounts """
import os
import json
from security_monkey.datastore import Account
data_file = os.path.join(os.path.dirname(__file__), "data", "aws_accounts.json")
data = json.load(open(data_file, 'r'))
app.logger.info('Adding / updating Amazon owned accounts')
try:
for group, info in data.items():
for aws_account in info['accounts']:
acct_name = "{group} ({region})".format(group=group, region=aws_account['region'])
account = Account.query.filter(Account.number == aws_account['account_id']).first()
if not account:
app.logger.debug(' Adding account {0}'.format(acct_name))
account = Account()
else:
app.logger.debug(' Updating account {0}'.format(acct_name))
account.number = aws_account['account_id']
account.active = False
account.third_party = True
account.name = acct_name
account.notes = info['url']
db.session.add(account)
db.session.commit()
app.logger.info('Finished adding Amazon owned accounts')
except Exception as e:
app.logger.exception("An error occured while adding accounts")
store_exception("manager-amazon-accounts", None, e)
def amazon_accounts():
""" Pre-populates standard AWS owned accounts """
import os
import json
from security_monkey.datastore import Account, AccountType
data_file = os.path.join(os.path.dirname(__file__), "data",
"aws_accounts.json")
data = json.load(open(data_file, 'r'))
app.logger.info('Adding / updating Amazon owned accounts')
try:
account_type_result = AccountType.query.filter(
AccountType.name == 'AWS').first()
if not account_type_result:
account_type_result = AccountType(name='AWS')
db.session.add(account_type_result)
db.session.commit()
db.session.refresh(account_type_result)
for group, info in data.items():
for aws_account in info['accounts']:
acct_name = "{group} ({region})".format(
group=group, region=aws_account['region'])
account = Account.query.filter(
Account.number == aws_account['account_id']).first()
if not account:
app.logger.debug(
' Adding account {0}'.format(acct_name))
account = Account()
else:
app.logger.debug(
' Updating account {0}'.format(acct_name))
account.number = aws_account['account_id']
account.identifier = aws_account['account_id']
account.account_type_id = account_type_result.id
account.active = False
account.third_party = True
account.name = acct_name
account.notes = info['url']
db.session.add(account)
db.session.commit()
app.logger.info('Finished adding Amazon owned accounts')
except Exception as e:
app.logger.exception("An error occured while adding accounts")
store_exception("manager-amazon-accounts", None, e)
def add_account(number, third_party, name, s3_name, active, notes, edit=False):
''' Adds an account. If one with the same number already exists, do nothing,
unless edit is True, in which case, override the existing account. Returns True
if an action is taken, False otherwise. '''
query = Account.query
query = query.filter(Account.number == number)
if query.count():
if not edit:
return False
else:
query.delete()
account = Account()
account.name = name
account.s3_name = s3_name
account.number = number
account.notes = notes
account.active = active
account.third_party = third_party
db.session.add(account)
db.session.commit()
return True
def amazon_accounts():
""" Pre-populates standard AWS owned accounts """
import json
from security_monkey.datastore import Account, AccountType
data = json.load(open("data/aws_accounts.json", 'r'))
app.logger.info('Adding / updating Amazon owned accounts')
try:
account_type_result = AccountType.query.filter(AccountType.name == 'AWS').first()
if not account_type_result:
account_type_result = AccountType(name='AWS')
db.session.add(account_type_result)
db.session.commit()
db.session.refresh(account_type_result)
for group, info in data.items():
for aws_account in info['accounts']:
acct_name = "{group} ({region})".format(group=group, region=aws_account['region'])
account = Account.query.filter(Account.identifier == aws_account['account_id']).first()
if not account:
app.logger.debug(' Adding account {0}'.format(acct_name))
account = Account()
else:
app.logger.debug(' Updating account {0}'.format(acct_name))
account.identifier = aws_account['account_id']
account.account_type_id = account_type_result.id
account.active = False
account.third_party = True
account.name = acct_name
account.notes = info['url']
db.session.add(account)
db.session.commit()
app.logger.info('Finished adding Amazon owned accounts')
except Exception as e:
app.logger.exception("An error occured while adding accounts")
store_exception("manager-amazon-accounts", None, e)
def post(self):
"""
.. http:post:: /api/1/account/
Create a new account.
**Example Request**:
.. sourcecode:: http
POST /api/1/account/ HTTP/1.1
Host: example.com
Accept: application/json
{
'name': 'new_account'
's3_name': 'new_account',
'number': '0123456789',
'notes': 'this account is for ...',
'role_name': 'CustomRole',
'active': true,
'third_party': false
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 201 Created
Vary: Accept
Content-Type: application/json
{
'name': 'new_account'
's3_name': 'new_account',
'number': '0123456789',
'notes': 'this account is for ...',
'role_name': 'CustomRole',
'active': true,
'third_party': false
}
:statuscode 201: created
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
self.reqparse.add_argument('name', required=True, type=unicode, help='Must provide account name', location='json')
self.reqparse.add_argument('s3_name', required=False, type=unicode, help='Will use name if s3_name not provided.', location='json')
self.reqparse.add_argument('number', required=False, type=unicode, help='Add the account number if available.', location='json')
self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json')
self.reqparse.add_argument('role_name', required=False, type=unicode, help='Custom role name.', location='json')
self.reqparse.add_argument('active', required=False, type=bool, help='Determines whether this account should be interrogated by security monkey.', location='json')
self.reqparse.add_argument('third_party', required=False, type=bool, help='Determines whether this account is a known friendly third party account.', location='json')
args = self.reqparse.parse_args()
account = Account()
account.name = args['name']
account.s3_name = args.get('s3_name', args['name'])
account.number = args['number']
account.notes = args['notes']
account.active = args['active']
account.third_party = args['third_party']
db.session.add(account)
db.session.commit()
db.session.refresh(account)
marshaled_account = marshal(account.__dict__, ACCOUNT_FIELDS)
marshaled_account['auth'] = self.auth_dict
return marshaled_account, 201
def applies_to_account(self, account):
return True
mock_query = MockAccountQuery()
mock_db_session = MockDBSession()
test_account = Account()
test_account.name = "TEST_ACCOUNT"
test_account.notes = "TEST ACCOUNT"
test_account.s3_name = "TEST_ACCOUNT"
test_account.number = "012345678910"
test_account.role_name = "TEST_ACCOUNT"
test_account.account_type = AccountType(name='AWS')
test_account.third_party = False
test_account.active = True
mock_query.add_account(test_account)
test_account2 = Account()
test_account2.name = "TEST_ACCOUNT2"
test_account2.notes = "TEST ACCOUNT2"
test_account2.s3_name = "TEST_ACCOUNT2"
test_account2.number = "123123123123"
test_account2.role_name = "TEST_ACCOUNT"
test_account2.account_type = AccountType(name='AWS')
test_account2.third_party = False
test_account2.active = True
mock_query.add_account(test_account2)
def post(self):
"""
.. http:post:: /api/1/account/
Create a new account.
**Example Request**:
.. sourcecode:: http
POST /api/1/account/ HTTP/1.1
Host: example.com
Accept: application/json
{
'name': 'new_account'
's3_name': 'new_account',
'number': '0123456789',
'notes': 'this account is for ...',
'active': true,
'third_party': false
}
**Example Response**:
.. sourcecode:: http
HTTP/1.1 201 Created
Vary: Accept
Content-Type: application/json
{
'name': 'new_account'
's3_name': 'new_account',
'number': '0123456789',
'notes': 'this account is for ...',
'active': true,
'third_party': false
}
:statuscode 201: created
:statuscode 401: Authentication Error. Please Login.
"""
auth, retval = __check_auth__(self.auth_dict)
if auth:
return retval
self.reqparse.add_argument('name', required=True, type=unicode, help='Must provide account name', location='json')
self.reqparse.add_argument('s3_name', required=False, type=unicode, help='Will use name if s3_name not provided.', location='json')
self.reqparse.add_argument('number', required=False, type=unicode, help='Add the account number if available.', location='json')
self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json')
self.reqparse.add_argument('active', required=False, type=bool, help='Determines whether this account should be interrogated by security monkey.', location='json')
self.reqparse.add_argument('third_party', required=False, type=bool, help='Determines whether this account is a known friendly third party account.', location='json')
args = self.reqparse.parse_args()
name = args['name']
s3_name = args.get('s3_name', name)
number = args.get('number', None)
notes = args.get('notes', None)
active = args.get('active', True)
third_party = args.get('third_party', False)
account = Account()
account.name = name
account.s3_name = s3_name
account.number = number
account.notes = notes
account.active = active
account.third_party = third_party
db.session.add(account)
db.session.commit()
updated_account = Account.query.filter(Account.id == account.id).first()
marshaled_account = marshal(updated_account.__dict__, ACCOUNT_FIELDS)
marshaled_account['auth'] = self.auth_dict
return marshaled_account, 201
def save_issues(self):
pass
mock_query = MockAccountQuery()
mock_db_session = MockDBSession()
test_account = Account()
test_account.name = "TEST_ACCOUNT"
test_account.notes = "TEST ACCOUNT"
test_account.s3_name = "TEST_ACCOUNT"
test_account.number = "012345678910"
test_account.role_name = "TEST_ACCOUNT"
test_account.third_party = False
test_account.active = True
mock_query.add_account(test_account)
test_account2 = Account()
test_account2.name = "TEST_ACCOUNT2"
test_account2.notes = "TEST ACCOUNT2"
test_account2.s3_name = "TEST_ACCOUNT2"
test_account2.number = "123123123123"
test_account2.role_name = "TEST_ACCOUNT"
test_account2.third_party = False
test_account2.active = True
mock_query.add_account(test_account2)
class MockWatcher(object):
