def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker):
"""Use the SWAG client to sync SWAG accounts to Security Monkey."""
from security_monkey.account_manager import account_registry
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': bucket_name,
'swag.data_file': bucket_prefix,
'swag.region': bucket_region
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account_manager = account_registry[account_type]()
for account in swag.get_all("[?provider=='{provider}']".format(provider=account_type.lower())):
services = account.get('services', [])
services_by_name = {s['name']: s for s in services}
secmonkey_service = services_by_name.get('security_monkey', {})
all_region_status = {}
for status in secmonkey_service.get('status', []):
if status['region'] == 'all':
all_region_status = status
break
active = all_region_status.get('enabled', False)
thirdparty = account['owner'] != owner
if spinnaker:
spinnaker_name = swag.get_service_name('spinnaker', "[?id=='{id}']".format(id=account['id']))
if not spinnaker_name:
name = account['name']
else:
name = spinnaker_name
else:
name = account['name']
notes = account['description']
identifier = account['id']
custom_fields = {}
s3_name = swag.get_service_name('s3', "[?id=='{id}']".format(id=account['id']))
if s3_name:
custom_fields['s3_name'] = s3_name
s3_service = services_by_name.get('s3', {})
if s3_service:
c_id = s3_service['metadata'].get('canonicalId', None)
if c_id:
custom_fields['canonical_id'] = c_id
role_name = secmonkey_service.get('metadata', {}).get('role_name', None)
if role_name is not None:
custom_fields['role_name'] = role_name
account_manager.sync(account_manager.account_type, name, active, thirdparty,
notes, identifier,
custom_fields=custom_fields)
db.session.close()
app.logger.info('SWAG sync successful.')
def test_backend_get_service_name(vector_path):
from swag_client.backend import SWAGManager
from swag_client.util import parse_swag_config_options
swag_opts = {
'swag.data_dir': vector_path,
'swag.namespace': 'valid_accounts_v2',
'swag.cache_expires': 0
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
assert swag.get_service_name('myService',
"[?name=='testaccount']") == 'testaccount'
def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type,
spinnaker):
"""Use the SWAG client to sync SWAG accounts to Security Monkey."""
from security_monkey.account_manager import account_registry
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': bucket_name,
'swag.data_file': bucket_prefix,
'swag.region': bucket_region
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account_manager = account_registry[account_type]()
for account in swag.get_all(
"[?provider=='{provider}']".format(provider=account_type.lower())):
services = account.get('services', [])
services_by_name = {s['name']: s for s in services}
# Check if the account is active or not:
# With the current SWAG schema, need to do the following:
# 1. Check if the 'account_status' field is set to 'ready'.
# 2. Loop through all the services for "security_monkey" and if the status is "active", then the account
# is active.
check_active = active = False
if account['account_status'] == 'ready':
check_active = True
if check_active:
secmonkey_service = services_by_name.get('security_monkey', {})
for status in secmonkey_service.get('status', []):
if status['region'] == 'all':
active = status.get('enabled', False)
break
thirdparty = account['owner'] != owner
if spinnaker:
spinnaker_name = swag.get_service_name(
'spinnaker', "[?id=='{id}']".format(id=account['id']))
if not spinnaker_name:
name = account['name']
else:
name = spinnaker_name
else:
name = account['name']
notes = account['description']
identifier = account['id']
custom_fields = {}
s3_name = swag.get_service_name(
's3', "[?id=='{id}']".format(id=account['id']))
if s3_name:
custom_fields['s3_name'] = s3_name
s3_service = services_by_name.get('s3', {})
if s3_service:
c_id = s3_service['metadata'].get('canonicalId', None)
if c_id:
custom_fields['canonical_id'] = c_id
role_name = secmonkey_service.get('metadata',
{}).get('role_name', None)
if role_name is not None:
custom_fields['role_name'] = role_name
account_manager.sync(account_manager.account_type,
name,
active,
thirdparty,
notes,
identifier,
custom_fields=custom_fields)
db.session.close()
app.logger.info('SWAG sync successful.')
def sync_swag(owner, bucket_name, bucket_prefix, bucket_region, account_type, spinnaker):
"""Use the SWAG client to sync SWAG accounts to Security Monkey."""
from security_monkey.account_manager import account_registry
swag_opts = {
'swag.type': 's3',
'swag.bucket_name': bucket_name,
'swag.data_file': bucket_prefix,
'swag.region': bucket_region
}
swag = SWAGManager(**parse_swag_config_options(swag_opts))
account_manager = account_registry[account_type]()
for account in swag.get_all("[?provider=='{provider}']".format(provider=account_type.lower())):
services = account.get('services', [])
services_by_name = {s['name']: s for s in services}
# Check if the account is active or not:
# With the current SWAG schema, need to do the following:
# 1. Check if the 'account_status' field is set to 'ready'.
# 2. Loop through all the services for "security_monkey" and if the status is "active", then the account
# is active.
check_active = active = False
if account['account_status'] == 'ready':
check_active = True
if check_active:
secmonkey_service = services_by_name.get('security_monkey', {})
for status in secmonkey_service.get('status', []):
if status['region'] == 'all':
active = status.get('enabled', False)
break
thirdparty = account['owner'] != owner
if spinnaker:
spinnaker_name = swag.get_service_name('spinnaker', "[?id=='{id}']".format(id=account['id']))
if not spinnaker_name:
name = account['name']
else:
name = spinnaker_name
else:
name = account['name']
notes = account['description']
identifier = account['id']
custom_fields = {}
s3_name = swag.get_service_name('s3', "[?id=='{id}']".format(id=account['id']))
if s3_name:
custom_fields['s3_name'] = s3_name
s3_service = services_by_name.get('s3', {})
if s3_service:
c_id = s3_service['metadata'].get('canonicalId', None)
if c_id:
custom_fields['canonical_id'] = c_id
role_name = secmonkey_service.get('metadata', {}).get('role_name', None)
if role_name is not None:
custom_fields['role_name'] = role_name
account_manager.sync(account_manager.account_type, name, active, thirdparty,
notes, identifier,
custom_fields=custom_fields)
db.session.close()
app.logger.info('SWAG sync successful.')
