def test_notifications_are_not_sent_without_valid_scanner_index_id(
self, mock_logger, mock_dao, mock_find_notifiers,
mock_gcs_violations_cls, mock_email_violations_cls):
"""Without scanner index id, no notifications are sent.
Setup:
Mock the scanner_dao and make its map_by_resource() function return
the VIOLATIONS dict.
Make sure that no scanner index with a (SUCCESS, PARTIAL_SUCCESS)
completion state is found.
Expected outcome:
The local find_notifiers() function is never called -> no notifiers
are looked up, istantiated or run."""
mock_dao.get_latest_scanner_index_id.return_value = None
mock_service_cfg = mock.MagicMock()
mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS
mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS
mock_email_violations = mock.MagicMock(
spec=email_violations.EmailViolations)
mock_email_violations_cls.return_value = mock_email_violations
mock_email_violations = mock_email_violations_cls.return_value
mock_gcs_violations = mock_gcs_violations_cls.return_value
mock_find_notifiers.side_effect = [
mock_email_violations_cls, mock_gcs_violations_cls
]
notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg)
self.assertFalse(mock_find_notifiers.called)
self.assertFalse(mock_dao.map_by_resource.called)
self.assertTrue(mock_logger.error.called)
def test_beta_api_is_invoked_correctly(self):
notifier = cscc_notifier.CsccNotifier(None)
notifier._send_findings_to_cscc = mock.MagicMock()
notifier.LOGGER = mock.MagicMock()
self.assertEquals(0, notifier._send_findings_to_cscc.call_count)
notifier.run(None, None, 'api', None, source_id='111')
calls = notifier._send_findings_to_cscc.call_args_list
call = calls[0]
_, kwargs = call
self.assertEquals('111', kwargs['source_id'])
def test_modes_are_run_correctly(self, mock_logger):
# This whole test case is for alpha API, and can be deleted
# when CSCC alpha support is removed.
notifier = cscc_notifier.CsccNotifier(None)
notifier._send_findings_to_gcs = mock.MagicMock()
notifier._send_findings_to_cscc = mock.MagicMock()
notifier.LOGGER = mock.MagicMock()
self.assertEquals(0, notifier._send_findings_to_gcs.call_count)
notifier.run(None, None, None, None)
self.assertEquals(1, notifier._send_findings_to_gcs.call_count)
notifier.run(None, None, 'bucket', None)
self.assertEquals(2, notifier._send_findings_to_gcs.call_count)
# alpha api
self.assertEquals(0, notifier._send_findings_to_cscc.call_count)
notifier.run(None, None, 'api', None)
self.assertEquals(1, notifier._send_findings_to_cscc.call_count)
self.assertEquals(3, mock_logger.info.call_count)
notifier.run(None, None, 'foo', None)
self.assertEquals(5, mock_logger.info.call_count)
self.assertTrue(
'not selected' in mock_logger.info.call_args_list[4][0][0])
def test_no_notifications_for_empty_violations(self, mock_dao,
mock_find_notifiers):
"""No notifiers are instantiated/run if there are no violations.
Setup:
Mock the scanner_dao and make its map_by_resource() function return
an empty violations map
Expected outcome:
The local find_notifiers() function is never called -> no notifiers
are looked up, istantiated or run."""
mock_dao.map_by_resource.return_value = dict()
mock_service_cfg = mock.MagicMock()
mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS
mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS
notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg)
self.assertFalse(mock_find_notifiers.called)
def test_inventory_summary_is_called(self, mock_dao, mock_find_notifiers,
mock_inventor_summary):
"""No violation notifiers are run if there are no violations.
Setup:
Mock the scanner_dao and make its map_by_resource() function return
an empty violations map
Expected outcome:
The local find_notifiers() function is never called -> no notifiers
are looked up, istantiated or run.
The `run_inv_summary` function *is* called.
"""
mock_dao.map_by_resource.return_value = dict()
mock_service_cfg = mock.MagicMock()
mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS
mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS
notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg)
self.assertFalse(mock_find_notifiers.called)
self.assertTrue(mock_inventor_summary.called)
def test_notifications_for_nonempty_violations(self, mock_dao,
mock_find_notifiers,
mock_gcs_violations_cls,
mock_email_violations_cls):
"""The email/GCS upload notifiers are instantiated/run.
Setup:
Mock the scanner_dao and make its map_by_resource() function return
the VIOLATIONS dict
Expected outcome:
The local find_notifiers() is called with with 'email_violations'
and 'gcs_violations' respectively. These 2 notifiers are
instantiated and run."""
mock_dao.map_by_resource.return_value = fake_violations.VIOLATIONS
mock_service_cfg = mock.MagicMock()
mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS
mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS
mock_email_violations = mock.MagicMock(
spec=email_violations.EmailViolations)
mock_email_violations_cls.return_value = mock_email_violations
mock_email_violations = mock_email_violations_cls.return_value
mock_gcs_violations = mock_gcs_violations_cls.return_value
mock_find_notifiers.side_effect = [
mock_email_violations_cls, mock_gcs_violations_cls
]
notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg)
# The notifiers were only run once i.e. for 'policy_violations'
self.assertTrue(mock_find_notifiers.called)
self.assertEqual(1, mock_email_violations_cls.call_count)
self.assertEqual('iam_policy_violations',
mock_email_violations_cls.call_args[0][0])
self.assertEqual(1, mock_email_violations.run.call_count)
self.assertEqual(1, mock_gcs_violations_cls.call_count)
self.assertEqual('iam_policy_violations',
mock_gcs_violations_cls.call_args[0][0])
self.assertEqual(1, mock_gcs_violations.run.call_count)
