From 9f131b3d67f6c21e927cf3742f586faf10f21f7c Mon Sep 17 00:00:00 2001 From: Carise F Date: Mon, 6 Nov 2017 17:07:36 -0800 Subject: [PATCH] Tweak names (#756) --- ...les_engine.py => firewall_rules_engine.py} | 4 +- .../scanner/scanner_requirements_map.py | 4 +- ...s_scanner.py => firewall_rules_scanner.py} | 10 ++-- ..._test.py => firewall_rules_engine_test.py} | 6 +- ...e_test_1.yaml => forward_rule_test_1.yaml} | 0 ...test.py => firewall_rules_scanner_test.py} | 60 ++++++++++--------- .../forwarding_rule_rules_scanner_test.py | 8 +-- 7 files changed, 47 insertions(+), 45 deletions(-) rename google/cloud/security/scanner/audit/{fw_rules_engine.py => firewall_rules_engine.py} (99%) rename google/cloud/security/scanner/scanners/{fw_rules_scanner.py => firewall_rules_scanner.py} (96%) rename tests/scanner/audit/{fw_rules_engine_test.py => firewall_rules_engine_test.py} (99%) rename tests/scanner/scanners/data/{foward_rule_test_1.yaml => forward_rule_test_1.yaml} (100%) rename tests/scanner/scanners/{fw_rules_scanner_test.py => firewall_rules_scanner_test.py} (90%) diff --git a/google/cloud/security/scanner/audit/fw_rules_engine.py b/google/cloud/security/scanner/audit/firewall_rules_engine.py similarity index 99% rename from google/cloud/security/scanner/audit/fw_rules_engine.py rename to google/cloud/security/scanner/audit/firewall_rules_engine.py index 42179ebc37..dc8d96842f 100644 --- a/google/cloud/security/scanner/audit/fw_rules_engine.py +++ b/google/cloud/security/scanner/audit/firewall_rules_engine.py @@ -62,7 +62,7 @@ class InvalidOrgDefinition(Error): """Raised if a org definition is invalid.""" -class FirewallRuleEngine(bre.BaseRulesEngine): +class FirewallRulesEngine(bre.BaseRulesEngine): """Rules engine for firewall resources.""" def __init__(self, rules_file_path, snapshot_timestamp=None): @@ -72,7 +72,7 @@ def __init__(self, rules_file_path, snapshot_timestamp=None): rules_file_path (str): File location of rules. snapshot_timestamp (str): The snapshot to work with. """ - super(FirewallRuleEngine, self).__init__( + super(FirewallRulesEngine, self).__init__( rules_file_path=rules_file_path, snapshot_timestamp=snapshot_timestamp) self._repository_lock = threading.RLock() diff --git a/google/cloud/security/scanner/scanner_requirements_map.py b/google/cloud/security/scanner/scanner_requirements_map.py index 041db9b552..3820a14872 100644 --- a/google/cloud/security/scanner/scanner_requirements_map.py +++ b/google/cloud/security/scanner/scanner_requirements_map.py @@ -31,8 +31,8 @@ 'class_name': 'CloudSqlAclScanner', 'rules_filename': 'cloudsql_rules.yaml'}, 'firewall_rule': - {'module_name': 'fw_rules_scanner', - 'class_name': 'FwPolicyScanner', + {'module_name': 'firewall_rules_scanner', + 'class_name': 'FirewallPolicyScanner', 'rules_filename': 'firewall_rules.yaml'}, 'forwarding_rule': {'module_name': 'forwarding_rule_scanner', diff --git a/google/cloud/security/scanner/scanners/fw_rules_scanner.py b/google/cloud/security/scanner/scanners/firewall_rules_scanner.py similarity index 96% rename from google/cloud/security/scanner/scanners/fw_rules_scanner.py rename to google/cloud/security/scanner/scanners/firewall_rules_scanner.py index d4eac3300e..e5796c80c6 100644 --- a/google/cloud/security/scanner/scanners/fw_rules_scanner.py +++ b/google/cloud/security/scanner/scanners/firewall_rules_scanner.py @@ -25,16 +25,16 @@ from google.cloud.security.common.data_access import firewall_rule_dao from google.cloud.security.common.gcp_type import resource as resource_type from google.cloud.security.common.gcp_type import resource_util -from google.cloud.security.scanner.audit import fw_rules_engine +from google.cloud.security.scanner.audit import firewall_rules_engine from google.cloud.security.scanner.scanners import base_scanner LOGGER = log_util.get_logger(__name__) -class FwPolicyScanner(base_scanner.BaseScanner): +class FirewallPolicyScanner(base_scanner.BaseScanner): """Scanner for firewall data.""" - SCANNER_OUTPUT_CSV_FMT = 'scanner_output_fw.{}.csv' + SCANNER_OUTPUT_CSV_FMT = 'scanner_output_firewall.{}.csv' def __init__(self, global_configs, scanner_configs, snapshot_timestamp, rules): @@ -47,12 +47,12 @@ def __init__(self, global_configs, scanner_configs, snapshot_timestamp, rules (str): Fully-qualified path and filename of the rules file. """ - super(FwPolicyScanner, self).__init__( + super(FirewallPolicyScanner, self).__init__( global_configs, scanner_configs, snapshot_timestamp, rules) - self.rules_engine = fw_rules_engine.FirewallRuleEngine( + self.rules_engine = firewall_rules_engine.FirewallRulesEngine( rules_file_path=self.rules, snapshot_timestamp=self.snapshot_timestamp) self.rules_engine.build_rule_book(self.global_configs) diff --git a/tests/scanner/audit/fw_rules_engine_test.py b/tests/scanner/audit/firewall_rules_engine_test.py similarity index 99% rename from tests/scanner/audit/fw_rules_engine_test.py rename to tests/scanner/audit/firewall_rules_engine_test.py index 0874906017..9809e7b67c 100644 --- a/tests/scanner/audit/fw_rules_engine_test.py +++ b/tests/scanner/audit/firewall_rules_engine_test.py @@ -20,7 +20,7 @@ from tests.unittest_utils import ForsetiTestCase from google.cloud.security.common.gcp_type.firewall_rule import FirewallRule from google.cloud.security.scanner.audit.errors import InvalidRulesSchemaError -from google.cloud.security.scanner.audit import fw_rules_engine as fre +from google.cloud.security.scanner.audit import firewall_rules_engine as fre from google.cloud.security.scanner.audit import rules as scanner_rules from tests.unittest_utils import get_datafile_path from tests.scanner.audit.data import test_rules @@ -1523,7 +1523,7 @@ def setUp(self): def test_build_rule_book_from_yaml(self): rules_local_path = get_datafile_path( __file__, 'firewall_test_rules.yaml') - rules_engine = fre.FirewallRuleEngine(rules_file_path=rules_local_path) + rules_engine = fre.FirewallRulesEngine(rules_file_path=rules_local_path) rules_engine.build_rule_book({}) self.assertEqual(4, len(rules_engine.rule_book.rules_map)) self.assertEqual(1, len(rules_engine.rule_book.rule_groups_map)) @@ -1593,7 +1593,7 @@ def test_find_violations_from_yaml_rule_book( self, project, policy_dict, expected_violations_dicts): rules_local_path = get_datafile_path( __file__, 'firewall_test_rules.yaml') - rules_engine = fre.FirewallRuleEngine(rules_file_path=rules_local_path) + rules_engine = fre.FirewallRulesEngine(rules_file_path=rules_local_path) rules_engine.build_rule_book({}) resource = self.project_resource_map[project] policy = fre.firewall_rule.FirewallRule.from_dict( diff --git a/tests/scanner/scanners/data/foward_rule_test_1.yaml b/tests/scanner/scanners/data/forward_rule_test_1.yaml similarity index 100% rename from tests/scanner/scanners/data/foward_rule_test_1.yaml rename to tests/scanner/scanners/data/forward_rule_test_1.yaml diff --git a/tests/scanner/scanners/fw_rules_scanner_test.py b/tests/scanner/scanners/firewall_rules_scanner_test.py similarity index 90% rename from tests/scanner/scanners/fw_rules_scanner_test.py rename to tests/scanner/scanners/firewall_rules_scanner_test.py index af5cc9e175..c1cf7c3aa6 100644 --- a/tests/scanner/scanners/fw_rules_scanner_test.py +++ b/tests/scanner/scanners/firewall_rules_scanner_test.py @@ -1,3 +1,4 @@ +# Copyright 2017 The Forseti Security Authors. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -10,6 +11,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + """Scanner runner script test.""" from datetime import datetime @@ -22,20 +24,20 @@ from google.cloud.security.common.gcp_type import folder from google.cloud.security.common.gcp_type import organization from google.cloud.security.common.gcp_type import project -from google.cloud.security.scanner.scanners import fw_rules_scanner -from google.cloud.security.scanner.audit import fw_rules_engine as fre +from google.cloud.security.scanner.scanners import firewall_rules_scanner +from google.cloud.security.scanner.audit import firewall_rules_engine as fre from tests import unittest_utils -class FwRulesScannerTest(unittest_utils.ForsetiTestCase): +class FirewallRulesScannerTest(unittest_utils.ForsetiTestCase): @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.fw_rules_engine', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.firewall_rules_engine', autospec=True) def setUp(self, mock_rules_engine): mre = mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.' - 'fw_rules_engine').start() + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.' + 'firewall_rules_engine').start() self.mock_org_rel_dao = mock.patch( 'google.cloud.security.common.data_access.' 'org_resource_rel_dao.OrgResourceRelDao').start() @@ -45,7 +47,7 @@ def setUp(self, mock_rules_engine): self.fake_scanner_configs = {'output_path': '/fake/output/path'} rules_local_path = unittest_utils.get_datafile_path(os.path.join( os.path.dirname( __file__), 'audit'), 'firewall_test_rules.yaml') - self.scanner = fw_rules_scanner.FwPolicyScanner( + self.scanner = firewall_rules_scanner.FirewallPolicyScanner( {}, {}, '', rules_local_path) self.mock_rules_engine = mre self.project0 = fre.resource_util.create_resource( @@ -97,22 +99,22 @@ def test_get_output_filename(self): self.assertEquals(expected, actual) @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.notifier', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.notifier', autospec=True) @mock.patch.object( - fw_rules_scanner.FwPolicyScanner, + firewall_rules_scanner.FirewallPolicyScanner, '_upload_csv', autospec=True) @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.os', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.os', autospec=True) @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.datetime', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.datetime', autospec=True) @mock.patch.object( - fw_rules_scanner.csv_writer, + firewall_rules_scanner.csv_writer, 'write_csv', autospec=True) @mock.patch.object( - fw_rules_scanner.FwPolicyScanner, + firewall_rules_scanner.FirewallPolicyScanner, '_output_results_to_db', autospec=True) def test_output_results_local_no_email( self, mock_output_results_to_db, @@ -146,7 +148,7 @@ def test_output_results_local_no_email( self.scanner.rules_engine.rule_book.rule_indices.get.side_effect = ( lambda x, y: rule_indices.get(x, -1)) violations = [ - fw_rules_scanner.fw_rules_engine.RuleViolation( + firewall_rules_scanner.firewall_rules_engine.RuleViolation( resource_type='firewall_rule', resource_id='p1', rule_id='rule1', @@ -154,7 +156,7 @@ def test_output_results_local_no_email( policy_names=['n1'], recommended_actions=['a1'], ), - fw_rules_scanner.fw_rules_engine.RuleViolation( + firewall_rules_scanner.firewall_rules_engine.RuleViolation( resource_type='firewall_rule', resource_id='p2', rule_id='rule2', @@ -192,22 +194,22 @@ def test_output_results_local_no_email( self.assertEquals(0, mock_notifier.process.call_count) @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.notifier', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.notifier', autospec=True) @mock.patch.object( - fw_rules_scanner.FwPolicyScanner, + firewall_rules_scanner.FirewallPolicyScanner, '_upload_csv', autospec=True) @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.os', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.os', autospec=True) @mock.patch( - 'google.cloud.security.scanner.scanners.fw_rules_scanner.datetime', + 'google.cloud.security.scanner.scanners.firewall_rules_scanner.datetime', autospec=True) @mock.patch.object( - fw_rules_scanner.csv_writer, + firewall_rules_scanner.csv_writer, 'write_csv', autospec=True) @mock.patch.object( - fw_rules_scanner.FwPolicyScanner, + firewall_rules_scanner.FirewallPolicyScanner, '_output_results_to_db', autospec=True) def test_output_results_gcs_email( self, mock_output_results_to_db, @@ -227,7 +229,7 @@ def test_output_results_gcs_email( self.scanner.global_configs = fake_global_configs self.scanner.scanner_configs = self.fake_scanner_configs violations = [ - fw_rules_scanner.fw_rules_engine.RuleViolation( + firewall_rules_scanner.firewall_rules_engine.RuleViolation( resource_type='firewall_rule', resource_id='p1', rule_id='rule1', @@ -235,7 +237,7 @@ def test_output_results_gcs_email( policy_names=['n1'], recommended_actions=['a1'], ), - fw_rules_scanner.fw_rules_engine.RuleViolation( + firewall_rules_scanner.firewall_rules_engine.RuleViolation( resource_type='firewall_rule', resource_id='p2', rule_id='rule2', @@ -362,7 +364,7 @@ def test_find_violations_from_yaml_rule_book( self, project, policy_dict, expected_violations_dicts): rules_local_path = os.path.join(os.path.dirname( os.path.dirname( __file__)), 'audit/data/firewall_test_rules.yaml') - scanner = fw_rules_scanner.FwPolicyScanner( + scanner = firewall_rules_scanner.FirewallPolicyScanner( {}, {}, '', rules_local_path) resource = self.project_resource_map[project] policy = fre.firewall_rule.FirewallRule.from_dict( @@ -422,12 +424,12 @@ def test_retrieve(self): expected[resource] = policy fake_firewall_rules.append((resource, policy)) mock_get_firewall_rules = mock.patch.object( - fw_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start() + firewall_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start() mock_get_firewall_rules().get_firewall_rules.return_value = ( fake_firewall_rules) rules_local_path = os.path.join(os.path.dirname( os.path.dirname( __file__)), 'audit/data/firewall_test_rules.yaml') - scanner = fw_rules_scanner.FwPolicyScanner( + scanner = firewall_rules_scanner.FirewallPolicyScanner( {}, {}, '', rules_local_path) results = scanner._retrieve() self.assertEqual({'firewall_rule': 3}, results[1]) @@ -435,7 +437,7 @@ def test_retrieve(self): expected.items(), results[0]) @mock.patch.object( - fw_rules_scanner.FwPolicyScanner, + firewall_rules_scanner.FirewallPolicyScanner, '_output_results_to_db', autospec=True) def test_run_no_email(self, mock_output_results_to_db): @@ -483,7 +485,7 @@ def test_run_no_email(self, mock_output_results_to_db): policy_dict, project_id=project, validate=True) fake_firewall_rules.append(policy) mock_get_firewall_rules = mock.patch.object( - fw_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start() + firewall_rules_scanner.firewall_rule_dao, 'FirewallRuleDao').start() mock_get_firewall_rules().get_firewall_rules.return_value = ( fake_firewall_rules) mock_org_rel_dao = mock.Mock() @@ -491,7 +493,7 @@ def test_run_no_email(self, mock_output_results_to_db): lambda x,y: self.ancestry[x]) rules_local_path = os.path.join(os.path.dirname( os.path.dirname( __file__)), 'audit/data/firewall_test_rules.yaml') - scanner = fw_rules_scanner.FwPolicyScanner( + scanner = firewall_rules_scanner.FirewallPolicyScanner( {}, {}, '', rules_local_path) scanner.rules_engine.rule_book.org_res_rel_dao = mock_org_rel_dao scanner.run() diff --git a/tests/scanner/scanners/forwarding_rule_rules_scanner_test.py b/tests/scanner/scanners/forwarding_rule_rules_scanner_test.py index c681a9ad21..490f238b46 100644 --- a/tests/scanner/scanners/forwarding_rule_rules_scanner_test.py +++ b/tests/scanner/scanners/forwarding_rule_rules_scanner_test.py @@ -28,9 +28,9 @@ class ForwardingRule(object): class ForwardingRuleScannerTest(ForsetiTestCase): - def test_fowarding_rules_scanner_all_match(self): + def test_forwarding_rules_scanner_all_match(self): rules_local_path = get_datafile_path(__file__, - 'foward_rule_test_1.yaml') + 'forward_rule_test_1.yaml') scanner = forwarding_rule_scanner.ForwardingRuleScanner({}, {}, '', rules_local_path) gcp_forwarding_rules_resource_data = [ @@ -97,9 +97,9 @@ def test_fowarding_rules_scanner_all_match(self): violations = scanner._find_violations(gcp_forwarding_rules_resource_objs) self.assertEqual(0, len(violations)) - def test_fowarding_rules_scanner_no_match(self): + def test_forwarding_rules_scanner_no_match(self): rules_local_path = get_datafile_path(__file__, - 'foward_rule_test_1.yaml') + 'forward_rule_test_1.yaml') scanner = forwarding_rule_scanner.ForwardingRuleScanner({}, {}, '', rules_local_path) gcp_forwarding_rules_resource_data = [