def setUp(self, mock_org_dao, mock_folder_dao, mock_project_dao):
mock_org_dao.return_value = None
mock_folder_dao.return_value = None
mock_project_dao.return_value = None
self.org_res_rel_dao = org_resource_rel_dao.OrgResourceRelDao({})
# TODO: move this to separate module
self.fake_org = organization.Organization(
organization_id=1,
display_name='Org 1')
self.fake_folder1 = folder.Folder(
folder_id=11,
display_name='Folder 1',
parent=self.fake_org)
self.fake_folder2 = folder.Folder(
folder_id=22,
display_name='Folder 2',
parent=self.fake_folder1)
self.fake_project1 = project.Project(
project_number=111,
project_id='project-1',
display_name='Project 1',
parent=self.fake_folder2)
self.fake_timestamp = '1234567890'
def get_folder_iam_policies(self, resource_name, timestamp):
"""Get the folder policies.
This does not raise any errors if there's a database or json parse
error because we want to return as many folders as possible.
Args:
resource_name (str): The resource type.
timestamp (str): The timestamp of the snapshot.
Returns:
dict: A dict keyed by the folders
(gcp_type.folder.Folder) and their iam policies (dict).
"""
folder_iam_policies = {}
query = select_data.FOLDER_IAM_POLICIES.format(timestamp, timestamp)
rows = self.execute_sql_with_fetch(resource_name, query, ())
for row in rows:
try:
folder = gcp_folder.Folder(
folder_id=row.get('folder_id'),
display_name=row.get('display_name'),
lifecycle_state=row.get('lifecycle_state'),
parent=resource_util.create_resource(
resource_id=row.get('parent_id'),
resource_type=row.get('parent_type')))
iam_policy = json.loads(row.get('iam_policy'))
folder_iam_policies[folder] = iam_policy
except ValueError:
LOGGER.warn('Error parsing json:\n %s', row.get('iam_policy'))
return folder_iam_policies
def test_get_folder_iam_policies(self):
"""Test that get_folder_iam_policies() returns expected data.
Setup:
Create magic mock for execute_sql_with_fetch().
Create fake row of folder data.
Expect:
* get_folder_iam_policies() call returns expected data: a dict of
Folders and their IAM policies.
"""
folder_id = self.fake_folders_db_rows[0]['folder_id']
iam_policy = {'role': 'roles/something', 'members': ['user:[email protected]']}
fake_folder_iam_policies = [{
'folder_id': folder_id,
'display_name': 'folder1',
'lifecycle_state': 'ACTIVE',
'parent_id': None,
'parent_type': None,
'iam_policy': json.dumps(iam_policy)
}]
self.fetch_mock.return_value = fake_folder_iam_policies
actual = self.folder_dao.get_folder_iam_policies(
self.resource_name, self.fake_timestamp)
folder = gcp_folder.Folder(folder_id)
expected = {folder: iam_policy}
self.assertEqual(expected, actual)
def setUp(self):
"""Set up."""
self.fake_timestamp = '12345'
self.org789 = Organization('778899', display_name='My org')
self.project1 = Project('my-project-1',
12345,
display_name='My project 1',
parent=self.org789)
self.project2 = Project('my-project-2',
12346,
display_name='My project 2')
self.folder1 = folder.Folder('333',
display_name='Folder 1',
parent=self.org789)
self.project3 = Project('my-project-3',
12347,
display_name='My project 3',
parent=self.folder1)
# patch the organization resource relation dao
self.patcher = mock.patch(
'google.cloud.security.common.data_access.org_resource_rel_dao.OrgResourceRelDao'
)
self.mock_org_rel_dao = self.patcher.start()
self.mock_org_rel_dao.return_value = None
def test_retrieve_error_logged_when_api_error(self, mock_logger):
"""Test that LOGGER.error() is called when there is an API error."""
self.mock_dao.get_folders.return_value = [folder.Folder(self.fake_id)]
self.pipeline.api_client.get_folder_iam_policies.side_effect = (
api_errors.ApiExecutionError('11111', mock.MagicMock()))
results = self.pipeline._retrieve()
self.assertEqual([], results)
self.assertEqual(1, mock_logger.error.call_count)
def test_api_is_called_to_retrieve_folder_policies(self):
"""Test that api is called to retrieve folder policies."""
self.mock_dao.get_folders.return_value = [folder.Folder(self.fake_id)]
self.pipeline._retrieve()
self.pipeline.api_client \
.get_folder_iam_policies.assert_called_once_with(
self.pipeline.RESOURCE_NAME,
self.fake_id)
def test_get_folder_policies_works(self, mock_dao):
"""Test that get_folder_iam_policies() works."""
fake_folder_policies = [{
folder.Folder('11111'): {
'role': 'roles/a',
'members': ['user:[email protected]', 'group:[email protected]']
}
}]
mock_dao.FolderDao({}).get_folder_iam_policies.return_value = (
fake_folder_policies)
policies = self.scanner._get_folder_iam_policies()
self.assertEqual(fake_folder_policies, policies)
def test_create_folder_getters_are_correct(self):
"""Test whether the Folder getter methods return expected data."""
my_folder_id = '123456'
my_folder_name = 'My folder name'
f1 = folder.Folder(my_folder_id, display_name=my_folder_name,
lifecycle_state=folder.FolderLifecycleState.ACTIVE)
self.assertEqual(my_folder_id, f1.id)
self.assertEqual(
folder.Folder.RESOURCE_NAME_FMT % my_folder_id, f1.name)
self.assertEqual(my_folder_name, f1.display_name)
self.assertEqual(resource.ResourceType.FOLDER, f1.type)
self.assertEqual(None, f1.parent)
self.assertEqual(folder.FolderLifecycleState.ACTIVE,
f1.lifecycle_state)
def test_org_notequals_project(self):
"""Test that an Organization != Project."""
proj_id = 'my-project-1'
proj_num = 1234567890
proj_name = 'My project 1'
project1 = Project(proj_id, proj_num, display_name=proj_name)
folder_id = '88888'
folder_name = 'My folder'
folder1 = folder.Folder(folder_id, display_name=folder_name)
org_id = '1234567890'
org_name = 'My org 1'
org1 = Organization(org_id, display_name=org_name)
self.assertTrue(org1 != project1)
self.assertTrue(org1 != folder1)
def map_row_to_object(row):
"""Instantiate a Folder from a database row.
TODO: Make this go away when we start using an ORM.
Args:
row (dict): The database row to map to the Folder object.
Returns:
Folder: A Folder from the database row.
"""
return gcp_folder.Folder(folder_id=row.get('folder_id'),
name=row.get('name'),
display_name=row.get('display_name'),
lifecycle_state=row.get('lifecycle_state'),
parent=resource_util.create_resource(
resource_id=row.get('parent_id'),
resource_type=row.get('parent_type')))
def setUp(self):
self.folder1 = folder.Folder(
'12345',
display_name='My folder',
lifecycle_state=folder.FolderLifecycleState.ACTIVE)
