Merge pull request #686 from Netflix/develop

0.9.1 bug fix release

.travis.yml

@@ -1,57 +1,90 @@
-sudo: required
-
-language: python
-
-addons:
-  postgresql: "9.4"
+# Travis YAML file for Security Monkey.
 
+# Only way to get multiple builds to work without having the "default" job working was to
+# duplicate everything :/  See: https://github.com/travis-ci/travis-ci/issues/4681
 matrix:
   include:
-    - python: "2.7"
+    ##### UNIT TEST JOB #####
+    - dist: trusty
+      sudo: required
+      language: python
+      python: "2.7"
+
+      env:
+      - UNIT_TEST_JOB=true
+      - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+      - SECURITY_MONKEY_SETTINGS=`pwd`/env-config/config.py
+
+      addons:
+        postgresql: "9.4"
+
+      before_script:
+      - psql -c "CREATE DATABASE secmonkey;" -U postgres
+      - psql -c "CREATE ROLE securitymonkeyuser LOGIN PASSWORD 'securitymonkeypassword';" -U postgres
+      - psql -c "CREATE SCHEMA secmonkey GRANT Usage, Create ON SCHEMA secmonkey TO securitymonkeyuser;" -U postgres
+      - psql -c "set timezone TO 'GMT';" -U postgres
+      - python setup.py develop
+      - pip install .[tests]
+      - pip install coveralls
+      - monkey db upgrade
+      - monkey amazon_accounts
+
+      before_install:
+        - sudo mkdir -p /var/log/security_monkey/
+        - sudo touch /var/log/security_monkey/securitymonkey.log
+        - sudo chown travis /var/log/security_monkey/securitymonkey.log
+
+      install:
+        - sed -i '/WTF_CSRF_ENABLED = True/c\WTF_CSRF_ENABLED = False' `pwd`/env-config/config.py
+        - pip install bandit
+
+      script:
+        - coverage run -a -m py.test security_monkey/tests/auditors || exit 1
+        - coverage run -a -m py.test security_monkey/tests/watchers || exit 1
+        - coverage run -a -m py.test security_monkey/tests/core || exit 1
+        - coverage run -a -m py.test security_monkey/tests/views || exit 1
+        - coverage run -a -m py.test security_monkey/tests/interface || exit 1
+        - coverage run -a -m py.test security_monkey/tests/utilities || exit 1
+        - bandit -r -ll -ii -x security_monkey/tests .
+
+      after_success:
+        - coveralls
+        - coverage report
+    #####################################################
+
+    ##### BUILD DOCKER CONTAINER JOB #####
+    - dist: trusty
+      sudo: required
+      language: python
+      python: "2.7"
+
+      env:
+        - BUILD_DOCKER=True
+        - DOCKER_COMPOSE_VERSION=1.11.2
+        - PIP_DOWNLOAD_CACHE=".pip_download_cache"
+        - SECURITY_MONKEY_SETTINGS=`pwd`/env-config/config.py
+
+      services:
+        - docker
+
+      script:
+        - docker-compose --version
+        - docker-compose build
+    #####################################################
+
+    ##### TEST DART JOB #####
+    - dist: trusty
+      env: DART_TEST=True
+
+      script: sh env_tests/test_dart.sh
+    #####################################################
 
 cache:
   directories:
     - .pip_download_cache
 
-env:
-  global:
-    - PIP_DOWNLOAD_CACHE=".pip_download_cache"
-    - SECURITY_MONKEY_SETTINGS=`pwd`/env-config/config.py
-
-install:
-  - sed -i '/WTF_CSRF_ENABLED = True/c\WTF_CSRF_ENABLED = False' `pwd`/env-config/config.py
-
-before_install:
-  # - sudo apt-get -qq update
-  # - sudo apt-get install -y libxml2-dev libxmlsec1-dev
-  - sudo mkdir -p /var/log/security_monkey/
-  - sudo touch /var/log/security_monkey/securitymonkey.log
-  - sudo chown travis /var/log/security_monkey/securitymonkey.log
-
-before_script:
-  - psql -c "CREATE DATABASE secmonkey;" -U postgres
-  - psql -c "CREATE ROLE securitymonkeyuser LOGIN PASSWORD 'securitymonkeypassword';" -U postgres
-  - psql -c "CREATE SCHEMA secmonkey GRANT Usage, Create ON SCHEMA secmonkey TO securitymonkeyuser;" -U postgres
-  - psql -c "set timezone TO 'GMT';" -U postgres
-  - python setup.py develop
-  - pip install .[tests]
-  - pip install coveralls
-  - monkey db upgrade
-
-script:
-  - sh env_tests/test_dart.sh
-  - coverage run -a -m py.test security_monkey/tests/auditors || exit 1
-  - coverage run -a -m py.test security_monkey/tests/watchers || exit 1
-  - coverage run -a -m py.test security_monkey/tests/core || exit 1
-  - coverage run -a -m py.test security_monkey/tests/views || exit 1
-  - coverage run -a -m py.test security_monkey/tests/interface || exit 1
-  - coverage run -a -m py.test security_monkey/tests/utilities || exit 1
-
-after_success:
-  - coveralls
-  - coverage report
-
 notifications:
   email:
     - mgrima@netflix.com
     - pkelley@netflix.com
+    - tmcpeak@netflix.com

Dockerfile

@@ -16,7 +16,7 @@
 FROM ubuntu:14.04
 MAINTAINER Netflix Open Source Development <talent@netflix.com>
 
-ENV SECURITY_MONKEY_VERSION=v0.9.0 \
+ENV SECURITY_MONKEY_VERSION=v0.9.1 \
     SECURITY_MONKEY_SETTINGS=/usr/local/src/security_monkey/env-config/config-docker.py
 
 RUN apt-get update &&\
@@ -25,6 +25,8 @@ RUN apt-get update &&\
   rm -rf /var/lib/apt/lists/*
 
 RUN pip install setuptools --upgrade
+RUN pip install pip --upgrade
+RUN pip install "urllib3[secure]" --upgrade
 
 RUN cd /usr/local/src &&\
 #   git clone --branch $SECURITY_MONKEY_VERSION https://github.com/Netflix/security_monkey.git

README.md

@@ -21,6 +21,8 @@ Project resources
 -----------------
 
 - [Quickstart](docs/quickstart.md)
+- [Upgrading](docs/update.md)
+- [Changelog](docs/changelog.md)
 - [Source code](https://github.com/netflix/security_monkey)
 - [Issue tracker](https://github.com/netflix/security_monkey/issues)
 - [Gitter.im Chat Room](https://gitter.im/Netflix/security_monkey)

dart/pubspec.yaml

@@ -1,6 +1,6 @@
 name: security_monkey
 description: An AWS Policy Monitoring and Alerting Tool
-version: 0.9.0
+version: 0.9.1
 dependencies:
   angular: "^1.1.2+2"
   angular_ui: ">=0.6.8 <0.7.0"

docker/nginx/Dockerfile

@@ -15,7 +15,7 @@
 FROM nginx:1.11.4
 MAINTAINER Netflix Open Source Development <talent@netflix.com>
 
-ENV SECURITY_MONKEY_VERSION=v0.9.0
+ENV SECURITY_MONKEY_VERSION=v0.9.1
 RUN apt-get update &&\
   apt-get install -y curl git sudo apt-transport-https &&\
   curl https://dl-ssl.google.com/linux/linux_signing_key.pub | apt-key add - &&\

docs/changelog.md

@@ -1,6 +1,37 @@
 Changelog
 =========
 
+v0.9.1 (2017-04-20)
+----------------------------------------
+
+- PR #666 - @redixin - Use find_packages in setup.py to include nested packages.
+- PR #667 - @monkeysecurity - Explicitly adding `urllib3[secure]` to setup.py (REVERTED in #683)
+- PR #668 - @monkeysecurity - IPv6 support in security groups.
+- PR #669 - @monkeysecurity - Updating the security group auditor to treat `::/0` the same as `0.0.0.0/0`
+- PR #671 - @monkeysecurity - Enhancing PolicyDiff to be able to handle non-ascii strings.
+- PR #673 - @monkeysecurity - Fixing path to `aws_accounts.json`. (Broken my moving `manage.py`)
+- PR #675 - @monkeysecurity - Adding `package_data` and `data_files` sections to setup.py.
+- PR #677 - @willbengtson - Fixing the security trackable information.
+- PR #682 - @monkeysecurity - Updating packaged supervisor config to provide full path to `monkey`
+- PR #681 - @AlexCline - Add reference_policies for TLS transitional ELB security policies
+- PR #684 - @monkeysecurity - Disabling DB migration `b8ccf5b8089b`. Was freezing some `db upgrades`
+- PR #683 - @monkeysecurity - Reverted #667.  Added `pip install --upgrade urllib3[secure]` to `quickstart` and `Dockerfile`.
+- PR #685 - @monkeysecurity - Running `docker-compose build` in Travis-CI.
+- PR #688 - @mcpeak - Add Bandit gate to Security Monkey.
+- PR #687 - @mikegrima - Fix for issue #680. (Unable to edit account names)
+- PR #689 - @mikegrima - Enhancements to Travis-CI: parallelized the workloads. (docker/python/dart in parallel)
+
+Important Notes:
+ - This is a hotfix release to correct a number of installation difficulties reported since `0.9.0`.
+
+Contributors:
+- @redixin
+- @AlexCline
+- @willbengtson
+- @mcpeak
+- @mikegrima
+- @monkeysecurity
+
 v0.9.0 (2017-04-13)
 ----------------------------------------
 

docs/quickstart.md

@@ -83,8 +83,10 @@ Releases are on the master branch and are updated about every three months. Blee
     virtualenv venv
     source venv/bin/activate
     pip install --upgrade setuptools
+    pip install --upgrade pip
+    pip install --upgrade urllib3[secure]   # to prevent InsecurePlatformWarning
     pip install google-compute-engine  # Only required on GCP
-    python setup.py install
+    python setup.py develop
 
 ### Compile (or Download) the web UI