def load_config_from_dynamo(self):
"""If enabled, we can load a configuration dynamically from Dynamo at a certain time interval. This reduces
the need for code redeploys to make configuration changes"""
from consoleme.lib.dynamo import UserDynamoHandler
from consoleme.lib.redis import RedisHandler
ddb = UserDynamoHandler()
red = RedisHandler().redis_sync()
while True:
dynamic_config = refresh_dynamic_config(ddb)
if dynamic_config and dynamic_config != self.config.get("dynamic_config"):
red.set(
"DYNAMIC_CONFIG_CACHE",
json.dumps(dynamic_config),
)
self.get_logger("config").debug(
{
"function": f"{__name__}.{self.__class__.__name__}.{sys._getframe().f_code.co_name}",
"message": "Dynamic configuration changes detected and loaded",
"dynamic_config": dynamic_config,
}
)
self.config["dynamic_config"] = dynamic_config
time.sleep(self.get("dynamic_config.dynamo_load_interval", 60))
def test_post_limit(self):
mock_request_data = [
{
"request_id": 12345,
"username": "******"
},
{
"request_id": 12346,
"username": "******"
},
]
from consoleme.lib.redis import RedisHandler
# Mocked by fakeredis
red = RedisHandler().redis_sync()
red.set(
self.config.get("cache_policy_requests.redis_key",
"ALL_POLICY_REQUESTS"),
json.dumps(mock_request_data),
)
headers = {
self.config.get("auth.user_header_name"): "*****@*****.**",
self.config.get("auth.groups_header_name"): "groupa,groupb,groupc",
}
response = self.fetch(
"/api/v2/requests",
method="POST",
headers=headers,
body=json.dumps({"limit": 1}),
)
self.assertEqual(response.code, 200)
self.assertEqual(len(json.loads(response.body)), 3)
self.assertEqual(len(json.loads(response.body)["data"]), 1)
def test_post(self):
mock_request_data = [
{
"request_id": 12345,
"username": "******",
"request_time": 22345,
},
{
"request_id": 12346,
"username": "******",
"request_time": 12345,
},
]
from consoleme.lib.redis import RedisHandler
# Mocked by fakeredis
red = RedisHandler().redis_sync()
red.set(
config.get("cache_policy_requests.redis_key", "ALL_POLICY_REQUESTS"),
json.dumps(mock_request_data),
)
headers = {
config.get("auth.user_header_name"): "*****@*****.**",
config.get("auth.groups_header_name"): "groupa,groupb,groupc",
}
response = self.fetch(
"/api/v2/requests", method="POST", headers=headers, body="{}"
)
self.assertEqual(response.code, 200)
diff = DeepDiff(json.loads(response.body), mock_request_data)
self.assertFalse(diff)
def test_post_request(self):
mock_request_data = {
"justification": "test asdf",
"admin_auto_approve": False,
"changes": {
"changes": [{
"principal": {
"principal_arn":
"arn:aws:iam::123456789012:role/TestInstanceProfile",
"principal_type": "AwsResource",
},
"change_type": "inline_policy",
"action": "attach",
"policy": {
"policy_document": {
"Version":
"2012-10-17",
"Statement": [{
"Action": ["sqs:SetQueueAttributes"],
"Effect":
"Allow",
"Resource":
["arn:aws:sqs:us-east-1:223456789012:queue"],
}],
}
},
}]
},
}
from consoleme.lib.redis import RedisHandler
# Mocked by fakeredis
red = RedisHandler().redis_sync()
red.set(
self.config.get("cache_policy_requests.redis_key",
"ALL_POLICY_REQUESTS"),
json.dumps(mock_request_data),
)
headers = {
self.config.get("auth.user_header_name"): "*****@*****.**",
self.config.get("auth.groups_header_name"): "groupa,groupb,groupc",
}
response = self.fetch(
"/api/v2/request",
method="POST",
headers=headers,
body=json.dumps(mock_request_data),
)
self.assertEqual(response.code, 200)
response_d = json.loads(response.body)
self.assertEqual(response_d["errors"], 0)
self.assertEqual(response_d["request_created"], True)
self.assertIn("/policies/request/", response_d["request_url"])
def load_config_from_dynamo(self, ddb=None, red=None):
if not ddb:
from consoleme.lib.dynamo import UserDynamoHandler
ddb = UserDynamoHandler()
if not red:
from consoleme.lib.redis import RedisHandler
red = RedisHandler().redis_sync()
dynamic_config = refresh_dynamic_config(ddb)
if dynamic_config and dynamic_config != self.config.get("dynamic_config"):
red.set(
"DYNAMIC_CONFIG_CACHE",
json.dumps(dynamic_config),
)
self.get_logger("config").debug(
{
"function": f"{__name__}.{self.__class__.__name__}.{sys._getframe().f_code.co_name}",
"message": "Dynamic configuration changes detected and loaded",
}
)
self.config["dynamic_config"] = dynamic_config
