def testAllDisabled(self): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.ALL_DISABLED, mock.MagicMock(), '', FAKE_TIMESTAMP) runnable_pipelines = builder.build() self.assertEqual(0, len(runnable_pipelines))
def run(model_name=None, progress_queue=None, service_config=None, scanner_name=None): """Run the scanners. Entry point when the scanner is run as a library. Args: model_name (str): The name of the data model. progress_queue (Queue): The progress queue. service_config (ServiceConfig): Forseti 2.0 service configs. scanner_name (str): Name of the scanner that runs separately. Returns: int: Status code. """ global_configs = service_config.get_global_config() scanner_configs = service_config.get_scanner_config() with service_config.scoped_session() as session: service_config.violation_access = scanner_dao.ViolationAccess(session) model_description = ( service_config.model_manager.get_description(model_name)) inventory_index_id = ( model_description.get('source_info').get('inventory_index_id')) scanner_index_id = init_scanner_index(session, inventory_index_id) runnable_scanners = scanner_builder.ScannerBuilder( global_configs, scanner_configs, service_config, model_name, None, scanner_name).build() succeeded = [] failed = [] progress_queue.put('Scanner Index ID: {} is created'. format(scanner_index_id)) for scanner in runnable_scanners: try: scanner.run() progress_queue.put('Running {}...'.format( scanner.__class__.__name__)) except Exception: # pylint: disable=broad-except log_message = 'Error running scanner: {}'.format( scanner.__class__.__name__) progress_queue.put(log_message) LOGGER.exception(log_message) failed.append(scanner.__class__.__name__) else: succeeded.append(scanner.__class__.__name__) session.flush() # pylint: enable=bare-except log_message = 'Scan completed!' mark_scanner_index_complete( session, scanner_index_id, succeeded, failed) progress_queue.put(log_message) progress_queue.put(None) LOGGER.info(log_message) return 0
def testTwoEnabled(self, mock_bucket_rules_engine, mock_iam_rules_engine): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.TWO_ENABLED, mock.MagicMock(), '', FAKE_TIMESTAMP) runnable_pipelines = builder.build() self.assertEqual(2, len(runnable_pipelines)) expected_pipelines = ['BucketsAclScanner', 'IamPolicyScanner'] for pipeline in runnable_pipelines: self.assertTrue(type(pipeline).__name__ in expected_pipelines)
def testCanBuildOneSpecificScanner(self, mock_rules_engine): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, {}, mock.MagicMock(), '', FAKE_TIMESTAMP, 'external_project_access_scanner') runnable_pipelines = builder.build() expected_scanner_name = 'ExternalProjectAccessScanner' actual_scanner_name = type(runnable_pipelines[0]).__name__ self.assertEqual(expected_scanner_name, actual_scanner_name)
def testConfigValidator(self): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.CONFIG_VALIDATOR_ENABLED, mock.MagicMock(), '', FAKE_TIMESTAMP) runnable_pipelines = builder.build() self.assertEqual(1, len(runnable_pipelines)) expected_pipelines = ['ConfigValidatorScanner'] for pipeline in runnable_pipelines: self.assertTrue(type(pipeline).__name__ in expected_pipelines)
def testNonExistentScannerIsHandled(self, mock_logger): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.NONEXISTENT_ENABLED, mock.MagicMock(), '', FAKE_TIMESTAMP) runnable_pipelines = builder.build() mock_logger.error.assert_called_with( 'Configured scanner is undefined ' 'in scanner requirements map : %s', 'non_exist_scanner') self.assertEqual(1, len(runnable_pipelines)) expected_pipelines = ['BucketsAclScanner'] for pipeline in runnable_pipelines: self.assertTrue(type(pipeline).__name__ in expected_pipelines)
def testAllEnabled(self, mock_bigquery_rules_engine, mock_bucket_rules_engine, mock_cloudsql_rules_engine, mock_iam_rules_engine, mock_logger): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.ALL_ENABLED, mock.MagicMock(), '', FAKE_TIMESTAMP) runnable_pipelines = builder.build() self.assertFalse(mock_logger.called) self.assertEqual(4, len(runnable_pipelines)) expected_pipelines = [ 'BigqueryScanner', 'BucketsAclScanner', 'CloudSqlAclScanner', 'IamPolicyScanner' ] for pipeline in runnable_pipelines: self.assertTrue(type(pipeline).__name__ in expected_pipelines)
def testNonExistentScannerRulesIsHandled(self, mock_logger): builder = scanner_builder.ScannerBuilder( FAKE_GLOBAL_CONFIGS, fake_runnable_scanners.NONEXISTENT_RULES_ENABLED, mock.MagicMock(), '', FAKE_TIMESTAMP) runnable_scanners = builder.build() rules_path = os.path.join(fake_runnable_scanners.test_rules_path, 'firewall_rules.yaml') mock_logger.error.assert_called_with( f'Rules file for Scanner firewall_rule does not ' f'exist. Rules path: {rules_path}') self.assertEqual(0, len(runnable_scanners))