From 84ac92ae2481697dd9858c4fc5c01ff3b14aa459 Mon Sep 17 00:00:00 2001 From: Greg Guthe Date: Mon, 3 Aug 2020 13:02:30 -0400 Subject: [PATCH] remove pagerduty client and tests (#314) --- Makefile | 2 +- README.md | 77 +------------------ config.yaml.example | 4 - custom_config.py | 1 - pagerduty/__init__.py | 0 pagerduty/helpers.py | 8 -- pagerduty/resources.py | 38 --------- ...rs_have_pd_remote_monitoring_configured.py | 21 ----- ...rs_have_pd_remote_monitoring_configured.py | 20 ----- 9 files changed, 3 insertions(+), 168 deletions(-) delete mode 100644 pagerduty/__init__.py delete mode 100644 pagerduty/helpers.py delete mode 100644 pagerduty/resources.py delete mode 100644 pagerduty/test_bastion_users_have_pd_remote_monitoring_configured.py delete mode 100644 pagerduty/test_iam_users_have_pd_remote_monitoring_configured.py diff --git a/Makefile b/Makefile index 26a87b9..3cdac3a 100644 --- a/Makefile +++ b/Makefile @@ -47,7 +47,7 @@ clean-python: find . -type d -name venv -prune -o -type d -name __pycache__ -print0 | xargs -0 rm -rf doctest: check_venv - pytest --doctest-modules -s --offline --debug-calls --ignore pagerduty/ + pytest --doctest-modules -s --offline --debug-calls coverage: check_venv pytest --cov-config .coveragerc --cov=. \ diff --git a/README.md b/README.md index 36c8c62..9e8aff5 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html) named `default` in the `us-west-2` region we can run: ```console -docker run --rm mozilla/frost pytest --ignore gsuite/ --ignore heroku/ --ignore pagerduty/ --ignore gcp/ --ignore aws/s3 --ignore aws/ec2 -k test_rds_db_instance_backup_enabled -s --aws-profiles default --debug-calls +docker run --rm mozilla/frost pytest --ignore gsuite/ --ignore heroku/ --ignore gcp/ --ignore aws/s3 --ignore aws/ec2 -k test_rds_db_instance_backup_enabled -s --aws-profiles default --debug-calls ``` The options include pytest options: @@ -216,10 +216,6 @@ gsuite: no_activity_since: years: 1 months: 0 -pagerduty: - users_with_remote_access_monitoring: 'pd_users.json' - bastion_users: 'hierahash/*hierahash.json' - alternate_usernames: 'alternate_usernames.json' ``` ### Test Exemptions @@ -429,75 +425,6 @@ gsuite: months: 0 ``` -### Pagerduty Config - -frost does not query the pagerduty API, but can run tests against output from it. - -The config looks like: -``` -pagerduty: - users_with_remote_access_monitoring: 'pd_users.json' - bastion_users: 'hierahash/*hierahash.json' - alternate_usernames: 'alternate_usernames.json' -``` - -Where `users_with_remote_access_monitoring` and `bastion_users` are -globs for multiple files relative to the current working directory and -`alternate_usernames` is the path to a single file. - -The files have examples formats as follows: - -* `users_with_remote_access_monitoring`: - -```json -[ - { - "avatar_url": "https://secure.gravatar.com/avatar/...", - "billed": true, - "color": "sea-green", - "contact_methods": [], - "description": null, - "email": "example@example.com", - "html_url": "https://example.pagerduty.com/users/AAA0999", - "id": "AAA0999", - "invitation_sent": false, - "job_title": null, - "name": "Example Examplerton", - "notification_rules": [], - "role": "user", - "self_": "https://api.pagerduty.com/users/AAA0999", - "summary": "C. Hobbes", - "teams": [], - "time_zone": "America/New_York", - "type": "user" - }, - ... -] -``` - -* `bastion_users`: - -```json -{ - "chobbes": { - "groups": [""], - "root_ssh": true - }, - "movedon": { - "ensure": "absent" - }, - ... -} -``` - -* `alternate_usernames`: - -```json -{ - "chobbes": ["calvin", "spacemanspiff"] -} -``` - ### Test Accuracy There are two important things to note about `frost` tests that may be different from your expectations. @@ -646,7 +573,7 @@ Notes: 1. Running it we see that one of the IPs is an AWS IP: ```console -docker run --rm mozilla/frost pytest --ignore aws/ --ignore gsuite/ --ignore heroku/ --ignore pagerduty/ --ignore gcp/ +docker run --rm mozilla/frost pytest --ignore aws/ --ignore gsuite/ --ignore heroku/ --ignore gcp/ platform darwin -- Python 3.6.2, pytest-3.3.2, py-1.5.2, pluggy-0.6.0 metadata: {'Python': '3.6.2', 'Platform': 'Darwin-15.6.0-x86_64-i386-64bit', 'Packages': {'pytest': '3.3.2', 'py': '1.5.2', 'pluggy': '0.6.0'}, 'Plugins': {'metadata': '1.5.1', 'json': '0.4.0', 'html': '1.16.1'}} rootdir: /Users/gguthe/mozilla/frost, inifile: diff --git a/config.yaml.example b/config.yaml.example index 0c67bfc..8620738 100644 --- a/config.yaml.example +++ b/config.yaml.example @@ -60,7 +60,3 @@ gsuite: no_activity_since: years: 1 months: 0 -pagerduty: - users_with_remote_access_monitoring: 'pd_users.json' - bastion_users: 'hierahash/*hierahash.json' - alternate_usernames: 'alternate_usernames.json' diff --git a/custom_config.py b/custom_config.py index 0a9934a..e958e6c 100644 --- a/custom_config.py +++ b/custom_config.py @@ -18,7 +18,6 @@ def __init__(self, config_fd): self.aws = AWSConfig(parsed_config.get("aws", {})) self.gcp = GCPConfig(parsed_config.get("gcp", {})) self.gsuite = GSuiteConfig(parsed_config.get("gsuite", {})) - self.pagerduty = PagerdutyConfig(parsed_config.get("pagerduty", {})) self.exemptions = exemptions.load(parsed_config.get("exemptions")) self.severities = severity.load(parsed_config.get("severities")) diff --git a/pagerduty/__init__.py b/pagerduty/__init__.py deleted file mode 100644 index e69de29..0000000 diff --git a/pagerduty/helpers.py b/pagerduty/helpers.py deleted file mode 100644 index f18ce39..0000000 --- a/pagerduty/helpers.py +++ /dev/null @@ -1,8 +0,0 @@ -from pagerduty.resources import alternate_usernames - - -def alternate_names_for_user(username): - """ - Returns a list of the username and any alternates or nicknames for it - """ - return [username] + alternate_usernames().get(username, []) diff --git a/pagerduty/resources.py b/pagerduty/resources.py deleted file mode 100644 index 93f1b73..0000000 --- a/pagerduty/resources.py +++ /dev/null @@ -1,38 +0,0 @@ -import functools -import json -from pathlib import Path - -import pytest - - -@pytest.fixture -def users_with_remote_access_escalation_policy_and_extension_configured(pytestconfig): - p = Path(".") - users = set() - for user_file in p.glob( - pytestconfig.custom_config.pagerduty.users_with_remote_access_monitoring - ): - with user_file.open("r") as fin: - for user in json.load(fin): - users.add(user["email"].split("@", 1)[0]) - - return users - - -@functools.lru_cache() -def bastion_users(): - p = Path(".") - users = set() - for user_file in p.glob(pytest.config.custom_config.pagerduty.bastion_users): - with user_file.open("r") as fin: - for user, val in json.load(fin).items(): - if val.get("ensure", None) != "absent": - users.add(user) - - return sorted(list(users)) - - -@functools.lru_cache() -def alternate_usernames(): - with open(pytest.config.custom_config.pagerduty.alternate_usernames, "r") as fin: - return json.load(fin) diff --git a/pagerduty/test_bastion_users_have_pd_remote_monitoring_configured.py b/pagerduty/test_bastion_users_have_pd_remote_monitoring_configured.py deleted file mode 100644 index acf9adc..0000000 --- a/pagerduty/test_bastion_users_have_pd_remote_monitoring_configured.py +++ /dev/null @@ -1,21 +0,0 @@ -import pytest - -from pagerduty.helpers import alternate_names_for_user -from pagerduty.resources import ( - bastion_users, - users_with_remote_access_escalation_policy_and_extension_configured, -) - - -@pytest.mark.pagerduty -@pytest.mark.parametrize("bastion_user", bastion_users()) -def test_bastion_users_have_pd_remote_monitoring_configured( - bastion_user, users_with_remote_access_escalation_policy_and_extension_configured -): - """ - Checks that users with SSH access have pagerduty remote monitoring properly configured. - """ - assert any( - username in users_with_remote_access_escalation_policy_and_extension_configured - for username in alternate_names_for_user(bastion_user) - ), "bastion user {} is not configured in pagerduty".format(bastion_user) diff --git a/pagerduty/test_iam_users_have_pd_remote_monitoring_configured.py b/pagerduty/test_iam_users_have_pd_remote_monitoring_configured.py deleted file mode 100644 index 90a78a0..0000000 --- a/pagerduty/test_iam_users_have_pd_remote_monitoring_configured.py +++ /dev/null @@ -1,20 +0,0 @@ -import pytest -from aws.iam.resources import get_all_users_that_can_access_aws_account -from pagerduty.helpers import alternate_names_for_user -from pagerduty.resources import ( - users_with_remote_access_escalation_policy_and_extension_configured, -) - - -@pytest.mark.pagerduty -@pytest.mark.parametrize("iam_user", list(get_all_users_that_can_access_aws_account())) -def test_iam_users_have_pd_remote_monitoring_configured( - iam_user, users_with_remote_access_escalation_policy_and_extension_configured -): - """ - Checks that users with access to an AWS account have pagerduty remote monitoring properly configured. - """ - assert any( - username in users_with_remote_access_escalation_policy_and_extension_configured - for username in alternate_names_for_user(iam_user) - ), "iam user {} is not configured in pagerduty".format(iam_user)