def slurp_items(**kwargs):
item_list = list()
kwargs, exception_map = self._add_exception_fields_to_kwargs(
**kwargs)
item_counter = self.batch_counter * self.batched_size
while self.batched_size - len(
item_list) > 0 and not self.done_slurping:
cursor = self.total_list[item_counter]
item_name = self.get_name_from_list_output(cursor)
if item_name and self.check_ignore_list(item_name):
item_counter += 1
if item_counter == len(self.total_list):
self.done_slurping = True
continue
item_details = invoke_get_method(cursor,
name=item_name,
**kwargs)
if item_details:
item = CloudAuxChangeItem.from_item(
name=item_name,
item=item_details,
override_region=self.override_region,
**kwargs)
item_list.append(item)
item_counter += 1
if item_counter == len(self.total_list):
self.done_slurping = True
self.batch_counter += 1
return item_list, exception_map
def slurp_items(**kwargs):
item_list = list()
kwargs, exception_map = self._add_exception_fields_to_kwargs(
**kwargs)
item_counter = self.batch_counter * self.batched_size
skip_counter = 0 # Need to track number of items skipped so that the batches don't overlap
while self.batched_size - (len(item_list) + skip_counter
) > 0 and not self.done_slurping:
cursor = self.total_list[item_counter]
item_name = self.get_name_from_list_output(cursor)
if item_name and self.check_ignore_list(item_name):
item_counter += 1
skip_counter += 1
if item_counter == len(self.total_list):
self.done_slurping = True
continue
kwargs["conn_dict"]["region"] = cursor[
"Region"] # Inject the region in.
app.logger.debug(
"Account: {account}, Batched Watcher: {watcher}, Fetching item: "
"{item}/{region}".format(
account=kwargs["account_name"],
watcher=self.index,
item=item_name,
region=kwargs["conn_dict"]["region"]))
item_details = invoke_get_method(cursor,
name=item_name,
**kwargs)
if item_details:
# Determine which region to record the item into.
# Some tech, like IAM, is global and so we record it as 'universal' by setting an override_region
# Some tech, like S3, requires an initial connection to us-east-1, though a buckets actual
# region may be different. Extract the actual region from item_details.
# Otherwise, just use the region where the boto connection was made.
record_region = self.override_region or \
item_details.get('Region') or kwargs['conn_dict']['region']
item = CloudAuxChangeItem.from_item(
name=item_name,
item=item_details,
record_region=record_region,
source_watcher=self,
**kwargs)
item_list.append(item)
else:
# Item not fetched (possibly deleted after grabbing the list) -- have to account in batch
skip_counter += 1
item_counter += 1
if item_counter == len(self.total_list):
self.done_slurping = True
self.batch_counter += 1
return item_list, exception_map
def slurp_items(**kwargs):
item_list = list()
kwargs, exception_map = self._add_exception_fields_to_kwargs(**kwargs)
item_counter = self.batch_counter * self.batched_size
skip_counter = 0 # Need to track number of items skipped so that the batches don't overlap
while self.batched_size - (len(item_list) + skip_counter) > 0 and not self.done_slurping:
cursor = self.total_list[item_counter]
item_name = self.get_name_from_list_output(cursor)
if item_name and self.check_ignore_list(item_name):
item_counter += 1
skip_counter += 1
if item_counter == len(self.total_list):
self.done_slurping = True
continue
kwargs["conn_dict"]["region"] = cursor["Region"] # Inject the region in.
app.logger.debug("Account: {account}, Batched Watcher: {watcher}, Fetching item: "
"{item}/{region}".format(account=kwargs["account_name"],
watcher=self.index,
item=item_name,
region=kwargs["conn_dict"]["region"]))
item_details = invoke_get_method(cursor, name=item_name, **kwargs)
if item_details:
# Determine which region to record the item into.
# Some tech, like IAM, is global and so we record it as 'universal' by setting an override_region
# Some tech, like S3, requires an initial connection to us-east-1, though a buckets actual
# region may be different. Extract the actual region from item_details.
# Otherwise, just use the region where the boto connection was made.
record_region = self.override_region or \
item_details.get('Region') or kwargs['conn_dict']['region']
item = CloudAuxChangeItem.from_item(
name=item_name,
item=item_details,
record_region=record_region,
source_watcher=self,
**kwargs)
item_list.append(item)
else:
# Item not fetched (possibly deleted after grabbing the list) -- have to account in batch
skip_counter += 1
item_counter += 1
if item_counter == len(self.total_list):
self.done_slurping = True
self.batch_counter += 1
return item_list, exception_map
def test_audit_specific_changes(self):
from security_monkey.task_scheduler.tasks import _audit_specific_changes
from security_monkey.monitors import Monitor
from security_monkey.watchers.iam.iam_role import IAMRole
from security_monkey.cloudaux_watcher import CloudAuxChangeItem
from security_monkey.auditors.iam.iam_role import IAMRoleAuditor
# Set up the monitor:
test_account = Account.query.filter(
Account.name == "TEST_ACCOUNT1").one()
batched_monitor = Monitor(IAMRole, test_account)
batched_monitor.auditors = [
IAMRoleAuditor(accounts=[test_account.name])
]
technology = Technology(name="iamrole")
db.session.add(technology)
db.session.commit()
watcher = Watcher(accounts=[test_account.name])
watcher.current_account = (test_account, 0)
watcher.technology = technology
# Create some IAM roles for testing:
items = []
for x in range(0, 3):
role_policy = dict(ROLE_CONF)
role_policy[
"Arn"] = ARN_PREFIX + ":iam::012345678910:role/roleNumber{}".format(
x)
role_policy["RoleName"] = "roleNumber{}".format(x)
role = CloudAuxChangeItem.from_item(name=role_policy['RoleName'],
item=role_policy,
record_region='universal',
account_name=test_account.name,
index='iamrole',
source_watcher=watcher)
items.append(role)
audit_items = watcher.find_changes_batch(items, {})
assert len(audit_items) == 3
# Perform the audit:
_audit_specific_changes(batched_monitor, audit_items, False)
# Check all the issues are there:
assert len(ItemAudit.query.all()) == 3