def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker): """Use the SWAG client to sync SWAG accounts to Security Monkey.""" from security_monkey.account_manager import account_registry swag_opts = { 'swag.type': 's3', 'swag.bucket_name': bucket_name, 'swag.data_file': bucket_prefix, 'swag.region': bucket_region } swag = SWAGManager(**parse_swag_config_options(swag_opts)) account_manager = account_registry[account_type]() for account in swag.get_all("[?provider=='{provider}']".format(provider=account_type.lower())): services = account.get('services', []) services_by_name = {s['name']: s for s in services} secmonkey_service = services_by_name.get('security_monkey', {}) all_region_status = {} for status in secmonkey_service.get('status', []): if status['region'] == 'all': all_region_status = status break active = all_region_status.get('enabled', False) thirdparty = account['owner'] != owner if spinnaker: spinnaker_name = swag.get_service_name('spinnaker', "[?id=='{id}']".format(id=account['id'])) if not spinnaker_name: name = account['name'] else: name = spinnaker_name else: name = account['name'] notes = account['description'] identifier = account['id'] custom_fields = {} s3_name = swag.get_service_name('s3', "[?id=='{id}']".format(id=account['id'])) if s3_name: custom_fields['s3_name'] = s3_name s3_service = services_by_name.get('s3', {}) if s3_service: c_id = s3_service['metadata'].get('canonicalId', None) if c_id: custom_fields['canonical_id'] = c_id role_name = secmonkey_service.get('metadata', {}).get('role_name', None) if role_name is not None: custom_fields['role_name'] = role_name account_manager.sync(account_manager.account_type, name, active, thirdparty, notes, identifier, custom_fields=custom_fields) db.session.close() app.logger.info('SWAG sync successful.')
def test_backend_get_service_name(vector_path): from swag_client.backend import SWAGManager from swag_client.util import parse_swag_config_options swag_opts = { 'swag.data_dir': vector_path, 'swag.namespace': 'valid_accounts_v2', 'swag.cache_expires': 0 } swag = SWAGManager(**parse_swag_config_options(swag_opts)) assert swag.get_service_name('myService', "[?name=='testaccount']") == 'testaccount'
def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker): """Use the SWAG client to sync SWAG accounts to Security Monkey.""" from security_monkey.account_manager import account_registry swag_opts = { 'swag.type': 's3', 'swag.bucket_name': bucket_name, 'swag.data_file': bucket_prefix, 'swag.region': bucket_region } swag = SWAGManager(**parse_swag_config_options(swag_opts)) account_manager = account_registry[account_type]() for account in swag.get_all( "[?provider=='{provider}']".format(provider=account_type.lower())): services = account.get('services', []) services_by_name = {s['name']: s for s in services} # Check if the account is active or not: # With the current SWAG schema, need to do the following: # 1. Check if the 'account_status' field is set to 'ready'. # 2. Loop through all the services for "security_monkey" and if the status is "active", then the account # is active. check_active = active = False if account['account_status'] == 'ready': check_active = True if check_active: secmonkey_service = services_by_name.get('security_monkey', {}) for status in secmonkey_service.get('status', []): if status['region'] == 'all': active = status.get('enabled', False) break thirdparty = account['owner'] != owner if spinnaker: spinnaker_name = swag.get_service_name( 'spinnaker', "[?id=='{id}']".format(id=account['id'])) if not spinnaker_name: name = account['name'] else: name = spinnaker_name else: name = account['name'] notes = account['description'] identifier = account['id'] custom_fields = {} s3_name = swag.get_service_name( 's3', "[?id=='{id}']".format(id=account['id'])) if s3_name: custom_fields['s3_name'] = s3_name s3_service = services_by_name.get('s3', {}) if s3_service: c_id = s3_service['metadata'].get('canonicalId', None) if c_id: custom_fields['canonical_id'] = c_id role_name = secmonkey_service.get('metadata', {}).get('role_name', None) if role_name is not None: custom_fields['role_name'] = role_name account_manager.sync(account_manager.account_type, name, active, thirdparty, notes, identifier, custom_fields=custom_fields) db.session.close() app.logger.info('SWAG sync successful.')
def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker): """Use the SWAG client to sync SWAG accounts to Security Monkey.""" from security_monkey.account_manager import account_registry swag_opts = { 'swag.type': 's3', 'swag.bucket_name': bucket_name, 'swag.data_file': bucket_prefix, 'swag.region': bucket_region } swag = SWAGManager(**parse_swag_config_options(swag_opts)) account_manager = account_registry[account_type]() for account in swag.get_all("[?provider=='{provider}']".format(provider=account_type.lower())): services = account.get('services', []) services_by_name = {s['name']: s for s in services} # Check if the account is active or not: # With the current SWAG schema, need to do the following: # 1. Check if the 'account_status' field is set to 'ready'. # 2. Loop through all the services for "security_monkey" and if the status is "active", then the account # is active. check_active = active = False if account['account_status'] == 'ready': check_active = True if check_active: secmonkey_service = services_by_name.get('security_monkey', {}) for status in secmonkey_service.get('status', []): if status['region'] == 'all': active = status.get('enabled', False) break thirdparty = account['owner'] != owner if spinnaker: spinnaker_name = swag.get_service_name('spinnaker', "[?id=='{id}']".format(id=account['id'])) if not spinnaker_name: name = account['name'] else: name = spinnaker_name else: name = account['name'] notes = account['description'] identifier = account['id'] custom_fields = {} s3_name = swag.get_service_name('s3', "[?id=='{id}']".format(id=account['id'])) if s3_name: custom_fields['s3_name'] = s3_name s3_service = services_by_name.get('s3', {}) if s3_service: c_id = s3_service['metadata'].get('canonicalId', None) if c_id: custom_fields['canonical_id'] = c_id role_name = secmonkey_service.get('metadata', {}).get('role_name', None) if role_name is not None: custom_fields['role_name'] = role_name account_manager.sync(account_manager.account_type, name, active, thirdparty, notes, identifier, custom_fields=custom_fields) db.session.close() app.logger.info('SWAG sync successful.')