Tweak names (#756)

google/cloud/security/scanner/audit/fw_rules_engine.py → google/cloud/security/scanner/audit/firewall_rules_engine.py

@@ -62,7 +62,7 @@ class InvalidOrgDefinition(Error):
     """Raised if a org definition is invalid."""
 
 
-class FirewallRuleEngine(bre.BaseRulesEngine):
+class FirewallRulesEngine(bre.BaseRulesEngine):
     """Rules engine for firewall resources."""
 
     def __init__(self, rules_file_path, snapshot_timestamp=None):
@@ -72,7 +72,7 @@ def __init__(self, rules_file_path, snapshot_timestamp=None):
           rules_file_path (str): File location of rules.
           snapshot_timestamp (str): The snapshot to work with.
         """
-        super(FirewallRuleEngine, self).__init__(
+        super(FirewallRulesEngine, self).__init__(
             rules_file_path=rules_file_path,
             snapshot_timestamp=snapshot_timestamp)
         self._repository_lock = threading.RLock()

google/cloud/security/scanner/scanner_requirements_map.py

@@ -31,8 +31,8 @@
          'class_name': 'CloudSqlAclScanner',
          'rules_filename': 'cloudsql_rules.yaml'},
     'firewall_rule':
-        {'module_name': 'fw_rules_scanner',
-         'class_name': 'FwPolicyScanner',
+        {'module_name': 'firewall_rules_scanner',
+         'class_name': 'FirewallPolicyScanner',
          'rules_filename': 'firewall_rules.yaml'},
     'forwarding_rule':
         {'module_name': 'forwarding_rule_scanner',

google/cloud/security/scanner/scanners/fw_rules_scanner.py → google/cloud/security/scanner/scanners/firewall_rules_scanner.py

@@ -25,16 +25,16 @@
 from google.cloud.security.common.data_access import firewall_rule_dao
 from google.cloud.security.common.gcp_type import resource as resource_type
 from google.cloud.security.common.gcp_type import resource_util
-from google.cloud.security.scanner.audit import fw_rules_engine
+from google.cloud.security.scanner.audit import firewall_rules_engine
 from google.cloud.security.scanner.scanners import base_scanner
 
 LOGGER = log_util.get_logger(__name__)
 
 
-class FwPolicyScanner(base_scanner.BaseScanner):
+class FirewallPolicyScanner(base_scanner.BaseScanner):
     """Scanner for firewall data."""
 
-    SCANNER_OUTPUT_CSV_FMT = 'scanner_output_fw.{}.csv'
+    SCANNER_OUTPUT_CSV_FMT = 'scanner_output_firewall.{}.csv'
 
     def __init__(self, global_configs, scanner_configs, snapshot_timestamp,
                  rules):
@@ -47,12 +47,12 @@ def __init__(self, global_configs, scanner_configs, snapshot_timestamp,
             rules (str): Fully-qualified path and filename of the rules file.
         """
 
-        super(FwPolicyScanner, self).__init__(
+        super(FirewallPolicyScanner, self).__init__(
             global_configs,
             scanner_configs,
             snapshot_timestamp,
             rules)
-        self.rules_engine = fw_rules_engine.FirewallRuleEngine(
+        self.rules_engine = firewall_rules_engine.FirewallRulesEngine(
             rules_file_path=self.rules,
             snapshot_timestamp=self.snapshot_timestamp)
         self.rules_engine.build_rule_book(self.global_configs)

tests/scanner/audit/fw_rules_engine_test.py → tests/scanner/audit/firewall_rules_engine_test.py

@@ -20,7 +20,7 @@
 from tests.unittest_utils import ForsetiTestCase
 from google.cloud.security.common.gcp_type.firewall_rule import FirewallRule
 from google.cloud.security.scanner.audit.errors import InvalidRulesSchemaError
-from google.cloud.security.scanner.audit import fw_rules_engine as fre
+from google.cloud.security.scanner.audit import firewall_rules_engine as fre
 from google.cloud.security.scanner.audit import rules as scanner_rules
 from tests.unittest_utils import get_datafile_path
 from tests.scanner.audit.data import test_rules
@@ -1523,7 +1523,7 @@ def setUp(self):
     def test_build_rule_book_from_yaml(self):
         rules_local_path = get_datafile_path(
             __file__, 'firewall_test_rules.yaml')
-        rules_engine = fre.FirewallRuleEngine(rules_file_path=rules_local_path)
+        rules_engine = fre.FirewallRulesEngine(rules_file_path=rules_local_path)
         rules_engine.build_rule_book({})
         self.assertEqual(4, len(rules_engine.rule_book.rules_map))
         self.assertEqual(1, len(rules_engine.rule_book.rule_groups_map))
@@ -1593,7 +1593,7 @@ def test_find_violations_from_yaml_rule_book(
         self, project, policy_dict, expected_violations_dicts):
         rules_local_path = get_datafile_path(
             __file__, 'firewall_test_rules.yaml')
-        rules_engine = fre.FirewallRuleEngine(rules_file_path=rules_local_path)
+        rules_engine = fre.FirewallRulesEngine(rules_file_path=rules_local_path)
         rules_engine.build_rule_book({})
         resource = self.project_resource_map[project]
         policy = fre.firewall_rule.FirewallRule.from_dict(

tests/scanner/scanners/fw_rules_scanner_test.py → tests/scanner/scanners/firewall_rules_scanner_test.py

@@ -1,3 +1,4 @@
+# Copyright 2017 The Forseti Security Authors. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -10,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
 """Scanner runner script test."""
 
 from datetime import datetime
@@ -22,20 +24,20 @@
 from google.cloud.security.common.gcp_type import folder
 from google.cloud.security.common.gcp_type import organization
 from google.cloud.security.common.gcp_type import project
-from google.cloud.security.scanner.scanners import fw_rules_scanner
-from google.cloud.security.scanner.audit import fw_rules_engine as fre
+from google.cloud.security.scanner.scanners import firewall_rules_scanner
+from google.cloud.security.scanner.audit import firewall_rules_engine as fre
 from tests import unittest_utils
 
 
-class FwRulesScannerTest(unittest_utils.ForsetiTestCase):
+class FirewallRulesScannerTest(unittest_utils.ForsetiTestCase):
 
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.fw_rules_engine',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.firewall_rules_engine',
         autospec=True)
     def setUp(self, mock_rules_engine):
         mre = mock.patch(
-            'google.cloud.security.scanner.scanners.fw_rules_scanner.'
-            'fw_rules_engine').start()
+            'google.cloud.security.scanner.scanners.firewall_rules_scanner.'
+            'firewall_rules_engine').start()
         self.mock_org_rel_dao = mock.patch(
                         'google.cloud.security.common.data_access.'
                         'org_resource_rel_dao.OrgResourceRelDao').start()
@@ -45,7 +47,7 @@ def setUp(self, mock_rules_engine):
         self.fake_scanner_configs = {'output_path': '/fake/output/path'}
         rules_local_path = unittest_utils.get_datafile_path(os.path.join(
             os.path.dirname( __file__), 'audit'), 'firewall_test_rules.yaml')
-        self.scanner = fw_rules_scanner.FwPolicyScanner(
+        self.scanner = firewall_rules_scanner.FirewallPolicyScanner(
             {}, {}, '', rules_local_path)
         self.mock_rules_engine = mre
         self.project0 = fre.resource_util.create_resource(
@@ -97,22 +99,22 @@ def test_get_output_filename(self):
         self.assertEquals(expected, actual)
 
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.notifier',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.notifier',
         autospec=True)
     @mock.patch.object(
-        fw_rules_scanner.FwPolicyScanner,
+        firewall_rules_scanner.FirewallPolicyScanner,
         '_upload_csv', autospec=True)
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.os',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.os',
         autospec=True)
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.datetime',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.datetime',
         autospec=True)
     @mock.patch.object(
-        fw_rules_scanner.csv_writer,
+        firewall_rules_scanner.csv_writer,
         'write_csv', autospec=True)
     @mock.patch.object(
-        fw_rules_scanner.FwPolicyScanner,
+        firewall_rules_scanner.FirewallPolicyScanner,
         '_output_results_to_db', autospec=True)
     def test_output_results_local_no_email(
         self, mock_output_results_to_db,
@@ -146,15 +148,15 @@ def test_output_results_local_no_email(
         self.scanner.rules_engine.rule_book.rule_indices.get.side_effect = (
             lambda x, y: rule_indices.get(x, -1))
         violations = [
-            fw_rules_scanner.fw_rules_engine.RuleViolation(
+            firewall_rules_scanner.firewall_rules_engine.RuleViolation(
                 resource_type='firewall_rule',
                 resource_id='p1',
                 rule_id='rule1',
                 violation_type='violation1',
                 policy_names=['n1'],
                 recommended_actions=['a1'],
             ),
-            fw_rules_scanner.fw_rules_engine.RuleViolation(
+            firewall_rules_scanner.firewall_rules_engine.RuleViolation(
                 resource_type='firewall_rule',
                 resource_id='p2',
                 rule_id='rule2',
@@ -192,22 +194,22 @@ def test_output_results_local_no_email(
         self.assertEquals(0, mock_notifier.process.call_count)
 
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.notifier',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.notifier',
         autospec=True)
     @mock.patch.object(
-        fw_rules_scanner.FwPolicyScanner,
+        firewall_rules_scanner.FirewallPolicyScanner,
         '_upload_csv', autospec=True)
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.os',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.os',
         autospec=True)
     @mock.patch(
-        'google.cloud.security.scanner.scanners.fw_rules_scanner.datetime',
+        'google.cloud.security.scanner.scanners.firewall_rules_scanner.datetime',
         autospec=True)
     @mock.patch.object(
-        fw_rules_scanner.csv_writer,
+        firewall_rules_scanner.csv_writer,
         'write_csv', autospec=True)
     @mock.patch.object(
-        fw_rules_scanner.FwPolicyScanner,
+        firewall_rules_scanner.FirewallPolicyScanner,
         '_output_results_to_db', autospec=True)
     def test_output_results_gcs_email(
         self, mock_output_results_to_db,
@@ -227,15 +229,15 @@ def test_output_results_gcs_email(
         self.scanner.global_configs = fake_global_configs
         self.scanner.scanner_configs = self.fake_scanner_configs
         violations = [
-            fw_rules_scanner.fw_rules_engine.RuleViolation(
+            firewall_rules_scanner.firewall_rules_engine.RuleViolation(
                 resource_type='firewall_rule',
                 resource_id='p1',
                 rule_id='rule1',
                 violation_type='violation1',
                 policy_names=['n1'],
                 recommended_actions=['a1'],
             ),
-            fw_rules_scanner.fw_rules_engine.RuleViolation(
+            firewall_rules_scanner.firewall_rules_engine.RuleViolation(
                 resource_type='firewall_rule',
                 resource_id='p2',
                 rule_id='rule2',
@@ -362,7 +364,7 @@ def test_find_violations_from_yaml_rule_book(
         self, project, policy_dict, expected_violations_dicts):
         rules_local_path = os.path.join(os.path.dirname(
             os.path.dirname( __file__)), 'audit/data/firewall_test_rules.yaml')
-        scanner = fw_rules_scanner.FwPolicyScanner(
+        scanner = firewall_rules_scanner.FirewallPolicyScanner(
             {}, {}, '', rules_local_path)
         resource = self.project_resource_map[project]
         policy = fre.firewall_rule.FirewallRule.from_dict(
@@ -422,20 +424,20 @@ def test_retrieve(self):
             expected[resource] = policy
             fake_firewall_rules.append((resource, policy))
         mock_get_firewall_rules = mock.patch.object(
-            fw_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start()
+            firewall_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start()
         mock_get_firewall_rules().get_firewall_rules.return_value = (
             fake_firewall_rules)
         rules_local_path = os.path.join(os.path.dirname(
             os.path.dirname( __file__)), 'audit/data/firewall_test_rules.yaml')
-        scanner = fw_rules_scanner.FwPolicyScanner(
+        scanner = firewall_rules_scanner.FirewallPolicyScanner(
             {}, {}, '', rules_local_path)
         results = scanner._retrieve()
         self.assertEqual({'firewall_rule': 3}, results[1])
         self.assertItemsEqual(
             expected.items(), results[0])
 
     @mock.patch.object(
-        fw_rules_scanner.FwPolicyScanner,
+        firewall_rules_scanner.FirewallPolicyScanner,
         '_output_results_to_db',
         autospec=True)
     def test_run_no_email(self, mock_output_results_to_db):
@@ -483,15 +485,15 @@ def test_run_no_email(self, mock_output_results_to_db):
                 policy_dict, project_id=project, validate=True)
             fake_firewall_rules.append(policy)
         mock_get_firewall_rules = mock.patch.object(
-            fw_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start()
+            firewall_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start()
         mock_get_firewall_rules().get_firewall_rules.return_value = (
             fake_firewall_rules)
         mock_org_rel_dao = mock.Mock()
         mock_org_rel_dao.find_ancestors.side_effect = (
             lambda x,y: self.ancestry[x])
         rules_local_path = os.path.join(os.path.dirname(
             os.path.dirname( __file__)), 'audit/data/firewall_test_rules.yaml')
-        scanner = fw_rules_scanner.FwPolicyScanner(
+        scanner = firewall_rules_scanner.FirewallPolicyScanner(
             {}, {}, '', rules_local_path)
         scanner.rules_engine.rule_book.org_res_rel_dao = mock_org_rel_dao
         scanner.run()

tests/scanner/scanners/forwarding_rule_rules_scanner_test.py

@@ -28,9 +28,9 @@ class ForwardingRule(object):
 
 class ForwardingRuleScannerTest(ForsetiTestCase):
 
-    def test_fowarding_rules_scanner_all_match(self):
+    def test_forwarding_rules_scanner_all_match(self):
         rules_local_path = get_datafile_path(__file__,
-            'foward_rule_test_1.yaml')
+            'forward_rule_test_1.yaml')
         scanner = forwarding_rule_scanner.ForwardingRuleScanner({}, {}, '', rules_local_path)
 
         gcp_forwarding_rules_resource_data = [
@@ -97,9 +97,9 @@ def test_fowarding_rules_scanner_all_match(self):
         violations = scanner._find_violations(gcp_forwarding_rules_resource_objs)
         self.assertEqual(0, len(violations))
 
-    def test_fowarding_rules_scanner_no_match(self):
+    def test_forwarding_rules_scanner_no_match(self):
         rules_local_path = get_datafile_path(__file__,
-            'foward_rule_test_1.yaml')
+            'forward_rule_test_1.yaml')
         scanner = forwarding_rule_scanner.ForwardingRuleScanner({}, {}, '', rules_local_path)
 
         gcp_forwarding_rules_resource_data = [