def verify_user_registration(DB):
"""
Validate user registration
"""
cirrus_config.update(**config["CIRRUS_CFG"])
validation_check(DB)
def test_validation_check_service_account_removed(
invalid_service_account_not_exist,
valid_google_project_patcher,
db_session,
cloud_manager,
):
"""
Test that an invalid service account whose policy does not exist is
removed from the database
"""
(fence.scripting.google_monitor.
_get_user_email_list_from_google_project_with_owner_role) = MagicMock()
(fence.scripting.google_monitor.
_send_emails_informing_service_account_removal) = MagicMock()
(fence.scripting.google_monitor._get_service_account_removal_reasons
) = MagicMock()
validation_check(db=None)
assert (fence.scripting.google_monitor.
_send_emails_informing_service_account_removal.call_count == 1)
assert (db_session.query(UserServiceAccount).filter_by(
email=invalid_service_account_not_exist["service_account"].email).
count()) == 0
def test_validation_check_one_invalid(
valid_google_project_patcher,
valid_service_account_patcher,
register_user_service_account,
invalid_service_account_patcher,
db_session,
cloud_manager,
):
"""
Test validation check when everything is valid. Make sure the
valid registered service accounts maintain their access.
"""
(fence.scripting.google_monitor.
_get_user_email_list_from_google_project_with_owner_role) = MagicMock()
(fence.scripting.google_monitor.
_send_emails_informing_service_account_removal) = MagicMock()
(fence.scripting.google_monitor._get_service_account_removal_reasons
) = MagicMock()
validation_check(db=None)
assert (fence.scripting.google_monitor.
_send_emails_informing_service_account_removal.call_count == 1)
_assert_access(register_user_service_account["service_account"].email,
db_session)
_assert_access(
invalid_service_account_patcher["service_account"].email,
db_session,
has_access=False,
)
def verify_user_registration(DB, config):
"""
Validate user registration
"""
import fence.settings
cirrus_config.update(**fence.settings.CIRRUS_CFG)
validation_check(DB, config)
def test_validation_check_multiple_diff_projects(
valid_service_account_patcher,
valid_google_project_patcher,
setup_data,
db_session,
cloud_manager,
):
"""
Test validation check when everything is valid. Make sure the
valid registered service accounts maintain their access.
"""
registered_service_accounts = ["*****@*****.**"]
registered_service_accounts_2 = ["*****@*****.**", "*****@*****.**"]
(
fence.scripting.google_monitor
._get_user_email_list_from_google_project_with_owner_role
) = MagicMock()
(
fence.scripting.google_monitor
._send_emails_informing_service_account_removal
) = MagicMock()
(
fence.scripting.google_monitor
._get_service_account_removal_reasons
) = MagicMock()
(
cloud_manager.return_value.__enter__.return_value.get_service_account.return_value
) = {"uniqueId": "1111111"}
force_add_service_accounts_to_access(
service_account_emails=registered_service_accounts,
google_project_id="google_project_x",
project_access=["project_1"],
)
force_add_service_accounts_to_access(
service_account_emails=registered_service_accounts_2,
google_project_id="google_project_y",
project_access=["project_2"],
)
validation_check(db=None)
assert (
fence.scripting.google_monitor
._send_emails_informing_service_account_removal.call_count == 0
)
_assert_access("*****@*****.**", db_session)
_assert_access("*****@*****.**", db_session)
_assert_access("*****@*****.**", db_session)