def test_disable_retention_log_settings(self):
p = self.load_policy({
'name': 'test-azure-storage',
'resource': 'azure.storage',
'filters': [
{'type': 'value',
'key': 'name',
'op': 'glob',
'value_type': 'normalize',
'value': 'cclgstorage*'}],
'actions': [
{
'type': 'set-log-settings',
'storage-types': ['blob', 'queue', 'table'],
'retention': 0,
'log': ['read', 'write', 'delete']
}
]
}, validate=True)
resources = p.run()
session = local_session(p.session_factory)
token = StorageUtilities.get_storage_token(session)
blob_settings = StorageSettingsUtilities.get_settings(
BLOB_TYPE, resources[0], token=token)
queue_settings = StorageSettingsUtilities.get_settings(
QUEUE_TYPE, resources[0], token=token)
table_settings = StorageSettingsUtilities.get_settings(
TABLE_TYPE, resources[0], session=session)
# assert retention policy is disabled
self.assertFalse(blob_settings.logging.retention_policy.enabled)
self.assertFalse(queue_settings.logging.retention_policy.enabled)
self.assertFalse(table_settings.logging.retention_policy.enabled)
def test_storage_settings_update_logging_blob(self,
mock_set_blob_properties):
mock_storage_account = {
"resourceGroup": "mock_resource_group",
"name": "mock_storage_account",
"properties": {
"primaryEndpoints": {
"blob":
"https://cctstoragey6akyqpagdt3o.blob.core.windows.net/",
"queue":
"https://cctstoragey6akyqpagdt3o.queue.core.windows.net/",
"table":
"https://cctstoragey6akyqpagdt3o.table.core.windows.net/",
"file":
"https://cctstoragey6akyqpagdt3o.file.core.windows.net/"
},
}
}
mock_session = MagicMock()
log_settings = MagicMock()
StorageSettingsUtilities.update_logging(BLOB_TYPE,
mock_storage_account,
log_settings,
session=mock_session)
mock_set_blob_properties.assert_called_once()
def test_storage_settings_get_table_settings(self, mock_get_storage_key,
mock_get_table_properties):
mock_storage_account = {
"resourceGroup": "mock_resource_group",
"name": "mock_storage_account",
"properties": {
"primaryEndpoints": {
"blob":
"https://cctstoragey6akyqpagdt3o.blob.core.windows.net/",
"queue":
"https://cctstoragey6akyqpagdt3o.queue.core.windows.net/",
"table":
"https://cctstoragey6akyqpagdt3o.table.core.windows.net/",
"file":
"https://cctstoragey6akyqpagdt3o.file.core.windows.net/"
},
}
}
mock_session = MagicMock()
StorageSettingsUtilities.get_settings(TABLE_TYPE,
mock_storage_account,
session=mock_session)
mock_get_storage_key.assert_called_with('mock_resource_group',
'mock_storage_account',
mock_session)
mock_get_table_properties.assert_called_once()
def test_enable_log_settings(self):
p = self.load_policy(
{
'name':
'test-azure-storage',
'resource':
'azure.storage',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'glob',
'value_type': 'normalize',
'value': 'cclgstorage*'
}],
'actions': [{
'type': 'set-log-settings',
'storage-types': ['blob', 'queue', 'table'],
'retention': 5,
'log': ['read', 'write', 'delete']
}]
},
validate=True)
resources = p.run()
self.sleep_in_live_mode(30)
session = local_session(p.session_factory)
token = StorageUtilities.get_storage_token(session)
blob_settings = StorageSettingsUtilities.get_settings(BLOB_TYPE,
resources[0],
token=token)
queue_settings = StorageSettingsUtilities.get_settings(QUEUE_TYPE,
resources[0],
token=token)
table_settings = StorageSettingsUtilities.get_settings(TABLE_TYPE,
resources[0],
session=session)
# assert all logging settings are enabled
self.assertTrue(blob_settings.logging.delete
and blob_settings.logging.read
and blob_settings.logging.write)
self.assertTrue(queue_settings.logging.delete
and queue_settings.logging.read
and queue_settings.logging.write)
self.assertTrue(table_settings.logging.delete
and table_settings.logging.read
and table_settings.logging.write)
# assert retention policy is enabled
self.assertTrue(blob_settings.logging.retention_policy.enabled)
self.assertTrue(queue_settings.logging.retention_policy.enabled)
self.assertTrue(table_settings.logging.retention_policy.enabled)
# assert retention days is set to 5
self.assertEqual(blob_settings.logging.retention_policy.days, 5)
self.assertEqual(table_settings.logging.retention_policy.days, 5)
self.assertEqual(queue_settings.logging.retention_policy.days, 5)
def test_storage_settings_get_blob_settings(self, mock_blob_properties_call):
mock_storage_account = {
"resourceGroup": "mock_resource_group",
"name": "mock_storage_account"
}
mock_token = 'mock_token'
StorageSettingsUtilities.get_settings(BLOB_TYPE, mock_storage_account, token=mock_token)
mock_blob_properties_call.assert_called_once()
def test_storage_settings_get_file_settings(self, mock_get_storage_key,
mock_file_properties_call):
mock_storage_account = {
"resourceGroup": "mock_resource_group",
"name": "mock_storage_account"
}
mock_session = MagicMock()
StorageSettingsUtilities.get_settings(FILE_TYPE, mock_storage_account, session=mock_session)
mock_get_storage_key.assert_called_with(
'mock_resource_group', 'mock_storage_account', mock_session)
mock_file_properties_call.assert_called_once()
def test_storage_settings_update_logging_blob(self, mock_set_blob_properties):
mock_storage_account = {
"resourceGroup": "mock_resource_group",
"name": "mock_storage_account"
}
mock_token = 'mock_token'
log_settings = MagicMock()
StorageSettingsUtilities.update_logging(
BLOB_TYPE, mock_storage_account, log_settings, token=mock_token)
mock_set_blob_properties.assert_called_once()
def test_disable_log_settings(self):
p = self.load_policy(
{
'name':
'test-azure-storage',
'resource':
'azure.storage',
'filters': [{
'type': 'value',
'key': 'name',
'op': 'glob',
'value_type': 'normalize',
'value': 'cclgstorage*'
}],
'actions': [{
'type': 'set-log-settings',
'storage-types': ['blob', 'queue', 'table'],
'retention': 5,
'log': ['delete']
}]
},
validate=True)
resources = p.run()
self.sleep_in_live_mode(30)
session = local_session(p.session_factory)
blob_settings = StorageSettingsUtilities.get_settings(BLOB_TYPE,
resources[0],
session=session)
queue_settings = StorageSettingsUtilities.get_settings(QUEUE_TYPE,
resources[0],
session=session)
table_settings = StorageSettingsUtilities.get_settings(TABLE_TYPE,
resources[0],
session=session)
# assert read and write logging settings are disabled
self.assertFalse(blob_settings['analytics_logging'].read
and blob_settings['analytics_logging'].write)
self.assertFalse(queue_settings['analytics_logging'].read
and queue_settings['analytics_logging'].write)
self.assertFalse(table_settings.logging.read
and table_settings.logging.write)
# assert delete logging settings are enabled
self.assertTrue(blob_settings['analytics_logging'].delete)
self.assertTrue(queue_settings['analytics_logging'].delete)
self.assertTrue(table_settings.logging.delete)
def test_storage_settings_update_logging_table(self, mock_get_storage_key,
mock_set_table_properties):
mock_storage_account = {
"resourceGroup": "mock_resource_group",
"name": "mock_storage_account"
}
mock_session = MagicMock()
log_settings = MagicMock()
StorageSettingsUtilities.update_logging(
TABLE_TYPE, mock_storage_account, log_settings, session=mock_session)
mock_get_storage_key.assert_called_with(
'mock_resource_group', 'mock_storage_account', mock_session)
mock_set_table_properties.assert_called_once()