def upload_json(data, gcs_upload_path):
"""Upload data in json format.
Args:
data (dict): the data to upload
gcs_upload_path (string): the GCS upload path.
"""
try:
with tempfile.NamedTemporaryFile() as tmp_data:
tmp_data.write(parser.json_stringify(data).encode())
tmp_data.flush()
storage_client = StorageClient({})
storage_client.put_text_file(tmp_data.name, gcs_upload_path)
except Exception: # pylint: disable=broad-except
LOGGER.exception('Unable to upload json document to bucket %s:\n%s',
gcs_upload_path, data)
def _make_attachment_json(self):
"""Create the attachment object json format.
Returns:
attachment: SendGrid attachment object.
"""
output_filename = self._get_output_filename(
string_formats.VIOLATION_JSON_FMT)
with tempfile.NamedTemporaryFile() as tmp_violations:
tmp_violations.write(parser.json_stringify(self.violations))
tmp_violations.flush()
LOGGER.info('JSON filename: %s', tmp_violations.name)
attachment = self.connector.create_attachment(
file_location=tmp_violations.name,
content_type='application/json',
filename=output_filename,
content_id='Violations')
return attachment
def _send_findings_to_gcs(self, violations, gcs_path):
"""Send violations to CSCC via upload to GCS (legacy mode).
Args:
violations (dict): Violations to be uploaded as findings.
gcs_path (str): The GCS bucket to upload the findings.
"""
LOGGER.info('Legacy mode detected - writing findings to GCS.')
gcs_upload_path = '{}/{}'.format(gcs_path, self._get_output_filename())
findings = self._transform_for_gcs(violations, gcs_upload_path)
with tempfile.NamedTemporaryFile() as tmp_violations:
tmp_violations.write(parser.json_stringify(findings))
tmp_violations.flush()
if gcs_upload_path.startswith('gs://'):
storage_client = storage.StorageClient()
storage_client.put_text_file(tmp_violations.name,
gcs_upload_path)
return
def _transform(firewall_dict, project_id=None, validate=None):
"""Transforms firewall dictionary into FirewallRule.
Args:
firewall_dict (dict): A dictionary with firewall field names matching
the API field names.
project_id (str): A project id string.
validate (bool): Whether to validate this FirewallRule or not.
Returns:
FirewallRule: A FirewallRule created from the input dictionary.
"""
if firewall_dict.get('creationTimestamp'):
# When we are creating firewall rule gcp objects from the firewall
# rules we defined in the firewall_rules.yaml file, the creation
# timestamp is not part of the rule in the yaml file and if the
# creation timestamp does not exist, we shouldn't call the parse
# function with the empty field.
creation_time = parser.format_timestamp(
parser.json_stringify(firewall_dict.get('creationTimestamp')),
string_formats.TIMESTAMP_MYSQL_DATETIME_FORMAT)
else:
creation_time = None
in_dict = {
'firewall_rule_id':
firewall_dict.get('id'),
'firewall_rule_name':
firewall_dict.get('name'),
'firewall_rule_full_name':
firewall_dict.get('full_name'),
'firewall_rule_description':
firewall_dict.get('description'),
'firewall_rule_kind':
firewall_dict.get('kind'),
'firewall_rule_network':
firewall_dict.get('network'),
'firewall_rule_priority':
firewall_dict.get('priority'),
'firewall_rule_direction':
firewall_dict.get('direction'),
'firewall_rule_source_ranges':
parser.json_stringify(
firewall_dict.get('sourceRanges')
or firewall_dict.get('sourceRange')),
'firewall_rule_destination_ranges':
parser.json_stringify(
firewall_dict.get('destinationRanges')
or firewall_dict.get('destinationRange')),
'firewall_rule_source_tags':
parser.json_stringify(
firewall_dict.get('sourceTags')
or firewall_dict.get('sourceTag')),
'firewall_rule_target_tags':
parser.json_stringify(
firewall_dict.get('targetTags')
or firewall_dict.get('targetTag')),
'firewall_rule_source_service_accounts':
parser.json_stringify(
firewall_dict.get('sourceServiceAccounts')
or firewall_dict.get('sourceServiceAccount')),
'firewall_rule_target_service_accounts':
parser.json_stringify(
firewall_dict.get('targetServiceAccounts')
or firewall_dict.get('targetServiceAccount')),
'firewall_rule_allowed':
parser.json_stringify(firewall_dict.get('allowed')),
'firewall_rule_denied':
parser.json_stringify(firewall_dict.get('denied')),
'firewall_rule_self_link':
parser.json_stringify(firewall_dict.get('selfLink')),
'firewall_rule_create_time':
creation_time,
}
if project_id:
in_dict['project_id'] = project_id
return FirewallRule(validate=validate, **in_dict)