def test_keys_from_file(self):
session = cloudpassage.ApiKeyManager(config_file=config_file)
with open(config_file, 'r') as config_file_obj:
file_set_vars = yaml.load(config_file_obj)["defaults"]
assert session.key_id == file_set_vars["key_id"]
assert session.secret_key == file_set_vars["secret_key"]
assert session.api_hostname == file_set_vars["api_hostname"]
def test_keys_from_env(self):
os.environ['HALO_API_HOSTNAME'] = api_hostname
os.environ['HALO_API_KEY'] = api_key_id
os.environ['HALO_API_SECRET_KEY'] = api_secret_key
session_config = cloudpassage.ApiKeyManager()
assert session_config.key_id == api_key_id
assert session_config.secret_key == api_secret_key
assert session_config.api_hostname == api_hostname
def main():
# Set up config and Halo objects.
config = cloudpassage.ApiKeyManager()
server_id = os.getenv("SERVER_ID")
crit_threshold = int(os.getenv("CRITICAL_THRESHOLD"))
non_crit_threshold = int(os.getenv("NON_CRITICAL_THRESHOLD"))
halo_session = cloudpassage.HaloSession(config.key_id,
config.secret_key,
api_host=config.api_hostname)
server_obj = cloudpassage.Server(halo_session)
scan_obj = cloudpassage.Scan(halo_session)
# Initiate a scan of the target server
print("Initiating scan...")
job_id = scan_obj.initiate_scan(server_id, 'sca')["id"]
incomplete_statuses = ["queued", "pending", "running"]
scan_status = "queued"
while scan_status in incomplete_statuses:
time.sleep(20)
print("Waiting for scan %s on server %s to finish (status %s)" %
(job_id, server_id, scan_status)) # NOQA
scan_status = server_obj.command_details(server_id, job_id)["status"]
scan_results = scan_obj.last_scan_results(server_id, 'sca')["scan"]
over_threshold = False
threshold_msg = ""
crit_findings = scan_results["critical_findings_count"]
non_crit_findings = scan_results["non_critical_findings_count"]
# Test criticality against threshold
if crit_findings > crit_threshold:
threshold_msg += "Critical findings: %s Threshold: %s\n" % (
crit_findings, crit_threshold) # NOQA
if crit_threshold != -1:
over_threshold = True
else:
threshold_msg += "Critical threshold set to -1, not failing.\n"
if non_crit_findings > non_crit_threshold:
threshold_msg += "Non-critical findings: %s Threshold: %s\n" % (
non_crit_findings, non_crit_threshold) # NOQA
if non_crit_threshold != -1:
over_threshold = True
else:
threshold_msg += "Non-critical threshold set to -1, not failing.\n"
# Build findings text
failed_items = ""
bad_findings = [
f for f in scan_results["findings"] if f["status"] == 'bad'
] # NOQA
for finding in bad_findings:
msg = "Critical: %s Rule: %s\n" % (str(
finding["critical"]), finding["rule_name"])
failed_items += msg
output_msg = "\n---\n".join([failed_items, threshold_msg])
print(output_msg)
# Exit with 1 if we are over threshold.
if over_threshold:
print("Threshold exceeded, this job will be marked Failed")
sys.exit(1)
else:
print("Nothing exceeds thresholds; this job will be marked Passed.")
def create_api_session(session):
config_file_loc = "cloudpassage.yml"
config_info = cloudpassage.ApiKeyManager(config_file=config_file_loc)
# authenticate to get a session object
session = cloudpassage.HaloSession(config_info.key_id,
config_info.secret_key)
return session
def __init__(self):
self.key_manager = cloudpassage.ApiKeyManager()
self.session = cloudpassage.HaloSession(self.key_manager.key_id,
self.key_manager.secret_key)
self.servers = self.get_servers()
self.servers_running_docker = self.get_servers_running_docker()
self.unprotected = [x for x in self.servers
if x["id"] in self.servers_running_docker and
x["docker_inspection"] != "Enabled"]
self.protected = [x for x in self.servers
if x["id"] in self.servers_running_docker and
x["docker_inspection"] == "Enabled"]
import cloudpassage
from flask import Flask
from flask import render_template
app = Flask(__name__)
halo_creds = cloudpassage.ApiKeyManager()
halo_session = cloudpassage.HaloSession(halo_creds.key_id,
halo_creds.secret_key)
def get_servers(halo_session):
servers_object = cloudpassage.Server(halo_session)
all_servers = servers_object.list_all()
return all_servers
@app.route('/')
def home_page():
return render_template('mainpage.html')
@app.route('/servers')
def server_list():
return render_template('servers.html', servers=get_servers(halo_session))
import cloudpassage
import os
config_file_name = "portal.yaml.local"
tests_dir = os.path.abspath(os.path.join(os.path.dirname(__file__), "../"))
config_file = os.path.join(tests_dir, "configs/", config_file_name)
session_info = cloudpassage.ApiKeyManager(config_file=config_file)
key_id = session_info.key_id
secret_key = session_info.secret_key
api_hostname = session_info.api_hostname
class TestUnitAlertProfiles:
def test_instantiation(self):
test_instance = cloudpassage.AlertProfile(None)
assert test_instance
def __init__(self):
self.halo_creds = cloudpassage.ApiKeyManager()
self.halo_session = cloudpassage.HaloSession(
self.halo_creds.key_id, self.halo_creds.secret_key)
return
import cloudpassage
import eventslib
import os
import sys
import time
from datetime import datetime
config = cloudpassage.ApiKeyManager()
env_date = os.getenv("TARGET_DATE",
eventslib.Utility.iso8601_arbitrary_days_ago(1))
output_dir = os.getenv("DROP_DIRECTORY")
events_per_file = 10000
start_time = datetime.now()
s3_bucket_name = os.getenv("AWS_S3_BUCKET")
file_number = 0
counter = 0
event_cache = eventslib.GetEvents(config.key_id, config.secret_key,
config.api_hostname, events_per_file,
env_date)
if eventslib.Utility.target_date_is_valid(env_date) is False:
msg = "Bad date! %s" % env_date
sys.exit(2)
for batch in event_cache:
counter = counter + len(batch)
try:
print("Last timestamp in batch: %s" % batch[-1]["created_at"])
except IndexError:
pass