def main():
description = textwrap.dedent("""Process security policies into fwunit rules""")
parser = argparse.ArgumentParser(description=description)
parser.add_argument('--config', '-c',
help="YAML configuration file", dest='config_file', type=str, default='fwunit.yaml')
parser.add_argument('--verbose', action='store_true')
parser.add_argument('--boto-verbose', action='store_true',
help="Enable VERY verbose logging from boto (if in use)")
parser.add_argument('sources', nargs='*', help="sources to generate (default: ALL)")
args, cfg = _setup(parser)
if not args.boto_verbose:
logging.getLogger('boto').setLevel(logging.CRITICAL)
requested_sources = args.sources
if not requested_sources or requested_sources == ['ALL']:
requested_sources = cfg.keys()
for source in requested_sources:
if source not in cfg:
parser.error("no such source '{}'".format(source))
entry_points = {ep.name: ep for ep in pkg_resources.iter_entry_points('fwunit.types')}
# sort all of the sources in dependency order
requirements = {}
for source in cfg:
requirements[source] = cfg[source].get('require', [])
ordered_sources = []
def require(source):
if source in ordered_sources:
return
for req in requirements[source]:
if req not in cfg:
parser.error("unknown requirement '{}'".format(source))
require(req)
ordered_sources.append(source)
for source in requirements.iterkeys():
require(source)
for source in ordered_sources:
if source not in requested_sources:
continue
src_cfg = cfg[source]
if 'type' not in src_cfg:
parser.error("source '{}' has no type".format(source))
typ = src_cfg['type']
if typ not in entry_points:
parser.error("source '{}' has undefined type {}".format(source, typ))
ep = entry_points[typ].load()
if 'output' not in src_cfg:
parser.error("source '{}' has no output".format(source))
output = src_cfg['output']
logger.warning("running %s", source)
rules = ep(src_cfg, cfg)
logger.warning("writing resulting rules to %s", output)
json.dump(dict(rules=types.to_jsonable(rules)),
open(output, "w"))
def setup():
global old_sys_argv, old_cwd
old_sys_argv = sys.argv[:]
old_cwd = os.getcwd()
if os.path.exists('test_dir'):
shutil.rmtree('test_dir')
os.makedirs('test_dir')
os.chdir('test_dir')
yaml.dump(FWUNIT_YAML, open('fwunit.yaml', "w"))
json.dump(dict(rules=types.to_jsonable(RULES)), open('rules.json', "w"))
def setup():
global old_sys_argv, old_cwd
old_sys_argv = sys.argv[:]
old_cwd = os.getcwd()
if os.path.exists('test_dir'):
shutil.rmtree('test_dir')
os.makedirs('test_dir')
os.chdir('test_dir')
yaml.dump(FWUNIT_YAML,
open('fwunit.yaml', "w"))
json.dump(dict(rules=types.to_jsonable(RULES)),
open('rules.json', "w"))
def setup_module():
config._clear()
sources._clear()
global dir, old_cwd, rules
dir = tempfile.mkdtemp()
old_cwd = os.getcwd()
os.chdir(dir)
open('fwunit.yaml', 'w').write(yaml.dump({
'test_source': {
'output': os.path.join(dir, 'test_source.json'),
},
}))
json.dump({'rules': types.to_jsonable(TEST_RULES)},
open('test_source.json', 'w'))
shutil.copy(os.path.join(dir, 'test_source.json'), '/tmp/foo.json')
rules = TestContext('test_source')
def main():
description = textwrap.dedent(
"""Process security policies into fwunit rules""")
parser = argparse.ArgumentParser(description=description)
parser.add_argument('--config',
'-c',
help="YAML configuration file",
dest='config_file',
type=str,
default='fwunit.yaml')
parser.add_argument('--verbose', action='store_true')
parser.add_argument(
'--boto-verbose',
action='store_true',
help="Enable VERY verbose logging from boto (if in use)")
parser.add_argument('sources',
nargs='*',
help="sources to generate (default: ALL)")
args, cfg = _setup(parser)
if not args.boto_verbose:
logging.getLogger('boto').setLevel(logging.CRITICAL)
requested_sources = args.sources
if not requested_sources or requested_sources == ['ALL']:
requested_sources = cfg.keys()
for source in requested_sources:
if source not in cfg:
parser.error("no such source '{}'".format(source))
entry_points = {
ep.name: ep
for ep in pkg_resources.iter_entry_points('fwunit.types')
}
# sort all of the sources in dependency order
requirements = {}
for source in cfg:
requirements[source] = cfg[source].get('require', [])
ordered_sources = []
def require(source):
if source in ordered_sources:
return
for req in requirements[source]:
if req not in cfg:
parser.error("unknown requirement '{}'".format(source))
require(req)
ordered_sources.append(source)
for source in requirements.iterkeys():
require(source)
for source in ordered_sources:
if source not in requested_sources:
continue
src_cfg = cfg[source]
if 'type' not in src_cfg:
parser.error("source '{}' has no type".format(source))
typ = src_cfg['type']
if typ not in entry_points:
parser.error("source '{}' has undefined type {}".format(
source, typ))
ep = entry_points[typ].load()
if 'output' not in src_cfg:
parser.error("source '{}' has no output".format(source))
output = src_cfg['output']
logger.warning("running %s", source)
rules = ep(src_cfg, cfg)
logger.warning("writing resulting rules to %s", output)
json.dump(dict(rules=types.to_jsonable(rules)), open(output, "w"))
