Replacing python manage.py with monkey

.travis.yml

@@ -36,7 +36,7 @@ before_script:
   - python setup.py develop
   - pip install .[tests]
   - pip install coveralls
-  - python manage.py db upgrade
+  - monkey db upgrade
 
 script:
   - sh env_tests/test_dart.sh

README.md

@@ -5,7 +5,7 @@ Security Monkey
 
 Security Monkey monitors your [AWS and GCP accounts](https://medium.com/@Netflix_Techblog/netflix-security-monkey-on-google-cloud-platform-gcp-f221604c0cc7) for policy changes and alerts on insecure configurations.  It provides a single UI to browse and search through all of your accounts, regions, and cloud services.  The monkey remembers previous states and can show you exactly what changed, and when.
 
-Security Monkey can be extended with [custom account types](plugins.md), custom watchers, custom auditors, and [custom alerters](docs/misc.md#custom-alerters).
+Security Monkey can be extended with [custom account types](docs/plugins.md), [custom watchers](docs/development.md#adding-a-watcher), [custom auditors](docs/development.md#adding-an-auditor), and [custom alerters](docs/misc.md#custom-alerters).
 
 It works on CPython 2.7. It is known to work on Ubuntu Linux and OS X.
 

docker/README.md

@@ -0,0 +1,12 @@
+Docker local development
+========================
+
+Project resources
+-----------------
+
+-   [Docker documentation](../docs/docker.md)
+-   [Development documentation](../docs/development.md)
+-   [OSX Develepment Setup](../docs/dev_setup_osx.md)
+-   [Windows Develepment Setup](../docs/dev_setup_windows.md)
+-   [Ubuntu Develepment Setup](../docs/dev_setup_ubuntu.md)
+

docker/api-init.sh

@@ -15,9 +15,9 @@ mkdir -p /var/log/security_monkey/
 touch "/var/log/security_monkey/security_monkey-deploy.log"
 
 cd /usr/local/src/security_monkey
-python manage.py db upgrade
+python security_monkey/manage.py db upgrade
 
-cat <<EOF | python manage.py create_user "admin@example.org" "Admin"
+cat <<EOF | python security_monkey/manage.py create_user "admin@example.org" "Admin"
 ${SECURITY_MONKEY_PASSWORD:-admin}
 ${SECURITY_MONKEY_PASSWORD:-admin}
 EOF

docker/api-start.sh

@@ -4,4 +4,4 @@
 sleep 10
 
 cd /usr/local/src/security_monkey
-python manage.py run_api_server -b 0.0.0.0:${SECURITY_MONKEY_API_PORT:-5000}
+python security_monkey/manage.py run_api_server -b 0.0.0.0:${SECURITY_MONKEY_API_PORT:-5000}

docker/scheduler-start.sh

@@ -7,4 +7,4 @@ mkdir -p /var/log/security_monkey
 touch /var/log/security_monkey/security_monkey-deploy.log
 
 cd /usr/local/src/security_monkey
-python manage.py start_scheduler
+python security_monkey/manage.py start_scheduler

docs/dev_setup_osx.md

@@ -1,4 +1,5 @@
-***********\* Development Setup on Mac OS X***********\*
+Development Setup on Mac OS X
+=============================
 
 Please follow the instructions below for setting up the Security Monkey development environment on Mac OS X.
 
@@ -132,7 +133,7 @@ Init the Security Monkey DB
 
 Run Alembic/FlaskMigrate to create all the database tables. :
 
-    python manage.py db upgrade
+    monkey db upgrade
 
 Install and configure NGINX
 ===========================
@@ -241,14 +242,14 @@ Add Amazon Accounts
 
 This will add Amazon owned AWS accounts to security monkey. :
 
-    python manage.py amazon_accounts
+    monkey amazon_accounts
 
 Add a user account
 ==================
 
 This will add a user account that can be used later to login to the web ui:
 
-    python manage.py create_user email@youremail.com Admin
+    monkey create_user email@youremail.com Admin
 
 The first argument is the email address of the new user. The second parameter is the role and must be one of [anonymous, View, Comment, Justify, Admin].
 
@@ -257,7 +258,7 @@ Start the Security Monkey API
 
 This starts the REST API that the Angular application will communicate with. :
 
-    python manage.py runserver
+    monkey runserver
 
 Launch Dartium from within WebStorm
 ===================================
@@ -296,17 +297,17 @@ Manually Run the Account Watchers
 Run the watchers to put some data in the database. :
 
     cd ~/security_monkey/
-    python manage.py run_change_reporter all
+    monkey run_change_reporter all
 
 You can also run an individual watcher:
 
-    python manage.py find_changes -a all -m all
-    python manage.py find_changes -a all -m iamrole
-    python manage.py find_changes -a "My Test Account" -m iamgroup
+    monkey find_changes -a all -m all
+    monkey find_changes -a all -m iamrole
+    monkey find_changes -a "My Test Account" -m iamgroup
 
 You can run the auditors against the items currently in the database:
 
-    python manage.py audit_changes -a all -m redshift --send_report=False
+    monkey audit_changes -a all -m redshift --send_report=False
 
 Next Steps
 ==========

docs/dev_setup_ubuntu.md

@@ -1,4 +1,5 @@
-***********\* Development Setup on Ubuntu***********\*
+Development Setup on Ubuntu
+===========================
 
 Please follow the instructions below for setting up the Security Monkey development environment on Ubuntu Trusty (14.04).
 
@@ -80,7 +81,7 @@ Init the Security Monkey DB
 
 Run Alembic/FlaskMigrate to create all the database tables. :
 
-    python manage.py db upgrade
+    monkey db upgrade
 
 Configure NGINX
 ===============
@@ -194,14 +195,14 @@ Add Amazon Accounts
 
 This will add Amazon owned AWS accounts to security monkey. :
 
-    python manage.py amazon_accounts
+    monkey amazon_accounts
 
 Add a user account
 ==================
 
 This will add a user account that can be used later to login to the web ui:
 
-    python manage.py create_user <email@youremail.com> Admin
+    monkey create_user <email@youremail.com> Admin
 
 The first argument is the email address of the new user. The second parameter is the role and must be one of [anonymous, View, Comment, Justify, Admin].
 
@@ -210,7 +211,7 @@ Start the Security Monkey API
 
 This starts the REST API that the Angular application will communicate with. :
 
-    python manage.py runserver
+    monkey runserver
 
 Launch Dartium from within WebStorm
 ===================================
@@ -247,17 +248,17 @@ Manually Run the Account Watchers
 Run the watchers to put some data in the database. :
 
     cd ~/security_monkey/
-    python manage.py run_change_reporter all
+    monkey run_change_reporter all
 
 You can also run an individual watcher:
 
-    python manage.py find_changes -a all -m all
-    python manage.py find_changes -a all -m iamrole
-    python manage.py find_changes -a "My Test Account" -m iamgroup
+    monkey find_changes -a all -m all
+    monkey find_changes -a all -m iamrole
+    monkey find_changes -a "My Test Account" -m iamgroup
 
 You can run the auditors against the items currently in the database:
 
-    python manage.py audit_changes -a all -m redshift --send_report=False
+    monkey audit_changes -a all -m redshift --send_report=False
 
 Next Steps
 ==========

docs/dev_setup_windows.md

@@ -153,7 +153,7 @@ With your virtualenv activated, this will install the security\_monkey python mo
 
 We should be able to run manage.py to see usage information:
 
-    python manage.py
+    monkey
 
 ### Setup a development DB
 
@@ -175,7 +175,7 @@ If you leave the DB paramaters at their default, you'll need to modify config-lo
 
 Install the security\_monkey DB tables:
 
-    python manage.py db upgrade
+    monkey db upgrade
 
 FYI - Navicat is a great tool for exploring the DB.
 
@@ -184,14 +184,14 @@ Add Amazon Accounts
 
 This will add Amazon owned AWS accounts to security monkey. :
 
-    python manage.py amazon_accounts
+    monkey amazon_accounts
 
 Add a user account
 ------------------
 
 This will add a user account that can be used later to login to the web ui:
 
-    python manage.py create\_user <email@youremail.com> Admin
+    monkey create\_user <email@youremail.com> Admin
 
 The first argument is the email address of the new user. The second parameter is the role and must be one of [anonymous, View, Comment, Justify, Admin].
 
@@ -200,7 +200,7 @@ Start the Security Monkey API
 
 This starts the REST API that the Angular application will communicate with. :
 
-    python manage.py runserver
+    monkey runserver
 
 ### Dart Development
 
@@ -252,17 +252,17 @@ Manually Run the Account Watchers
 Run the watchers to put some data in the database. :
 
     cd ~/Github/security_monkey/
-    python manage.py run_change_reporter all
+    monkey run_change_reporter all
 
 You can also run an individual watcher:
 
-    python manage.py find_changes -a all -m all
-    python manage.py find_changes -a all -m iamrole
-    python manage.py find_changes -a "My Test Account" -m iamgroup
+    monkey find_changes -a all -m all
+    monkey find_changes -a all -m iamrole
+    monkey find_changes -a "My Test Account" -m iamgroup
 
 You can run the auditors against the items currently in the database:
 
-    python manage.py audit_changes -a all -m redshift --send_report=False
+    monkey audit_changes -a all -m redshift --send_report=False
 
 Next Steps
 ----------

docs/docker.md

@@ -27,7 +27,7 @@ On a fresh database instance, various initial configuration must be run such as
 
 Before you bring the containers up, you need to add an AWS account for the scheduler to monitor:
 
-    $ python manage.py add_account_aws --number $account --name $name -r SecurityMonkey
+    $ monkey add_account_aws --number $account --name $name -r SecurityMonkey
 
 Now that the database is setup, you can start up the remaining containers (Security Monkey, nginx, and the scheduler) via:
 
@@ -64,11 +64,11 @@ You can get a shell thanks to the docker-compose.shell.yml override:
 
 This allows you to access SecurityMonkey code, and run manual configurations such as:
 
-    $ python manage.py create_user admin@example.com Admin
+    $ monkey create_user admin@example.com Admin
 
 and/or:
 
-    $ python manage.py add_account_aws --number $account --name $name -r SecurityMonkey
+    $ monkey add_account_aws --number $account --name $name -r SecurityMonkey
 
 This container is useful for local development. It is not required otherwise.
 

docs/jirasync.md

@@ -29,7 +29,7 @@ To use JIRA sync, you will need to create a YAML configuration file, specifying
 
 To use JIRA sync, set the environment variable `SECURITY_MONKEY_JIRA_SYNC` to the location of the YAML configuration file. This file will be loaded once when the application starts. If set, JIRA sync will run for each account after the auditors run. You can also manually run a sync through `manage.py`.
 
-`python manage.py sync_jira`
+`monkey sync_jira`
 
 Details
 -------

docs/misc.md

@@ -11,13 +11,13 @@ For instance when you change a whitelist or add a 3rd party account, configurati
 In this case, you can force an audit by running:
 
 ~~~~ {.sourceCode .bash}
-python manage.py audit_changes -m s3
+monkey audit_changes -m s3
 ~~~~
 
 For an email by adding `-r True`:
 
 ~~~~ {.sourceCode .bash}
-python manage.py audit_changes -m s3 -r True
+monkey audit_changes -m s3 -r True
 ~~~~
 
 Scheduler Hacking
@@ -66,7 +66,7 @@ On the next full audit, the score for the configured check method will be replac
 
 If no account pattern scores match the account, the override score it will default to the generic override score configured.
 
-Audit override scores may also be set up though the [Command line interface](../manage.py) functions add\_override\_score (for a single score) and add\_override\_scores (from a csv file)
+Audit override scores may also be set up though the [Command line interface](../security_monkey/manage.py) functions `add_override_score` (for a single score) and `add_override_scores` (from a csv file)
 
 *Note:*:
 

docs/nginx_install.md

@@ -27,9 +27,10 @@ The Python process
 
 Run Security Monkey as usual, but this time make it listen to a local port and host. E.G:
 
-    python manage.py run_api_server
+    monkey run_api_server
 
-In PHP, when you edit a file, the changes are immediately visible. In Python, the whole code is often loaded in memory for performance reasons. This means you have to restart the Python process to see the changes effect. Having a separate process let you do this without having to restart the server.
+If using the flask server in debug mode (`monkey runserver`), the python code will be reloaded when any file is changed.
+However, in production we use gunicorn (`monkey run_api_server`) which does not reload. This means you have to restart the Python process to see the changes effect. Having a separate process let you do this without having to restart the server.
 
 Nginx
 -----

docs/quickstart.md

@@ -129,7 +129,7 @@ For an explanation of the configuration options, see [options](options.md).
 Security Monkey uses Flask-Migrate (Alembic) to keep database tables up to date. To create the tables, run this command:
 
     cd /usr/local/src/security_monkey/
-    python manage.py db upgrade
+    monkey db upgrade
 
 Populate Security Monkey with Accounts
 --------------------------------------
@@ -138,20 +138,20 @@ Populate Security Monkey with Accounts
 
 This will add Amazon owned AWS accounts to security monkey. :
 
-    python manage.py amazon_accounts
+    monkey amazon_accounts
 
 ### Add Your AWS/GCP Accounts
 
 You'll need to add at least one account before starting the scheduler. It's easiest to add them from the command line, but it can also be done through the web UI. :
 
-    python manage.py add_account_aws
+    monkey add_account_aws
     usage: manage.py add_account_aws [-h] -n NAME [--thirdparty] [--active]
                                  [--notes NOTES] --id IDENTIFIER
                                  [--update-existing]
                                  [--canonical_id CANONICAL_ID]
                                  [--s3_name S3_NAME] [--role_name ROLE_NAME]
 
-    python manage.py add_account_gcp
+    monkey add_account_gcp
     usage: manage.py add_account_gcp [-h] -n NAME [--thirdparty] [--active]
                                  [--notes NOTES] --id IDENTIFIER
                                  [--update-existing] [--creds_file CREDS_FILE]
@@ -160,7 +160,7 @@ You'll need to add at least one account before starting the scheduler. It's easi
 
 Users can be created on the command line or by registering in the web UI:
 
-    $ python manage.py create_user "you@youremail.com" "Admin"
+    $ monkey create_user "you@youremail.com" "Admin"
     > Password:
     > Confirm Password:
 

docs/userguide.md

@@ -53,14 +53,14 @@ The first run will occur in 15 minutes. You can monitor all the log files in /va
 
 **Note: You can also add accounts via the command line with manage.py**:
 
-    $ python manage.py add_account_aws --number 12345678910 --name account_foo
+    $ monkey add_account_aws --number 12345678910 --name account_foo
     Successfully added account account_foo
 
 If an account with the same number already exists, this will do nothing, unless you pass `--force`, in which case, it will override the existing account:
 
-    $ python manage.py add_account_aws --number 12345678910 --name account_foo
+    $ monkey add_account_aws --number 12345678910 --name account_foo
     An account with id 12345678910 already exists
-    $ python manage.py add_account_aws --number 12345678910 --name account_foo --active false --force
+    $ monkey add_account_aws --number 12345678910 --name account_foo --active false --force
     Successfully added account account_foo
 
 Now What?