def add_account(number, third_party, name, s3_name, active, notes, role_name='SecurityMonkey', edit=False): ''' Adds an account. If one with the same number already exists, do nothing, unless edit is True, in which case, override the existing account. Returns True if an action is taken, False otherwise. ''' query = Account.query query = query.filter(Account.number == number) if query.count(): if not edit: return False else: query.delete() account = Account() account.name = name account.s3_name = s3_name account.number = number account.role_name = role_name account.notes = notes account.active = active account.third_party = third_party db.session.add(account) db.session.commit() return True
def amazon_accounts(): """ Pre-populates standard AWS owned accounts """ import os import json from security_monkey.datastore import Account data_file = os.path.join(os.path.dirname(__file__), "data", "aws_accounts.json") data = json.load(open(data_file, 'r')) app.logger.info('Adding / updating Amazon owned accounts') try: for group, info in data.items(): for aws_account in info['accounts']: acct_name = "{group} ({region})".format(group=group, region=aws_account['region']) account = Account.query.filter(Account.number == aws_account['account_id']).first() if not account: app.logger.debug(' Adding account {0}'.format(acct_name)) account = Account() else: app.logger.debug(' Updating account {0}'.format(acct_name)) account.number = aws_account['account_id'] account.active = False account.third_party = True account.name = acct_name account.notes = info['url'] db.session.add(account) db.session.commit() app.logger.info('Finished adding Amazon owned accounts') except Exception as e: app.logger.exception("An error occured while adding accounts") store_exception("manager-amazon-accounts", None, e)
def amazon_accounts(): """ Pre-populates standard AWS owned accounts """ import os import json from security_monkey.datastore import Account, AccountType data_file = os.path.join(os.path.dirname(__file__), "data", "aws_accounts.json") data = json.load(open(data_file, 'r')) app.logger.info('Adding / updating Amazon owned accounts') try: account_type_result = AccountType.query.filter( AccountType.name == 'AWS').first() if not account_type_result: account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() db.session.refresh(account_type_result) for group, info in data.items(): for aws_account in info['accounts']: acct_name = "{group} ({region})".format( group=group, region=aws_account['region']) account = Account.query.filter( Account.number == aws_account['account_id']).first() if not account: app.logger.debug( ' Adding account {0}'.format(acct_name)) account = Account() else: app.logger.debug( ' Updating account {0}'.format(acct_name)) account.number = aws_account['account_id'] account.identifier = aws_account['account_id'] account.account_type_id = account_type_result.id account.active = False account.third_party = True account.name = acct_name account.notes = info['url'] db.session.add(account) db.session.commit() app.logger.info('Finished adding Amazon owned accounts') except Exception as e: app.logger.exception("An error occured while adding accounts") store_exception("manager-amazon-accounts", None, e)
def add_account(number, third_party, name, s3_name, active, notes, edit=False): ''' Adds an account. If one with the same number already exists, do nothing, unless edit is True, in which case, override the existing account. Returns True if an action is taken, False otherwise. ''' query = Account.query query = query.filter(Account.number == number) if query.count(): if not edit: return False else: query.delete() account = Account() account.name = name account.s3_name = s3_name account.number = number account.notes = notes account.active = active account.third_party = third_party db.session.add(account) db.session.commit() return True
def amazon_accounts(): """ Pre-populates standard AWS owned accounts """ import json from security_monkey.datastore import Account, AccountType data = json.load(open("data/aws_accounts.json", 'r')) app.logger.info('Adding / updating Amazon owned accounts') try: account_type_result = AccountType.query.filter(AccountType.name == 'AWS').first() if not account_type_result: account_type_result = AccountType(name='AWS') db.session.add(account_type_result) db.session.commit() db.session.refresh(account_type_result) for group, info in data.items(): for aws_account in info['accounts']: acct_name = "{group} ({region})".format(group=group, region=aws_account['region']) account = Account.query.filter(Account.identifier == aws_account['account_id']).first() if not account: app.logger.debug(' Adding account {0}'.format(acct_name)) account = Account() else: app.logger.debug(' Updating account {0}'.format(acct_name)) account.identifier = aws_account['account_id'] account.account_type_id = account_type_result.id account.active = False account.third_party = True account.name = acct_name account.notes = info['url'] db.session.add(account) db.session.commit() app.logger.info('Finished adding Amazon owned accounts') except Exception as e: app.logger.exception("An error occured while adding accounts") store_exception("manager-amazon-accounts", None, e)
def post(self): """ .. http:post:: /api/1/account/ Create a new account. **Example Request**: .. sourcecode:: http POST /api/1/account/ HTTP/1.1 Host: example.com Accept: application/json { 'name': 'new_account' 's3_name': 'new_account', 'number': '0123456789', 'notes': 'this account is for ...', 'role_name': 'CustomRole', 'active': true, 'third_party': false } **Example Response**: .. sourcecode:: http HTTP/1.1 201 Created Vary: Accept Content-Type: application/json { 'name': 'new_account' 's3_name': 'new_account', 'number': '0123456789', 'notes': 'this account is for ...', 'role_name': 'CustomRole', 'active': true, 'third_party': false } :statuscode 201: created :statuscode 401: Authentication Error. Please Login. """ auth, retval = __check_auth__(self.auth_dict) if auth: return retval self.reqparse.add_argument('name', required=True, type=unicode, help='Must provide account name', location='json') self.reqparse.add_argument('s3_name', required=False, type=unicode, help='Will use name if s3_name not provided.', location='json') self.reqparse.add_argument('number', required=False, type=unicode, help='Add the account number if available.', location='json') self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json') self.reqparse.add_argument('role_name', required=False, type=unicode, help='Custom role name.', location='json') self.reqparse.add_argument('active', required=False, type=bool, help='Determines whether this account should be interrogated by security monkey.', location='json') self.reqparse.add_argument('third_party', required=False, type=bool, help='Determines whether this account is a known friendly third party account.', location='json') args = self.reqparse.parse_args() account = Account() account.name = args['name'] account.s3_name = args.get('s3_name', args['name']) account.number = args['number'] account.notes = args['notes'] account.active = args['active'] account.third_party = args['third_party'] db.session.add(account) db.session.commit() db.session.refresh(account) marshaled_account = marshal(account.__dict__, ACCOUNT_FIELDS) marshaled_account['auth'] = self.auth_dict return marshaled_account, 201
def applies_to_account(self, account): return True mock_query = MockAccountQuery() mock_db_session = MockDBSession() test_account = Account() test_account.name = "TEST_ACCOUNT" test_account.notes = "TEST ACCOUNT" test_account.s3_name = "TEST_ACCOUNT" test_account.number = "012345678910" test_account.role_name = "TEST_ACCOUNT" test_account.account_type = AccountType(name='AWS') test_account.third_party = False test_account.active = True mock_query.add_account(test_account) test_account2 = Account() test_account2.name = "TEST_ACCOUNT2" test_account2.notes = "TEST ACCOUNT2" test_account2.s3_name = "TEST_ACCOUNT2" test_account2.number = "123123123123" test_account2.role_name = "TEST_ACCOUNT" test_account2.account_type = AccountType(name='AWS') test_account2.third_party = False test_account2.active = True mock_query.add_account(test_account2)
def post(self): """ .. http:post:: /api/1/account/ Create a new account. **Example Request**: .. sourcecode:: http POST /api/1/account/ HTTP/1.1 Host: example.com Accept: application/json { 'name': 'new_account' 's3_name': 'new_account', 'number': '0123456789', 'notes': 'this account is for ...', 'active': true, 'third_party': false } **Example Response**: .. sourcecode:: http HTTP/1.1 201 Created Vary: Accept Content-Type: application/json { 'name': 'new_account' 's3_name': 'new_account', 'number': '0123456789', 'notes': 'this account is for ...', 'active': true, 'third_party': false } :statuscode 201: created :statuscode 401: Authentication Error. Please Login. """ auth, retval = __check_auth__(self.auth_dict) if auth: return retval self.reqparse.add_argument('name', required=True, type=unicode, help='Must provide account name', location='json') self.reqparse.add_argument('s3_name', required=False, type=unicode, help='Will use name if s3_name not provided.', location='json') self.reqparse.add_argument('number', required=False, type=unicode, help='Add the account number if available.', location='json') self.reqparse.add_argument('notes', required=False, type=unicode, help='Add context.', location='json') self.reqparse.add_argument('active', required=False, type=bool, help='Determines whether this account should be interrogated by security monkey.', location='json') self.reqparse.add_argument('third_party', required=False, type=bool, help='Determines whether this account is a known friendly third party account.', location='json') args = self.reqparse.parse_args() name = args['name'] s3_name = args.get('s3_name', name) number = args.get('number', None) notes = args.get('notes', None) active = args.get('active', True) third_party = args.get('third_party', False) account = Account() account.name = name account.s3_name = s3_name account.number = number account.notes = notes account.active = active account.third_party = third_party db.session.add(account) db.session.commit() updated_account = Account.query.filter(Account.id == account.id).first() marshaled_account = marshal(updated_account.__dict__, ACCOUNT_FIELDS) marshaled_account['auth'] = self.auth_dict return marshaled_account, 201
def save_issues(self): pass mock_query = MockAccountQuery() mock_db_session = MockDBSession() test_account = Account() test_account.name = "TEST_ACCOUNT" test_account.notes = "TEST ACCOUNT" test_account.s3_name = "TEST_ACCOUNT" test_account.number = "012345678910" test_account.role_name = "TEST_ACCOUNT" test_account.third_party = False test_account.active = True mock_query.add_account(test_account) test_account2 = Account() test_account2.name = "TEST_ACCOUNT2" test_account2.notes = "TEST ACCOUNT2" test_account2.s3_name = "TEST_ACCOUNT2" test_account2.number = "123123123123" test_account2.role_name = "TEST_ACCOUNT" test_account2.third_party = False test_account2.active = True mock_query.add_account(test_account2) class MockWatcher(object):