forked from salesforce/policy_sentry
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tasks.py
executable file
·309 lines (258 loc) · 10.5 KB
/
tasks.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
#!/usr/bin/env python
import sys
import os
import logging
from invoke import task, Collection, UnexpectedExit, Failure
sys.path.append(
os.path.abspath(
os.path.join(
os.path.dirname(__file__),
os.path.pardir,
'policy_sentry'
)
)
)
from policy_sentry.command import initialize
logger = logging.getLogger(__name__)
# Create the necessary collections (namespaces)
ns = Collection()
docs = Collection('docs')
ns.add_collection(docs)
test = Collection('test')
ns.add_collection(test)
integration = Collection('integration')
ns.add_collection(integration)
unit = Collection('unit')
ns.add_collection(unit)
build = Collection('build')
ns.add_collection(build)
docker = Collection('docker')
ns.add_collection(docker)
@task
def build_docs(c):
"""Create the documentation files and open them locally"""
c.run('mkdocs build')
@task
def serve_docs(c):
"""Create the documentation files and open them locally"""
c.run('mkdocs serve --dev-addr "127.0.0.1:8001"')
@task
def download_latest_aws_docs(c):
"""Download the latest AWS docs, and update the bundled IAM database."""
c.run('./utils/download_docs.py')
# BUILD
@task
def build_package(c):
"""Build the policy_sentry package from the current directory contents for use with PyPi"""
c.run('python -m pip install --upgrade setuptools wheel')
c.run('python setup.py -q sdist bdist_wheel')
@task(pre=[build_package])
def install_package(c):
"""Install the policy_sentry package built from the current directory contents (not PyPi)"""
c.run('pip3 install -q dist/policy_sentry-*.tar.gz')
@task
def uninstall_package(c):
"""Uninstall the policy_sentry package"""
c.run('echo "y" | pip3 uninstall policy_sentry', pty=True)
@task
def upload_to_pypi_test_server(c):
"""Upload the package to the TestPyPi server (requires credentials)"""
c.run('python -m pip install --upgrade twine')
c.run('python -m twine upload --repository-url https://test.pypi.org/legacy/ dist/*')
c.run('python -m pip install --index-url https://test.pypi.org/simple/ --no-deps policy_sentry')
@task
def upload_to_pypi_prod_server(c):
"""Upload the package to the PyPi production server (requires credentials)"""
c.run('python -m pip install --upgrade twine')
c.run('python -m twine upload dist/*')
c.run('python -m pip install policy_sentry')
# INTEGRATION TESTS
@task
def clean_config_directory(c):
"""Runs `rm -rf $HOME/.policy_sentry`"""
try:
c.run('rm -rf $HOME/.policy_sentry/')
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
@task
def create_db(c):
"""Integration testing: Initialize the policy_sentry database"""
try:
initialize.initialize('')
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
@task
def version_check(c):
"""Print the version"""
try:
c.run('./policy_sentry/bin/cli.py --version', pty=True)
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
@task(pre=[install_package])
def write_policy(c):
"""
Integration testing: Tests the `write-policy` function.
"""
try:
c.run('./policy_sentry/bin/cli.py write-policy --input-file examples/yml/crud.yml', pty=True)
c.run('./policy_sentry/bin/cli.py write-policy --input-file examples/yml/crud.yml', pty=True)
c.run('./policy_sentry/bin/cli.py write-policy --input-file examples/yml/actions.yml', pty=True)
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
@task(pre=[install_package])
def query(c):
"""Integration testing: Tests the `query` functionality (querying the IAM database)"""
try:
c.run('echo "Querying the action table"', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ram', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ram --name tagresource', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table '
'--service ram --access-level permissions-management', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ssm --resource-type parameter', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ssm --access-level write '
'--resource-type parameter', pty=True)
c.run('policy_sentry query action-table --service ssm --resource-type parameter', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ses --condition ses:FeedbackAddress', pty=True)
c.run('echo "Querying the ARN table"', pty=True)
c.run('./policy_sentry/bin/cli.py query arn-table --service ssm', pty=True)
c.run('./policy_sentry/bin/cli.py query arn-table --service cloud9 --name environment', pty=True)
c.run('./policy_sentry/bin/cli.py query arn-table --service cloud9 --list-arn-types', pty=True)
c.run('echo "Querying the condition keys table"', pty=True)
c.run('./policy_sentry/bin/cli.py query condition-table --service cloud9', pty=True)
c.run('./policy_sentry/bin/cli.py query condition-table --service cloud9 --name cloud9:Permissions', pty=True)
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
@task(pre=[install_package])
def query_with_yaml(c):
"""Integration testing: Tests the `query` functionality (querying the IAM database) - but with yaml"""
try:
c.run('echo "Querying the action table with yaml option"')
c.run('echo "Querying the action table"', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ram --fmt yaml', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ram --name tagresource --fmt yaml', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ram --access-level permissions-management --fmt yaml', pty=True)
c.run('./policy_sentry/bin/cli.py query action-table --service ses --condition ses:FeedbackAddress --fmt yaml', pty=True)
c.run('echo "Querying the ARN table"', pty=True)
c.run('./policy_sentry/bin/cli.py query arn-table --service ssm --fmt yaml', pty=True)
c.run('./policy_sentry/bin/cli.py query arn-table --service cloud9 --name environment --fmt yaml', pty=True)
c.run('./policy_sentry/bin/cli.py query arn-table --service cloud9 --list-arn-types --fmt yaml', pty=True)
c.run('echo "Querying the condition keys table"', pty=True)
c.run('./policy_sentry/bin/cli.py query condition-table --service cloud9 --fmt yaml', pty=True)
c.run('./policy_sentry/bin/cli.py query condition-table --service cloud9 --name cloud9:Permissions --fmt yaml', pty=True)
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
# TEST - SECURITY
@task
def security_scan(c):
"""Runs `bandit` and `safety check`"""
try:
c.run('bandit -r policy_sentry/')
# c.run('safety check')
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
# TEST - format
@task
def format(c):
"""Auto format code with Python `black`"""
try:
c.run("black policy_sentry/")
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
# TEST - LINT
@task
def run_linter(c):
"""Linting with `pylint`"""
try:
c.run('pylint policy_sentry/', warn=False)
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
# UNIT TESTING
@task
def run_nosetests(c):
"""Unit testing: Runs unit tests using `nosetests`"""
c.run('echo "Running Unit tests"')
try:
c.run('nosetests -v --logging-level=CRITICAL')
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
@task
def run_pytest(c):
"""Unit testing: Runs unit tests using `pytest`"""
c.run('echo "Running Unit tests"')
try:
c.run('python -m coverage run -m pytest -v')
c.run('python -m coverage report -m')
except UnexpectedExit as u_e:
logger.critical(f"FAIL! UnexpectedExit: {u_e}")
sys.exit(1)
except Failure as f_e:
logger.critical(f"FAIL: Failure: {f_e}")
sys.exit(1)
# DOCKER
@task
def build_docker(c):
"""Open HTML docs in Google Chrome locally on your computer"""
c.run('docker build -t kmcquade/policy_sentry .')
# Add all testing tasks to the test collection
integration.add_task(clean_config_directory, 'clean')
integration.add_task(version_check, 'version')
integration.add_task(create_db, 'initialize')
integration.add_task(write_policy, 'write-policy')
integration.add_task(query, 'query')
integration.add_task(query_with_yaml, 'query-yaml')
unit.add_task(run_nosetests, 'nose')
unit.add_task(run_pytest, 'pytest')
docs.add_task(build_docs, "build-docs")
docs.add_task(serve_docs, "serve-docs")
docs.add_task(download_latest_aws_docs, 'download_latest_aws_docs')
# test.add_task(run_full_test_suite, 'all')
test.add_task(format, 'format')
test.add_task(run_linter, 'lint')
test.add_task(security_scan, 'security')
build.add_task(build_package, 'build-package')
build.add_task(install_package, 'install-package')
build.add_task(uninstall_package, 'uninstall-package')
build.add_task(upload_to_pypi_test_server, 'upload-test')
build.add_task(upload_to_pypi_prod_server, 'upload-prod')
build.add_task(upload_to_pypi_prod_server, 'upload-prod')
docker.add_task(build_docker, 'build-docker')