def setUp(self):
"""Set up."""
self.fake_timestamp = '12345'
self.org789 = Organization('778899', display_name='My org')
self.project1 = Project('my-project-1',
12345,
display_name='My project 1',
parent=self.org789)
self.project2 = Project('my-project-2',
12346,
display_name='My project 2')
self.folder1 = folder.Folder('333',
display_name='Folder 1',
parent=self.org789)
self.project3 = Project('my-project-3',
12347,
display_name='My project 3',
parent=self.folder1)
# patch the organization resource relation dao
self.patcher = mock.patch(
'google.cloud.security.common.data_access.org_resource_rel_dao.OrgResourceRelDao'
)
self.mock_org_rel_dao = self.patcher.start()
self.mock_org_rel_dao.return_value = None
def setUp(self):
"""Set up."""
self.maxDiff = None
self.fake_timestamp = '12345'
self.org789 = Organization('778899', display_name='My org')
self.project1 = Project('my-project-1',
12345,
display_name='My project 1',
parent=self.org789)
self.project2 = Project('my-project-2',
12346,
display_name='My project 2')
# patch the daos
self.org_patcher = mock.patch(
'google.cloud.security.common.data_access.'
'org_resource_rel_dao.OrgResourceRelDao')
self.mock_org_rel_dao = self.org_patcher.start()
self.mock_org_rel_dao.return_value = None
self.project_patcher = mock.patch(
'google.cloud.security.common.data_access.'
'project_dao.ProjectDao')
self.mock_project_dao = self.project_patcher.start()
self.mock_project_dao.return_value = None
def test_project_equals_other_project_is_true(self):
"""Test that Project == another Project."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project1 = Project(id_1, number_1, display_name=name_1)
id_2 = 'my-project-1'
number_2 = 1234567890
name_2 = 'My project 1'
project2 = Project(id_2, number_2, display_name=name_2)
self.assertTrue(project1 == project2)
def test_project_notequals_other_project_is_true(self):
"""Test that a Project does not equal a Project of different id."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project1 = Project(id_1, number_1, display_name=name_1)
id_2 = 'my-project-2'
number_2 = 1234567891
name_2 = 'My project 2'
project2 = Project(id_2, number_2, display_name=name_2)
self.assertTrue(project1 != project2)
def setUp(self):
self.org = Organization('1234567890', display_name='My org name')
self.folder = Folder('55555',
display_name='My folder',
parent=self.org)
self.project1 = Project('project-1', 11111, display_name='Project 1')
self.project2 = Project('project-2',
22222,
display_name='Project 2',
parent=self.org)
self.project3 = Project('project-3',
33333,
display_name='Project 3',
parent=self.folder)
def test_create_resource_is_ok(self):
"""Test the ResourceUtil.create_resource() creates the types."""
expect_org = Organization(12345, 'Org a')
actual_org = ResourceUtil.create_resource(12345, 'Org a')
self.assertEqual(expect_org, actual_org)
expect_proj = Project('abcd', 'Proj a')
actual_proj = ResourceUtil.create_resource('abcd', 'Proj a')
self.assertEqual(expect_proj, expect_proj)
def test_project_in_folder_returns_folder_ancestor(self):
"""Test whether the ancestry includes the folder, for a project."""
folder = Folder('folder-1', folder_name='My folder name')
project = Project('my-project-id', 333,
project_name='My project',
parent=folder)
expected = [folder]
actual = [a for a in project.get_ancestors(include_self=False)]
self.assertEqual(expected, actual)
def test_project_ancestors_include_self(self):
"""Test Project ancestors when including self."""
org = Organization('1234567890', org_name='My org name')
project = Project('my-project-id',
333,
project_name='My project',
parent=org)
expected = [project, org]
actual = [a for a in project.get_ancestors()]
self.assertEqual(expected, actual)
def test_project_in_org_returns_org_ancestor(self):
"""Test that a Project with Org ancestor returns Org ancestor."""
org = Organization('1234567890', org_name='My org name')
project = Project('my-project-id',
333,
project_name='My project',
parent=org)
expected = [org]
actual = [a for a in project.get_ancestors(include_self=False)]
self.assertEqual(expected, actual)
def test_create_resource_is_ok(self):
"""Test the resource_util.create_resource() creates the types."""
expect_org = Organization(12345)
actual_org = resource_util.create_resource(
12345, ResourceType.ORGANIZATION)
self.assertEqual(expect_org, actual_org)
expect_proj = Project('abcd', 54321)
actual_proj = resource_util.create_resource(
'abcd', ResourceType.PROJECT, project_number=54321)
self.assertEqual(expect_proj, actual_proj)
self.assertEqual(expect_proj.project_number, actual_proj.project_number)
def test_org_notequals_project_is_true(self):
"""Test inequality of an Organization to a Project."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project = Project(id_1, number_1, project_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org = Organization(id_2, org_name=name_2)
self.assertTrue(project != org)
def test_project_notequals_org_is_true(self):
"""Test that a Project != Organization."""
id_1 = 'my-project-1'
number_1 = 1234567890
name_1 = 'My project 1'
project = Project(id_1, number_1, display_name=name_1)
id_2 = '1234567890'
name_2 = 'My org 1'
org = Organization(id_2, display_name=name_2)
self.assertTrue(project != org)
def test_create_project_getters_are_correct(self):
"""Test Project getters returns correct values."""
my_project_id = 'my-projectid-1'
my_project_number = 1234567890
my_project_name = 'My project name'
project = Project(my_project_id,
my_project_number,
project_name=my_project_name,
lifecycle_state=ProjectLifecycleState.ACTIVE)
self.assertEqual(my_project_id, project.get_id())
self.assertEqual(my_project_number, project.get_project_number())
self.assertEqual(my_project_name, project.get_name())
self.assertEqual(ResourceType.PROJECT, project.get_type())
self.assertEqual(None, project.get_parent())
self.assertEqual(ProjectLifecycleState.ACTIVE,
project.get_lifecycle_state())
def test_org_notequals_project(self):
"""Test that an Organization != Project."""
proj_id = 'my-project-1'
proj_num = 1234567890
proj_name = 'My project 1'
project1 = Project(proj_id, proj_num, display_name=proj_name)
folder_id = '88888'
folder_name = 'My folder'
folder1 = folder.Folder(folder_id, display_name=folder_name)
org_id = '1234567890'
org_name = 'My org 1'
org1 = Organization(org_id, display_name=org_name)
self.assertTrue(org1 != project1)
self.assertTrue(org1 != folder1)
def test_create_project_getters_are_correct(self):
"""Test Project getters returns correct values."""
my_project_id = 'my-projectid-1'
my_project_number = 1234567890
my_project_name = 'My project name'
project = Project(my_project_id,
my_project_number,
display_name=my_project_name,
lifecycle_state=ProjectLifecycleState.ACTIVE)
self.assertEqual(my_project_id, project.id)
self.assertEqual(my_project_number, project.project_number)
self.assertEqual(Project.RESOURCE_NAME_FMT % my_project_id,
project.name)
self.assertEqual(my_project_name, project.display_name)
self.assertEqual(ResourceType.PROJECT, project.type)
self.assertEqual(None, project.parent)
self.assertEqual(ProjectLifecycleState.ACTIVE, project.lifecycle_state)
def test_project_no_org_returns_empty_ancestors(self):
"""Test that a Project with no parent has no ancestors."""
project = Project('my-project-id', 333, project_name='My project')
expected = []
actual = [a for a in project.get_ancestors(include_self=False)]
self.assertEqual(expected, actual)
def setUp(self):
"""Set up."""
self.project1 = Project('my-project-1',
12345,
project_name='My project 1')
self.project2 = Project('my-project-2',
12346,
project_name='My project 2')
self.org789 = Organization('778899', org_name='My org')
self.RULES1 = {
'rules': [{
'name':
'my rule',
'mode':
'whitelist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}, {
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:*@company.com']
}]
}]
}
self.RULES2 = {
'rules': [{
'name':
'my rule',
'mode':
'whitelist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}, {
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:*@company.com']
}]
}, {
'name':
'my other rule',
'mode':
'blacklist',
'resource': [{
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:[email protected]']
}]
}, {
'name':
'required rule',
'mode':
'required',
'resource': [{
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/viewer',
'members': ['user:[email protected]']
}]
}]
}
self.RULES3 = {
'rules': [{
'name':
'my whitelist rule',
'mode':
'whitelist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}, {
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
'my-project-2',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:*@company.com']
}]
}, {
'name':
'my blacklist rule',
'mode':
'blacklist',
'resource': [{
'type': 'organization',
'applies_to': 'self_and_children',
'resource_ids': ['778899']
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/*',
'members': ['user:[email protected]']
}]
}, {
'name':
'my required rule',
'mode':
'required',
'resource': [{
'type': 'project',
'applies_to': 'self',
'resource_ids': [
'my-project-1',
]
}],
'inherit_from_parent':
False,
'bindings': [{
'role': 'roles/viewer',
'members': ['user:[email protected]']
}]
}]
}
def get_project_policies(self, timestamp):
"""Get the project policies.
Args:
timestamp: The timestamp of the snapshot.
Returns:
A dict containing the projects (gcp_type.project.Project)
and their iam policies (dict).
"""
project_policies = {}
prev_proj_id = None
prev_proj = None
try:
cursor = self.conn.cursor()
cursor.execute(
select_data.PROJECT_IAM_POLICIES.format(timestamp, timestamp))
rows = cursor.fetchall()
for row in rows:
proj_id = row[1]
if prev_proj_id != proj_id:
project = Project(project_id=row[1],
project_name=row[2],
project_number=row[0],
lifecycle_state=row[3])
project.parent = ResourceUtil.create_resource(
resource_id=row[5], resource_type=row[4])
else:
project = prev_proj
policy = project_policies.get(project)
if not policy:
policy = {'bindings': []}
role = row[6]
member_type = row[7]
member_name = row[8]
member_domain = row[9]
member = ''
if member_name:
member = '{}:{}@{}'.format(member_type, member_name,
member_domain)
else:
member = '{}:{}'.format(member_type, member_domain)
member = member.strip()
added_to_role = False
for binding in policy.get('bindings'):
if binding.get('role') == role:
binding.get('members').append(member)
added_to_role = True
if not added_to_role:
policy['bindings'].append({
'role': role,
'members': [member]
})
project_policies[project] = policy
prev_proj = project
except (DataError, IntegrityError, InternalError, NotSupportedError,
OperationalError, ProgrammingError) as e:
LOGGER.error(MySQLError('projects', e))
return project_policies
def setUp(self):
self.project1 = Project('project-id-1', 123451, 'Project 1')