コード例 #1
0
def get_user_emails(service_config, member_types=None):
    """Retrieves the list of user email addresses from inventory.

    Args:
        service_config (dict): The service configuration
        member_types (list): Member types to query in storage. This
            defaults to 'gsuite_user'.

    Returns:
        list: List of list of user e-mail addresses.
    """
    if not member_types:
        member_types = ['gsuite_user']

    emails = []
    with service_config.scoped_session() as session:
        inventory_index_id = (
            DataAccess.get_latest_inventory_index_id(session))
        inventory_storage = _get_inventory_storage(session,
                                                   inventory_index_id)
        for inventory_row in inventory_storage.iter(type_list=member_types):
            emails.append(inventory_row.get_resource_data()['primaryEmail'])

    return emails
コード例 #2
0
ファイル: notifier.py プロジェクト: wortel3/forseti-security 
def run(inventory_index_id,
        scanner_index_id,
        progress_queue,
        service_config=None):
    """Run the notifier.

    Entry point when the notifier is run as a library.

    Args:
        inventory_index_id (int64): Inventory index id.
        scanner_index_id (int64): Scanner index id.
        progress_queue (Queue): The progress queue.
        service_config (ServiceConfig): Forseti 2.0 service configs.
    Returns:
        int: Status code.
    """
    # pylint: disable=too-many-locals
    global_configs = service_config.get_global_config()
    notifier_configs = service_config.get_notifier_config()

    with service_config.scoped_session() as session:
        if scanner_index_id:
            inventory_index_id = (
                DataAccess.get_inventory_index_id_by_scanner_index_id(
                    session,
                    scanner_index_id))
        else:
            if not inventory_index_id:
                inventory_index_id = (
                    DataAccess.get_latest_inventory_index_id(session))
            scanner_index_id = scanner_dao.get_latest_scanner_index_id(
                session, inventory_index_id)

        if not scanner_index_id:
            LOGGER.error(
                'No success or partial success scanner index found for '
                'inventory index: "%s".', str(inventory_index_id))
        else:
            # get violations
            violation_access = scanner_dao.ViolationAccess(session)
            violations = violation_access.list(
                scanner_index_id=scanner_index_id)
            violations_as_dict = []
            for violation in violations:
                violations_as_dict.append(
                    scanner_dao.convert_sqlalchemy_object_to_dict(violation))
            violations_as_dict = convert_to_timestamp(violations_as_dict)
            violation_map = scanner_dao.map_by_resource(violations_as_dict)

            for retrieved_v in violation_map:
                log_message = (
                    'Retrieved {} violations for resource \'{}\''.format(
                        len(violation_map[retrieved_v]), retrieved_v))
                LOGGER.info(log_message)
                progress_queue.put(log_message)

            # build notification notifiers
            notifiers = []
            for resource in notifier_configs['resources']:
                if violation_map.get(resource['resource']) is None:
                    log_message = 'Resource \'{}\' has no violations'.format(
                        resource['resource'])
                    progress_queue.put(log_message)
                    LOGGER.info(log_message)
                    continue
                if not resource['should_notify']:
                    LOGGER.debug('Not notifying for: %s', resource['resource'])
                    continue
                for notifier in resource['notifiers']:
                    log_message = (
                        'Running \'{}\' notifier for resource \'{}\''.format(
                            notifier['name'], resource['resource']))
                    progress_queue.put(log_message)
                    LOGGER.info(log_message)
                    chosen_pipeline = find_notifiers(notifier['name'])
                    notifiers.append(chosen_pipeline(
                        resource['resource'], inventory_index_id,
                        violation_map[resource['resource']], global_configs,
                        notifier_configs, notifier.get('configuration')))

            # Run the notifiers.
            for notifier in notifiers:
                notifier.run()

            # Run the CSCC notifier.
            violation_configs = notifier_configs.get('violation')
            if violation_configs:
                if violation_configs.get('cscc').get('enabled'):
                    source_id = violation_configs.get('cscc').get('source_id')
                    if source_id:
                        # beta mode
                        LOGGER.debug(
                            'Running CSCC notifier with beta API. source_id: '
                            '%s', source_id)
                        (cscc_notifier.CsccNotifier(inventory_index_id)
                         .run(violations_as_dict, source_id=source_id))
                    else:
                        # alpha mode
                        LOGGER.debug('Running CSCC notifier with alpha API.')
                        gcs_path = (
                            violation_configs.get('cscc').get('gcs_path'))
                        mode = violation_configs.get('cscc').get('mode')
                        organization_id = (
                            violation_configs.get('cscc').get(
                                'organization_id'))
                        (cscc_notifier.CsccNotifier(inventory_index_id)
                         .run(violations_as_dict, gcs_path, mode,
                              organization_id))

        InventorySummary(service_config, inventory_index_id).run()

        log_message = 'Notification completed!'
        progress_queue.put(log_message)
        progress_queue.put(None)
        LOGGER.info(log_message)
        return 0