Skip to content

Commit

Permalink
Fix threading (forseti-security#237)
Browse files Browse the repository at this point in the history
  • Loading branch information
carise authored Apr 25, 2017
1 parent 10315a7 commit 868a8de
Showing 1 changed file with 7 additions and 11 deletions.
18 changes: 7 additions & 11 deletions google/cloud/security/scanner/audit/org_rules_engine.py
Original file line number Diff line number Diff line change
Expand Up @@ -175,17 +175,16 @@ class OrgRuleBook(bre.BaseRuleBook):
"""

def __init__(self, rule_defs=None, verify_resource_exists=False):
def __init__(self, rule_defs=None):
"""Initialize.
Args:
rule_defs: The parsed dictionary of rules from the YAML
definition file.
"""
super(OrgRuleBook, self).__init__()
self._lock = threading.Lock()
self._rules_sema = threading.BoundedSemaphore(value=1)
self.resource_rules_map = {}
self.verify_resource_exists = verify_resource_exists
if not rule_defs:
self.rule_defs = {}
else:
Expand Down Expand Up @@ -260,7 +259,9 @@ def add_rule(self, rule_def, rule_index):
rule_index: The index of the rule from the rule definitions.
Assigned automatically when the rule book is built.
"""
with self._lock:
self._rules_sema.acquire()

try:
resources = rule_def.get('resource')

for resource in resources:
Expand All @@ -286,13 +287,6 @@ def add_rule(self, rule_def, rule_index):
gcp_resource = ResourceUtil.create_resource(
resource_id=resource_id,
resource_type=resource_type)
# Verify that this resource actually exists in GCP.
if (self.verify_resource_exists and
not gcp_resource.exists()):

LOGGER.error('Resource does not exist: %s',
gcp_resource)
continue

rule_bindings = [
IamPolicyBinding.create_from(b)
Expand Down Expand Up @@ -321,6 +315,8 @@ def add_rule(self, rule_def, rule_index):
# If the rule isn't in the mapping, add it.
if rule not in resource_rules.rules:
resource_rules.rules.add(rule)
finally:
self._rules_sema.release()

def _get_resource_rules(self, resource):
"""Get all the resource rules for (resource, RuleAppliesTo.*).
Expand Down

0 comments on commit 868a8de

Please sign in to comment.