def test_build_rule_book_from_gcs_works(self, mock_load_rules_from_gcs):
"""Test that a RuleBook is built correctly with a mocked gcs file.
Setup:
* Create a mocked GCS object from a test yaml file.
* Get the yaml file content.
Expected results:
There are 4 resources that have rules, in the rule book.
"""
bucket_name = 'bucket-name'
rules_path = 'input/test_rules_1.yaml'
full_rules_path = 'gs://{}/{}'.format(bucket_name, rules_path)
rules_engine = OrgRulesEngine(rules_file_path=full_rules_path)
# Read in the rules file
file_content = None
with open(get_datafile_path(__file__, 'test_rules_1.yaml'),
'r') as rules_local_file:
try:
file_content = yaml.safe_load(rules_local_file)
except yaml.YAMLError:
raise
mock_load_rules_from_gcs.return_value = file_content
rules_engine.build_rule_book()
self.assertEqual(4, len(rules_engine.rule_book.resource_rules_map))
def main(_):
"""Run the scanner."""
logger = LogUtil.setup_logging(__name__)
file_path = FLAGS.rules
output_path = FLAGS.output_path
logger.info(('Initializing the rules engine: '
'\n rules: {}').format(file_path))
rules_engine = OrgRulesEngine(rules_file_path=file_path)
rules_engine.build_rule_book()
snapshot_timestamp = _get_timestamp(logger)
if not snapshot_timestamp:
logger.info('No snapshot timestamp found. Exiting.')
sys.exit()
org_policies = _get_org_policies(logger, snapshot_timestamp)
project_policies = _get_project_policies(logger, snapshot_timestamp)
if not org_policies and not project_policies:
logger.info('No policies found. Exiting.')
sys.exit()
all_violations = _find_violations(
logger,
itertools.chain(org_policies.iteritems(),
project_policies.iteritems()), rules_engine)
csv_name = csv_writer.write_csv(resource_name='policy_violations',
data=_write_violations_output(
logger, all_violations),
write_header=True)
logger.info('CSV filename: {}'.format(csv_name))
# scanner timestamp for output file and email
now_utc = datetime.utcnow()
output_filename = _get_output_filename(now_utc)
if output_path:
_upload_csv_to_gcs(logger, output_path, output_filename, csv_name)
if all_violations:
_send_email(
csv_name, now_utc, all_violations, {
ResourceType.ORGANIZATION: len(org_policies.keys()),
ResourceType.PROJECT: len(project_policies.keys())
})
logger.info('Done!')
def test_build_rule_book_no_resource_type_fails(self):
"""Test that a rule without a resource type cannot be created."""
rules_local_path = get_datafile_path(__file__, 'test_rules_2.yaml')
rules_engine = OrgRulesEngine(rules_file_path=rules_local_path)
with self.assertRaises(InvalidRulesSchemaError):
rules_engine.build_rule_book()
def test_build_rule_book_from_local_json_file_works(self):
"""Test that a RuleBook is built correctly with a json file."""
rules_local_path = get_datafile_path(__file__, 'test_rules_1.json')
rules_engine = OrgRulesEngine(rules_file_path=rules_local_path)
rules_engine.build_rule_book()
self.assertEqual(4, len(rules_engine.rule_book.resource_rules_map))