def test_get_discovery_action_templates_regional_resource_regional_service(
service_resource_ec2_vpc):
action_template = service_resource_ec2_vpc.get_discovery_action_templates(
discovery_regions=["eu-west-1"])
assert action_template[0].get_urns == [
PartialUrn(
cloud_name="aws",
account_id=None,
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
)
]
assert action_template[0].delete_urns == [
PartialUrn(
cloud_name="aws",
account_id=None,
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
)
]
def test_get_discovery_action_templates_regional_resource_global_service(
service_resource_s3_bucket):
action_template = service_resource_s3_bucket.get_discovery_action_templates(
discovery_regions=["us-east-1"])
assert action_template[0].get_urns == [
PartialUrn(
cloud_name="aws",
account_id=None,
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
)
]
assert action_template[0].delete_urns == [
PartialUrn(
cloud_name="aws",
account_id=None,
region="ALL_REGIONS",
service="s3",
resource_type="bucket",
resource_id_parts=[],
)
]
def test_get_resource_discovery_actions_for_s3(
aws_interface: CloudWandererAWSInterface, mock_action_set_s3):
aws_interface._get_discovery_action_templates_for_service = MagicMock(
return_value=[mock_action_set_s3])
result = aws_interface.get_resource_discovery_actions()
assert len(result) == 1
assert isinstance(result[0], ActionSet)
assert result[0].get_urns == [
PartialUrn(account_id="111111111111",
region=region,
service="s3",
resource_type="bucket",
resource_id_parts=["ALL"]) for region in ["us-east-1"]
]
assert result[0].delete_urns == [
PartialUrn(account_id="111111111111",
region=region,
service="s3",
resource_type="bucket",
resource_id_parts=["ALL"])
for region in ["us-east-1", "eu-west-1"]
]
aws_interface._get_discovery_action_templates_for_service.assert_called_with(
service=ANY,
resource_types=[],
discovery_regions=["us-east-1", "eu-west-1"])
def mock_action_set_vpc():
return TemplateActionSet(
get_urns=[
PartialUrn(
account_id="ALL",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
PartialUrn(
account_id="ALL",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
],
delete_urns=[
PartialUrn(
account_id="ALL",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
PartialUrn(
account_id="ALL",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
],
)
def test_template_action_set_inflate_regions():
template = TemplateActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="ALL",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
)
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="ALL",
region=TemplateActionSetRegionValues.ALL_REGIONS.name,
service="s3",
resource_type="bucket",
resource_id_parts=[],
)
],
)
assert template.inflate(regions=["us-east-1", "eu-west-1"],
account_id="111111") == ActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="111111",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="111111",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="111111",
region="eu-west-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
],
)
def test_non_string_id_parts():
with pytest.raises(ValueError):
PartialUrn(account_id="1",
region="region",
service="service",
resource_type="resource_type",
resource_id_parts=[1])
def iam_instance_profile():
return CloudWandererResource(
urn=URN(
account_id="111111111111",
region="us-east-1",
service="iam",
resource_type="instance_profile",
resource_id_parts=["my-test-profile"],
),
resource_data={},
dependent_resource_urns=[],
relationships=[
Relationship(
partial_urn=PartialUrn(
cloud_name="aws",
account_id="unknown",
region="us-east-1",
service="iam",
resource_type="role",
resource_id_parts=["test-role"],
),
direction=RelationshipDirection.INBOUND,
)
],
)
def get_inferred_ec2_instances(cloudwanderer_boto3_session):
vpcs = list(cloudwanderer_boto3_session.resource("ec2").vpcs.all())
return [
CloudWandererResource(
urn=URN(
account_id="111111111111",
region="eu-west-2",
service="ec2",
resource_type="instance",
resource_id_parts=[instance.instance_id],
),
resource_data=instance.meta.data,
relationships=[
Relationship(
partial_urn=PartialUrn(
cloud_name="aws",
account_id="unknown",
region="eu-west-2",
service="ec2",
resource_type="vpc",
resource_id_parts=[vpcs[0].vpc_id],
),
direction=RelationshipDirection.INBOUND,
)
],
) for instance in cloudwanderer_boto3_session.resource(
"ec2").instances.all()
]
def cloud_wanderer() -> CloudWanderer:
mock_storage_connector = MagicMock(**{})
mock_cloud_interface = MagicMock(
spec_set=CloudWandererAWSInterface,
**{
"get_resource_discovery_actions.return_value": [
ActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="111111111111",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
)
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="111111111111",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
)
],
)
],
"get_resources.return_value": [
CloudWandererResource(
URN(
cloud_name="aws",
account_id="111111111111",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["vpc-11111111"],
),
resource_data={},
discovery_time=datetime.datetime(1986, 1, 1, tzinfo=datetime.timezone.utc),
)
],
}
)
return CloudWanderer(storage_connectors=[mock_storage_connector], cloud_interface=mock_cloud_interface)
def partial_urn():
return PartialUrn(
account_id="111111111111",
region="unknown",
service="service",
resource_type="resource_type",
resource_id_parts=["id"],
)
def test_is_not_partial():
complete_urn = PartialUrn(account_id="1",
region="region",
service="service",
resource_type="resource_type",
resource_id_parts=["id"])
assert not complete_urn.is_partial
def mock_action_set_s3():
return TemplateActionSet(
get_urns=[
PartialUrn(
account_id="ALL",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=["ALL"],
)
],
delete_urns=[
PartialUrn(
account_id="ALL",
region=TemplateActionSetRegionValues.ALL_REGIONS.name,
service="s3",
resource_type="bucket",
resource_id_parts=["ALL"],
)
],
)
def mock_action_set_role():
return TemplateActionSet(
get_urns=[
PartialUrn(
account_id="ALL",
region="us-east-1",
service="iam",
resource_type="role",
resource_id_parts=["ALL"],
)
],
delete_urns=[
PartialUrn(
account_id="ALL",
region="us-east-1",
service="iam",
resource_type="role",
resource_id_parts=["ALL"],
)
],
)
def test_relationships(service_resource_ec2_vpc):
assert service_resource_ec2_vpc.relationships == [
Relationship(
partial_urn=PartialUrn(
cloud_name="aws",
account_id="unknown",
region="eu-west-1",
service="ec2",
resource_type="dhcp_options",
resource_id_parts=["dopt-mock"],
),
direction=RelationshipDirection.OUTBOUND,
)
]
def test_relationships_arn(service_resource_lambda_function):
assert service_resource_lambda_function.relationships == [
Relationship(
partial_urn=PartialUrn(
cloud_name="aws",
account_id="111111111111",
region="eu-west-1",
service="lambda",
resource_type="layer_version",
resource_id_parts=["test-layer", "2"],
),
direction=RelationshipDirection.OUTBOUND,
)
]
def test_dependent_resources_reference(service_resource_ec2_route):
action_template = service_resource_ec2_route.get_discovery_action_templates(
discovery_regions=["us-east-1"])
assert action_template[0].get_urns == []
assert action_template[0].delete_urns == [
PartialUrn(
cloud_name="aws",
account_id=None,
region="us-east-1",
service="ec2",
resource_type="route",
resource_id_parts=[],
)
]
def test_dependent_resources_subresource(service_resource_iam_role_policy):
action_template = service_resource_iam_role_policy.get_discovery_action_templates(
discovery_regions=["us-east-1"])
assert action_template[0].get_urns == []
assert action_template[0].delete_urns == [
PartialUrn(
cloud_name="aws",
account_id=None,
region="us-east-1",
service="iam",
resource_type="role_policy",
resource_id_parts=[],
)
]
def test_get_resource_discovery_actions(aws_interface, s3_cleanup_actions):
result = aws_interface.get_resource_discovery_actions(
regions=["us-east-1"],
service_resource_types=[
ServiceResourceType(service="s3", resource_type="bucket")
])[0]
assert result.get_urns == [
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
)
]
for action in s3_cleanup_actions:
assert action in result.delete_urns
def test_template_action_set_inflate():
template = TemplateActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="ALL",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="ALL",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="ALL",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="ALL",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
],
)
assert template.inflate(regions=["eu-west-1"],
account_id="111111") == ActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="111111",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="111111",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="111111",
region="eu-west-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="111111",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=[],
),
],
)
def s3_cleanup_actions():
return [
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="af-south-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ap-northeast-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ap-northeast-2",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ap-northeast-3",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ap-south-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ap-southeast-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ap-southeast-2",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="ca-central-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-central-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-north-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-south-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-west-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-west-2",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-west-3",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="sa-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-2",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-west-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-west-2",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-gov-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-gov-west-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="cn-north-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="cn-northwest-1",
service="s3",
resource_type="bucket",
resource_id_parts=[],
),
]
def default_test_discovery_actions():
return [
ActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-west-2",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="eu-west-2",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="ec2",
resource_type="vpc",
resource_id_parts=["ALL"],
),
],
),
# S3
ActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=["ALL"],
),
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="s3",
resource_type="bucket",
resource_id_parts=["ALL"],
),
],
),
# IAM
ActionSet(
get_urns=[
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="iam",
resource_type="role",
resource_id_parts=["ALL"],
),
],
delete_urns=[
PartialUrn(
cloud_name="aws",
account_id="123456789012",
region="us-east-1",
service="iam",
resource_type="role",
resource_id_parts=["ALL"],
),
],
),
]