def test_notifications_are_not_sent_without_valid_scanner_index_id( self, mock_logger, mock_dao, mock_find_notifiers, mock_gcs_violations_cls, mock_email_violations_cls): """Without scanner index id, no notifications are sent. Setup: Mock the scanner_dao and make its map_by_resource() function return the VIOLATIONS dict. Make sure that no scanner index with a (SUCCESS, PARTIAL_SUCCESS) completion state is found. Expected outcome: The local find_notifiers() function is never called -> no notifiers are looked up, istantiated or run.""" mock_dao.get_latest_scanner_index_id.return_value = None mock_service_cfg = mock.MagicMock() mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS mock_email_violations = mock.MagicMock( spec=email_violations.EmailViolations) mock_email_violations_cls.return_value = mock_email_violations mock_email_violations = mock_email_violations_cls.return_value mock_gcs_violations = mock_gcs_violations_cls.return_value mock_find_notifiers.side_effect = [ mock_email_violations_cls, mock_gcs_violations_cls ] notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg) self.assertFalse(mock_find_notifiers.called) self.assertFalse(mock_dao.map_by_resource.called) self.assertTrue(mock_logger.error.called)
def test_beta_api_is_invoked_correctly(self): notifier = cscc_notifier.CsccNotifier(None) notifier._send_findings_to_cscc = mock.MagicMock() notifier.LOGGER = mock.MagicMock() self.assertEquals(0, notifier._send_findings_to_cscc.call_count) notifier.run(None, None, 'api', None, source_id='111') calls = notifier._send_findings_to_cscc.call_args_list call = calls[0] _, kwargs = call self.assertEquals('111', kwargs['source_id'])
def test_modes_are_run_correctly(self, mock_logger): # This whole test case is for alpha API, and can be deleted # when CSCC alpha support is removed. notifier = cscc_notifier.CsccNotifier(None) notifier._send_findings_to_gcs = mock.MagicMock() notifier._send_findings_to_cscc = mock.MagicMock() notifier.LOGGER = mock.MagicMock() self.assertEquals(0, notifier._send_findings_to_gcs.call_count) notifier.run(None, None, None, None) self.assertEquals(1, notifier._send_findings_to_gcs.call_count) notifier.run(None, None, 'bucket', None) self.assertEquals(2, notifier._send_findings_to_gcs.call_count) # alpha api self.assertEquals(0, notifier._send_findings_to_cscc.call_count) notifier.run(None, None, 'api', None) self.assertEquals(1, notifier._send_findings_to_cscc.call_count) self.assertEquals(3, mock_logger.info.call_count) notifier.run(None, None, 'foo', None) self.assertEquals(5, mock_logger.info.call_count) self.assertTrue( 'not selected' in mock_logger.info.call_args_list[4][0][0])
def test_no_notifications_for_empty_violations(self, mock_dao, mock_find_notifiers): """No notifiers are instantiated/run if there are no violations. Setup: Mock the scanner_dao and make its map_by_resource() function return an empty violations map Expected outcome: The local find_notifiers() function is never called -> no notifiers are looked up, istantiated or run.""" mock_dao.map_by_resource.return_value = dict() mock_service_cfg = mock.MagicMock() mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg) self.assertFalse(mock_find_notifiers.called)
def test_inventory_summary_is_called(self, mock_dao, mock_find_notifiers, mock_inventor_summary): """No violation notifiers are run if there are no violations. Setup: Mock the scanner_dao and make its map_by_resource() function return an empty violations map Expected outcome: The local find_notifiers() function is never called -> no notifiers are looked up, istantiated or run. The `run_inv_summary` function *is* called. """ mock_dao.map_by_resource.return_value = dict() mock_service_cfg = mock.MagicMock() mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg) self.assertFalse(mock_find_notifiers.called) self.assertTrue(mock_inventor_summary.called)
def test_notifications_for_nonempty_violations(self, mock_dao, mock_find_notifiers, mock_gcs_violations_cls, mock_email_violations_cls): """The email/GCS upload notifiers are instantiated/run. Setup: Mock the scanner_dao and make its map_by_resource() function return the VIOLATIONS dict Expected outcome: The local find_notifiers() is called with with 'email_violations' and 'gcs_violations' respectively. These 2 notifiers are instantiated and run.""" mock_dao.map_by_resource.return_value = fake_violations.VIOLATIONS mock_service_cfg = mock.MagicMock() mock_service_cfg.get_global_config.return_value = fake_violations.GLOBAL_CONFIGS mock_service_cfg.get_notifier_config.return_value = fake_violations.NOTIFIER_CONFIGS mock_email_violations = mock.MagicMock( spec=email_violations.EmailViolations) mock_email_violations_cls.return_value = mock_email_violations mock_email_violations = mock_email_violations_cls.return_value mock_gcs_violations = mock_gcs_violations_cls.return_value mock_find_notifiers.side_effect = [ mock_email_violations_cls, mock_gcs_violations_cls ] notifier.run('iid-1-2-3', None, mock.MagicMock(), mock_service_cfg) # The notifiers were only run once i.e. for 'policy_violations' self.assertTrue(mock_find_notifiers.called) self.assertEqual(1, mock_email_violations_cls.call_count) self.assertEqual('iam_policy_violations', mock_email_violations_cls.call_args[0][0]) self.assertEqual(1, mock_email_violations.run.call_count) self.assertEqual(1, mock_gcs_violations_cls.call_count) self.assertEqual('iam_policy_violations', mock_gcs_violations_cls.call_args[0][0]) self.assertEqual(1, mock_gcs_violations.run.call_count)