def test_build_rule_book_from_gcs_works(self, mock_load_rules_from_gcs): """Test that a RuleBook is built correctly with a mocked gcs file. Setup: * Create a mocked GCS object from a test yaml file. * Get the yaml file content. Expected results: There are 4 resources that have rules, in the rule book. """ bucket_name = 'bucket-name' rules_path = 'input/bigquery_test_rules_1.yaml' full_rules_path = 'gs://{}/{}'.format(bucket_name, rules_path) rules_engine = bqe.BigqueryRulesEngine(rules_file_path=full_rules_path) # Read in the rules file file_content = None with open(get_datafile_path(__file__, 'bigquery_test_rules_1.yaml'), 'r') as rules_local_file: try: file_content = yaml.safe_load(rules_local_file) except yaml.YAMLError: raise mock_load_rules_from_gcs.return_value = file_content rules_engine.build_rule_book() self.assertEqual(1, len(rules_engine.rule_book.resource_rules_map))
def test_build_rule_book_no_resource_type_fails(self): """Test that a rule without a resource cannot be created.""" rules_local_path = get_datafile_path(__file__, 'bigquery_test_rules_2.yaml') rules_engine = bqe.BigqueryRulesEngine( rules_file_path=rules_local_path) with self.assertRaises(InvalidRulesSchemaError): rules_engine.build_rule_book()
def test_build_rule_book_from_local_yaml_file_works(self): """Test that a RuleBook is built correctly with a yaml file.""" rules_local_path = get_datafile_path(__file__, 'bigquery_test_rules_1.yaml') rules_engine = bqe.BigqueryRulesEngine( rules_file_path=rules_local_path) rules_engine.build_rule_book() self.assertEqual(1, len(rules_engine.rule_book.resource_rules_map))
def test_find_violations_with_no_violations(self): """Test that a rule for a given rule there are no violations.""" rules_local_path = get_datafile_path(__file__, 'bigquery_test_rules_3.yaml') rules_engine = bqe.BigqueryRulesEngine(rules_local_path) rules_engine.build_rule_book() fake_bq_acls_data = create_list_of_bq_objects_from_data() actual_violations_list = [] for bqt in fake_bq_acls_data: violation = rules_engine.find_policy_violations(bqt) actual_violations_list.extend(violation) self.assertEqual([], actual_violations_list)
def __init__(self, global_configs, scanner_configs, snapshot_timestamp, rules): """Initialization. Args: global_configs (dict): Global configurations. scanner_configs (dict): Scanner configurations. snapshot_timestamp (str): Timestamp, formatted as YYYYMMDDTHHMMSSZ. rules (str): Fully-qualified path and filename of the rules file. """ super(BigqueryScanner, self).__init__(global_configs, scanner_configs, snapshot_timestamp, rules) self.rules_engine = bigquery_rules_engine.BigqueryRulesEngine( rules_file_path=self.rules, snapshot_timestamp=self.snapshot_timestamp) self.rules_engine.build_rule_book(self.global_configs)